The Key Management Service is a service that is
installed on top of the Windows Server or Client. KMS is responsible for
activating clients.
1. Learning the KMS Process
Each client that attempts
to activate with a KMS host is given a client machine identification
(CMID) designation. The CMID is stored on both the KMS host and the KMS
client, and each CMID counts for the activation threshold. Activated
clients attempt to contact the KMS host every seven days by default; if
this attempt fails, the client will retry every 2 hours by default. If
an activated client cannot contact the KMS host within 180 days, it will
deactivate and go into reduced functionality mode.
The KMS host caches twice
the amount of CMIDs that are required by the KMS clients in order to
prevent the CMID count from dropping below the activation threshold
unexpectedly. The KMS host will decrement its activation counter by 1
when a client doesn't contact the KMS host within 30 days.
Suppose you have activated six server OSes and 20 client OSes, which leads to an activation count of 26.
Now, if four of the
clients OSes don't contact the KMS host within 30 days of their last
contact, the activation count will drop below 25 (which is the threshold
for client activation).
As long as activation count
stays below 25, this will result in a potential situation where all
registered and activated client OSes will revert to not activated after
180 days. Also, no more new clients will be activated until the
threshold is above 25.
The server OSes will remain activated though, because the servers are still above their activation threshold.
|
Systems that use KMS as their
activation method find the KMS host using Domain Name System (DNS) and
its Service (SRV) Resource Records (RR) functionality.
For scalability, you have the
option to install multiple KMS hosts in your environment. By using DNS
priority and weight parameters, you can control how clients connect to
the KMS hosts; this technique works for Windows 7 and Windows Server
2008 R2 clients only, though. Windows Vista and Windows Server 2008
clients just pick a KMS host returned from the DNS query. KMS hosts do
not coordinate with each other; they are stand-alone systems. Therefore,
it is important that you design your KMS infrastructure with caution.
2. Choosing Your KMS Host
Before you can install your
KMS host, you must first decide on which platform you are going to
install your KMS. Choosing the KMS host platform depends on the type of
KMS product key group you have available. When choosing the KMS host
system, you must consider the operating system editions that will be
activated with KMS. A KMS that is hosted on Windows 7 can only activate
client operating systems, but a KMS that is hosted on Windows Server
2008 R2 Enterprise can activate both client and server computers. You
must have a corresponding KMS key to activate Windows Server 2008 R2
Enterprise in the first place.
Table 1 provides an overview of the KMS host OS that should be used depending on the type of clients you want to activate.
Table 1. KMS host OS by Windows Edition
Windows Product Editions Activated by KMS | KMS Should Be Installed On |
---|
Windows 7 Professional
Windows 7 Enterprise
Windows Vista Business
Windows Vista Enterprise | Windows Vista
Windows 7
KMS for Windows Server 2003 v1.2 |
Products above and
Windows Web Server 2008 R2
Windows Web Server 2008
Windows HPC Server 2008 R2
Windows HPC Server 2008 | KMS for Windows Server 2003 v1.2
Windows Web Server 2008
Windows Web Server 2008 R2
Windows HPC Server 2008
Windows HPC Server 2008 R2 |
Products above and
Windows Server 2008 R2 Standard
Windows Server 2008 R2 Enterprise
Windows Server 2008 Standard
Windows Server 2008 Enterprise | Windows Server 2008 R2 Standard
Windows Server 2008 R2 Enterprise
Windows Server 2008 Standard
Windows Server 2008 Enterprise |
Products above and
Windows Server 2008 R2 Datacenter
Windows Server 2008 Datacenter
Windows Server 2008 for itanium-based systems | Windows Server 2008 R2 Datacenter
Windows Server 2008 Datacenter
Windows Server 2008 for itanium-based systems |
When you only want to
activate Windows 7 clients using KMS, keep in mind that you cannot use
Windows Server 2008 or Windows Server 2008 R2 as your KMS host.
|
3. Selecting the KMS Host Manually
When DNS is not available
for KMS host assignment, you can assign a KMS host to KMS clients by
using KMS host caching. When you assign a KMS host manually, you disable
auto-discovery of KMS. A KMS host is manually assigned to a KMS client
by running this command:
slmgr.vbs /skms <value>:<port>
where value is the KMS host's fully qualified domain name (FQDN), the KMS host's IPv4 address, or the KMS host's NetBIOS name. The port is the TCP port used by the KMS host.
4. Installing and Initializing KMS
Depending on which version
of the OS you want to install the KMS functionality, you may have to
download software from the Internet. The latest KMS version, 1.2, is
already included with Windows 7 and Windows Server 2008 R2. For Windows
Vista, Windows Server 2003, and Windows Server 2008, you should check
for an update available that updates the KMS functionality to at least
version 1.2.
To enable the KMS
functionality, you should first install a KMS key on the KMS host using
the Windows Software Licensing Management tool. In order to do this you
should supply the VLK with the highest authority that you have
available, so you know for sure that the KMS can service all the OS
types it needs to activate.
Use an elevated command prompt to install the KMS key:
slmgr.vbs /ipk <Kms Key>
This will install the Software Protection Service on your KMS host.
After the KMS key is installed, activate the host over the Internet or by phone. To activate online, use:
slmgr.vbs /ato
To display the Installation ID to activate over the phone, use:
slmgr.vbs /dti
To determine the number you should call to activate your KMS, enter the following command:
slui.exe 4
The output of this command
will provide you with a window which asks you in which country you
reside and will provide you with the various options to activate using a
phone.
After the host is activated, restart the Software Protection Service. Your KMS host is now ready to activate clients.
When you're installing a KMS
host key on Windows 7 or Windows Server 2008 R2 using the UI, a warning
message will appear. The warning is designed to prevent you from
accidentally installing KMS keys on computers that you do not intend to
be KMS. You can verify that the KMS host is working correctly by
checking the KMS count and determining if it is increasing as you add
more KMS clients.
In a Windows command prompt window on the KMS host, enter the following:
slmgr.vbs /dli
This command will display the current KMS count (Figure 1).
If you want even more information, you can use the /dlv
option, which will give you verbose output. You can also check the Key
Management Service event log for event ID 12290. This event displays the
name of the computer and the timestamp of the activation request.