Windows Activation trips up virtual machine clones, even on same system

Windows Activation trips up virtual machine clones, even on same system

Summary: This blog entry is simply to clear things up regarding virtual machine software (like VMware), the way it can make clones of existing virtual machines, and what if any impact such cloning has when it involves software that requires some form of online activation like Microsoft's operating system and Office software do.

SHARE:

This blog entry is simply to clear things up regarding virtual machine software (like VMware), the way it can make clones of existing virtual machines, and what if any impact such cloning has when it involves software that requires some form of online activation like Microsoft's operating system and Office software do. The reason I'm writing this is that, going back to my last blog entry regarding VMware Workstation 6 (the latest release of VMware Workstation), the TalkBack's disputed my assertion that moving a virtual machine that has Windows as its operating system from one system could be a jarring enough of a hardware change that it would "invariably awaken the licensing Gods at Microsoft."

I probably wasn't clear regarding the scenarios I had in mind and thus some (but not much confusion). First, a quick bit on how virtual machine software works (in case you're new to this). Virtualization products like VMware Workstation and Microsoft's Virtual PC can, with software alone, emulate the hardware of an Intel-based PC (other hardware too, but we'll focus on Intel-based PCs). In other words, you can use VMware Workstation to create a software-based instance of an Intel-based PC (which is why they call it "virtual") and then you can treat that instance or "virtual machine" (VM) as though it were a real hardware-based PC or "real machine". You can install an Intel-compatible operating system on it (like Windows XP, Windows Vista, Linux, etc.) and then install applications on top of that just as you would if the operating system was installed on actual PC, or, on what the virtual machine folks refer to as "bare metal."

There are many benefits of running in VMs vs. on bare metal. I won't go into them here. That's not the purpose of this post. Given the way VMs involve the idea of software pretending to be hardware, it should come as no suprise to you that when you create a virtual machine (for example, one that runs a copy of Windows XP or Windows Vista), the whole enchilada is stored in just a handful of files that live on the hard disk of your computer. The fact that an entire VM is stored in a handful of files means something else: they're easily copied and/or cloned.

In my last post -- the one that may have caused some confusion -- I talked about how the act of copying a Windows virtual machine from one computer to another might awaken the licensing Gods at Microsoft. What did I mean? Under the guise of Microsoft's Windows Genuine Advantage (WGA) program, Windows includes an anti-piracy technology that prevents software pirates from installing one copy of Windows on many computers. Each computer must have it's own license and to make sure that each unique copy of Windows is somehow married to a unique computer, WGA tries to establish a unique signature or thumbprint for your computer that's based on its hardware configuration. While Microsoft's will talk in generalities about how its fingerprinting algorithm works, the actual code is a secret. Even the folks at VMware -- a company whose solutions are impacted by Microsoft's anti-piracy policies -- aren't exactly sure how it works (and they've studied it).

Attempts to install or even run an already-activated copy of Windows on a computer other than the one it was originally married to should, if Microsoft's Windows Genuine Advantage software is working properly, be met by a dialog like the one below (generated by Vista).

windows vista activation screen

So, will copying a VM from one physical computer to another wake up the Microsoft licensing Gods? And, why would you do such a thing? One reason I like to have this option at my disposal is that I beat up my notebook computers pretty badly. Over the years, most of my notebook PCs have had to go in for one repair or another. This is bad news if everything you need (your data, applications, bookmarks, etc.) is on a notebook that has to be sent back for repairs. Unless of course all of your software and information is loaded into a VM rather than into the operating system that was installed on the bare metal. In that case, you get to experience one of the chief benefits of VMs: you can just move them (copy the files) to another computer.

In the case of VMware, you don't even need a full-blown copy of VMware on the other PC to open up those files and start the virtual machine. You just need VMware's virtual machine "player" -- a virtual machine runtime that's freely downloadable from VMware's Web site.

But the question is, in the process of copying a virtual machine from one PC (maybe a busted one) to another, will Microsoft's WGA program detect a change in the underlying hardware and assume that you're a pirate making an illegal copy? In my previous attempts at doing this, when I moved a VM between an Intel-based notebook and an AMD-based notebook, I totally sprung the WGA trap. Hold that thought.

There's another way to copy a VM that's literally called "cloning." Using VMware Workstation's menus, you can select an existing virtual machine and clone it. What's the difference between cloning and copying? I asked VMware about this. The differences are subtle, but important in the context of awakening the licensing Gods at Microsoft.

When you clone a virtual machine, it asks you what to name the new VM and then it makes all of the necessary changes to all of the filenames. When you copy a VM, all of that information (filenames, directories, etc.) stay exactly the same. But something else happens when you clone an VM that doesn't happen when you copy it. Since VMs are completely software-based versions of an Intel-based PC, they also include a virtual networking interface that, like real PCs, has a unique MAC address (the unique address that helps networks tell network attached device apart from another). When you clone a PC, the clone gets a new MAC address. When you copy a virtual machine, nothing changes.

activatenow01.jpgAlthough no one outside of Microsoft knows Microsoft's formula for fingerprinting hardware to the point that, if the fingerprint changes, the licensing Gods are awakened, the folks at VMware are pretty sure that changes to the MAC address are a red flag. That corresponds directly to the experience I had with a clone of one of my Vista-based VMs. Even though I was running the clone on the very same system (no hardware changes to theoretically awaken the licensing Gods) that the original VM (from which the clone was cloned) was running on, I received an activation warning (pictured, above left) anyway.

But, since copying the original VM to another computer and running it on that computer with VMware's free player, I have yet to see any signs of the activation Gods at Microsoft. That said, there is something interesting that happens when you move an existing VMware-based VM from one computer to another. The first time you try to run that VM, it detects that the VM was moved and asks if you want to keep it associated with VMware's unique identifier (known as the UUID) for that virtual machine, or if you want to create one. According to VMware, if you create a new UUID, that will trigger a change to the MAC address which in turn could awaken the licensing Gods at Microsoft.

It's complicated stuff. But it's important to know if you're working with virtual machines and you want to walk delicately around Microsoft's anti-piracy technology.

Topics: VMware, Hardware, Software, Virtualization, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

38 comments
Log in or register to join the discussion
  • Productivity reductions attributable to Microsoft

    If somebody sat down and added up all the productivity hits caused by Microsoft, it would amount to BILLIONS of dollars per year just in the US alone. I can't tell you how many hundreds of man-hours my company loses every year because of Windows Activation problems, Licensing issues, and general fumbling because of Windows software quality issues.

    Somebody told me it would take a billion dollars to create a new PC operating system to compete and beat Windows. My only question is: So?

    The government dumps that kind of money down the Iraq drain every WEEK. Why can't they take a week off over there, funnel the money into developing a good OPEN STANDARD PC OS, and then publishing the standard? It would be the most massive booster to public productivity since the Eisenhower's Interstate Highway system project.

    I know this has little to do with VMs, but the fact that every single innovation on the PC platform (VMs, dual cores, dual boot, you name it) runs into this kind of haywire problem is a sign that things have gone seriously wrong in this industry.
    terry flores
  • Very interesting ...

    So no cloning or accepting a new UUID if you want to move the VM image to another machine without any hassles. As far as the machine identifiers for Microsoft I was under the impression that it was a combination of the processor, hard drive, and OS serial numbers. Well maybe that was for their DRM instead, I really can't recall. :)
    MisterMiester
  • Is that the right question?

    Is it more important to avoid the WGA tripwire or to comply with the terms of the EULA that you agreed to?

    That's a personal question, but I will note that my own excursion into [i]software libre[/i] was in part driven by an ethical insistence on complying with both copyright law and the terms of any licenses I agreed to (no matter the questionable validity of such coerced "agreement.")

    Those with tender sensibilities will be reluctant to propagate infringing copies regardless of whether the "WGA gods" are invoked.
    Yagotta B. Kidding
    • WGA sometimes more restrictive than EULA

      Avoiding the "WGA gods" isn't necessarily a violation of the EULA. If you have a full retail license, you should be able to move it between machines whether you copy it or clone it. If you have an OEM license, it would forever be tied to the original PC whether it is installed as a host or guest.

      Presumably, Vista Ultimate can be installed as both a host and a guest. It would be interesting to see how WGA handles that. It would also be interesting to know if the guest version could be run on a PC other than the one the host is on.

      If only Microsoft would tell you up front, what it's going to cost to do what you want to do.
      kmatzen@...
    • False dichotomy.

      <i>Is it more important to avoid the WGA tripwire or to comply with the terms of the EULA that you agreed to?</i>

      Since you can invoke the WGA tripwire without violating the terms of the EULA, that's a false dichotomy. Knowing how to avoid the WGA tripwire is worthwhile in its own right.

      The idea that changing the MAC address of a computer would be considered a change in the computer is ludicrous. I've got more than one computer where the MAC address is changed on a regular basis, simply because they don't have ethernet on the motherboard.

      I agree with you that simply not buying any version of Windows that includes WGA is the rational response.
      Resuna
    • Not piracy question

      I know your comment is well-intended as a statement about 'getting around' the DRM, but that's actually not the reason why people are having this issue. OS licensing in a virtual environment is different than licensing on bare metal, yet their activation model (even in a multi-key or KMS environment) is not VMWare-friendly. It's possible they did this on purpose to frustrate VMWare users. You can indeed clone machines on the same host within your license, depending on ENT vs DC version.

      The fix? Simply change the UUID of the clone to match the original before you turn on the clone and it avoid the forced deactivation. It's not a HW change that triggers MS OS doing this. So it's fairly disingenuous on MS' part.
      Agnt Duke
  • Use the right OS for the job

    If you need 3 virtual Windows machines, you need to be prepared to pay for 3 licenses. This makes sense.

    If you don't like it, you have 3 options:
    1. Use Windows but choose not to create virtual images... your choice.

    2. Use Linux and make as many virtual images as you want... your choice.

    3. Use OSX and you can't create any virtual images due to OSX's [url=http://www.masternewmedia.org/news/2006/04/05/mac_security_the_evil_drm.htm] build in DRM [/url] ... Jobs' choice.

    I'll take #2 please!
    NonZealot
    • False trichotomy

      [i]If you need 3 virtual Windows machines, you need to be prepared to pay for 3 licenses. This makes sense.

      If you don't like it, you have 3 options:
      1. Use Windows but choose not to create virtual images... your choice.[/i]

      Or pirate the copies. It's an alternative, even if it has disadvantages.
      Yagotta B. Kidding
      • Is it really

        a case of piracy, if you are running more than instance on the same machine that the license was for? If it is (by MS logic) then it is definitely time to opt out of their vision of correct use of their products.

        Whatever happened to the simple model of 'run on only one machine at a time' - which is what actually makes sense?
        Freebird54
        • Sorry

          But if you look at their EULA, every "machine" (virtual or real) takes up a license. If that wasn't the case, I can run a VMware ESX host with 30 Windows guests and only pay for one license. That has never been the case even in the area of remote access where you pay for RDP licenses even if you are running CITRIX. Suppose we are running a VMware company where all machines (desktops) are virtual. Let's say 20,000 employees. Does that mean you can get away with a single Windows 7 license for the whole company? I doubt Microsoft (or anyone else) will let you get away with that.
          hforman@...
    • Not suggesting EULA violations

      I was offering a clarification to my last blog where MisterMiester mentioned that I had my facts regarding VMs and activation wrong. The bottom line appears to be that you can copy a VM without tripping WGA. But you can't clone a VM.

      Regarding licensing in general, I think activation is a rathole that will get software companies in trouble. Microsoft, for example, needs to understand why customers might have an interest in desktop virtualization and realize it's not about trying to pirate Windows, but rather, about getting the most out of a desktop computing experience. If I think virtualization is the best way to get the most out of my desktop/notebook (including the ability to quickly recover from a failure, one of the chief benefits), does a restrictive licensing policy make sense? Isn't the point of the OS to get the most out of a system?

      My interest in cloning/copying has nothing to do with wanting to run multiple copies of an OS. It has to do with partitioning my applications and network flows.

      db
      dberlind
      • Both of you must be unhappy

        The question is - how many people need to worry about virtualisation, besides those people doing reviews and tests? Even allowing for those people who may have legitimate security reasons for virtualisation it's a vanishingly small part of the user market.
        TonyMcS
        • Vanishingly small?

          I'd argue that it's a nascent market on the verge of a growth spurt. Or at least it should be. The advantages when it comes to virtualization are not just for security (although that is a clear benefit). My prediction? Today, I like to partition my apps for a variety of reasons. One of them is that I maintain separate accounts with the same online Web sites... accounts that I might want to have open simultaneously. For example, I have my family set up for Google Apps, and then I have my small business setup for Google Apps. Today, maintaining two separate identities with the same service (for legitimate reasons) is doesn't work well. Everything from the browser autocompleting certain fields to the confusion if you try to maintain open connections to the service under both identities at the same time. The easiest way to overcome the problem is to artificially partition the instances by using different browsers for each (IE for one, Firefox for the other). Or, you can use virtual machines. Same goes for other identity related services. For example, instant messaging. The benefits of virtualization are so many and the hardware vendors (Intel and AMD) are forging ahead so fast in that space, that I disagree with the adjective "vanishingly." I think the problems will be resolved with a "meeting" in the middle. With the help of hardware, I think we will one day see fully virtualized versions of the operating systms. What I mean by this is that they'll have virtualization baked in and you'll be able to launch applications from within partitions that are essentially VMs, but that don't require a completely separate instance of the OS. And you'll be able to virtualize the network interface in a way that allows you to redirect traffic on a per partition basis.

          It's a guess, but a logical one, I think.

          db
          dberlind
          • Big Iron?

            That description sounds suspiciously like a mainframe. If I remember right, that usually requires a small army (OK, just a brigade), of Ph.D endowed honchos, just to keep it happy. Heaven help "Tech Support" when that finally becomes a consumer scenario.

            On the other hand, one must always be careful of predicting technical issues based on current technology. A quintessential example would be the 19th century pediction that London, England would not exist by 1910, as it would be buried under a pile of horse manure. Well, along came the automobile to put the kibosh on that prediction!
            Yamust B. Kiddingme
        • Businesses with legacy software

          worry about virtualization. However the nice thing is that with legacy Windows operating systems (except XP, which our dear friend Mike Cox assures us now qualifies as legacy;)) is that you don't need to worry about activation.
          Michael Kelly
        • I think you show

          vanishingly small understanding of the benefits of virtualization! One the neat things you can do with it is to install Vista to a virtual machine environment that actually has all the drivers you need (despite the existence of hardware on the physical machine that does NOT have 'matching' drivers for Vista).

          Another use is for earler versions of the software to run simultaneously, so as to run legacy apps on your new machine. Yet another is to run considerably customized environments for certain apps that are not compatible with each other.

          Another is for development work - you can run different environments as test beds for your project. Sure it should work - but how much nicer it is to KNOW it works!

          Greater security/recoverability are just bonuses.
          Freebird54
    • Know what you talk about...

      As apparently you don't.

      <b>3. Use OSX and you can't create any virtual images due to OSX's build in DRM ... Jobs' choice.</b>

      Your link about some kind of built in DRM is quite questionable.. even the writer of that says "It's simple: it is not clear whether the newMacs with the Intel chip inside that are now on sale do have a TPM chip installed in them or not. And I am not likely to buy a Mac (indeed, I would not even buy a toaster) if it contains a spy chip whose operations I cannot control."

      Come on.. Don't know.. not gonna buy and find out.. it might have something bad .. IT'S GOT TO BE BAD.

      I USE a mac. I CAN use VM's. Of course.. You've quite clearly stated earlier and you you it again.. You have no idea what you're talking about.
      vmaatta
      • Show me

        [i]I USE a mac. I CAN use VM's. [/i]

        Show me how you boot up 2 virtual OSX instances on your Mac. Thanks!
        NonZealot
    • Still on your anti-Mac jihad?

      [url=http://cdn.rsc02.net/ig.rsc02.net/responsysimages/vmwi/__RS_CP__/vmware_on_macosx_large.png]Looks like...[/url] yup VMWare on a Mac.

      And while [url=http://pearpc.sourceforge.net/]not perfect... yet[/url] there is this one as well.

      And then there is [url=http://www.parallels.com/en/products/workstation/mac/]Parallels[/url ] you know that VM software that allows you to run Linux and Windows on the Mac... and I am sure you can install several instances of OSX on in Parallels as well. Care to try again?! ]:)
      Linux User 147560
      • You are smarter than this

        OSX cannot be virtualized. Companies have to be very careful about standardizing on OSX since they have completely removed the option of ever virtualizing it. If they've standardized on OSX, why would they care if they are able to virtualize Windows... [b]they don't use Windows[/b]!!
        NonZealot