Key Management Services–Confusion???

One of the common scenario which is coming in to my way very frequently is KMS (Key Management Services). This is very simple concept of deploying Activation server within your premise and activate your all latest products which supports Volume Activation 2.0 (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2 and Office 2010).

Remember that Volume Activation 2.0 was introduced with Windows Vista to avoid piracy issues. As per Volume Activation 2.0, now you need to activate your Volume Products as well. When you purchase any Volume Licenses under VA2.0, you get two options for activation:

1. MAK (Multiple Activation Key) – Single Key to be used multiple times (similar to previous days) except each time product needs to be activated (Phone or Internet) post install. Every activation reduces available activation count of the product. Activation Count can be monitored from VAMT 2.0

2. KMS (Key Management Services) – This is an internal activation process where we setup an activation server within our corporate environment and all future VA 2.0 products which need activation would contact the local activation server to activate the product. No phone or internet connection is required for activation.

Note: Partner license benefits are MAK only. You can validate the Key type through VAMT 2.0.

As KMS is one of those options which is more aligned with IT policies, most of the organization are looking for this option but as this is a new solution, questions are expected. So here I am including some basics which you should know while planning for KMS for your environment.

1. Install KMS Host (Windows Server 2003, Vista, Windows 7 and Windows Server 2008)

a. Windows Server 2003 requires KMS Service Update - KB968915

b. Windows 7 and Windows Server 2008 R2 – Activate with appropriate KMS Activation Keys (Max 6 machines can be activated with the same key which means you can have max 6 KMS host)

c. Command Line Options for Activation - slmgr.vbs /ipk <KmsKey>

Note:

                                                               i. KMS host that is running Windows Server 2008 R2 can activate any Windows operating system that supports Volume Activation, a KMS host that is running Windows 7 can activate only computers running Windows 7 and Windows Vista clients.

                                                             ii. The KMS key that supports the new versions of the Windows operating systems also provides support for the previous Volume License editions of Windows that are acting as KMS clients.

2. Count of Current Activation from KMS Host - slmgr.vbs /dli

3. Administrators can also check the Key Management Service log in the Applications and Services Logs folder for event ID 12290. The Key Management Service log records activation requests from KMS clients. Each event displays the name of the computer and the time stamp of each activation request.

4. Alternately with SCOM Environment we can use KMS Management Pack.

5. DNS Registration:

a. The KMS host is registered only in the DNS domain to which the host belongs. If the network environment has only one DNS domain, no further action is required.

b. If the environment does not support DDNS, the SRV RRs must be manually created to publish the KMS host. Environments that do not support DDNS should disable publishing on all KMS hosts to prevent event logs from collecting failed DNS publishing events. To disable auto-publishing, use the Slmgr.vbs script with the /cdns command-line option. See the “Configuring KMS” section for more information about the Slmgr.vbs script.

c. Manual SRV Record Creation Details:

Note: KMS by default listens to TCP:1688. Make sure you update firewall settings accordingly.

6. In case DDNS is supported, no further changes are required. Else Administrator can use below command to point the KMS Client to the KMS Host:

slmgr.vbs /skms <KMS Host>:<port>

7. Manually Activate KMS Client - slmgr.vbs /ato

Important - The computers running Windows server 2008 or Windows Server 2008 R2 the activation threshold is five. For computers running Windows Vista or Windows 7 the activation threshold is 25. The thresholds include clients and servers that are running on physical computers or virtual machines.

Office 2010 – KMS

1. Install Microsoft Office 2010 KMS Host License Pack on your KM Host.

2. When Prompted, enter the Office 2010 RTM KMS Product Key.

3.     Host Pointer (In case DDNS is not supported):

For 32-bit Windows: cscript C:\Program Files\Microsoft Office\Office14\OSPP.VBS /sethst: <Host Name>

For 64-bit Windows:cscript C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS /sethst: <Host Name>

         4. Force Activation:

                 cscript OSPP.VBS /act