Weird problem after Win 10 update

[mdownes]

Hi all,
One client, a school, has 50 PCs of a particular make/model running Windows 10 Pro, which an MS refurbisher supplied. All were switched off for about 10 weeks over summer. For some reason, after being switched back on in the last week, 14 of them underwent the following changes within a few days of each other:

1. Windows seems reinstalled (Windows.old folder now exists on c:\)
2. Hostname changed to the form WIN-[random_characters] also many other settings are now default
3. Windows no longer activated and trying to activate yields this error:
"We can't activate windows on this device because we can't connect to your organisation's activation server. make sure that you're connected to your organisation's network and try again. etc, etc. Error code: 0xC004F074"
4. PCs can no longer log onto domain
5. All have the update KB4021572 installed on the same date that windows.old directory was created. I've checked two PCs unaffected by this issue, and they don't have that update. I understand this update has been problematic but I can't find anyone else for whom it's caused these symptoms.

It looks as though someone reverted to a restore point, but if I try access system restore, it's turned off on some PCs and on others, the only available point is one after the windows.old folder was created. Also, as far as I know, nobody was around to do that. There's nothing in the event viewer before this 'big bang' moment.

Can anyone shed any light on this?
Thanks in advance

 

[Porthos]

1. Windows seems reinstalled (Windows.old folder now exists on c:\)

The were upgraded to 1703 "Creators Update" and the end user did not know what to answer if they were on a domain.

3. Windows no longer activated and trying to activate yields this error:
"We can't activate windows on this device because we can't connect to your organisation's activation server. make sure that you're connected to your organisation's network and try again. etc, etc. Error code: 0xC004F074"

Were these on a domain? Refurbisher licensces are not Volume so I am at a loss.

Did you supply and set these up in the first place?

 

[mdownes]

Yes - they were on a domain. I didn't supply them, they were supplied by well-established refurbisher who has supplied most of the school's PCs. Although I did configure them.

I haven't actually been onsite yet - heading there soon. ICT teacher swears there's been no user interaction, but there must have been. Thanks for your input.

 

[G8racingfool]

It could be the Creators Update but it seems more like somebody used the "reset this PC" option. Either that or it was the CU and it completely hosed the installation.

Since you have the Windows.old directory you can go back (just create a new directory called "Windows.bad" and put all of the folders in C:\ that match the folders in Windows.old into that Windows.bad directory, then copy the folders in Windows.old to C:\. This will obviously need to be done offline.) And you should be able to either get back to operating capability or at least find out what was going on before the update/reset.

 

[phaZed]

"We can't activate windows on this device because we can't connect to your organisation's activation server. make sure that you're connected to your organisation's network and try again. etc, etc. Error code: 0xC004F074"

This is your problem, right here. Looks like those installs of 10 Pro were MAK/KMS volume activated. If it is AD based activation then the Domain IT should be able to fix it up. MAK/KMS/AD will not modify the BIOS key system so upon re-install, Windows will be unlicensed.
https://docs.microsoft.com/en-us/wi...-activation/plan-for-volume-activation-client

With MS's 3-tiered "ring" rollouts it somewhat makes sense only a few are affected, as seen here:

So, roughly 25% of those Domain computers got hit with the Pilot ring or 1st stage broad deployment, it seems to me.

In all sincerity, this problem could be avoided and should be the job of the Domain administrator to limit these updates via GP.

 

[mdownes]

So it looks like MS decided to offer the CU to the teachers without any need for admin rights. Half of them went for it and I've recreated what happens. PC reboots with a randomised hostname and you can't log onto the domain. If you log on with a local admin a/c and then reboot, it comes back up again and in most cases, regains it's hostname and you can log in as normal. But there are some settings you need to re-enter - most notably power saving (since I'm remote, I need to get to it within 30 minutes or it's dead). There may well be other settings, but they're not apparent yet. Total pain. Since I now know what happens, I'm manually updating all of them so we can put this nasty business behind us. Screenconnect command interface is taking some of the sting out of it...

 

[mdownes]

In all sincerity, this problem could be avoided and should be the job of the Domain administrator to limit these updates via GP.

I have been advising things like WSUS for ages - it's difficult to get them to agree to invest in anything other than hardware that they can see and touch. As far as I'm aware, without WSUS, I could only have delayed this update (they don't have a fulltime IT person).

 

[phaZed]

I have been advising things like WSUS for ages - it's difficult to get them to agree to invest in anything other than hardware that they can see and touch. As far as I'm aware, without WSUS, I could only have delayed this update (they don't have a fulltime IT person).

I hear ya, problem of the ages.

You are correct, in theory, delaying the update should push said computer into the 'last' ring of the rollout. The good thing about the last ring is that all of the guinea pig problems should be sorted.

 

[mdownes]

I hear ya, problem of the ages.

You are correct, in theory, delaying the update should push said computer into the 'last' ring of the rollout. The good thing about the last ring is that all of the guinea pig problems should be sorted.

So it is worthwhile delaying - hadn't realised that. Cheers.