How to: Setup and configure a Microsoft Key Management Service (KMS) Server

Microsoft offers multiple methods for activating Windows in a small to large sized business environment. While home users and businesses using retail or MAK keys activate their copies of Office and Windows directly with Microsoft (either online or by phone), businesses have the option to install the Volume Activation Management Console (VAMT) to activate from a remote system or set up a KMS host (essentially an activation server). The following guide is specifically for setting up and configuring a KMS server to allow client PCs to activate with KMS volume license keys. The major advantage of this method instead of using VAMT with MAK keys is that there is no maximum activation limit; therefore you do not need to call Microsoft when you activate 25 to 50 times to get the key re-validated. Microsoft recommends using KMS when you have at least 50 PCs in your environment and will not allow you to activate hosts until at least 25 PCs are requesting activation from your KMS server.


Prerequisites and Assumptions

  • All PCs using KMS licensing are running at least Windows Vista or Windows Server 2008 and newer. Windows XP/Server 2003 clients need additional configuration; I did not set this up in my case so I am unsure of the exact steps required.
  • One available physical or virtual machine running either Windows 7 or Windows Server 2008 R2 to function as the KMS host (server).
    • Windows 7 KMS hosts can only activate Windows client operating systems. Windows Server hosts can activate both client and server products.
  • A functioning DNS and AD server in your domain. If you do not run Active Directory, see this article for more information.
  • For Office 2010 KMS activation see this site¬†as it will not be covered here since the process is slightly different.
  • All client PCs are able to communicate directly with the KMS server on a local area network (not over the internet as this is likely not supported by Microsoft for security reasons).
  • You have an active Volume Licensing agreement with Microsoft and have Windows 7 or Server 2008 R2 KMS keys available.
  • Make sure you install the proper key on the KMS host. The way the KMS key hierarchy works is slightly confusing; this TechNet article explains it best. Leave a comment if you are still unsure what key to choose. This hierarchy also includes information on activating earlier versions of Windows (Vista and 2008 R1).

Instructions

Note: These steps were referenced from this TechNet Article. They have been condensed and simplified for better readability and understanding. Please see the article for more information regarding steps that are unclear here.

Install the KMS host product key:

  1. First, install the KMS key on the KMS Server by running the following from an elevated command prompt (right click Command Prompt and choose “Run as administrator”):
    slmgr.vbs /ipk <KMS Key>
  2. After that completes successfully, run the following command to activate the key online with Microsoft:
    slmgr.vbs /ato
  3. Alternatively, you can activate by phone using the following command in place of step 2:
    slui.exe 4
  4. Restart the Software Protection Service by running the following:
    net stop sppsvc && net start sppsvc

Confirm that the KMS host has published itself in DNS:

  1. KMS should create a PTR record in DNS automatically so clients know what server is hosting KMS activation on your network. To verify this open the DNS Management console on your DNS server.
  2. Expand “server name” > Forward Lookup Zones > “Domain/Zone Name” > _tcp
  3. If you see a record named “_VLMCS” with the KMS server name and port 1688 in the data field the record was successfully registered and you are done. If not, continue to the next step.
  4. Right-click _tcp on the left had navigation bar, and choose “Other New Records”.
  5. Find and select “Service Location (SRV)” and click the Create Record button
  6. Manually enter in “_VLMCS” (without quotes) in the Service field, “_TCP” (again, without quotes) in the Protocol field, 1688 in the Port number field, and the fully qualified domain name of the KMS server.
  7. Click OK. KMS has not been configured and you are ready to start activating clients.

Now all that remains is to try activating a Windows client or server operating system with a KMS key. Remember, this will fail until at least 25 PCs have tried activating so don’t worry if your first machines don’t activate properly. The following error will be displayed if this is the case:

Error code 0xC004F038
The software Licensing Service reported that the computer could not be activated. The count reported by your Key Management Service (KMS) is insufficient. Please contact your system administrator.

I am not too certain why Microsoft puts in this requirement, but in reality it really isn’t worth setting up KMS in an environment with fewer than 25 PCs so it should not be a problem. If you do not have enough new PCs to activate starting out you can always set up VAMT and convert the MAK/Retail keys of existing PCs to KMS to meet the quota. VAMT will allow you to do this remotely in batches to minimize the time required to convert existing activations.

VAMT can be downloaded from the Microsoft Download Center then see this article for more information about VAMT. See this article for any more questions relating to KMS activation, and this article for additional settings the KMS host can be configured to use. As always, leave a comment if there are any more questions or if there is something I missed.

Published by

Dan

Technology enthusiast.

16 thoughts on “How to: Setup and configure a Microsoft Key Management Service (KMS) Server”

  1. I need to restart the KMS server services as it had an unexpected shutdown but having a little trouble figuring out which services are for the KMS. Could anyone help me on this?

    1. The service you are looking for is called “Software Protection Service”. Just make sure that is started and your host should be able to authorize client keys.

  2. Also i might as well ask, i have a KMS server with 2008 SP2 and all the workstations are XP, the server shutdown unplanned and since then KMS isnt working, the clients cannot activate Windows.

    Event ids im getting are 12289 and 12290 with error code 0xC004F042

    If anyone knows the root cause/fix id greatly appreciate it!

    Thanks again

  3. Pingback: KMS Service setup
  4. I’m trying to set up an existing 2008 Standard R2 server as the KMS host for Windows 7 Enterprise and Office Standard 2010. I’m confused… do I need a different key on my existing server to get this to work?

    1. Correct, once you activate your server with a KMS product key it can function as the KMS host for activating clients. Feel free to let me know if you have more questions!

      1. Is there a way to get a KMS product key for an existing server? Do I need to purchase a volume license for Windows Server 2008 and then change the product key?

        1. Use of KMS requires a volume license. If your server came from Dell, HP, or another manufacturer with Windows Server pre-installed it is OEM and cannot act as a KMS host.

          If your server is using a volume license MAK key you can simply login to Microsoft’s volume licensing site and find the KMS key. Once you have that KMS key you can just right-click My Computer, go to properties, and change the product key.

  5. How do you add product keys for multiple products? Such as Office 2010, windows 7, and windows Server 2008 R2? do i add them one at a time using cscript slmgr.vbs ipk .

    Thanks,

    Matthew

  6. Hi Dan,
    Thanks for the article, but please update it regarding additional products. All the confusion seems to be caused by Microsoft creating hotfixes to allow Win7 activation using a 2003 server host, and then changing the whole KMS activation scheme by going to product ‘Groups’ with the release of server 2008 and 2008R2.

    It is especially confusing for those who activated win7 by applying a hotfix to server 2003, then installing a win7 workstation KMS key onto the server OS. That was a ‘kluge’ fix to allow adoption of win 7, recognizing that many companies were slow to migrate servers and AD infrastructure. Now when moving to server 2008R2 or 2012, the method has changed.

    MS now releases KMS keys for product ‘Groups’. If installing KMS hosts on a server platform (as most of us will likely do), you must install a ‘server OS’ KMS key, even if using KMS to activate workstation OSs. The server key will activate both server and workstation OSes, for the version of the KMS key and all older versions of the software. For example, a server 2008R2 KMS key will activate 2008R2, 2008 server OSs along with Windows 7 and Vista. If you need to activate Windows 8, you would need to install a KMS key for server 2012 (along with a hotfix to get it to work on the server2008R2 platform – again because MS recognizes that workstation OS may move ahead of server OS upgrades).

    To simplify – on a 2008R2 server platform
    Install KMS activation key for 2008 to activate 2008 and Vista OR
    Install KMS activation key for 2008R2 to activate 2008R2, 2008, Windows 7 and Windows Vista OR
    Install KMS activation key for 2012 to activate 2012, 2008R2, 2008, Windows 8, Windows 7, Windows Vista.

    Of course access is dependent on the VLA you have…

    It makes matters worse that MS activation for Office is different – You need to run the fixpack for each version of Office, and install the key for that version – So to activate Office 2010 and Office 2013, you need to install 2 keys and fixpacks, not just the latest one.
    At least you can have both versions of office and the OS KMS co-reside on the same server.

Leave a Reply