Windows 10 looks for organization activation server instead of Microsoft's

[Ichinisan]

Someone came to me several months ago to help him move data onto 2 second-hand "refurbished" Dell laptops. He bought them from an eBay seller that has a computer shop in Alabama (1 state away).

I saw signs that the refurbisher had used some kind of activation hack tool (don't remember what it was called at that point). Sure enough, one of the machines deactivated after updates several months later. To avoid a full reinstall, I bought a cheap Win10 Pro license on eBay. It activated easily.

Now the other laptop is doing the same thing, so we tried a cheap Win10 Pro license from eBay; just like we had done for the other. It doesn't seem to work on this machine. The error message indicates it's trying to look for a local (hack) activation server. I need to undo that so it actually tries to activate with Microsoft. Just hoping to avoid a full Windows reinstall.

"0xC004F074"​

Is there a registry setting or something that will point to the correct (Microsoft) activation server?

I first saw those systems around 6 or 7 months ago, so I really can't remember for sure, but I may have updated them to 10 from Windows 7 by using the continued free "assistive technology upgrade." He uses the magnifier and other accessibility tools regularly.

 

[Ichinisan]

I followed some instructions I found online that used the slmgr script with a couple command parameters. Then it accepted the new key and activated successfully. I don't have the address on my own computer, but I'll post it here if I find it again.

 

[XavierMace]

Run from command prompt: slmgr -dli

That will tell you what type of key it's using. By the sound of it, it's using a KMS key.

 

[JackMDS]

You can buy a Used Lic plate for a car somewhere and use it on your car.

It will work "OK" until need inspection, or you are stopped for traffic Violation.

The DMV computer would easily discover that there No match between the Plate and your car.

So are almost all Win 10 Keys that are.

cheap Win10 Pro license from eBay; just like we had done for the other. It doesn't seem to work on this machine. The error message indicates it's trying to look for a local (hack) actication server. I need to undo that so it actually tries to activate with Microsoft. Just hoping to avoid a full Windows reinstall.

 

[Ichinisan]

You can buy a Used Lic plate for a car somewhere and use it on your car.

It will work "OK" until need inspection, or you are stopped for traffic Violation.

The DMV computer would easily discover that there No match between the Plate and your car.

So are almost all Win 10 Keys that are.

It's unlikely these are just used keys or they probably wouldn't work at all. Probably just bulk keys that were meant to be used by system builders or something. Microsoft doesn't want them distributed directly through eBay, which is probably why the sellers get slapped down and pop back up again.

 

[CZroe]

You can buy a Used Lic plate for a car somewhere and use it on your car.

It will work "OK" until need inspection, or you are stopped for traffic Violation.

The DMV computer would easily discover that there No match between the Plate and your car.

So are almost all Win 10 Keys that are.

The analogy ends when the key is used and passes activation because that is when it would be checked by the equivalent of the DMV’s computer. Microsoft generally does not revoke activations/keys.

Only thing close I can think of was the FCKGW key for WinXP Professional Enterprise Edition, which millions of people used for a decade before MS stopped allowing. The original enterprise customer was, no doubt, compensated somehow or was done using it anyway (upgraded entire organization to something else). Even then, the key bypassed activation. Invalidating a Windows 10 key would probably not block the system from using the existing activation. These keys were never good for multiple activations without calling MS and asking for an exception anyway. If it passed activation then it’s pretty clear that it’s never been used before.

Often these keys were usually sold in bulk for dirt cheap to markets where piracy is a problem. Better to make a little money and curb rampant piracy than to make no money, right? Anyway, they weren’t intended for sale outside of those regions. Heck, they may not have been intended for individual sale at all. The thing is, Microsoft would expose themselves to liability for canceling a user’s paid license. The key vendor was the one doing something that violates the license/distribution agreement, not the end user. This is why they shut down the key vendors but not the keys. I have seen key vendors offering MSDN keys before where the keys were supposed to be part of a MSDN subscription but those keys were never intended to be used by end users in the first place.

 

[XavierMace]

It's unlikely these are just used keys or they probably wouldn't work at all. Probably just bulk keys that were meant to be used by system builders or something. Microsoft doesn't want them distributed directly through eBay, which is probably why the sellers get slapped down and pop back up again.

The analogy ends when the key is used and passes activation because that is when it would be checked by the equivalent of the DMV’s computer. Microsoft generally does not revoke activations/keys.

Only thing close I can think of was the FCKGW key for WinXP Professional Enterprise Edition, which millions of people used for a decade before MS stopped allowing. The original enterprise customer was, no doubt, compensated somehow or was done using it anyway (upgraded entire organization to something else). Even then, the key bypassed activation. Invalidating a Windows 10 key would probably not block the system from using the existing activation. These keys were never good for multiple activations without calling MS and asking for an exception anyway. If it passed activation then it’s pretty clear that it’s never been used before.

You guys are funny. Microsoft absolutely does revoke/blacklist abused keys and no, none of those "cheap" keys are legit keys. A lot has changed since the XP days. The FCKGW key single handedly caused Microsoft to build a new activation system. And yes, a machine using a now revoked key will fail to reactivate, it does not just effect new installs. Also, no, they would not be exposing themselves to liability for canceling an abused key. Every single license type has a strict license agreement. If you bought a system with an illegitimate key, that's not Microsoft's problem. It's effectively stolen property at that point.

There's three distribution channels. Retail, OEM, and Volume. Retail is your standard full price boxed copy.

There's two types of volume licensing available to the general public. KMS and MAK. MAK (Multiple Activation Key) hits Microsoft servers for activation. You pay for X number of activation's. Once you hit that amount, additional activation attempts will fail. KMS (Key Management System) activates against your own internal licensing server and that gets audited by Microsoft. KMS's are more common in large corporations who are constantly adding/retiring systems because it's much easier than constantly buying new MAK's. Companies often over purchase KMS keys because they don't want to run into the situation where they come up short.

OEM keys are a little different. There's 3 types of OEM keys. There's the COA/System Builder keys. These are the ones you can buy from retailers that require you to call when to reactivate when you change your hardware. The major manufacturers now use SLP (System Locked Preinstallation) keys. These are the keys embedded in your SLIC table in your BIOS. Then there's the OEM Non-SLP keys. These are the older OEM keys such as the above mentioned FCKGW key for XP. These are the most commonly pirated because Microsoft didn't have a good system for determining if it's usage was valid.

There's a handful of uncommon keys which are a variant of of the above types (MSDN, TechNet, Dreamspark). TechNet no longer exists but Microsoft as of yet hasn't invalidated the keys. Probably because they cancelled it prior to Win 10/Server 2016 and therefore don't particularly care because they want you to update anyways. There's not much financial motivation to try to stop the illegal distribution of outdated software. Dreamspark (Educational) keys expire, generally around the 2 year mark. MSDN keys you don't see leaked as much any more because it's gotten more expensive and they keep a much closer eye on it than they used to.

In the case of the laptop mentioned in the OP, the system builder looks to be selling systems with KMS keys on them which would be a violation of the license agreement. These are not transferable licenses. If he's deliberately selling these systems as having valid Windows keys, he should be reported to Microsoft because he's dicking over his customers because that KMS key is never going to activate off his network.

 

[CZroe]

You guys are funny. Microsoft absolutely does revoke/blacklist abused keys and no, none of those "cheap" keys are legit keys. A lot has changed since the XP days. The FCKGW key single handedly caused Microsoft to build a new activation system. And yes, a machine using a now revoked key will fail to reactivate, it does not just effect new installs. Also, no, they would not be exposing themselves to liability for canceling an abused key. Every single license type has a strict license agreement. If you bought a system with an illegitimate key, that's not Microsoft's problem. It's effectively stolen property at that point.

There's three distribution channels. Retail, OEM, and Volume. Retail is your standard full price boxed copy.

There's two types of volume licensing available to the general public. KMS and MAK. MAK (Multiple Activation Key) hits Microsoft servers for activation. You pay for X number of activation's. Once you hit that amount, additional activation attempts will fail. KMS (Key Management System) activates against your own internal licensing server and that gets audited by Microsoft. KMS's are more common in large corporations who are constantly adding/retiring systems because it's much easier than constantly buying new MAK's. Companies often over purchase KMS keys because they don't want to run into the situation where they come up short.

OEM keys are a little different. There's 3 types of OEM keys. There's the COA/System Builder keys. These are the ones you can buy from retailers that require you to call when to reactivate when you change your hardware. The major manufacturers now use SLP (System Locked Preinstallation) keys. These are the keys embedded in your SLIC table in your BIOS. Then there's the OEM Non-SLP keys. These are the older OEM keys such as the above mentioned FCKGW key for XP. These are the most commonly pirated because Microsoft didn't have a good system for determining if it's usage was valid.

There's a handful of uncommon keys which are a variant of of the above types (MSDN, TechNet, Dreamspark). TechNet no longer exists but Microsoft as of yet hasn't invalidated the keys. Probably because they cancelled it prior to Win 10/Server 2016 and therefore don't particularly care because they want you to update anyways. There's not much financial motivation to try to stop the illegal distribution of outdated software. Dreamspark (Educational) keys expire, generally around the 2 year mark. MSDN keys you don't see leaked as much any more because it's gotten more expensive and they keep a much closer eye on it than they used to.

In the case of the laptop mentioned in the OP, the system builder looks to be selling systems with KMS keys on them which would be a violation of the license agreement. These are not transferable licenses. If he's deliberately selling these systems as having valid Windows keys, he should be reported to Microsoft because he's dicking over his customers because that KMS key is never going to activate off his network.

To my knowledge, Microsoft has never revoked a single-use key. That’s the whole point of “activation.” It’s effectively “revoked” as far as abuse is concerned as soon as it is tied to a particular system (“activated”).

If the cheap single-use keys from Kinguin and eBay were not originally obtained legitimately then they wouldn’t activate at all. Yes, they are being distributed illegitimately. The illegitimacy of their sale due to agreements with the seller has never led to a particular single-use key being blacklisted to my knowledge. There would be little point because they are already activated. It’s hard/impossible for the end-user to go on to “abuse” a single-use key enough to have it blacklisted since they aren’t able to use it even a second time. What Microsoft does with “abused” VLK/MAK keys is not relevant to the single-use eBay key.

If I had paid Microsoft for the FCKGW key and I was using it in my organization and some random, unknown, user leaked it after using a key finder, you’d better believe Microsoft opens themselves up to liability if they just remotely disable what I paid for. If Microsoft did not approach me with some sort of agreement or compensation or new keys or something, I’d be suing. It’s not a reasonably preventable scenario. They open themselves up to being sued, which is opening themselves up to liability.

That said, I made a mistake. It wasn’t the FCKGW key that was used for a decade. That quit working with an earlier service pack, but other leaked VLKs flew under the radar for that long. The decade-long key was a later VLK. It’s pretty clear that the organization that was originally given FCKGW was given another option. If they weren’t, MS was definitely exposing themselves to liability. This is was what I was trying to say about that. I definitely was not saying that they opened themselves up to liability from the end users for blacklisting a VLK. They would open themselves up to potential liability for blacklisting end users’ single-use keys just because the seller violated distribution agreements.

Cracks are often based on self-activating KMS servers that run on the very system the user is trying to activate, so the KMS key does activate when off the system builder’s network... until a MS update breaks the crack’s virtual Key Management Server. That’s what happened here. Yes, the system builder DOES need to be reported to Microsoft.

 

[XavierMace]

To my knowledge, Microsoft has never revoked a single-use key. That’s the whole point of “activation.” It’s effectively “revoked” as far as abuse is concerned as soon as it is tied to a particular system (“activated”).

If the cheap single-use keys from Kinguin and eBay were not originally obtained legitimately then they wouldn’t activate at all.

What is this "single use" key you're referring to. I've never seen a "single use" key nor can I find any documentation of one existing.

If I had paid Microsoft for the FCKGW key and I was using it in my organization and some random, unknown, user leaked it after using a key finder, you’d better believe Microsoft opens themselves up to liability if they just remotely disable what I paid for. If Microsoft did not approach me with some sort of agreement or compensation or new keys or something, I’d be suing. It’s not a reasonably preventable scenario. They open themselves up to being sued, which is opening themselves up to liability.

Blacklisting the key doesn't imply they don't contact your organization to discuss options. But they absolutely do blacklist abused VLK keys. I've seen it happen more than once. Nor is "oh well, that happens" an acceptable response if you expect to continue using VLK's.

Cracks are often based on self-activating KMS servers that run on the very system the user is trying to activate, so the KMS key does activate when off the system builder’s network... until a MS update breaks the crack’s virtual Key Management Server. That’s what happened here. Yes, the system builder DOES need to be reported to Microsoft.

When I said, the KMS key wouldn't activate off the system builders network, I thought it would go without saying I was talking about legitimately activating.

 

[CZroe]

What is this "single use" key you're referring to. I've never seen a "single use" key nor can I find any documentation of one existing.



Blacklisting the key doesn't imply they don't contact your organization to discuss options. But they absolutely do blacklist abused VLK keys. I've seen it happen more than once. Nor is "oh well, that happens" an acceptable response if you expect to continue using VLK's.



When I said, the KMS key wouldn't activate off the system builders network, I thought it would go without saying I was talking about legitimately activating.

The typical OEM COA/System Builder keys you get from Fry’s or Newegg, for example. The typical full retail keys single-license copies that don’t sell in a family 3-pack or whatever are another example. They activate once without issue and activation on new hardware will require a call... just like the keys being sold on Kingwin/Kinguin (whatever it is) and eBay. For the first use they will activate on new hardware without calling, so they are not used/abused keys. They weren’t generated. They were sold by Microsoft and Microsoft has no legal way to determine that your key was sold in violation to their agreement, even if they find the same distributor guilty of it with other keys from the same set. That’s why they can’t just invalidate it. You are a potentially legitimate end user, regardless of what else the system builder key distributor is doing.

For example: If I buy a new computer from Fry’s Electronics and it comes with a legitimate OEM copy of Windows that activates perfectly, Microsoft can’t just revoke my license because Fry’s later started selling keys without hardware purchases in violation of their system builder agreement with Microsoft. It is the same for these keys that come from eBay and key exchanges. Microsoft can end their agreement with the entity selling these keys but they can’t deactivate the potentially legitimate end users with no way to determine their individual legitimacy. That’s what it boils down to.

As I clarified, leaked VLK keys were definitely blacklisted and blocked from further activations because they were easily abused. Single-license, single-machine activation (AKA “single-use”) keys are not as easily abused. What I meant to say regarding leaked VLK blacklisting is that MS was understandably slow due to necessary arrangements with the original, legitimate, VLK owner. They couldn’t just blacklist the legitimate ones without making arrangements for the legitimate users. Early on it was possible to easily generate an XP VLK that wasn’t sold and, thus, could be blocked without concern. Pretty sure XP SP1 put a stop to that.

No one here is using VLKs or continuing to use VLKs. As you mentioned, VLKs are not even how it’s done anymore. As I mentioned, the eBay keys are not KMS keys. They are almost certainly unique system builder keys complete with a COA that exists... somewhere. The key exchanges usually give you a picture of the COA and everything. That doesn’t make it legit for a business building a customer system, of course, but the customer/end user is free to try it when the copy of Windows they bought turns out to be less than legitimate. The end user is not beholden to the MS system builder agreement unless they are selling the pre-built system... and then they wouldn’t be an end user, would they? Using a paid key that was never used and originally purchased from MS is definitely preferable to using an illegitimate key with a KMS crack.