Understanding Volume Activation Services – Part 1 (KMS and MAK)


Windows Activation and KMS have been around for many years - and still - a lot of people don't understand the basics of Windows activation, what are the differences between KMS and MAK, and how to choose the best Volume Activation method that meets the organization’s needs.

In this blog post, we'll shed some light on these subjects and explain how to deploy and use Volume Activation services correctly.
This will be the first part in the series.

Series:

 

So... What is KMS?

KMS, like MAK, is an activation method for Microsoft products, including Windows and Office.
KMS stands for Key Management Service. The KMS server, called 'KMS host', is installed on a server in your local network. The KMS clients connect to the KMS host for activation of both Windows and Office.

Prerequisites

A KMS host running on Windows Server 2019/2016/2012R2 can activate all Windows versions, including Windows Server 2019 and Windows 10 all the way down to Windows Server 2008R2 and Windows 7. Semi-Annual and Long-Term Service Channel (LTSC) are both supported by the KMS.

Pay attention that Windows Server 2016 and Windows Server 2012R2 will require to install the following KB's in order activate the newest Windows 10 Enterprise LTSC and Windows Server 2019:

For Windows Server 2016:
1. KB4132216 - Servicing stack update, May 18 (Information, Download).
2. KB4467684 - November Cumulative Update or above (Information, Download).

For Windows Server 2012R2:
1. KB3173424 - Servicing stack update (Information, Download).
2. KB4471320 - December 2018 Monthly Rollup (Information, Download).

In order to activate clients, the KMS uses a KMS host key. This key can be obtained from the Microsoft VLSC (Volume Licensing Service Center) website. By installing that key, you are configuring the server to act as a KMS host.
Because KMS host key of newer Windows version can be used to activate older Windows versions, you should only obtain and install the latest KMS host key available in VLSC.
Also, note that KMS host key for Windows server can be used to activate Windows clients - so you can (and should) use one KMS host key to rule them all.

Now that you understand those facts, you know you should look for 'Windows Server 2019' version in VLSC and obtain the KMS host key for that version. Once again, this key will let you activate any Windows server and Windows client version in your environment.

Deploying the KMS host

After getting the KMS host key from VLSC, you'll need to install it. For that, we'll use the Volume Activation Tools feature, available on Windows Server 2012R2 and above.
You can install the Volume Activation Tools feature using the Server Manager (Remote Server Administration Tools -> Role Administration Tools -> Volume Activation Tools) or by using the following PowerShell command: Install-WindowsFeature RSAT-VA-Tools.

Run the tool right from Server Manager -> Tools or by typing 'vmw' in your PowerShell screen.
Volume Activation Tools lets you choose between Active Directory-Based Activation (will be covered in the second post) and Key Management Service (KMS). For now, we'll choose to the KMS activation method.

After selecting the activation method, you'll be asked to provide the KMS host key obtained from the VLSC.

Choose your preferred activation method (by phone or online using the internet) to activate the KMS host key for the selected product.

In the 'Configuration' step, pay attention to the following settings:

  1. Volume license activation interval (Hours) - determines how often the KMS client attempts activation before it is activated. The default is 2 hours.
  2. Volume license renewal interval (Days) - determines how often the KMS client attempts reactivation with KMS (after it has been activated). The default is 7 days.
    By default, Windows activates by the KMS host for 180 days. After 7 days, when there are 173 days left for the volume activation to be expired, the client attempts reactivation against the KMS host and gets a new 180 days activation period.
  3. KMS TCP listening port - By default, the KMS host is listening on port 1688 (TCP). You can change the port if needed using this setting.
  4. KMS firewall exceptions - Creating the relevant firewall exceptions for the Private/Domain/Public profiles.
  5. DNS Records - By selecting 'Publish', the Volume Activation Tools wizard creates the _vlmcs SRV record (e.g _vlmcs._tcp.contoso.com). Windows uses this SRV record to automatically find the KMS server address.

Reviewing KMS client settings

By now, you should be running a KMS host configured with KMS a host key for Windows Server 2019.

Any Windows client that configured to use 'KMS Client Channel' will be activated against the new KMS host automatically within 2 hours (as this is the 'KMS Activation Interval' default value).
The 'KMS Client Channel' determined by the product key used in the client. By default, computers that are running volume-licensed editions are KMS clients with no additional configuration needed.
In case you'll be required to convert a computer from a MAK or retail edition to a KMS client, you can override the currently installed product key and replace it with an applicable KMS client key that suitable for your Windows version. Pay attention that the selected key should exactly match the Windows version you're using, otherwise it won't work.
These KMS clients keys, also known as Generic Volume License Keys (GVLK), are public and can be found in the KMS Client Setup Keys page.

From the client perspective, you can use the slmgr.vbs script to manage and view the license configuration.
For a start, you can run 'slmgr.vbs /dli' to display the license information currently applied on the client.
You can see in the screenshot that a KMS client channel is being used.

If required, use 'slmgr.vbs /ipk PRODUCTKEY' (e.g slmgr.vbs /ipk WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY) to replace the current product key with a new one (KMS client channel in this example).

In order to initiate an activation attempt, you can use the 'slmgr.vbs /ato', which will immediately try to activate Windows.
The KMS host will respond to the activation request with the count of how many computers have already contacted the KMS host for activation. Computers that receive a count below the activation threshold are not activated.
The activation threshold is different for Windows clients and servers:

  • Clients will activate if the count is 25 or higher
  • Servers will activate if the count is 5 or higher.

You can find the full list of slmgr.vbs command-line options right here.

When to use KMS

Compared to MAK, KMS should be your preferable activation method as long as you meet the activation threshold and the (very) basic requirements for deploying KMS (which are DNS and TCP/IP connectivity between the clients and the KMS host).
Saying that we'll see in part 2 why Active Directory-Based Activation is actually even better than KMS for most scenarios.

What is MAK?

MAK (Multiple Activation Key) is another activation method for Microsoft products, including Windows and Office.
Unlike KMS, MAK activation is used for a one-time activation against Microsoft's hosted activation services.
This means that MAK does not require any server or services within your network - the activation request approved by Microsoft servers either online or by phone (for isolated environments that can't reach the internet).

Just like KMS, the MAK keys can be found in your VLSC portal. Each MAK has a predefined number of allowed activations, and each activation occurrence will incrementally increase the number of used activation for that MAK.
In the screenshot above, you can see that 3 activations (out of 300 allowed activation/seats) were completed using a MAK for Windows Server 2016 Standard.

How to use MAK

Using MAC for activation is very simple.
First, you'll have to go to VLSC and obtain the suitable MAK for your product (like Windows Server 2016 Standard).
then, open Command Prompt (cmd) in elevated mode and run the following commands:

  1. Install your MAK key using 'slmgr.vbs /ipk MAKProductKey' (e.g slmgr.vbs /ipk ABCDE-123456-ABCDE-123456-ABCDE).
  2. Activate Windows using 'slmgr.vbs /ato'. The following message should appear:
  3. To view the activation details you can use the 'slmgr /dli' command.

When to use it

MAK activation method should be used only for computers that never connect to the corporate network and for environments where the number of physical computers does not meet the KMS activation threshold and Active Directory-based activation could not be used for some reason.

Summary

In the first part of the series we learned about KMS and MAK, and we understood the purpose of each activation method.
As a thumb rule, you should always try to stick with KMS activation as long as it possible.
When KMS is not an option (usually due to lack of connectivity to the corporate network), consider using a MAK.

Remember that one KMS host key can be used to activate all of your Windows versions includes servers and clients. Grab the latest version from your VLSC and you're good to go.
If you encounter problems when trying to activate, check that your KMS server is available and running, and use slmgr.vbs tool to get more details about your client's activation status.

Comments (2)

  1. StanYip says:

    In this summary, Omer recommends using KMS activation over MAK.
    However, since few years ago, the team responsible for VLSC gave the contradicting comment (MAK over KMS) and made the KMS key available only on request.
    Maybe Omer could communicate with them?

    1. Hi StanYip,

      When I recommend using KMS over MAK, my recommendations are based on technical aspects only.
      Other considerations like contract details and license terms are not in the scope of this post.

      Regards,
      Omer

Skip to main content