Monday, 28 July 2008

Windows 2008 Activation (KMS)

This morning I went to work with my new POC environment which contains 8 Windows Server 2008 machines installed using my company Volume License Key. They all had a warning message:

Windows could not be activated.
Key management services (KMS) could not be located in Domain name system (DNS), please have your system administrator verify that a KMS is published correctly in DNS.

I think these kinds of error messages from MS are amusing. Who is this higher entity known as “System Administrator”? He seems to be the oracle of all knowledge according to all my Operating System errors! Oh yeah, that is supposed to be me? Well, I have not configured anything to do with KMS in my DNS just yet. I am aware that the licensing and activation of Windows Server 2008 is different. Guess I better RTFM...

Okay, after a bit of RTFM it seems that I use Volume Licensing Keys in my company, I need to become familiar with MS Volume Activation 2.0.
http://technet.microsoft.com/en-us/library/bb892849(TechNet.10).aspx .
Of the two methods, Key Management Service (KMS) or Multiple Activation Key (MAK), it seems KMS is more relevant to my requirements in a POC environment. KMS allows me to activate servers within my own network, whilst MAK activates servers MS’s hosted activation services.

To install KMS on one of my Windows Server 2008 machines

From the command prompt change the directory to C:\Windows\System32
Type slmgr.vbs /ipk %Insert your VLK% (i.e. slmgr.vbs /ipk ABCDE-12345- ABCDE-12345- ABCDE)
After a few minutes I get a message stating “Installed product key %My VLK% successfully"
Type slmgr.vbs /ato
After a few minutes I get a message stating “Product activated successfully”
Restart the Software Licensing service
Create a DNS SRV record in DNS
Open DNS Manager
Right-click the domain, and then click Other New Records.
Click Service Location (SRV), and then click
Type the following information:
Service: _VLMCS
Protocol: _TCP
Port number: 1688
Host offering the service:
Click and then click

Client side

In theory if all your other Windows 2008 servers requiring activation are domain members and can resolve the SRV record for KMS, they should self activate in the next 180 minutes. If you are like me, and you are impatient, you could use the switch slmgr.vbs /ato on each of the client machines. For the first five you will receive an error message. This is because KMS is for VOLUME licensing and is therefore not applicable until at least 5 machines attempt to activate. Once you have reached your fifth machine, all machines that have attempted to activate will then be activated.

Notes:

Slmgr.vbs /dli Displays all standard licensing information
Slmgr.vbs /dlv Displays verbose licensing information
Slmgr.vbs /xpr Displays the expiration date of the current key

KMS clients must renew their activation by connecting to the KMS host at least once every 180 days to stay activated. By default, KMS client computers attempt to renew their activation every 7 days

KMS has a minimum amount of physical (not virtual) computers that require activation before it works; this is called the activation threshold. For Windows 2008 it is 5. Below that number, activation will not occur.


There is obviously a wealth more information on KMS and MAK, but as this is all I require to carry on with my now licensed POC, that’s all from me, for now.

4 comments:

Anonymous said...

Thanks for sharing mate. Saved me some time searching about KMS and MAK and stuff.. Changed my key to KMS as we don't yet have 5 win2008s.

Anonymous said...

Thank you Brian.
Ive read all the documentation with regards to KMS, and Volume Activation 2.0, but am now in the process of wanting to role it out.

My question to you is with Server Isolation, using Group Policy.

My company AD is of one large domain.

I want to manage my servers here in London, and EMEA, but headquarters in Atlanta want nothing to do with KMS. Their licensing is managed externally.

All my servers are within 1 OU.

Is Server Isolation the remedy to solve the issue by applying a GPO to my own OU?

Or is that not the intended use of Server Isolation?

Many thanks
Steve

Anonymous said...

Hi,

I strongly appreciate your post........... High quality Hyper-V Servers with 100% dedicated resources.............

Thanks,
Windows VPS

DavidA said...

Thanks for the information - helped out a lot. We had firewall blocking (that had previously been in place) preventing connection to the KMS host on port 1688