Solved

Windows 2003 KMS server migrate or decommission

Posted on 2015-02-12
20
293 Views
Last Modified: 2015-02-18
I have a windows 2003 server hosting a KMS role which I am trying to decommission. When I open the VAMT console I see nothing in it. However, in event viewer I see kms request (event id 12290) been sent from clients. Also, when I run a slmgr.vbs /dlv I see a few items here.

I am confused as to what is this server actually doing and whether or not to decommission it. I was just about to do so but decided to look in event viewer (inside the kms store) and saw plenty of requests.

I checked one of the clients and see there is event id 12288 & 12289 which are the request and responses to the kms. How can this be if there seems to be nothing set up on the KMS host/server ?

I do have a 2008 KMS server in a different domain (2 way trust) however, I am not even sure what I would have to migrate to this server if I cannot decommission the 2K3

2K3 Server
VAMT
server dlv
server event id 12290 request from client
KMS Client

client dlv output
kms client response
--

thx

t
0
Comment
Question by:tobe1424
  • 10
  • 7
  • 3
20 Comments
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 125 total points
ID: 40606207
Based on the first screenshot, you have not run a query against your machines using VAMT. All those zeroes don't mean you have no machines using KMS. They mean you haven't queried the machines to find out how they are licensed or their licensing state. Chances are very likely that your KMS server is actively in use and decommissioning it can have very bad consequences.
0
 

Author Comment

by:tobe1424
ID: 40606279
Thanks for the feedback Cliff.

How would I go about querying the machines?

I still am wondering how this all has been working if not much has been configured on the KMS server itself. Or at least I assume.

I can provide more details as we go. But they just dropped this server in my lap and I am doing some investigating.

thx in advance.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40606294
That "add computers" screen is a good start. Start adding computers you want to query.
0
 

Author Comment

by:tobe1424
ID: 40606369
i see..

so how were the KMS clients ever configured? part of an image deployment?
0
 

Author Comment

by:tobe1424
ID: 40606372
not expecting you do know this..but I am thinking out loud =)
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40606378
VL client media is configured to activate against a KMS server out of the box. No client configuration  required.
0
 
LVL 22

Assisted Solution

by:Adam Leinss
Adam Leinss earned 375 total points
ID: 40606414
Look for a _VLMCS DNS record using the DNS server manager.  Someone in your environment activated the KMS server and published the _VLMCS record.  I've moved KMS services before...you just need to activate another server as the KMS and publish the new DNS record.  It should automatically do this during the activation process.
0
 

Author Comment

by:tobe1424
ID: 40607993
So its a matter of removing the KMS role from the 2003 server in domain A ...configuring the role on the 2008 server in domain B - which basically involves running some scripts from what I have seen on the web..

.. then the clients will automatically register with the new KMS server?

That sounds straight forward. But my concern is the cross domain part. Yet, there is a two way trust.

One thing to mention is that I already a few clients KMS request from the domain b. I am not sure how this was setup.

Furthermore, I also see there is already a 2008 KMS server in this domain b

Now i am curious to know how is it that the clients from domain b sent KMS request to the 2003 server in domain A
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 40608014
KMS works on port 1688 and does not rely on domain membership to work.  You could open it up to the Internet and start activating random clients on Internet: it does not care.  Several companies already have gotten in trouble for that, so don't do that :)
0
 

Author Comment

by:tobe1424
ID: 40608285
aha..

So if i bring the 2003 KMS server, those clients will automatically switch over to the 2008 KMS server ? That simple?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 22

Expert Comment

by:Adam Leinss
ID: 40608511
If you mean take the 2003 server and put it into domain b, yes that will work.  However, 2003 is going end of life soon so you will probably want to move it to another server anyways.
0
 

Author Comment

by:tobe1424
ID: 40608667
That is the exactly why we are migrating the KMS server. I want to migrate this onto a 2008 server on domain b

I know how to configure the KMS server from scratch. However, I am not sure how to migrate the KMS host/clients to the newly founded 2008 KMS server and not "break" anything
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 40608726
If you publish the DNS records for the new KMS server, they will find it.  You have about 180 days of a grace period from the last activation to erect a working KMS.  Just make sure the DNS records are correct and then block 1688 on the old server and see if you get activations on the new server.  Depending on the key you may have to wait until 25 clients check in before you start seeing success.
0
 

Author Comment

by:tobe1424
ID: 40608840
I see what you mean with respect to the DNS records. I have both records in my DNS server. One for the 2003 server and the other for 2008.

the 2003 server and 2008 are in different domains. However, there is an A record of the 2008 server in domain B with the FQDN showing up as domain A

So would this be as simple as decommissioning the 2003 domain A server ? Or turning it off and invoking a KMS client to successfully activate on the 2008 KMS in DOMAIN B
0
 
LVL 22

Accepted Solution

by:
Adam Leinss earned 375 total points
ID: 40608855
0
 

Author Comment

by:tobe1424
ID: 40612312
thanks for the input. I think there is enough info there to help me out.

I found the SRV record that needs to be changed for clients to point to the new KMS.

However, the KMS server already exists in my other domain. Can I simply add the keys from my old KMS server?
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 40612332
That should work.  I forget the number of times you can activate a KMS key.  I want to say it's at least 5 per key.
0
 

Author Comment

by:tobe1424
ID: 40612648
i see.

I will assume the KMS keys have only been activate once on the server.

so i hope this won't be an issue.

thanks adam you have been very responsive.
0
 

Author Comment

by:tobe1424
ID: 40612662
Can i simply remove the current KMS from the network? I assume i don't actually have to uninstall the keys, disable dns publushing, clear the product key from registry.


Can i simply shut off this server and install the keys on the new/current KMS server?
0
 
LVL 22

Assisted Solution

by:Adam Leinss
Adam Leinss earned 375 total points
ID: 40613034
Uncharted territory for me.  I've done the steps in the blog, but never just shutting off the old KMS server since it is still running in our environment hosting other services.   I guess the answer would be yes, you can, but if it ever comes back online I'm not sure what kind of results you are going to get.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strangeā€¦
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now