Solved

Key Management Server (Win2k8) Basic Questions

Posted on 2011-09-20
8
1,066 Views
Last Modified: 2012-05-12
Experts,

I've been given the task of seeing if we can convert our multiple activation keys into KMS.

I'm completely new to KMS, so please bear with me on my basic questions.

Here's what I know:

You obtain a KMS key from MS and enter that into the system, where it will then activate with MS and become a KMS server.  At this point, it submits some SRV records to DNS so that other systems can locate the server and send their activations to it.  The server won't actually start providing any activations until a minimum of 5 client machines have contacted it for activation.  Fairly simple ordeal.

I've been reading the information located here:  http://technet.microsoft.com/en-us/library/ff719787.aspx

And have watched the video located here:  http://www.microsoft.com/download/en/details.aspx?id=22110

And read the quick instructions here:  http://www.windows-noob.com/forums/index.php?/topic/649-how-can-i-setup-a-kms-server/


My questions about this setup, if anybody has had the bennefit of using KMS:
1.  Minimum number of clients is 5.  What's the Maximum number of clients a KMS can support?
2.  In the video, it was mentioned about half way through that this is not supported on Win2k8 DataCenter editions.  I wasn't able to find in any of the articles on which clients are supported.  Would anybody have a reference on this?
3.  Is only one KMS server per domain allowed?  With the updates to DNS, I would imagine this is the case - but in our organization, we have a flat DNS FLZ and about 45 sites.  It would be in our best interest to be able to implement one of these servers at each site, and have the local clients activate within their area.
4.  Any other pertinant references / information that you guys can provide.

Anything you can throw my way is way more than appreciated.

0
Comment
Question by:usslindstrom
  • 4
  • 4
8 Comments
 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 500 total points
ID: 36572445
The answer to your questions are as follows:

1) - There is no official maximum number.  KMS has no database of clients it's previously activated, just an activation count, and there is no limit to this count.  Your Key does not have a restricted value on it.  Be aware through that your KMS server re-activates itself with Microsoft so if you have 10,000 activations and you are licensed for 20, they may ask some questions.

2)  Win 2008 R2 Datacenter is supported, as long as you have a KMS C key (which I have :D).  I currently have 4 datacenter servers activated through our KMS Server.

3) No.  You can have multiple KMS Servers.  You have a limited amount of times you can activate a KMS Server - I think it's 5.  So for example, in a domain where you have two domain controllers, you can make them both KMS Servers.  They will operate independantly from each other, so that means that you need 5 activations each server.  The workstations will use Round-Robin to determine which one to activate with.

4) As follows:

You will be pleased to know that KMS is not domain based.  We have 1 "master" KMS Server, and we have 13 domains - each domain has a SRV record in the appropriate location which points to this single KMS Server which activates.  You do not even need Trusts between domains.
Anything you activate through KMS has to be re-activated every 6 months.
Only Windows 7 Enterprise, Windows 7 Professional Volume Edition, Windows Server Web, Standard, Enterprise, Datacenter Volume Editions can be activated through KMS

This is what my current KMS activations looks like
C:\Windows\System32>cscript slmgr.vbs /dli
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.


Name: Windows Server(R), ServerEnterprise edition
Description: Windows Operating System - Windows Server(R), VOLUME_KMS_R2_C channel
Partial Product Key: <removed>
License Status: Licensed

Key Management Service is enabled on this machine
    Current count: 50
    Listening on Port: 1688
    DNS publishing enabled
    KMS priority: Normal

Key Management Service cumulative requests received from clients
    Total requests received: 3702
    Failed requests received: 271
    Requests with License Status Unlicensed: 0
    Requests with License Status Licensed: 2558
    Requests with License Status Initial grace period: 826
    Requests with License Status License expired or Hardware out of tolerance: 12
    Requests with License Status Non-genuine grace period: 0
    Requests with License Status Notification: 35

Open in new window

0
 
LVL 5

Author Comment

by:usslindstrom
ID: 36577516
Thank you VERY much for the clarification!  If you wouldn't mind me picking your brain for one more second, I would be very grateful.

So, here's my strategic layout on moving forward in my organization:

I'm planning on converting the local DC in each of the sites to a KMS server.  This will update DNS, and I'll have individual SRV records pointing to all the DCs.  Clients will then use these as they see fit to activate themselves once they come online - and within 180 days each.

Would you happen to know if there's a way to make the DNS a bit more deterministic?  Meaning, force everything to check in locally vice the round-robin availability model?  *I'm thinking local DNS weights.  Not that activation is rough on bandwidth or anything, but it'd be nice to keep everything as logical as possible, where were not troubleshooting why one server has a billion activations, while another only has a few, etc.
0
 
LVL 5

Author Closing Comment

by:usslindstrom
ID: 36907946
Thank you very much for providing the information.  It's much appreciated!
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36910034
I'm so sorry, but I didn't see your strategic layout query.  Thank you for the points, but I will however try to answer your enquiry.

I would advise against too many KMS servers - only because you have a limited amount of KMS Activations you can do.  I think it's 5.  When you reach this number of activations, you can no longer activate KMS servers, and naturally, this will be a bit of a setback for you.

My suggestion is to have just two primary KMS servers, sitting on Forest Root Domain Controllers, and allowing them to advertise in DNS.  A Round robin will automatically be created because there will be two SRV records for the same _VLMCS service.

If you have subdomains or even trusted domains, you will need to create SRV records for _VLMCS, and just create two for your two primary KMS Servers.

KMS Activation is so light, there's really no need to try to place some in geographical locations.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 36922532
Thank you very much for the continued information here.  I really do appreciate it.

Two more questions, if you're still monitoring this thread:

Activating office products will be handled automatically by the KMS?

-And what does one of the SRV records look like in DNS, if you don't mind me asking - so I'd be able to verify everything is working correctly.  - Or need to add/edit them manually in the future.
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36926224
:)

Office KMS Activation can be done, however you have to install a special version of the KMS server on top of your existing KMS Server.  You can download the Microsoft Office 2010 KMS Host License Pack from here http://www.microsoft.com/download/en/details.aspx?id=25095

Since I only have 1 KMS server, there is only 1 SRV record, and here is what it looks like:

The SRV record looks the same on all of my domains, naturally in the Forward Lookup Zone of the applicable domain.

 VLMCS SRV Record

VLMCS SRV Record Another Domain
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 36928709
Thank you so much for the additional information!

You have been most helpful.  I really do appreciate everything you've assisted me with.
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36933993
Please feel free to read some of my articles - if you find them helpful, please mark them as helpful :)

Testing Network Performance - http://www.experts-exchange.com/A_8010.html
Guide: Creating a Hyper-V Cluster - http://www.experts-exchange.com/A_7910.html
Make your FTP Server support Active and Passive - http://www.experts-exchange.com/A_7833.html
Hyper-V & Licensing - The Good News http://www.experts-exchange.com/A_7831.html

The last one might be of particular interest to you.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question