Wednesday, July 27, 2011

Key Management Services (KMS) explained

When installing Windows Server 2008 (R2) or Windows Vista / 7 in your network you must think about volume activation. With volume activation there are two (2) different models for completing this. These are Key Management Service (KMS) and Multiple Activation Key (MAK). Both are working and has there own benefits.
  • Key Management Service (KMS) – KMS activates operating systems on the local network, so individual computers doesn't has to connect to Microsoft. KMS clients connects with a KMS host for activation.
  • Multiple Activation Key (MAK) - MAK requires computers to connect one time to a Microsoft activation server. Once computers are activated, no further communication with Microsoft is required.
Have a look at this page for more information about Volume License Keys:
http://www.microsoft.com/licensing/existing-customers/product-activation-faq.aspx

Because KMS becomes more and more implemented in projects I will explain it in detail. I will no further explain MAK in this blogpost, because it's known by most people.

KMS requires a minimum number of either physical or virtual computers in a network environment to become functional. These minimums, called activation thresholds, are set so that they are easily met by enterprise customers. For computers running:
  • Windows Server 2008 and Windows Server 2008 R2 you must have at least five (5) computers to activate.
  • Windows Vista or Windows 7 you must have at least twenty-five (25) computers to activate. These thresholds can be a mix of server and client machines to make up the threshold number.
  • Office 2010, Project 2010 and Visio 2010 you must have at least five (5) computers to activate. If you have deployed Microsoft Office 2010 products, including Project 2010 and Visio 2010, you must have at least five (5) computers running Office 2010, Project 2010 or Visio 2010.

The KMS service can be installed on a (existing) server or client!, and will place an record in DNS for recognition. The following commands are available to use in combination with a KMS host: 

When using Windows Server 2008 (R1) or Windows Vista systems an hotfix is needed. This will extend support for KMS to provide activation for Windows 7 and Windows Server 2008 R2. The KMS host will be upgraded from version 1.1 to 1.2 with this hotfix.

The command for installing KMS with a product key or updating an existing one is "cscript %windir%\system32\slmgr.vbs /ipk {product key}". After that restarting of the KMS service is needed. This can be done with the following commands: "net stop slsvc" and "net start slsvc". When it's functional it can be tested with the "slmgr.vbs /dli" (basic information) and "slmgr.vbs /dlv" (detailed information) commands.

Have a look at this TechNet post for more information about this: http://social.technet.microsoft.com/Forums/en/winservergen/thread/8edd0ece-7786-42d4-9a23-48e2c271b17d

It's possible to query the DNS server for License keys also. This can be done with the Nslookup –type=all _vlmcs._tcp command. With the "slmgr.vbs /ato" command it's also possible to force a activation renewal. That way it's easier to get the minum required systems activated. When no DNS record is created automatically, you must create one yourself. This can be done with the following guide: Manually Create SRV Records in DNS

During installation it's possible that the following error message is displayed:
Error: 0xC004F015. This can be solved with installing the KMS 1.2 patch or use the correct product key. Have a look at this TechNet post for more information about this: http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/0ce4f1aa-94db-46e0-8d2c-1fb37961a873

On the client (when KMS is active already) it's possible that the following error is displayed: 0xC004F038. This can be solved with activating enough computers. When this is done (at least 5 servers and/or 25 computers) the error message will be gone. Then activation for all systems will be available!

One last note: When creating or deploying a Windows 7 image don't use a build-in product key. Otherwise there's the risk that every Windows 7 client behaves like a KMS host. No product key at all is needed on the Windows 7 client. Just activate them by the KMS host which resides on the Windows Server 2008 (R2) server or on a Windows Vista / 7 host.

Have a look at this TechNet post for more information about this:
http://social.technet.microsoft.com/Forums/en/mdt/thread/c9691329-702e-42e1-9593-c8c06618ff0f

For default KMS Client Setup Keys have a look at this TechNet post:
http://technet.microsoft.com/en-us/library/ff793421.aspx

Update 18-11-2011: On Windows Server 2008 R2 and/or Windows 7 the commands to restart the KMS service are now: "net stop sppsvc" and "net start sppsvc".

Just to clarify things:

The Software Licensing Service existed in Windows Vista, but was replaced in Windows 7. The service that handles the licensing is now called the Software Protection Service (SPPSVC). All of the same procedures and commands still work the same as they did in Windows Vista.

Also, the associated SL UI Notification Service (SLUINotify) in Vista was changed to the SPP Notification Service (SPPUINotify) in Windows 7. (SPP means Software Protection Platform)

TechNet source: Windows 7 Activation Issues

4 comments:

  1. This is my first time i visit here. I found so many entertaining stuff in your blog, especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! Keep up the good work.

    ReplyDelete
  2. This is one technology that I would love to be able to use for myself. It’s definitely a cut above the rest and I can’t wait until my provider has it. Your insight was what I needed. Thanks

    ReplyDelete
  3. Awesome collection..!!
    How nicely you manage the whole blog.t-mobile phones

    ReplyDelete
  4. Clear description and to the Point. Very helpful.

    ReplyDelete