Getting started with Microsoft Windows KMS server..

Updated to include info on Windows 8 + 2012.

Update 2013-06
I just found a cool video by Microsoft that explain how to install on Windows 2008 R2, and it’s very clear if you just need a basic install;
http://technet.microsoft.com/en-us/windows/set-up-a-kms-host-on-a-windows-server-2008-r2-machine.aspx

Original Post begin here;
So I had to install a KMS server today, up till now we had not needed one so I was a total NOOB on how to do so..

One would expect that this would be a walk in the park, however I tend to think that it has been made overly complicated and inaccessible.

First things first;
http://www.microsoft.com/downloads/details.aspx?FamilyID=bbf2eb61-2b30-4f2d-bccd-df53e220b8e9&displaylang=en
This is a great intro video to KMS’ing on a Win 2008 box, it will cover all the basics and give you a good idea on how this works.

You likely need this patch to upgrade the KMS service on the Win 2008/2003 box to allow Win7 etc. to register;
http://support.microsoft.com/kb/968912 – for Win 2008 kms
http://support.microsoft.com/kb/968915– for Win 2003 kms

Now you will need to add a KMS key to the server you got this key from Microsoft as part of your license (NOT a MAK key, a KMS key).. This might confuse you as it did me, I was thinking, oh I will need to add KMS keys for all the versions of windows I need the KMS to work for, but this is not so..

On this page;
http://www.microsoft.com/downloads/details.aspx?FamilyID=9893f83e-c8a5-4475-b025-66c6b38b46e3&displaylang=en
you will find a document “Volume Activation 2 0 Changes for Windows Server 2008 and Windows Vista SP1.doc” explaining this in more detail, but basically if you install a server 2008 R2 KMS key then this will also work for Win7, Vista etc.

How do i register a key on the KMS server;
Start an elevated CMD.exe and
change dir to c:\windows\system32

write: slmgr -IPK <YOUR KMS KEY HERE>
wait for a confirmation dialogbox, this can take a long time up to 1 min or more..
then activate the KMS key: slmgr -ATO
wait for a confirmation dialogbox, this can take a long time up to 1 min or more..
Now check the status of the KMS server: cscript slmgr.vbs -dlv
It will take a while before it is displayed.

Damn if I understand why there is no GUI for this!?

FAQ;
Help, I have machines registered with a MAK key, and now want to change this to my new KMS server – how do I do this? It is not that complicated, all you need to do is to change the license key of the workstation/officepack to a KMS key, IMPORTANT!! we are NOT talking YOUR KMS KEY, but the default KMS key from MS – confused!!? I was too, well it is not that complicated when it comes to it, when you install a MVLS product like eg. Office 2010 then it carries a default key this is the default KMS key with a limited lifespan, once you click activate this key tells the product to seek out a KMS server and try to register – if no KMS server is found the activation fails.  If you entered a MAK key at the time of installation then the product is activated and you need to unactivate it with the KMS key for that product, a list of default KMS keys can be found here;
http://technet.microsoft.com/en-us/library/dd772269.aspx#EOIAC

Operating System Edition  Product Key

Windows 7 Professional -  FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 7 Professional N -  MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Windows 7 Enterprise -  33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 7 Enterprise N - YDRBP-3D83W-TY26F-D46B2-XCKRJ
Windows 7 Enterprise E - C29WB-22CC8-VJ326-GHFJW-H9DH4
Windows Server 2008 R2 HPC Edition -  FKJQ8-TMCVP-FRMR7-4WR42-3JCD7
Windows Server 2008 R2 Datacenter -  74YFP-3QFB3-KQT8W-PMXWJ-7M648
Windows Server 2008 R2 Enterprise - 489J6-VHDMP-X63PK-3K798-CPX3Y
Windows Server 2008 R2 for Itanium-Based Systems -  GT63C-RJFQ3-4GMB6-BRFB9-CB83V
Windows Server 2008 R2 Standard - YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Web Server 2008 R2 - 6TPJF-RBVHG-WBW2R-86QPH-6RTM4
Windows Vista Business   YFKBB-PQJJV-G996G-VWGXY-2V3X8
Windows Vista Business N    HMBQG-8H2RH-C77VX-27R82-VMQBT 
Windows Vista Enterprise    VKK3X-68KWM-X2YGT-QR4M6-4BWMV 
Windows Vista Enterprise N    VTC42-BM838-43QHV-84HX6-XJXKV
Windows Server 2008  Datacenter    7M67G-PC374-GR742-YH8V4-TCBY3 
Windows Server 2008 Datacenter without Hyper-V     22XQ2-VRXRG-P8D42-K34TD-G3QQC 
Windows Server 2008 for Itanium-Based Systems      4DWFP-JF3DJ-B7DTH-78FJB-PDRHK 
Windows Server 2008 Enterprise    YQGMW-MPWTJ-34KDK-48M3W-X4Q6V 
Windows Server 2008 Enterprise without Hyper-V     39BXF-X8Q23-P2WWT-38T2F-G3FPG 
Windows Server 2008 Standard  TM24T-X9RMF-VWXK6-X8JC9-BFGM2 
Windows Server 2008 Standard without Hyper-V     W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ 
Windows Web Server 2008    WYR28-R7TFJ-3X2YQ-YCY4H-M249D
Microsoft Office 2010 - VYBBJ-TRJPB-QFQRF-QFT4D-H3GVB

You can change the license key via this command (remember it has to be launched from an Elevated CMD.exe);
cscript Slmgr.vbs /ipk <SetupKey, the key from above>

Advanced tips and tricks;
Use other than the default KMS server (force a specific KMS server)
If for some reason you need to specify WHICH KMS server you wish to use (or if you need to use a remote KMS) then you do like this;
1. open an elevated cmd.exe
2  type; cscript slmgr.vbs -ipk <KMS KEY (not your own, one of the default microsoft once>
3  type; cscript slmgr.vbs -skms <IP OF KMS SERVER>:<PORT NO On KMS SERVER>  (default port is 1688)
4  type; cscript slmgr.vbs -ato

Command lines;
cscript slmgr.vbs -dlv (show status of KMS)
cscript slmgr.vbs -dli (show quick status of KMS)
cscript slmgr.vbs -dlv all (show advanced status of KMS)
cscript slmgr.vbs -upk (Remove key – unactivate Windows CAUTION!! – this may however be needed if you wish to remove the KMS role from a server)

Upgrade your KMS to accept Office 2010 clients;
Microsoft Office 2010 KMS Host License Pack
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=97b7b710-6831-4ce5-9ff5-fdc21fe8d965
IMPORTANT! Strangely enough this is NOT supported for Windows 2008 KMS servers, it works for 2003, 2008 R2 but NOT 2008. (more here; http://social.technet.microsoft.com/Forums/en-US/officevolact/thread/b2ffee91-c6a4-4196-8a86-4974534c3dbd)

There is also some additional info here;
http://blogs.technet.com/b/odsupport/archive/2010/06/01/office-2010-kms-installation-and-troubleshooting.aspx

Debugging Office 2010 KMS;
Our KMS server somehow “lost” it’s office key, and no matter how many times I added it it kept a state of “unlicensed”, I eventually found out that entering the right key using the “slmgr -ipk <kms key>” and then issuing this command “cscript slmgr.vbs /ato bfe7a195-4f8f-4f0b-a622-cf13c7d16864” triggered the activation of the Office 2010 key.  There is more debugging tricks here; http://technet.microsoft.com/en-us/library/ee624355(v=office.14).aspx

Error codes;
If you get an errorcode; Error: 0xC004F015
This may indicate that you are trying to import a KMS key that is already covered, eg. you installed a KMS key for servers KMS_B key and are trying to install a KMS for Windows7 then this Errorcode will be shown – Windows 7 is already covered by your KMS_B server key (yeah strange I agree, but that is how it works)..
(more here; http://www.vistax64.com/vista-installation-setup/173686-setup-kms-2k8.html)

Stop the KMS server (stop the KMS service on a machine) – I had problems finding the service under 2003 though;
open a commandprompt (elevated);
type; net stop slsvc – to stop the service
type; net start slsvc – to run it again

Check that the DNS records are created properly;
open a commandprompt (elevated);
type; nslookup -type=srv _vlmcs._tcp

you should see something similar to this:

_vlmcs._tcp.domain.net SRV service location:
priority = 0
weight = 0
port = 1688
svr hostname = kmsserver.domain.net
kmsserver.domain.net internet address = x.x.x.x

Firewall;
You need to check that the firewall is set to allow KMS traffic on the KMS host server (there is a standard service for that).

 

General tips and tricks;
http://technet.microsoft.com/en-us/library/dd996588.aspx

Volume Activation Technical Reference Guide (very useful)
http://technet.microsoft.com/en-us/library/ee355153.aspx

in the technical reference guide you can among other thing find this;

Customizable Activation Help

For product activation in managed environments, the Activate Windows now dialog box can be configured to display an optional Learn About Activation Online link, as shown in Figure 4.

Dd772270.image_operation4(en-us,TechNet.10).jpg

Figure 4 Learn about activation online

Clicking this custom link loads an administrator-defined URL in the user’s default browser. This URL can point to a custom Web page or other file stored on the local computer or on a network share. A Volume Licensing customer can use this link to direct their users to the customer’s Helpdesk or other activation-related resources. Displaying the link requires setting the REG_SZ value AlternateURL to the URL of the Web page to display when the user clicks it. The value AlternateURL is in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SoftwareProtectionPlatform\ACTIVATION registry subkey.

A bit more info from MS in both webcast and written form;
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=fda49c1f-475e-42d0-92ae-6f7edb802f3e
KMS setup Windows 7 – webcast

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=be688342-4f8a-4a15-bfa6-33b0d73c6a59
Activating with KMS in Windows 7

Windows 8 KMS (and Server 2012) (Running on Windows 2008 R2)

The default KMS service on Windows 2008R2 does likely not support a Windows 8/2012 KMS key (you try to add it via slmgr -IPK xxxxx…..), well there is a HotFix for this;
http://support.microsoft.com/kb/2691586  –  it’s free but you need to request it, link is shipped via email within seconds.  I was unable to add a Windows 8 KMS key, but the 2012 server key was accepted and as far as I can tell this will both work for Windows 8 and server 2012.

Tag;
Error code; 0xC004F015 (got this for Windows 8/2012 keys before the hotfix above).

Office 2013;

OMG the “fun” never ends when it come to KMS, so when you try to activate your KMS for Office 2013 you may get;
Office KMS host setup error “0xC004F050 The software licensing service reported that the product key is invalid”
Well, that is just because you need some extra stuff on your KMS server before you can “install” the Office 2013 keys *sigh*, you need to download;

http://www.microsoft.com/en-us/download/details.aspx?id=35584

read even more here;

http://blogs.technet.com/b/odsupport/archive/2012/11/15/office-kms-host-setup-error-quot-0xc004f050-the-software-licensing-service-reported-that-the-product-key-is-invalid-quot.aspx
http://technet.microsoft.com/en-us/library/ee624357(v=office.15).aspx#section2

As I work for a large company with 700+ workstations we strive to minimize the need for PC support whenever we can, one of the problems is when users use different browsers or install strange add-ins, one of the more annoying IE additions is the Google Toolbar.  Now I am sure the toolbar offers some great options to some users, however in our corporate structure we like that all browsers function the same as this minimize the development time for our intranet and other internal solutions.

Informing the users that corporate policy does not allow for installation of Google toolbar (and others) does not help that much, it is almost impossible to avoid installing Google Toolbar today, it comes with numerous applications (even with Java as I recall) and if you just miss one checkbox then it is installed (reminds me about the terrible Real player from years back).  One good thing about the Toolbar is however that it is easy to get rid of, it uninstalls without too much hassle.

Anyway I got my heart set on disabeling the Google Toolbar from installing, but how?

Well I found this interesting article on Google Groups;
http://groups.google.com/group/IEToolbar-Group-Advanced/browse_thread/thread/bc70afa3d5b37aa9

---[FROM GOOGLE GROUPS]---------------------------------------
Hi Alan,
You actually have a couple options to prevent the Toolbar from being
installed on your school's network:
1. You can block the Toolbar through the IE policy, or blacklist
everything and selectively whitelist specific add-ons. The relevant
path to the add-on management policy is:
Console Root/(Local or Global) Policy/(Computer or User Configuration)/
Administrative Templates/Windows Components/Internet Explorer/Security
Features/Add-on Management
>From there, you should be able to block each add-on through its GUID.
The Toolbar's GUID is {2318C2B1-4965-11d4-9B18-009027A5CD4F}.
2. You mentioned not wanting students to install the Toobar because it
shrinks the usable area of the screen. More than preventing the
installation of just the Toolbar, you may want to prevent the
installation of all IE BHO's in general. These can be disabled through
group policy in the admin console. There's an IE key that disables
BHO's at:
Console Root/(Local or Global) Policy/(Computer or User Configuration)/
Administrative Templates/Windows Components/Internet Explorer/Internet
Control Panel/Advanced Page/Allow third-party browser extensions
Setting that to "Disabled" will prevent all BHO's from launching.
And for any network admins out there concerned with privacy but who
still want to enable the Toolbar, you should be able to disable
features like PageRank or AutoLink through the group policy file
(that's the .ADM file that's included with the Toolbar for
Enterprise).
Cheers,
Kiku
---[FROM GOOGLE GROUPS]---------------------------------------

Option 1 actually sound quite good, Option 2 will likely disable way too much – some things actually need to install browser additions (certificates for public signature, banking add-ins, PDF readers/printers and many other)..

When I have the time I will take a further look at it.

I was just brushing up on USMT (User state migration toolkit), and it would appear that a new cool version has been released, in conjunction with MDT 2010  (Microsoft Deployment Toolkit) it offers USMT using hardlinks.

The point is that data does not need to be backed up to an external USB disk or network drive, it will be stored in a protected area of the harddisk during installation and then afterwards just linked via hardlinks..  This speed’s things up tremendously (normally a USMT could take from 30 min – 1 hour, but here we are talking minutes)..

In this example it was an XP migration to Windows 7, I may also need XP -> XP migration so it will be interesting to see if this is also possible..

See more here;
http://edge.technet.com/Media/User-State-Migration-with-Windows-7/

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=e263796c-c7e4-44d6-96dd-32e821c88a25

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=e90ebead-7b48-4d1e-9461-be5f07b83468

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=696dd665-9f76-4177-a811-39c26d3b3b34

I just stumbled across this interesting article “Using Group Policy Preferences to control multiple BGinfo scripts” during a search, this may indeed be worth a closer look.

http://www.fr3d.org/2010/03/using-group-policy-prefs-to-control-bginfo-scripts/

I keep forgetting how to enable Group Policy Loopback processing, this is useful if you have an advanced structure/advanced needs within your OU’s in AD.

The recipe is simple;

To set user configuration per computer, follow these steps:

  1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
  2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option.

This will allow for Usersettings to be propagated even if they are only in the Computer OU.

More here; http://support.microsoft.com/?id=231287

If you use HP servers you hopefully also use or have configured the iLO connection, the iLO port will allow you to connect to the console screen of the server even if Windows is not booted, this allows for installing a server or configuring bios settings etc remotely.

However, yesterday when I tried to connect to one of our servers via iLO (you do this via Internet Explorer)  i got this message;

<?xml version="1.0" ?> - <RIMP>
-<MP>   <ST>5</ST>   <INFORM>The iLO firmware is in a network flash recovery state.</INFORM>
<REFERENCE>Refer to the iLO network flash recovery under the trouble shooting 
section in the iLO users guide.</REFERENCE>   </MP>   </RIMP>
Well that was not what I expected, anyhow the solution is fairly simple, you just need to download the iLO firmware and flash the iLO management processor, this can easily be achieved via FTP.
  • Download the iLO firmware from www.hp.com(support and drivers, search for iLO firmware), note there is difference between iLO/iLO2/iLO3 so check your server specs for which FW to get.
  • Unpack firmware (by far the easiest way is to use www.rarlabs.comWinRar, just rightclick and extract from the .exe you downloaded before)
  • Find the iloXXX.bin and copy it to C:\  (or use your own location if you prefer, just remember to change it in the commands below also).
  • Start a command prompt (cmd.exe)
  • Issue these  commands;

    FTP x.x.x.x  (replace x.x.x.x with the correct IP)
    User: flash
    Password: recovery
    type binary
    put c:\iloXXX.bin   (replace XXX with the version number of the image file)

    and then wait while it flashes the ROM you will see a progress indicator.

After this iLO should be back up working 🙂  easy as pie..

For those of you that have ever tried finding anything on HP’s homepage you know that it can be virtually impossible 🙁 thus I am often struggling to find the download link for “HP ProLiant Support Pack for Microsoft Windows Server 2003”, well no more my friends 🙂 here is the link to use 🙂

http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3716247&prodTypeId=18964&prodSeriesId=3716246&swLang=13&taskId=135&swEnvOID=1005

And as a bonuslink, here is how to install it on a “Server Core” (the one without the Win GUI)..

http://www.thomasmaurer.ch/2010/02/cheatsheet-how-to-install-hp-support-pack-on-a-server-core-installation-3/


(Screenshot is from an older version than the current 4.9)

Yet another free partitioning CD (why in the world pay for Partition Magic), this CD will let you boot from it and resize your partitions and much more (free).

http://sourceforge.net/projects/partedmagic/files/

super_orca_screenshot_2If you have ever worked with .MSI files you must have touched Microsoft’s utility ORCA.  Well it proves there is an alternative to this with a few extra features Super ORCA, so if you ever mess with .MSI files you may want to give Super ORCA a spin at http://www.pantaray.com/msi_super_orca.html

So I had to brush a bit up on my Softgrid knowledge for a package build and I came across a few things I’d like to share;

  1. A super guide to Softgrid building by one of the Guru’s on the field (Chris Lord).
    http://myitforum.com/cs2/files/folders/120058/download.aspx
  2. A neat util to explore Softgrid packages without installing the sequencer. SFT Explorer.
    sftexpl_screenshot_tb
    http://www.virtualapp.net/sft-explorer.html

As of right now I haven’t really gotten my package to work, I have to include an old version of Java with a link to a web-site.  But even if I set the registry to override it still fail to launch the old java, if no java is on the machine in advance it works like a dream..  We are currently using the old 4.2 sequencer so I might try the 4.5 version to see if any improvements has been made.