Solved

How do I use Multiple KMS host keys with 1 KMS host server

Posted on 2011-02-28
4
1,669 Views
Last Modified: 2012-06-27
Hello,

I'm sure others must have encountered this.  Here's the scenario:

Single domain company with sites across Europe.  Each site has their own license agreement with Microsoft and their own specific KMS host key for Windows 7.

The desktop deployment process is managed from the UK where a KMS host is installed under the UK Microsoft Agreement.  All countries use Altiris for desktop deployment which is hosted in the UK and managed by UK staff.  

Can the UK KMS host server take account of the individual KMS licenses for each country?  I expect the answer is no.  So how is it possible to license Windows 7 using each countries individual KMS license?  Does each country have to setup their own KMS host, if so how will that work in a single domain?  

Clients use DNS to lookup the KMS host and at the moment they will be pointing to the UK host and will activate against it accordingly.  How can we ensure that each client only activates against the correct host if indeed we need disparate KMS hosts in our environment?

Thanks,

0
Comment
Question by:ishamsi
  • 2
  • 2
4 Comments
 
LVL 2

Expert Comment

by:__ST
ID: 35003222
I'm not sure it is possible to have multiple KMS hosts the way you are trying to set it up...

KMS doesn't track a maximum number of license activations, but rather activates based on a minimum threshold being met.  As long as you are tracking your licenses accordingly, I don't know that it will care what country the clients are coming from.

If you need to segregate the licenses by country you would probably need separate DNS pools with a host on each network.  This could be done by setting up DNS servers without integrating them with Active Directory.
0
 

Author Comment

by:ishamsi
ID: 35005622
It doesn't matter that the KMS clients are activating from different countries, from a technical point of view it works great.  And I agree as long as we are tracking our licenses by other means then why should Microsoft care which key is being used for any given client as long as the corresponding company has a license bought for that client.  

However Microsofts view on this is a bit different I think, or rather they don't know what their view is.   I tried to figure this out between the licensing team and technical support but couldnt get a firm answer.  Something along the lines of if your parent agreement is a global one then they could possibly comprimise with regional specific agreements sharing keys to ease the technicalities of managing distribution companywide.  But nobody could tell me what our agreement is and shrugged it off to the local reseller who may be able to discuss this with Microsoft HQ in Ireland.  

I'd rather not alter the DNS landscape to allow for multiple KMS hosts.  Is it possible to not use DNS at all and simply tell each client for each country its own KMS host using

slmgr /skms kmshost.companydomain.com:1688

and have this run for each client during deployment.  Each machine would be pointing to its own KMS and if the script didnt run for whatever reason they wouldnt activate against a different KMS host in the domain because DNS did not contain the record?  

Or do you think that I should forget all this and continue with the current setup of one KMS host centrally and run license audit reports for the various regions seperately.  Regions can still purcahse their own keys against their requirements, MS have no visibility over which host has activated which client, as long as the licenses bought match number of machines for each Region.  
0
 
LVL 2

Accepted Solution

by:
__ST earned 500 total points
ID: 35007418

If you're set on doing it the hard way, try this:

1) Disable publishing of KMS SRV records to DNS on all KMS host servers by adding a DWORD "DisableDnsPublishing"="1" to HKLM\Software\Microsoft\Windows NT\CurrentVersion\SL
2) Remove all _VLMCS records from DNS (foreward lookup zones\[domain]\_tcp)
3) Manually assign the KMS hosts to each client via slmgr.vbs as you noted above: cscript \windows\system32\slmgr.vbs /skms <KMS_FQDN>:<port>

You'll want to monitor the clients and hosts pretty closely to make sure they're aimed correctly.
0
 

Author Comment

by:ishamsi
ID: 35015938
That looks like it will work.  But I'd rather not do it the hard way!  

I'll carry on with a central KMS host for now and audit the licenses for the regions after the rollout.  

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
OfficeMate Freezes on login or does not load after login credentials are input.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now