Using a KMS Server

KB ID 0000582

Problem

Given the amount of deployments I do, it’s surprising that I don’t use KMS more often. Like most technical types, I find a way that works for me, and that’s the way I do things from then on. However these last few weeks I’ve been putting in a new infrastructure for a local secondary school. Their internet access is through a proxy server, that refuses to let Windows activation work. Unfortunately the “Administrators” of this proxy server were not disposed to give me any help, or let me anywhere near it, to fix it.

So after activating a dozen servers over the phone, I decided enough was enough “I’m putting in a KMS Server!”

I’m deploying KMS on Windows Server 2008 R2, and it is for the licensing and activation of Serer 2008 R2 and Windows 7. I will also add in the licensing KMS mechanism for Office 2010 as well.

Note: If you are using Server 2003 it will need SP1 (at least) and this update.

Solution

To be honest it’s more difficult to find out how to deploy a KMS server, than it actually is to do. I’ve gone into a fair bit of detail below but most of you will simply need to follow steps 1-4 (immediately below). In addition, after that I’ve outlined how to deploy KMS from command line. Then how to test it, and finally how to add Microsoft Office 2010 Licenses to the KMS Server.

Install Microsoft Windows 2008 R2 Key Management Service (EASY)

1. The most difficult part is locating your KMS Key! If you have a Microsoft License agreement, log into the the Microsoft Volume License Service Center, and retrieve the KMS License Key for “Windows Server 2008 Std/Ent KMS B”

Note: To License/Activate Server 2008 R2 AND Windows 7 THIS IS THE ONLY KEY YOU NEED. You do NOT need to add additional keys for Windows 7. (You DO for Office 2010, but I’ll cover that below).

2. Armed with your new key, you simply need to change the product key on the server that will be the KMS server, to the new key. Start > Right Click “Computer” > Properties. (Or Control Panel > System). Select “Change Product Key” > Enter the new KMS Key > Next.

3. You will receive a warning that you are using a KMS Key > OK. You may now need to activate your copy of Windows with Microsoft, this is done as normal, if you can’t get it to work over the internet you can choose to do it over the phone.

4. In a corporate environment (behind an edge firewall) you may have the local firewall disabled on the server. If you do NOT then you need to allow access through the local firewall for the “Key Management Service”, (this runs over TCP port 1688). To allow the service, Start > Firewall.cpl {enter} > Allow program or feature through Windows Firewall” > Tick Key Management Service > OK.

Note: Should you wish the change the port the service uses, you can do so with the following command, i.e. to change it to TCP Port 1024;

[box]

cscript c:\Windows\System32\slmgr.vbs /SPrt 1024

[/box]

That’s It! That is all you should need to do, your KMS Server is up and running.

Install Microsoft Windows 2008 R2 Key Management Service from Command Line

You will notice below that I’m running these commands from command windows running as administrator (Right click “Command Prompt” > Run as administrator).

1. Locate your “Windows Server 2008 Std/Ent KMS B” Key > From command line issue the following command;

[box]

cscript c:\Windows\System32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

[/box]

Note: To License/Activate Server 2008 R2 AND Windows 7 THIS IS THE ONLY KEY YOU NEED. You do NOT need to add additional keys for Windows 7. (You DO for Office 2010, but I’ll cover that below).

2. Providing the command runs without error, we have just changed the product key for this Windows server to be the KMS key.

3. Now we need to activate the Windows Server > Run the following command;

[box]

c:\Windows\System32\slui.exe

[/box]

Select “Activate Windows online now” > Follow the on screen prompts.

4. When complete, it should tell you that it was successfully activated.

5. In a corporate environment (behind an edge firewall) you may have the local firewall disabled on the server. If you do NOT then you need to allow access through the local firewall for the “Key Management Service”, (this runs over TCP port 1688). To allow the service, Start > Firewall.cpl {enter} > Allow program or feature through Windows Firewall” > Tick Key Management Service > OK.

Note: Should you wish the change the port the service uses, you can do so with the following command, i.e. to change it to TCP Port 1024;

[box]

cscript c:\Windows\System32\slmgr.vbs /SPrt 1024

[/box]

That’s It! That is all you should need to do, your KMS Server is up and running.

Testing the Key Management Server

Before it will start doing what you want it to, you need to meet certain thresholds, with Windows 7 clients it WONT work till it has had 25 requests from client machines. If you are making the requests from Windows 2008 Servers then the count is 5. (Note: For Office 2010 the count is 5 NOT 25)

Interestingly: On my test network I activated five Windows 7 machines, then one server, and it started working.

Windows 7 and Windows 2008 R2 have KMS Keys BUILT INTO THEM, if you are deploying/imaging machines you should not need to enter a key into them (unless you have entered a MAK key on these machines then you will need to change it to a client KMS Key). These are publicly available (see here).

1. The service works because it puts an SRV record in your DNS, when clients want to activate, they simply look for this record before they try and activate with Microsoft, if they find the record, they activate from your KMS Server instead. If you look on your domain DNS servers, expand “Forward Lookup Zones” > {your domain name} > _tcp > You will see an entry for _VLMCS that points to your KMS Server.

2. From your client machines you can test that they can see the SRV record, by running the following command;

[box]

nslookup -type=srv _vlmcs._tcp

[/box]

Note: If this fails, can your client see the DNS server? And is it in the domain?

3. There is no GUI console for KMS to see its status, so run the following command on the KMS server;

[box]

cscript c:\Windows\System32\slmgr.vbs /dli

[/box]

4. As I’ve mentioned above, with Windows clients you need 25, and Windows Servers you will need 5 requests before KMS will work, before this you will see;

Windows Activation
A problem occurred when Windows tried to activate. Error Code 0xC004F038

5. For each of these failures, look-in the KMS Server, and the “Current count” will increment by 1 till it starts to work). In a live environment this wont be a problem, (You probably wont be looking at KMS with less than 25 clients!). On a test network just clone/deploy a load of machines until you hit the threshold.

Troubleshooting KMS Clients

To make things simple the command to execute on the clients, is the same command that you run on the KMS server to check the status.

[box]

cd c:\windows\system32
slmgr /dli

[/box]

For further troubleshooting, see the following links.

How to troubleshoot the Key Management Service (KMS)

Managing License States

Adding an Office 2010 KMS Key to Your KMS Server.

In addition to servers and clients, KMS can activate and handle Office 2010 licenses as well. You simply need to add in Office support, and your Office 2010 KMS key. As mentioned above, unlike Windows clients, you only need five requests to the KMS server before it will start activating Office 2010 normally.

If you want a KMS Server for JUST OFFICE 2010 and not Windows, then simply install and run the Office 2010 Key Management Service Host.

1. First locate your Office 2010 KMS Key! If you have a Microsoft License agreement, log into the the Microsoft Volume License Service Center, and retrieve the KMS License Key for “Office 2010 Suites and Apps KMS”

Note: As with Windows 7, and Server 2008 R2, Office 2010 comes with a KMS key already installed, if you have changed the key to a MAK key you can change it back using the Microsoft public KMS keys (see here).

2. Download and run the “Microsoft Office 2010 KMS Host License Pack“.

3. When prompted type/paste in your “Office 2010 Suites and Apps KMS” product key > OK.

4. It should accept the key.

5. Press {Enter} to close.

6. Once you have five Office 2010 installations they should start to activate from your KMS server.

Troubleshooting Office 2010 KMS Activation

If you have a client that refuses to work you can manually force it to activate against your KMS server;

x64 Bit Clients. (Where kms.domaina.com is the FQDN of the KMS server)

[box]

cscript "C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS" /sethst:kms.domaina.com 
cscript "C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS" /act 

[/box]

x32 Bit Clients. (Where kms.domaina.com is the FQDN of the KMS server)

[box]

cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS" /sethst:kms.domaina.com
cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS" /act [/box]

Related Articles, References, Credits, or External Links

KMS Activation – Error: 0xC004C008

SmoothWall – Allowing Windows Updates and Windows Activation

KB ID 0000441 

Problem

I’ve had fun this week installing a new virtual environment for a client with a SmoothWall firewall. It took a call to SmoothWall support for me to get Windows updates to work, then after activating a few 2008 R2 servers via phone, I was motivated to get online activation running as well.

Windows Activation Error – (We are being blocked by the SmoothWall Proxy).

A problem occurred when Windows tried to activate. Error Code 0x8004FE33

Windows Update Error – (We are being blocked by the SmoothWall Proxy).

A error occurred while checking for new updates for your computer Code 80072EFD

Solution

1. Connect to the web management console of the SmoothWall. Select Guardian > User defined categories.

2. Select the “User Defined Categories” tab.

3. Give the Category a name > Set Filter type to “Content and URL filtering” > Copy and paste in the domains listed below > Then click “Add”.

Domains Required for Windows Update

[box]

windowsupdate.microsoft.com
update.microsoft.com
c.microsoft.com
download.windowsupdate.com
genuine.microsoft.com

[/box]

Domains Required for Windows Activation

[box]

sls.microsoft.com
wer.microsoft.com
connect.microsoft.com
go.microsoft.com
sls.microsoft.com
crl.microsoft.com
microsoft.com

[/box]

Note: These are the top level domains.

4. Select the “Filters” tab > Give it a name > Set the filter type to “Content and URL filtering” > Expand “Good” content > Tick “Software Updates”.

5. Scroll down and expand “User Defined” > Locate the user defined category you created in step 3 and tick it > Click Add.

6. Select the Policy tab > Groups = All groups > Change the filter to the one you created in step 4 > Time period = Always >Action = Allow > Tick “Enabled” > Add.

7. From the menu select Guardian > Authentication > Settings.

8. Scroll down to the “Do not require authentication for these domains….” section > Paste in the domains you also pasted in in step 3 > Click “Save and Restart”.

 

Related Articles, References, Credits, or External Links

NA

Windows XP – Sysprep (for imaging)

KB ID 0000599 

Problem

A client who we recently did a WDS (Windows 7) install for, needed to image a couple of Windows XP machines, (They had some software that either would not run, or was not supported on Windows 7).

They asked me for some documentation on how to do this, it’s been such a long time since I imaged any XP machine, so I took the opportunity to document it properly.

Solution

Before you begin, be aware you need to be building your reference machine with a Volume Licenced copy of Windows XP NOT an OEM or Retail copy (i.e. DONT build the machine with manufacturers rescue disks like Dell or HP). If you don’t do this you will need to activate every Windows machine that you deploy with Microsoft.

Make sure the version of sysprep you are using is at the same service pack level as the reference machine or bad things will happen.

Windows XP SP3 version of Deploy.cab

1. Build your reference machine, and configure it as you require.

2. Create a folder on the root of the C: Drive called ‘Sysprep”. Insert the Windows XP CD and locate the Deploy cabinet file. (This is ‘like’ a zip file and it’s in the supporttools folder).

3. Double click the support cab, then copy over the sysprep.exe file, the setupcl.exe file and the setupmgr.exe file to your c:sysprep folder.

4. You can now run sysprep.exe and skip to step 13. BUT if you require an answerfile (a script that will answer all the questions Windows will ask while it’s reinstalling post sysprep) then run the setupmgr.exe program, at the welcome screen click next.

5. Create New > Sysprep Setup > Windows XP Professional.

6. Fully Automate > Enter Name and Organisation > Set the Display Properties.

7. Set Time Zone > Enter the Volume Licence unlock code > If you are joining a domain, I suggest generating a random name then changing it later.

8. Set the Local Administrators password > Typical settings will enable DHCP > Supply any domain and domain credentials you need to join your domain.

9. Telephony (I just skip this) > Regional Settings > Languages.

10. Printers > Run Once commands > Additional Commands.

11. Enter a string that will go into the registry, and can be identified later > Finish > Accept the default save path > OK > At this point it looks like it’s crashed, you can manually close the setupmgr.

12. Now you can run sysprep.exe > OK > I select ‘mini-setup’ (If you don’t, it will run the welcome to windows session and play the annoying music you cant turn down!) > If you have installed applications and are going to image the machine click Reseal > OK.

Note: Factory will literally set the machine back to a ‘day one’ install of Windows XP.

The machine will then shut down and can be imaged.

Final Note: If you power it back on, it will rebuild itself and delete the c:sysprep directory. Which is fine unless you are doing some testing and realise you have to do the whole thing from scratch!

Related Articles, References, Credits, or External Links

Windows Deployment Services (Server 2003)
Deploying Windows XP

Windows Deployment Services (On Server 2008 R2)
Deploying Windows 7

Activation Error: Code 0x8007232b DNS Name does not exist

KB ID 0000157 

Problem

Note: For a more modern version this post go here: Error: 0x8007232B DNS Name Does Not Exist

Essentially this happens because you are using “volume licensed media” to install the operating system, and the machine is looking for a server on your network that runs the KMS Service (Key Management Service). You need to have a KMS server if you are activating more than 25 machines. However most of us only have one or two to worry about, in that case you need to enter a MAK (Multiple Activation Key).

Note: If you are running a legal copy of Windows then getting a MAK key should be as easy as going to Microsoft eOpen or speaking to your software reseller.

 

Solution

Once you have your MAK Key

Option 1

1. Click Start > Control Panel > System > Windows Activation Section > Change Product Key.

2. Enter the new MAK Key then activate Windows.

Option 2

1. Start > Right Click “Command Prompt” > “Run as Administrator“.

2. Enter the following command slmgr –ipk ABCDE-12345-ABCDE-12345-ABCDE

3. Wait for the “successful” prompt.

4. re-run activation.

Where ABCDE-12345-ABCDE-12345-ABCDE is a valid MAK (Multiple Activation Key).

Related Articles, References, Credits, or External Links

NA

Change Windows Product Key Error ‘Unacceptable Character’

KB ID 0000812 

Problem

A very strange problem today? I was attempting to change the product key of a Windows 2008 R2 Server, I copied and pasted the code in, and this happened;

I assumed I’d done something stupid, or there was some formatting in the text I had copied (from One Note). So I typed it in manually, every time I tried to enter the letter ‘n’ this happened? And when I copy pasted the code in it had removed all the N’s and did it again.

Solution

1. Thankfully I’ve done a lot of deployments, so I know how to change the product key and then activate the machine form command line. Run the following command to change the key;

[box]
slmgr.vbs -ipk 12345-ABCDE-12345-ABCDE-12345 [/box]

2. You can then activate the machine with the following command;

[box] slmgr.vbs -ato[/box]

Related Articles, References, Credits, or External Links

NA

Windows Server 2012 and Windows 8 – Activation Error 0xC004F074

KB ID 0000766

Problem

I jumped on a clients remote desktop services server today and saw;

However when I went to activate;

Windows couldn’t be activated
Error Code: 0xC004F074
Error Description:the Software Licensing Service reported that the product could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.

Solution

Out of the box this version of Windows has installed with a KMS Key, that’s fine if you are going to run KMS, here’s how to set it up. But if you want to activate with MAK key or a retail key then you need to manually change it.

1. Press Windows Key+R > cmd {enter} and execute the following command;

[box]
slmgr.vbs /ipk 12345-ABCDE-12345-ABCDE-12345[/box]

Where 12345-ABCDE-12345-ABCDE-12345 is your MAK or retail key

2. Now attempt to activate the machine again,

Note: You can also activate by running the following command;

[box] slmgr.vbs -ato[/box]

Related Articles, References, Credits, or External Links

Windows 8 – Changing the Unlock Code and Activating

Microsoft Office – (Product Activation Failed)

KB ID 0000548 

Problem

Fired up one of my test machines this morning, and opened Outlook to see,

Error: Microsoft Outlook (Product Activation Failed)

Though if you open other applications you will get the same;

Error: Microsoft Word (Product Activation Failed)
Error: Microsoft Excel (Product Activation Failed)

etc.

Solution

I’m not sure why this happened, (perhaps I entered the wrong key when I installed it). But it’s simple to fix.

1. In this Example I’m using Outlook but select > File > Help > Change Product Key.

2. Enter a valid Office 2010 key > Continue > Follow the on-screen prompts.

3. When finished, restart Outlook and it will prompt you to activate, again follow the instructions.

4. When complete it should say “Thank You. You copy of Microsoft Office {version} is activated” > Restart your Office applications to remove the red warning bar.

 

Related Articles, References, Credits, or External Links

NA

 

Office Find your Version and Licensing Information

KB ID 0000566 

Problem

Note: This is an OLD post, you might want to look at the following article instead;

Finding Out Your Microsoft Office Licence Version

I had some licencing issues a couple of weeks ago with Office 2010, and needed to check my version and licence details, thankfully Office 2010 comes with a VB script that makes this easy.

Solution

Getting your Office Version and Licence Details

1. Launch a command window (Right click and select run as administrator, or select the cmd icon and press CTRL+SHIFT+ENTER).

2. You need to change to the directory that the script is in, this directory will be different if you are running x32 bit Office on an x64 bit machine. execute one of the following commands;

For x32 bit Office on x32 Bit machines, OR 64 bit Office on x64 bit machines;

[box]cd “C:Program FilesMicrosoft OfficeOffice14″[/box]

For x32 bit Office on x64 bit machines;

[box]cd “C:Program Files (x86)Microsoft OfficeOffice14″[/box]

3. Then execute the following command;

[box]cscript ospp.vbs /dstatus[/box]

Example Output

(Above) This installation of Office 2010 (Pro Plus) is UNLICENSED, (it’s waiting for a licence key to be installed). It will run for another 30 days like this, then this will happen. You can fix this by manually installing an Office MAK key, or setting up a KMS server on your network.

(Above) This installation of Office 2010 (Pro Plus) is LICENSED and has been activated with a MAK key.

(Above) This machine has RETAIL versions of both Office 2010 (Pro Plus), and Visio (Premium). Both are LICENCED, and activated with a retail (or box product) Key.

Other uses for ospp.vbs

Install a MAK Key on a remote machine;

[box]cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx {remote-machine-name}[/box]

Activate a remote machine

[box]cscript ospp.vbs /act {remote-machine-name}[/box]

 

Related Articles, References, Credits, or External Links

NA

KMS Activation – Error: 0xC004C008

KB ID 0000637 

Problem

KMS had been running fine for months, when we started seeing the following errors.

When attempting to activate via slmgr

Error: 0xC004C008 The activation server determined that the specified product key could not be used.

When attempting to activate via Computer Properties.

Code: 0xC004C008

Description: The activation server determined that the specified product key could not be used.

Solution

You need to make a request to Microsoft to have your Windows activations either reset, or raised.

Send and email to kmsadd@microsoft.com

Give them the following information.

  1. Company name.
  2. Agreement number.
  3. Type of Licence program e.g. Open Value Subscription etc.
  4. Name
  5. Phone number.
  6. Email.
  7. Number of product activations required.
  8. Required date.
  9. Product Key: This will be the KMS key in use on your KMS Server.

Related Articles, References, Credits, or External Links

NA

 

ARCserve – Addling Licences

KB ID 0000444 

Problem

Normally you can just add licenses from Help > About CA ARCserve Backup > Add/View Licences.

However you may find that you cannot enter a “Backup Suite” Licence code/Activation key.

Solution

1. To do this you need to locate the “CALicnse.exe” file and run it.

2. This tool will let you enter the correct licenses.

Note: Depending on ARCserve version the folder location may vary.

 

Related Articles, References, Credits, or External Links

NA