Thursday, March 19, 2009

Windows Server 2008 Activation Nightmare

Piracy is a significant problem that persists worldwide. The Business Software Alliance and market research firm IDC reported in the Global Software Piracy Study[1] that 35% of the software installed in 2006 on personal computers (PCs) worldwide was obtained illegally, amounting to nearly $40 billion in global losses due to software piracy. Often, counterfeit copies are bundled with malicious, unwanted code that can lead to system crash, data loss, and even stolen identity, and are difficult to detect.[2]

Many consumers who end up with a counterfeit copy of Microsoft software are unwitting victims of a crime. They believe they purchased a properly licensed copy and often have documents to back this up, but their copy of Windows or Office is actually not properly licensed.

For these reasons, Microsoft continually invests in technologies and programs to protect its intellectual property, and to help protect its customers from the risks and the hidden costs of running counterfeit software. Throughout this document the term Windows is used to refer both Windows Vista and Windows Server 2008.

Windows Product Activation

All editions and distributions of Windows Vista and Windows Server 2008, including those obtained through a volume license program, are required to complete activation within the first 30 days of using Windows Vista or the first 60 days of using Windows Server 2008. Product activation establishes the relationship between the product key (obtained through appropriate licensing) and a copy of the software on a device to which the licensing rights are applied.[3] Completing the activation process allows a user continued access to full Windows functionality. After initial installation (or 30 or 60 days after installation depending on the operating system), product activation will be required.

Product activation uses several methods and technologies to help achieve Microsoft’s goals of protecting intellectual property rights by making it easy for users to comply with the terms of the EULA and reducing software piracy.

In order to help customers and partners better understand the technologies used by product activation, and their unobtrusive and anonymous nature, we will outline in this bulletin:

  1. How activation works for Windows acquired through:
    1. A computer manufacturer (Original Equipment Manufacturer, or OEM)
    2. A retail store (where customers buy “boxed” software product)
    3. A volume licensing agreement (customers who acquire their licenses through programs such as Microsoft Open, Enterprise, or Select licensing).
  2. How the hardware hash component of the installation ID is created and the scenarios in which a copy of Windows may have to be re-activated due to a substantial hardware modification.
A Note About Privacy

Protecting our customers’ privacy is very important to Microsoft. Product Activation is built with privacy in mind and is implemented in accordance with a clear privacy policy. Microsoft does not use any information collected through product activation to identify or contact customers.

Product Activation and volume licenses

Volume Activation 2.0 is a configurable solution that helps IT Pros automate and manage the product activation of systems licensed under volume licensing.  The benefits of Volume Activation 2.0 include transparent activation experience for the end-users, no need for handling product keys during installation, better protection and management of customer specific license keys, and avoid the risks associated with running non-genuine software.

Multiple activation options are available using two types of customer specific keys: Multiple Activation Key (MAK) and Key Management Service (KMS) key.  Multiple Activation Key as the name implies can be used on multiple systems to activate the corresponding system against Microsoft activation service by online, phone or proxy methods.  Volume Activation Management Tool (VAMT) available at enables proxy activation of systems using Multiple Activation Key. Key Management Service (KMS) enables organizations to perform local activations of systems in a managed environment without connecting them to Microsoft individually. A KMS key is used to enable the Key Management Service on a system controlled by an organization’s system administrator.

Product Activation and new pre-loaded Computers

The majority of customers acquire Windows with the purchase of a new computer, and most new computers pre-loaded with Windows will already be pre-activated. Microsoft provides OEMs with the ability to “pre-activate” Windows in the factory and estimates that upwards of 80% of all new PCs will be delivered to the customer pre-activated.

“Pre-activation” of Windows by the OEMs will be done in one of two different ways depending on the OEM’s own configuration options and choices. Some OEMs may protect Windows using a mechanism which locks the installation to OEM-specified BIOS information in the computer. This technology is an improvement over the existing technology used in Windows XP called “System Locked Pre-installation,” or SLP. The improved product activation technology used in Windows is called “OEM Activation 2.0,” or OA 2.0.

OEM Activation 2.0 uses information stored in an OEM computer’s BIOS and Hard Disk Drive (HDD) to protect the installation from casual piracy. No communication by the end customer to Microsoft is required and no hardware hash is created or necessary. At boot, Windows compares the computer’s BIOS to the OA 2.0 information on the HDD. If it matches, activation is successful.

Every single piece of hardware could be changed on a computer with OA 2.0 and no reactivation would be required – even the motherboard could be replaced as long as the replacement motherboard was original equipment manufactured by the OEM and retained the proper BIOS. In the unlikely scenario that the BIOS information does not match, the computer would need to be activated by contacting the Microsoft activation center and requesting activation with a customer support representative.

OEMs may also activate Windows by contacting Microsoft in the same way the consumer would activate. Activation done in this way is the same as activating a retail boxed version of Windows. This is discussed in more detail below.

For OEMs who do not employ either of the above two methods of pre-activation, a new computer acquired with Windows Vista or Windows Server 2008 preinstalled must be activated by the customer. This activation is completed in the exact same way as would someone who acquired Windows Vista or Windows Server 2008 by purchasing a boxed version at a retailer.

Product Activation and retail boxed software product

Product Activation can be done in two ways; Phone activation and Online Activation.

Phone activation relies on the submission of the Installation ID. The Installation ID is specifically designed to guarantee anonymity and is only used by Microsoft to deter piracy. The Installation ID is comprised of two different pieces of information – the product ID and a short hardware hash value (a hash value is a digital fingerprint of the data that is derived through a mathematical formula, or hash function). The product ID is unique to the installation of Windows and is created from the product key used during installation. Each product key delivered with retail boxed software is unique, and the product ID it creates is unique. Microsoft uses the product ID for product activation. The product ID can be found by viewing the Properties of My Computer (an example of a product ID is 12345-123-1234567-12345).

The short hardware hash value is an eight byte value that is created by running ten different pieces of information from the computer’s hardware components through a one-way mathematical transformation This means that the resultant hash value cannot be backwards calculated to determine the original values. Further, only a portion of the resulting hash value is used in the hardware hash in order to ensure complete anonymity.

Example: A processor serial number is 96 bits in length. When hashed, the resultant one-way hash is 128 bits in length. Microsoft uses only six bits from that resultant hash in activation’s hardware hash. Due to the nature of the hashing algorithm, those six bits cannot be backwards calculated to determine anything at all about the original processor serial number.

Moreover, six bits represent 64 (2^6) different values. There were over 100 million PCs sold last year worldwide. From those 100 million PCs sold, only 64 different hardware hash values could be created as part of activation.

Microsoft developed the hardware hash in this way in order to maintain the user’s privacy.

Additionally, whether or not the PC can be put into a docking station or accepts PCMCIA cards is also determined (the possibility of a docking station or PCMCIA cards existing means that hardware may disappear or seem changed when those devices are not present). Finally, the hardware hash algorithm has a version number. Together with the general nature of the other values used, two different PCs could actually create the same hardware hash. The different hardware values used to create the hash are outlined in the table below:

Table 1: Hardware hash component values (phone activation)

Component Name

Example Hash

Value (#of bits)


000000 (6)

RemovablePolicy (One bit per component; Network Card, CD-ROM, Audio, SCSI, and IDE Adapter)

11111 (5)

Network Adapter MAC Address

1001011000 (10)


0101111 (7)

IDE Adapter

0011 (4)

Audio Adapter

100100 (6)

Physical OS Drive Serial

1101100 (7)

SCSI Adapter

00011 (5)

Display Adapter

00010 (5)

Processor Type

011 (3)

RAM Amount Range (i.e. 0-512mb, 512mb - 1 GB, etc)

101 (3)

“Dockable” flag

011 (3)

The product ID (nine bytes) and hardware hash (eight bytes) are used by Microsoft to process the phone activation request.

Online activation over the internet can be accomplished automatically or manually. During setup the user can select automatic activation, which will result in automatic activation three days after running setup. If the user chooses manual activation, then at some point over the next 30 or 60 days depending on the operating system, the user will need to activate their system by either responding to one of the activation prompts or by invoking the product activation wizard. The product ID information sent to the server is the same as in Phone Activation. But the hardware ID sent during online activation is different. Microsoft collects 2 bytes of hash information from all the hardware instances that are in the table above. Again these 2 bytes of information will not uniquely identify a customer. It is to differentiate between different hardware devices. These two values (product ID and hardware ID (long) are sent along with request header information directly through secure sockets (SSL in HTTP) to the Microsoft activation system in a binary format. There are three communications made to complete Internet activation:

  1. Handshake request: Contains product ID, hardware hash, and request header data such as request ID (for linking the handshake, request, and acknowledgement) and activation technology version. 262 bytes total.
  2. License request: Contains product ID, hardware hash, and customer data structure for holding voluntary registration information if provided. If registration is skipped, this structure is empty. Also contains request header data such as request ID and the PKCS10 digital certificate request structure. The PKCS10 structure can vary slightly based on the inclusion of voluntary registration information; about 2763 to 3000 bytes total.
  3. Acknowledgement request Contains certificate ID (returned to user’s machine after license request), issue date, and error code. 126 bytes total.

If Internet activation is successful, the activation confirmation is sent directly back to the user’s computer as a digital certificate. This certificate is digitally signed by Microsoft so that it cannot be altered or counterfeited. The confirmation packet returned as part of Internet activation is approximately 9 kbytes in size (the digital certificate chain accounts for most of the confirmation data packet size).

If activation is done by telephoning a customer service representative, the product ID and short hardware hash are automatically displayed to the user as the Installation ID; a 50 digit decimal representation. The data is encoded and has check digits so that it cannot be altered. Telephone activation is a four step process:

  1. Selecting the country from which the call is being made so that an appropriate phone number can be shown in the product UI.
  2. Dialing the phone number
  3. Providing the Installation ID to the customer service representative
  4. Entering the Confirmation ID provided by the customer service representative.

The confirmation ID is a 42-digit integer containing the activation key and check digits that aid in error handling. Both the installation ID and confirmation ID are displayed to the user in easily understandable segments in the product UI.

Impact of Hardware Modifications to Activation

At each login, Windows Vista or Windows Server 2008 checks to see that it is running on the same or similar hardware that it was activated on. If it detects that the hardware is “substantially different”, reactivation is required. This check is performed after the OA 2.0 BIOS check discussed above, if the OA 2.0 BIOS check fails. This means that if your computer is pre-activated in the factory using the OA 2.0 pre-activation method, all the components in the computer could be swapped, including the motherboard, so long as the replacement motherboard was genuine and from the OEM with the proper BIOS.

The retail activation hardware check is accomplished by assigning each of the ten hardware elements a weighting factor. The sum of the weighting factors for the unchanged elements must exceed a threshold, otherwise reactivation is required. Microsoft changes the ten weighting factors and threshold value on its product activation servers periodically based on product activation and product support data. These changes on the activation server only impact online activation. Phone activation is still controlled by the weighting factors and threshold values maintained in the Windows client code. For example, the weighting factor for the HDD on Windows XP required the end user to reactivate whenever the HDD was replaced. Product support data showed that many of these reactivations were due to failed hard drives or user initiated upgrade to a higher capacity hard drive. Prior to Windows Vista consumer launch, the HDD weighting factor on the activation servers was reduced slightly to allow the end user to replace the HDD without requiring reactivation.

The actual weighting factors and threshold value are not published by Microsoft, since computer hardware is constantly evolving and real life data is utilized to adjust these values for the best user experience possible, but at the same time protecting Microsoft’s intellectual property by reducing piracy.

Installations of Windows Vista or Windows Server 2008 using Volume Activation are now subject to reactivation if the hardware changes. MAK activation utilizes the same reactivation rules as retail activation. KMS activation only requires reactivation if the HDD has changed.

Scenario A:

Computer One has the full assortment of hardware components listed in Table 1 above. User swaps the CPU chip for an upgraded one, swaps the video adapter, adds a second hard drive for additional storage, doubles the amount of RAM, and swaps the CD ROM drive for a faster one.

Result: Reactivation is NOT required.

Scenario B:

Computer Two has the full assortment of hardware components listed in Table 1 above. The HDD fails and the user replaces the failed drive with a new HDD. The user loads the new HDD from a backup or from the original installation media.

Result: Reactivation is NOT required.

Scenario C:

Computer Three has the full assortment of hardware components listed in Table 1 above. The motherboard fails, and the user is forced to replace the failed motherboard with a new one.

Result: Reactivation is required. Why? Changing the motherboard results in a hardware configuration that is substantially different, since several of the ten hardware elements change when installing a new motherboard.

The change of a single component multiple times (e.g. from video adapter A to video adapter B to video adapter C) is treated as a single change. The addition of components to a computer, such as adding a second hard drive which did not exist during the original activation, would not trigger the need for a reactivation nor would the modification of a component not listed in the above table. Reinstallation of Windows Vista or Windows Server 2008 on the same or similar hardware and a subsequent reactivation can be accomplished five times.


Software piracy is a persistent and evolving crime. Each year, the software industry, businesses, and consumers are harmed by counterfeit software. Microsoft has increased its investments to address this challenge and help to protect businesses and consumers from the risks of counterfeit and unlicensed software. With Windows Vista and Windows Server 2008, a markedly different experience is offered as these operating systems are the first products from Microsoft to take advantage of the Software Protection Platform, an innovative platform from Microsoft that strengthens anti-piracy technologies to help better protect customers and improve the overall licensing experience.

Microsoft is strengthening its commitment to make progress against software piracy with technologies to identify counterfeit software built right in to new software products.  Windows Vista and Windows Server 2008 have new built-in anti-piracy technologies making it more difficult to pirate, providing a superior experience for customers who do pay, and creating consequences for those who pirate – including diminished functionality if the software is detected to have been tampered with or is counterfeit. A key goal is to maintain a great experience for our customers using genuine software. Another important goal is fairness; we have taken steps to make it easy and convenient for victims of counterfeit to obtain a genuine copy. All in all, Microsoft would like customers to expect fairness, great service, and a positive experience in the implementation of our anti-piracy measures.

[1] See a study of the piracy summary at

[2] See a summary or access the complete the white paper at

[3] Learn more about volume activation at

No comments:

Windows 2008 Resources and Development

Windows 2008 Resources and Development
Windows 2008