This is the first post in an ongoing series that discusses volume activation and management. This artcile addresses how to install a KMS Server. You can find all posts within this series on our Volume Activation for Windows channel.
For most organizations entering the virtual world, and with Virtual Desktop Infrastructure (VDI) gaining popularity, many businesses are finding that they have to make accommodations to their Microsoft licensing. Previously, the easiest way for many SMB shops to manage licensing was by utilizing Multiple Activation Key (MAK) and activating OS or Microsoft Office directly with Microsoft. The two biggest restrictions with MAK licensing is that there is a limited number of activations with each MAK key, and the key must manually be entered into each machine. When specifically talking about VMware’s VDI solution, VMware Horizon View, when a golden image is recomposed or new machines are deployed into the environment, these use up the limited number of activations available through Microsoft Online.
To eliminate machines needing to out to the web to activate, a Key Management Service (KMS) server can be deployed into the environment. This allows machines in the environment to check into an organizations own server versus having to go to Microsoft’s website and utilizing an activation key.
Configuring a 2008R2 or 2012/2012R2 KMS Server
The method utilized in this article to create a KMS server can be utilized on a Windows Server 2008R2, Windows Server 2012 or Windows Server 2012 R2 server. A newer method of activation that can be installed on Windows Server 2012 and Windows Server 2012R2 is discussed in the Configuring an Active Directory-Based Activation Server (under construction). In the example described below, I utilized a fresh 2012R2 server that was fully patched.
For good measure, if the machine being turned into KMS server has been preconfigured by another administrator, I always check to see what sort of licensing may have been applied. In an elevated command prompt I enter:
slmgr /dlv
If for some reason your windows instance is unable to run the VBS script, you can run the full command below:
cscript %windir%\system32\slmgr.vbs /dlv
Image may be NSFW.
Clik here to view.
The very first step to installing a KMS server is to activate (or reactivate) the server with your KMS key. I recommend doing this through a command prompt. With windows 2008R2 and 2012/2012R2, in a command prompt opened with administrative privileges, type in:
slmgr /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
Once the key has been entered, a screen should pop up displaying that the key has been installed:
Image may be NSFW.
Clik here to view.
Once the key has been entered, Windows must now be activated. Use the command below to activate the KMS key:
slmgr /ato
Image may be NSFW.
Clik here to view.
DNS Server and SRV records
Once the KMS server has been activated, an SRV record should get created on the DNS server(s). Type the following command to look up the SRV record.
nslookup -type=srv _vlmcs._tcp
For sake of demonstration, I left my network settings on their default settings to obtain an IP address automatically.
Image may be NSFW.
Clik here to view.
Since I know this may cause intermittent issues in the environment, I went back through and reassigned a static IP address, flushed DNS, and ran the nslookup command again. The IP address almost immediately propagated to the new address.
Image may be NSFW.
Clik here to view.
If the KMS server is not registering the new IP correctly, I could force it to an IP address through the following command.
slmgr -skms kms-ip-address
The SRV records will also be available to view under DNS Manager under:
Forward Lookup Zones> FQDN > _TCP
The name of the SRV record will be _VLMCS.
Image may be NSFW.
Clik here to view.
Final Checks for the KMS Server
To see if the KMS Server is successfully registering machines, run the following command:
Slmgr /dlv
Image may be NSFW.
Clik here to view.
In my example below, I have not deployed any machines utilizing KMS yet so my validation count displays at 1.
Rogue KMS Servers
If you have rogue KMS servers, a good indicator is that you will have multiple _VLMCS records in your environment. Running the nslookup command will assist in flushing out the server. This server should be manually removed from your DNS server.
In the example below, the rogue KMS servers had a CNAME manually created on the DNS server so the server was broadcasting twice:
Image may be NSFW.
Clik here to view.
Resources Used:
Appendix A: KMS Client Setup Keys, https://technet.microsoft.com/en-us/library/jj612867.aspx, Accessed April 6, 2015
KMS_Error_0xC004C008_Activating_Client, http://blogs.technet.com/b/askcore/archive/2009/03/09/kms-error-0xc004c008-activating-client.aspx. Accessed March 9, 2015.
Slmgr.vbs Options for Volume Activation, https://technet.microsoft.com/en-us/library/dn502540.aspx. Accessed March 9, 2015
Update adds support for Windows 8 and Windows Server 2012 to Windows Server 2008, Windows 7, and Windows Server 2008 R2 KMS hosts, https://support.microsoft.com/en-us/kb/2757817/, Accessed April 6, 2015