All Products
Search
Document Center

Failed to activate the Windows ECS instance

Last Updated: Apr 21, 2022

Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make a guarantee in any form of the performance and reliability of the third-party products, and potential impacts of operations on these products.

Overview

This topic describes how to handle activation failures of ECS instances in Windows.

Description

Take note of the following items:

  • Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
  • Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
  • If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.

By default, an activation script is configured for a Windows ECS instance. Normally, the instance can communicate with the KMS server to activate the system. However, sometimes it cannot be activated for some reasons. The following lists some common situations and solutions for activation failures.

Note:

  • Registry modification requires a certain understanding of the Windows operating system. To avoid system problems or data loss caused by registry misoperations, you must create snapshots of the system disk and data disk before modifying the registry.
  • This topic is for reference only when you use an ECS instance for Windows. The Microsoft official link quoted in this topic is copyrighted by Microsoft. Please note the scope of the operating system to which the article is applicable, as well as the problems that may be caused by the iteration of Microsoft Windows products or the failure to update the documentation in a timely manner. Alibaba Cloud officials are not responsible for the content of the Microsoft official link cited.
  • KMS domain name and how to use KMS domain name to activate the system. For more information, see Use KMS domain name to activate a Windows instance in a VPC.

Software Protection exception causes activation failure

Error description

The following error occurs when you use the slmgr -ato command to activate a Windows system.

Run "slui.exe 0x2a 0x80070002" to display the error text. 

If an output similar to the following one is returned, one of the solutions is applicable to your system kernel version:

Troubleshoot the issue

The system activation is affected if Software Protection is not enabled.

Solution

  1. Remotely log on to the ECS instance of the Windows system. For more information, see Connect to a Windows instance.
  2. Click the Server Manager icon in the lower-left corner and choose Tools > Services. Locate and double-click the Software Protection.
  3. In the dialog box that appears, select Start.

    Note: If the Software Protection service starts abnormally or the service is lost during startup, use the following method to rebuild the Software Protection service:

    1. Run the regedit command to open the registry, locate the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sppsvc, right-click and select Export to back up the current file to the C:\sppsvc_bak.reg.
    1. Use the preceding method on a normal ECS instance of the same version to export the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sppsvc as "sppsvc_good.reg".
    1. Copy the sppsvc_good.reg file obtained in the previous step to the problem machine, and then double-click the file. When the system prompts you whether to import the registry, click Yes. After that, there will be a prompt stating that the registry has been successfully imported. Start the service and try to activate it again.
    2. If it fails, double-click the previously backed-up C:\sppsvc_bak.reg file back to the system.

Network exception causes activation failure

Error description

A prompt "Windows is not genuine" appears in the lower right corner of the desktop. The following error message appears when you manually activate a Windows instance in a VPC based on How to use a KMS domain name to activate a Windows instance in a VPC.

0xC004F074 Software Licensing Service reports that the computer cannot be activated, Key Management Service (KMS) is not available. 

The system display is similar to the following.

Troubleshoot the issue

This error is usually caused by a network problem between the server and KMS, which causes the server to be unable to communicate with KMS. The network problem may be caused by the system firewall, IP security policy, or other network security management software blocking the communication between the server and the ECS activation server in the ECS instance of the Windows system.

Note: The ECS activation server uses the kms.cloud.aliyuncs.com domain name, TCP protocol, and port 1688.

Solution

  1. Check whether the system firewall intercepts the kms.cloud.aliyuncs.com 1688 TCP ports. If your firewall is configured with inbound and outbound rules that block 1688 TCP ports, right-click and select Delete Rule. For more information about how to view inbound and outbound rules, see Add a port rule in Configure a remote connection firewall for a Windows instance.
  1. Check whether an IP security policy is configured to block access to kms.cloud.aliyuncs.com resolved IP addresses. Run the ping kms.cloud.aliyuncs.com command to confirm that you can ping the IP address. Then, check whether the IP address is blocked in the IP address security policy. If a policy exists, delete the policy. View the IP address security policy. For more information, see Check whether an IP address security policy is configured in General troubleshooting methods for server ping.
  1. Check whether other security software has intercepted access to the kms.cloud.aliyuncs.com 1688 TCP port.
  1. Run the route print command to check whether the internal route of the server is normal. If the internal route is missing, manually add it.
  2. After completing the troubleshooting in the above four steps, run the telnet kms.cloud.aliyuncs.com command in the instance and activate the instance after success.

Server clock out-of-sync causes activation to fail

Troubleshoot the issue

The clock of the server must be the same as that of the KMS server. If the clock deviation occurs, the activation will fail.

Solution

You can check whether the current system time is normal in the lower-right corner of the system desktop. If you confirm that there is a significant deviation in the system time, you can manually modify the system time configuration in the lower-right corner of the system desktop. You can also run the following command to synchronize the clock and then activate the clock after the synchronization is complete.

net start W32Time
w32tm /resync

The following command output is returned.

The activation fails due to full disk space.

Error description

When trying to activate, the prompt "product not found".

Troubleshoot the issue

This error may occur because the system disk space of the server is full, resulting in insufficient space for activation.

Solution

Clean the release disk space of the C disk and manually activate it again.

Incorrect activation code causes activation to fail

Error description

When activating, an error is reported with the error code "C004F015".

Troubleshoot the issue

This situation may be due to the activation code used by the system does not match the version of the system, which is generally caused by human activation and modification.

Solution

  1. See Microsoft official information to query activation code based on the actual version of the operating system.
  2. Execute the slmgr /ipk [$Setup_Key] to replace the matching activation code, and then execute the slmgr -ato command to activate the system.
    Note :[$Setup_Key] is the system activation code.

Applicable scope

  • ECS