Solved

Key Management Server (Win2k8) Basic Questions

Posted on 2011-09-20
8
1,073 Views
Last Modified: 2012-05-12
Experts,

I've been given the task of seeing if we can convert our multiple activation keys into KMS.

I'm completely new to KMS, so please bear with me on my basic questions.

Here's what I know:

You obtain a KMS key from MS and enter that into the system, where it will then activate with MS and become a KMS server.  At this point, it submits some SRV records to DNS so that other systems can locate the server and send their activations to it.  The server won't actually start providing any activations until a minimum of 5 client machines have contacted it for activation.  Fairly simple ordeal.

I've been reading the information located here:  http://technet.microsoft.com/en-us/library/ff719787.aspx

And have watched the video located here:  http://www.microsoft.com/download/en/details.aspx?id=22110

And read the quick instructions here:  http://www.windows-noob.com/forums/index.php?/topic/649-how-can-i-setup-a-kms-server/


My questions about this setup, if anybody has had the bennefit of using KMS:
1.  Minimum number of clients is 5.  What's the Maximum number of clients a KMS can support?
2.  In the video, it was mentioned about half way through that this is not supported on Win2k8 DataCenter editions.  I wasn't able to find in any of the articles on which clients are supported.  Would anybody have a reference on this?
3.  Is only one KMS server per domain allowed?  With the updates to DNS, I would imagine this is the case - but in our organization, we have a flat DNS FLZ and about 45 sites.  It would be in our best interest to be able to implement one of these servers at each site, and have the local clients activate within their area.
4.  Any other pertinant references / information that you guys can provide.

Anything you can throw my way is way more than appreciated.

0
Comment
Question by:usslindstrom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 500 total points
ID: 36572445
The answer to your questions are as follows:

1) - There is no official maximum number.  KMS has no database of clients it's previously activated, just an activation count, and there is no limit to this count.  Your Key does not have a restricted value on it.  Be aware through that your KMS server re-activates itself with Microsoft so if you have 10,000 activations and you are licensed for 20, they may ask some questions.

2)  Win 2008 R2 Datacenter is supported, as long as you have a KMS C key (which I have :D).  I currently have 4 datacenter servers activated through our KMS Server.

3) No.  You can have multiple KMS Servers.  You have a limited amount of times you can activate a KMS Server - I think it's 5.  So for example, in a domain where you have two domain controllers, you can make them both KMS Servers.  They will operate independantly from each other, so that means that you need 5 activations each server.  The workstations will use Round-Robin to determine which one to activate with.

4) As follows:

You will be pleased to know that KMS is not domain based.  We have 1 "master" KMS Server, and we have 13 domains - each domain has a SRV record in the appropriate location which points to this single KMS Server which activates.  You do not even need Trusts between domains.
Anything you activate through KMS has to be re-activated every 6 months.
Only Windows 7 Enterprise, Windows 7 Professional Volume Edition, Windows Server Web, Standard, Enterprise, Datacenter Volume Editions can be activated through KMS

This is what my current KMS activations looks like
C:\Windows\System32>cscript slmgr.vbs /dli
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.


Name: Windows Server(R), ServerEnterprise edition
Description: Windows Operating System - Windows Server(R), VOLUME_KMS_R2_C channel
Partial Product Key: <removed>
License Status: Licensed

Key Management Service is enabled on this machine
    Current count: 50
    Listening on Port: 1688
    DNS publishing enabled
    KMS priority: Normal

Key Management Service cumulative requests received from clients
    Total requests received: 3702
    Failed requests received: 271
    Requests with License Status Unlicensed: 0
    Requests with License Status Licensed: 2558
    Requests with License Status Initial grace period: 826
    Requests with License Status License expired or Hardware out of tolerance: 12
    Requests with License Status Non-genuine grace period: 0
    Requests with License Status Notification: 35

Open in new window

0
 
LVL 5

Author Comment

by:usslindstrom
ID: 36577516
Thank you VERY much for the clarification!  If you wouldn't mind me picking your brain for one more second, I would be very grateful.

So, here's my strategic layout on moving forward in my organization:

I'm planning on converting the local DC in each of the sites to a KMS server.  This will update DNS, and I'll have individual SRV records pointing to all the DCs.  Clients will then use these as they see fit to activate themselves once they come online - and within 180 days each.

Would you happen to know if there's a way to make the DNS a bit more deterministic?  Meaning, force everything to check in locally vice the round-robin availability model?  *I'm thinking local DNS weights.  Not that activation is rough on bandwidth or anything, but it'd be nice to keep everything as logical as possible, where were not troubleshooting why one server has a billion activations, while another only has a few, etc.
0
 
LVL 5

Author Closing Comment

by:usslindstrom
ID: 36907946
Thank you very much for providing the information.  It's much appreciated!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36910034
I'm so sorry, but I didn't see your strategic layout query.  Thank you for the points, but I will however try to answer your enquiry.

I would advise against too many KMS servers - only because you have a limited amount of KMS Activations you can do.  I think it's 5.  When you reach this number of activations, you can no longer activate KMS servers, and naturally, this will be a bit of a setback for you.

My suggestion is to have just two primary KMS servers, sitting on Forest Root Domain Controllers, and allowing them to advertise in DNS.  A Round robin will automatically be created because there will be two SRV records for the same _VLMCS service.

If you have subdomains or even trusted domains, you will need to create SRV records for _VLMCS, and just create two for your two primary KMS Servers.

KMS Activation is so light, there's really no need to try to place some in geographical locations.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 36922532
Thank you very much for the continued information here.  I really do appreciate it.

Two more questions, if you're still monitoring this thread:

Activating office products will be handled automatically by the KMS?

-And what does one of the SRV records look like in DNS, if you don't mind me asking - so I'd be able to verify everything is working correctly.  - Or need to add/edit them manually in the future.
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36926224
:)

Office KMS Activation can be done, however you have to install a special version of the KMS server on top of your existing KMS Server.  You can download the Microsoft Office 2010 KMS Host License Pack from here http://www.microsoft.com/download/en/details.aspx?id=25095

Since I only have 1 KMS server, there is only 1 SRV record, and here is what it looks like:

The SRV record looks the same on all of my domains, naturally in the Forward Lookup Zone of the applicable domain.

 VLMCS SRV Record

VLMCS SRV Record Another Domain
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 36928709
Thank you so much for the additional information!

You have been most helpful.  I really do appreciate everything you've assisted me with.
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36933993
Please feel free to read some of my articles - if you find them helpful, please mark them as helpful :)

Testing Network Performance - http://www.experts-exchange.com/A_8010.html
Guide: Creating a Hyper-V Cluster - http://www.experts-exchange.com/A_7910.html
Make your FTP Server support Active and Passive - http://www.experts-exchange.com/A_7833.html
Hyper-V & Licensing - The Good News http://www.experts-exchange.com/A_7831.html

The last one might be of particular interest to you.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question