Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Key Management Server (Win2k8) Basic Questions

Posted on 2011-09-20
Medium Priority
Last Modified: 2012-05-12

I've been given the task of seeing if we can convert our multiple activation keys into KMS.

I'm completely new to KMS, so please bear with me on my basic questions.

Here's what I know:

You obtain a KMS key from MS and enter that into the system, where it will then activate with MS and become a KMS server.  At this point, it submits some SRV records to DNS so that other systems can locate the server and send their activations to it.  The server won't actually start providing any activations until a minimum of 5 client machines have contacted it for activation.  Fairly simple ordeal.

I've been reading the information located here:

And have watched the video located here:

And read the quick instructions here:

My questions about this setup, if anybody has had the bennefit of using KMS:
1.  Minimum number of clients is 5.  What's the Maximum number of clients a KMS can support?
2.  In the video, it was mentioned about half way through that this is not supported on Win2k8 DataCenter editions.  I wasn't able to find in any of the articles on which clients are supported.  Would anybody have a reference on this?
3.  Is only one KMS server per domain allowed?  With the updates to DNS, I would imagine this is the case - but in our organization, we have a flat DNS FLZ and about 45 sites.  It would be in our best interest to be able to implement one of these servers at each site, and have the local clients activate within their area.
4.  Any other pertinant references / information that you guys can provide.

Anything you can throw my way is way more than appreciated.

Question by:usslindstrom
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4

Accepted Solution

Lester_Clayton earned 2000 total points
ID: 36572445
The answer to your questions are as follows:

1) - There is no official maximum number.  KMS has no database of clients it's previously activated, just an activation count, and there is no limit to this count.  Your Key does not have a restricted value on it.  Be aware through that your KMS server re-activates itself with Microsoft so if you have 10,000 activations and you are licensed for 20, they may ask some questions.

2)  Win 2008 R2 Datacenter is supported, as long as you have a KMS C key (which I have :D).  I currently have 4 datacenter servers activated through our KMS Server.

3) No.  You can have multiple KMS Servers.  You have a limited amount of times you can activate a KMS Server - I think it's 5.  So for example, in a domain where you have two domain controllers, you can make them both KMS Servers.  They will operate independantly from each other, so that means that you need 5 activations each server.  The workstations will use Round-Robin to determine which one to activate with.

4) As follows:

You will be pleased to know that KMS is not domain based.  We have 1 "master" KMS Server, and we have 13 domains - each domain has a SRV record in the appropriate location which points to this single KMS Server which activates.  You do not even need Trusts between domains.
Anything you activate through KMS has to be re-activated every 6 months.
Only Windows 7 Enterprise, Windows 7 Professional Volume Edition, Windows Server Web, Standard, Enterprise, Datacenter Volume Editions can be activated through KMS

This is what my current KMS activations looks like
C:\Windows\System32>cscript slmgr.vbs /dli
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

Name: Windows Server(R), ServerEnterprise edition
Description: Windows Operating System - Windows Server(R), VOLUME_KMS_R2_C channel
Partial Product Key: <removed>
License Status: Licensed

Key Management Service is enabled on this machine
    Current count: 50
    Listening on Port: 1688
    DNS publishing enabled
    KMS priority: Normal

Key Management Service cumulative requests received from clients
    Total requests received: 3702
    Failed requests received: 271
    Requests with License Status Unlicensed: 0
    Requests with License Status Licensed: 2558
    Requests with License Status Initial grace period: 826
    Requests with License Status License expired or Hardware out of tolerance: 12
    Requests with License Status Non-genuine grace period: 0
    Requests with License Status Notification: 35

Open in new window


Author Comment

ID: 36577516
Thank you VERY much for the clarification!  If you wouldn't mind me picking your brain for one more second, I would be very grateful.

So, here's my strategic layout on moving forward in my organization:

I'm planning on converting the local DC in each of the sites to a KMS server.  This will update DNS, and I'll have individual SRV records pointing to all the DCs.  Clients will then use these as they see fit to activate themselves once they come online - and within 180 days each.

Would you happen to know if there's a way to make the DNS a bit more deterministic?  Meaning, force everything to check in locally vice the round-robin availability model?  *I'm thinking local DNS weights.  Not that activation is rough on bandwidth or anything, but it'd be nice to keep everything as logical as possible, where were not troubleshooting why one server has a billion activations, while another only has a few, etc.

Author Closing Comment

ID: 36907946
Thank you very much for providing the information.  It's much appreciated!
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.


Expert Comment

ID: 36910034
I'm so sorry, but I didn't see your strategic layout query.  Thank you for the points, but I will however try to answer your enquiry.

I would advise against too many KMS servers - only because you have a limited amount of KMS Activations you can do.  I think it's 5.  When you reach this number of activations, you can no longer activate KMS servers, and naturally, this will be a bit of a setback for you.

My suggestion is to have just two primary KMS servers, sitting on Forest Root Domain Controllers, and allowing them to advertise in DNS.  A Round robin will automatically be created because there will be two SRV records for the same _VLMCS service.

If you have subdomains or even trusted domains, you will need to create SRV records for _VLMCS, and just create two for your two primary KMS Servers.

KMS Activation is so light, there's really no need to try to place some in geographical locations.

Author Comment

ID: 36922532
Thank you very much for the continued information here.  I really do appreciate it.

Two more questions, if you're still monitoring this thread:

Activating office products will be handled automatically by the KMS?

-And what does one of the SRV records look like in DNS, if you don't mind me asking - so I'd be able to verify everything is working correctly.  - Or need to add/edit them manually in the future.

Expert Comment

ID: 36926224

Office KMS Activation can be done, however you have to install a special version of the KMS server on top of your existing KMS Server.  You can download the Microsoft Office 2010 KMS Host License Pack from here

Since I only have 1 KMS server, there is only 1 SRV record, and here is what it looks like:

The SRV record looks the same on all of my domains, naturally in the Forward Lookup Zone of the applicable domain.


VLMCS SRV Record Another Domain

Author Comment

ID: 36928709
Thank you so much for the additional information!

You have been most helpful.  I really do appreciate everything you've assisted me with.

Expert Comment

ID: 36933993
Please feel free to read some of my articles - if you find them helpful, please mark them as helpful :)

Testing Network Performance -
Guide: Creating a Hyper-V Cluster -
Make your FTP Server support Active and Passive -
Hyper-V & Licensing - The Good News

The last one might be of particular interest to you.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question