How to: Setup and configure a Microsoft Key Management Service (KMS) Server

Microsoft offers multiple methods for activating Windows in a small to large sized business environment. While home users and businesses using retail or MAK keys activate their copies of Office and Windows directly with Microsoft (either online or by phone), businesses have the option to install the Volume Activation Management Console (VAMT) to activate from a remote system or set up a KMS host (essentially an activation server). The following guide is specifically for setting up and configuring a KMS server to allow client PCs to activate with KMS volume license keys. The major advantage of this method instead of using VAMT with MAK keys is that there is no maximum activation limit; therefore you do not need to call Microsoft when you activate 25 to 50 times to get the key re-validated. Microsoft recommends using KMS when you have at least 50 PCs in your environment and will not allow you to activate hosts until at least 25 PCs are requesting activation from your KMS server.

Prerequisites and Assumptions

  • All PCs using KMS licensing are running at least Windows Vista or Windows Server 2008 and newer. Windows XP/Server 2003 clients need additional configuration; I did not set this up in my case so I am unsure of the exact steps required.

    • Windows 7 KMS hosts can only activate Windows client operating systems. Windows Server hosts can activate both client and server products.
  • A functioning DNS and AD server in your domain. If you do not run Active Directory, see this article for more information.

  • For Office 2010 KMS activation see this site as it will not be covered here since the process is slightly different.

  • All client PCs are able to communicate directly with the KMS server on a local area network (not over the internet as this is likely not supported by Microsoft for security reasons).

  • You have an active Volume Licensing agreement with Microsoft and have Windows 7 or Server 2008 R2 KMS keys available.

  • Make sure you install the proper key on the KMS host. The way the KMS key hierarchy works is slightly confusing; this TechNet article explains it best. Leave a comment if you are still unsure what key to choose. This hierarchy also includes information on activating earlier versions of Windows (Vista and 2008 R1).

Instructions

Note: These steps were referenced from this TechNet Article. They have been condensed and simplified for better readability and understanding. Please see the article for more information regarding steps that are unclear here.

Install the KMS host product key:

  1. First, install the KMS key on the KMS Server by running the following from an elevated command prompt (right click Command Prompt and choose “Run as administrator”):
`slmgr.vbs /ipk <KMS Key>`
  1. After that completes successfully, run the following command to activate the key online with Microsoft:
`slmgr.vbs /ato`
  1. Alternatively, you can activate by phone using the following command in place of step 2:
`slui.exe 4`
  1. Restart the Software Protection Service by running the following:
`net stop sppsvc && net start sppsvc`

Confirm that the KMS host has published itself in DNS:

  1. KMS should create a PTR record in DNS automatically so clients know what server is hosting KMS activation on your network. To verify this open the DNS Management console on your DNS server.
  2. Expand “server name” > Forward Lookup Zones > “Domain/Zone Name” > _tcp
  3. If you see a record named “_VLMCS” with the KMS server name and port 1688 in the data field the record was successfully registered and you are done. If not, continue to the next step.
  4. Right-click _tcp on the left had navigation bar, and choose “Other New Records”.
  5. Find and select “Service Location (SRV)” and click the Create Record button
  6. Manually enter in “_VLMCS” (without quotes) in the Service field, “_TCP” (again, without quotes) in the Protocol field, 1688 in the Port number field, and the fully qualified domain name of the KMS server.
  7. Click OK. KMS has not been configured and you are ready to start activating clients.

Now all that remains is to try activating a Windows client or server operating system with a KMS key. Remember, this will fail until at least 25 PCs have tried activating so don’t worry if your first machines don’t activate properly. The following error will be displayed if this is the case:

Error code 0xC004F038

The software Licensing Service reported that the computer could not be activated. The count reported by your Key Management Service (KMS) is insufficient. Please contact your system administrator.

I am not too certain why Microsoft puts in this requirement, but in reality it really isn’t worth setting up KMS in an environment with fewer than 25 PCs so it should not be a problem. If you do not have enough new PCs to activate starting out you can always set up VAMT and convert the MAK/Retail keys of existing PCs to KMS to meet the quota. VAMT will allow you to do this remotely in batches to minimize the time required to convert existing activations.

VAMT can be downloaded from the Microsoft Download Center then see this article for more information about VAMT. See this article for any more questions relating to KMS activation, and this article for additional settings the KMS host can be configured to use. As always, leave a comment if there are any more questions or if there is something I missed.

Licensed under CC BY-NC-SA 4.0
comments powered by Disqus