Some Windows 7 admins recently started their days with a rude awakening. They arrived to find that many, in some cases thousands, of PCs were no longer activated. Quick sleuthing determined the problem was recent Windows updates, KB4480870 and KB4480960.
Thousands of Volume Licensed Machines Were Deactivated
As detailed by Mary Jo Foley and Günter Born, a Windows 7 admin arrived to find that thousands of machines had been deactivated and were displaying a “not genuine” error message. The problem appears to have started after installing KB971033 in a monthly roll-up.
These particular machines are KMS activated, a volume licensing option offered by Microsoft. KMS activation allows an admin to activate many PCs conveniently by having them check in with a local server for a valid volume license key.
After installing the update, a problem occurred when a Windows 7 PC checked into the KMS server. The server sent a blacklisted error instead of the usual response, and this resulted in a “not genuine” message. As pointed out by Born, KB971033 is designed to validate standard Windows licenses and likely never should have made it to KMS PCs in the first place.
Microsoft has since acknowledged the issue and reverted the change. It also offered guidance to determine if machines have the update installed, and how to remove and reactivate.
Remote Access is Broken for Some Local Users
Unfortunately, the trouble doesn’t stop there. At the same time Microsoft broke activation for legitimate PCs; it also broke remote access for Windows Server 2008 R2 and Windows 7 PCs. This issue is limited to remote connections from local users who are part of the local Administrators group. Domain accounts and local accounts that aren’t local Administrators are not affected.
Microsoft has acknowledged the problem, but is only offering the workaround, which is to use one of the above-unaffected accounts.
Once again, Microsoft has released patches and updates that have broken parts of Windows. Given how quickly one administrator found the source of the problem, it definitely seems like Microsoft should do more testing before releasing patches. Unfortunately, Microsoft continues to treat its users as testers, which is why you probably shouldn’t click the “Check for Updates” button.