Topic: Microsoft product activation fail

[hpe]

Dear all,

Considering http://no.longer.valid/mantis/bug_view_page.php?bug_id=0000036

I suggest to 'enable' discussion here, if everybody agree.

-Hervé

[RonM]

I tried this with MS Plus! Activation

SME Server (Mitel) 6.0 in Private Server and Gateway mode - P200, 32M

Client: WinXP SP1, PIV 2.4G 512M

Installed MS Plus!, OK, got
Activate Microsoft Plus! Digital Media Edition online

Status:initializing.....
Status:connecting .... (progress bar stalled app 30%)

Got: Cannot complete the Plus! activation dialog box
"Microsoft Plus! Product Activation was not able to activate (MPDME) for the following reason:
(MPDME) cannot be activated at this time because the MS Plus! Activation Wizard is unable to transmit information to the MS product activation service. Verify that your computer is connected to the internet, and try again."

Per MS Kbase, checked http://www.microsoft.com:80 and :443 - opened OK

Checked time on client and SME, try again - Same error

Using port forwarding panel:
forwarded TCP port 443 to client IP, try again, same error
forwarded TCP port 80 to client IP, try again, same error

removed forwards.

[RonM]

Saw your entry in Bug Tracker - sorry!

I ran into this:

http://www.ruwebit.net/article/77

can't tell if it'll help - would the RuweBit need to be recomplied for kernel 2.4.2018.7 ?

[RonM]

I tried disabling UPnP in WinXP SP1

first by going to
Start >> Control Panel
Add/Remove Pgms >> Add/Remove Windows components
Networking Services >> Details button

UPnP was not installed (the default)
I unchecked Internet Gateway Device Discovery and Control Client
Reboot

Activation still failed the same way

Then, per KB317843 (Traffic Is Sent After You Turn Off the SSDP Discover Service and Universal Plug and Play Device Host) I added the suggested registry key.

Activation still failed the same way

[trosenquist]

I have a feeling this problem is not related to Squid proxy or UPNP.  I would suggest it is the caching DNS server that is the problem.  The reason I say this is I recently completed an installation of SME server for a client initially using it in gateway mode.  That caused problems with Exchange web access so we disabled Squid.  Then there was the problem with Windows Activation so we switched the server to stand alone mode and installed a Linksys router but maintained the DHCP server on SME.

Finally we switched DHCP to the Linksys router and everything worked.  The only difference in the DHCP configuration that the clients were receiving was the SME caching DNS server verses the Linksys direct connect to ISP DNS server and no WINS.  I haven't had a chance to work on this anymore, but I'll post my findings when I do.

ttfn,
Tim Rosenquist
Rusalka Technologies

[mplinden]

I also feel it has to do with dns. I cannot use activate.microsoft.com or eopen.microsoft.com - after minutes timeout shows: The requested URL could not be retrieved.
I run SME6.0. Https-connections to other sites work fine!
Squid acces.log shows:
1082670267.001 119345 10.0.0.67 TCP_MISS/000 0 CONNECT eopen.microsoft.com:443 - NONE/- -
en then  ... nothing...
If I disable proxy in IE, I get page not found or DNS error

Hope this helps to find "the cure"
Maarten

[byte]

how about using this ? http://grc.com/unpnp/unpnp.htm

not sure as dont need to activate any products we still on older copies

[RonM]

how about using this ? http://grc.com/unpnp/unpnp.htm

not sure as dont need to activate any products we still on older copies

I tried this, but activation still failed the same way.

[rich visiting]

My £0.02 :-

Using e-smith's DHCP I am unable to activate. We use it in server-only mode behind a Smoothie.

Disable e-smith DHCP, enable Smoothie DHCP, reboot box = activation success.

Not sure why, but at least you don't have to spend 8 hours on the phone trying to dial through an activation.

Rich.

[RonM]

For what it's worth

In a so far unsuccessful attempt to find an external DNS Server that will answer queries from the likes of me (my ISP has it buried deep: looks like I'll have to follow their newbie DHCP instructions (without SME) and do an ipconfig), I ran across the info below.

I was trying to see if I could duplicate the results (without having another external DHCP server) reported above.

I'm posting this so some better-qualified folks can have a look. Unfortunately, in these latter days, you can't trust ICMP failures, but name resolution is more telling. It looks like djbdns (in SME) can't resolve dns5.one.microsoft.com but BIND 9 can.

Assuming this turns out to be true, what can be done about it? The issue may be djbdns's reliance on authoritative DNS servers, or some trivial misconfiguration by Microsoft. This may also not be enough by itself to fix product activation, looks like it needs to get a reply back to XP.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Contents (exerpt) of /var/log/dnscache/current (immediately after a failed product activation attempt - first one on a cpl weeks)

@4000000040a79ec91e1750d4 tx 3 1 dns5.one.microsoft.com. com. c036701e c00c5e1e c023331e c029a21e c01a5c1e c034b21e c01f501e c0304f1e c02a5d1e c0
05061e c0210e1e c02bac1e c037531e                                                                                                                
@4000000040a79ec92890e14c rr c036701e 172800 ns microsoft.com. dns1.cp.msft.net.                                                                
@4000000040a79ec9289146dc rr c036701e 172800 ns microsoft.com. dns1.dc.msft.net.                                                                
@4000000040a79ec928917d8c rr c036701e 172800 ns microsoft.com. dns1.sj.msft.net.                                                                
@4000000040a79ec92891b43c rr c036701e 172800 ns microsoft.com. dns1.tk.msft.net.                                                                
@4000000040a79ec92891eed4 rr c036701e 172800 ns microsoft.com. dns3.uk.msft.net.                                                                
@4000000040a79ec928922584 stats 13151 11873161 1 0                                                                                              
@4000000040a79ec928924c94 cached 1 dns1.cp.msft.net.                                                                                            
@4000000040a79ec928926fbc cached 1 dns1.dc.msft.net.                                                                                            
@4000000040a79ec928945804 cached 1 dns1.sj.msft.net.                                                                                            
@4000000040a79ec928947b2c cached 1 dns1.tk.msft.net.                                                                                            
@4000000040a79ec928949a6c cached 1 dns3.uk.msft.net.                                                                                            
@4000000040a79ec92894b9ac tx 3 1 dns5.one.microsoft.com. microsoft.com. d5c79097 cf2ef5e6 4136f8de 4004191e cf2e8a14                            
@4000000040a79ec932dec614 drop 13151 input/output error

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ping results for name on XP client through djbdns on SME

C:\Documents and Settings\RonM>ping -a -n 1 dns5.one.microsoft.com
Ping request could not find host dns5.one.microsoft.com. Please check the name and try again.

ping results for IP on XP client through djbdns on SME (Note: MS has not allowed ICMP packets back out since the ping o' death days)
C:\Documents and Settings\RonM>ping -a -n 1 207.46.243.150

Pinging 207.46.243.150 with 32 bytes of data:

Request timed out.

Ping statistics for 207.46.243.150:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ping results for name on different XP client using VPN into my work network (Last time I looked we were using BIND 9)
C:\Documents and Settings\rmcnew\Desktop>ping -a -n 1 dns5.one.microsoft.com

Pinging dns5.one.microsoft.com [207.46.243.150] with 32 bytes of data:

Request timed out.

Ping statistics for 207.46.243.150:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Output of dnstrace command on SME/djbdns:
dnstrace a dns5.one.microsoft.com 207.46.243.150 > dnstrace1

(contents of dnstrace1)
0:.:.:start:NS:.:.                                                                                                                              
0:.:.:start:A:.:207.46.243.150                                                                                                                  
1:dns5.one.microsoft.com:.:207.46.243.150:tx                                                                                                    
1:dns5.one.microsoft.com:.:207.46.243.150:ALERT:query failed; host unreachable

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
tracert results on XP client through SME/djbdns
C:\Documents and Settings\RonM>tracert 207.46.243.150

Tracing route to 207.46.243.150 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  pc-00010.eretech.local [192.168.0.10]
  2    13 ms    11 ms    11 ms  {my ISP (SBC) shell game)
  3    12 ms    13 ms    13 ms  {my ISP (SBC) shell game)
  4    13 ms    13 ms    12 ms  {my ISP (SBC) shell game)
  5    16 ms    16 ms    18 ms  {my ISP (SBC) shell game)
  6    17 ms    15 ms    17 ms  {my ISP (SBC) shell game)
  7    18 ms    18 ms    18 ms  {my ISP (SBC) shell game)
  8    16 ms    18 ms    17 ms  151.164.248.126
  9    18 ms    17 ms    17 ms  ten8-1.core2.sjc1.ntwk.msn.net [207.46.33.89]
 10    18 ms    18 ms    17 ms  pos5-0.core2.pao1.ntwk.msn.net [207.46.33.94]
 11    35 ms    34 ms    35 ms  pos2-0.core2.sea1.ntwk.msn.net [207.46.34.110]
 12    35 ms    34 ms    34 ms  pos1-0.iusnixcpxc1202.ntwk.msn.net [207.46.36.214]
 13    36 ms    36 ms    36 ms  pos1-0.iustixcpdc1202.ntwk.msn.net [207.46.155.13]
 14  iustsecurc1202-ge-6-0.msft.net [207.46.224.196]  reports: Destination net unreachable.

Trace complete.

I can't do tracert through VPN as my work network doesn't allow ICMP reply packets back in.

[CharlieBrady]

I'm posting this so some better-qualified folks can have a look. Unfortunately, in these latter days, you can't trust ICMP failures, but name resolution is more telling. It looks like djbdns (in SME) can't resolve dns5.one.microsoft.com but BIND 9 can.

Assuming this turns out to be true, what can be done about it? The issue may be djbdns's reliance on authoritative DNS servers, or some trivial misconfiguration by Microsoft. This may also not be enough by itself to fix product activation, looks like it needs to get a reply back to XP.

Good digging Ron. Please followup with this and other information in the bug tracker, rather than here. Otherwise it's likely to be lost.

dns5.one.microsoft.com being unresolvable and/or unreachable shouldn't be fatal for XP activation. DNS is designed to be resilient remember. It'd be useful for you to look earlier in your log files to try to find what name was being resolved to lead the way to one.microsoft.com (has an ominous "ring" to it, doesn't it?) nameservers.

[RonM]

Just an update in case you're not following the bug tracker

Charlie Brady found a problem at Microsoft's end.

The root cause is still being looked at, but David Bray posted a workaround:

In a terminal session, as root:
type:
echo 207.46.140.100 >/service/dnscache/root/servers/one.microsoft.com (in one line)
then:
svc -t /service/dnscache
then try to activate your product(s)

A cpl people have reported that it works. If you try it, please post the results, either here or there.

[smeghead]

... just my 2c worth ...

The 'fix' worked first time for me on a double NAT'd system with an Alcatel ADSL Modem, Netgear Prosafe Firewall, & SME6.

Since tried it on 4 other networks of varying configs, all with success.

Thanks to all who nutted this thing out and for the very simple workaround.

HTH

[lajgaard]

Can the fix be modified to work on other types of activations or update services?

I have a MSI motherboard, which comes with an update utility called "Live Monitor". When I try to scan for updates the utility fails. I seem to remember, that it has worked previously.

My thought was that the two problems might be related and wanted to test this out by modifying the fix. The problem is that I am not sure that I completely understand the different parts of the fix. However I assume that the first command is designed to add or change the setup for the program and the second part is fore activating the change. Can anyone supply me with a bit more detail?

/Carsten

[RonM]

The problem with MS product activation was that djbdns wasn't resolving the IP address of the system that product activation wanted to talk to. MS had misconfigured their DNS servers (the "other information" area in the dns query returns is changed all around now, so maybe its fixed), but also it seems that djbdns should have been able to figure it out anyway, as BIND could.

anyway, the first line preloads a DNS entry into the path where djbdns looks for preloads. You would need to substitute the IP address and one.microsoft.com with the IP and FQDN of a server that can resolve the address you need.

echo 207.46.140.100 >/service/dnscache/root/servers/one.microsoft.com (in one line)

you would need to find (if this is the problem) the entry djbdns is looking for, and the DNS servers its looking for it in /var/log/dnscache/current. In my case the first was a good dozen screens up from the second.

Then
svc -t /service/dnscache
clears the dns cache so djbdns will have to look for it again.

Good Luck!