Microsoft January 2019 KB4480970 Patch – KMS Activation Errors – UPDATED

I’ve seen a few cases of this now in the wild within my organisation, where previously activated Windows 7 devices would suddenly report that they were no longer activated. On running “slmgr /dlv” I could see that the client reported as unlicenced, with the notification reason as “0xc004f200 (non-genuine)

This appears to be another instance of the infamous KB971033 which has caused this in the past, which seems like it might have resurfaced as part of the January 2019 – KB4480970 rollup update and KB4480960 security only update

Listed under known issues is;

KMS Activation error, "Not Genuine", 0xc004f200 on Windows 7 devices.  

So, it would appear that this is the cause of the activation problem in this case. The fix is as follows;

wusa /uninstall /kb:971033 /quiet
net stop sppsvc /y
del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ah
del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ah
del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\cache\cache.dat
net start sppsvc
cscript %windir%\system32\slmgr.vbs /ipk 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
cscript %windir%\system32\slmgr.vbs /ato

Don’t forget the Windows 7 key in my example above is for Windows 7 Enterprise, grab the right key for your edition of Windows 7 from Microsoft’s KMS Keys Page.
This should remove the offending update and re-activate the copy of Windows against your KMS server.

UPDATE
Microsoft have confirmed that the Windows activation problem is, in fact, unrelated to the January 2019 update, and is in fact caused by a separate update to Microsoft Activation and Validation and has since been reverted by them

Windows Updates Failing on Server 2008 R2

I’ve seen a really strange error with Windows updates on some 2008 R2 servers where they fail to start downloading and installing updates. They can connect to Windows Update and find available updates, but once you select them and start the process off they fail after a few minutes. I’d tried all sorts, including rebooting and all the usual stuff.

The solution I found was probably the most unlikely thing I’ve ever seen, but here it is. On the notification tray, click the double up arrows and click customize;

Then tick the “Always show all icons and notifications on the taskbar” checkbox and ok out of the dialogue;

This then allowed me to start the updates downloading and installing. I think it’s something to do with Windows update not being able to create the taskbar icon in the notification area and the subsequent balloon notification that says updates are downloading, but that’s just a wild theory of mine, I have no proof that’s what it is.

I know the whole solution sounds a bit mental, but I’ve done this on a fair number of servers that were playing up with regards to downloading updates now and it’s always worked.

Problems Loading Windows Update on Server 2000 and Server 2003

I recently had the misfortune of having some really old Server 2000 and Server 2003 boxes thrown my way that needed patching, and Windows Update was not loading in Internet Explorer 6 when it should have. Both servers gave slightly different error codes, but ultimately the rather quick fix was to go into Internet Explorer, and in the tools menu, into internet options. The in the advanced tab, under security, make sure that TLS 1.0 was enabled, which in the case of these two servers was not.

For good measure I also disabled SSL 2.0 and 3.0, as those really should have been turned off by now. after this was done, a quick restart of the browser allowed me to get to Windows Update again.

Cisco AnyConnect “Failed to initialize connection subsystem” Error When Connecting to VPN on Windows 7 or Windows 8

I just today I tried to connect to my work network from home using the Cisco AnyConnect client, for reference I’m using AnyConnect 3.1.05182 on Windows 8.1, and was unable to. I was immediately presented with an error before even being asked for a username and password, which said something was wrong with the client, as it hadn’t really had time to start any proper negotiations with the ASA.

A little bit of Googling revealed that the problem might have come from a recent Microsoft update, dated just a few days ago. I had noticed my machine downloading a few updates of late, and I’m nowhere near as diligent with testing updates on my personal machine as I should be, or as I am on any work related systems.

It turns out that this is indeed a bug with the latest set of Microsoft patches, and Cisco confirmed this here.

While Cisco have said ultimately the fix has to come from Microsoft, there is a workaround until a permanent fix is produced;

  • Close the AnyConnect client from the system tray
  • Navigate to the AnyConnect client install location, for example “C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\”
  • Right click on the vpnui.exe and click troubleshoot compatability
  • Pick “Try recommended settings”
  • Click “Test Program” and this will reopen the AnyConnect client
  • Repeat the same process again, but for vpnagent.exe
  • On the final test when the AnyConnect client opens again, you then find that you’re able to connect normally again. If you have Cisco support it would probably be valuable opening a TAC case and mentioning case number #115021112390273. This bug does also affect Windows 7 when IE11 is installed, and the same fix should work there too.

    .NET Framework Cleanup – Full Uninstall

    I came across a server today that had some horrible problem with the .NET frameworks on it, and none of the updates or service packs from Windows update would install. I couldn’t remove any of the .NET applications using either the App/Remove Programs GUI, or via the correct msiexec install strings. I’m not sure how the server came to be like this, but it was a problem I had to sort out and basically I was a little stumped, until I came across Aaron Stebner’s MSDN blog. He had a post about completely removing the .NET applications in their entirety.

    The application works on all versions of .NET and you can find it on his blog here
    Once you’ve run the cleanup tool, reboot and then you can just install the applications from Windows Update again. The application worked very well and once it was finished, all was well in the .NET world.