Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 406
  • Last Modified:

Windows 2003 KMS server migrate or decommission

I have a windows 2003 server hosting a KMS role which I am trying to decommission. When I open the VAMT console I see nothing in it. However, in event viewer I see kms request (event id 12290) been sent from clients. Also, when I run a slmgr.vbs /dlv I see a few items here.

I am confused as to what is this server actually doing and whether or not to decommission it. I was just about to do so but decided to look in event viewer (inside the kms store) and saw plenty of requests.

I checked one of the clients and see there is event id 12288 & 12289 which are the request and responses to the kms. How can this be if there seems to be nothing set up on the KMS host/server ?

I do have a 2008 KMS server in a different domain (2 way trust) however, I am not even sure what I would have to migrate to this server if I cannot decommission the 2K3

2K3 Server
VAMT
server dlv
server event id 12290 request from client
KMS Client

client dlv output
kms client response
--

thx

t
0
tobe1424
Asked:
tobe1424
  • 10
  • 7
  • 3
4 Solutions
 
Cliff GaliherCommented:
Based on the first screenshot, you have not run a query against your machines using VAMT. All those zeroes don't mean you have no machines using KMS. They mean you haven't queried the machines to find out how they are licensed or their licensing state. Chances are very likely that your KMS server is actively in use and decommissioning it can have very bad consequences.
0
 
tobe1424Author Commented:
Thanks for the feedback Cliff.

How would I go about querying the machines?

I still am wondering how this all has been working if not much has been configured on the KMS server itself. Or at least I assume.

I can provide more details as we go. But they just dropped this server in my lap and I am doing some investigating.

thx in advance.
0
 
Cliff GaliherCommented:
That "add computers" screen is a good start. Start adding computers you want to query.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
tobe1424Author Commented:
i see..

so how were the KMS clients ever configured? part of an image deployment?
0
 
tobe1424Author Commented:
not expecting you do know this..but I am thinking out loud =)
0
 
Cliff GaliherCommented:
VL client media is configured to activate against a KMS server out of the box. No client configuration  required.
0
 
Adam LeinssCommented:
Look for a _VLMCS DNS record using the DNS server manager.  Someone in your environment activated the KMS server and published the _VLMCS record.  I've moved KMS services before...you just need to activate another server as the KMS and publish the new DNS record.  It should automatically do this during the activation process.
0
 
tobe1424Author Commented:
So its a matter of removing the KMS role from the 2003 server in domain A ...configuring the role on the 2008 server in domain B - which basically involves running some scripts from what I have seen on the web..

.. then the clients will automatically register with the new KMS server?

That sounds straight forward. But my concern is the cross domain part. Yet, there is a two way trust.

One thing to mention is that I already a few clients KMS request from the domain b. I am not sure how this was setup.

Furthermore, I also see there is already a 2008 KMS server in this domain b

Now i am curious to know how is it that the clients from domain b sent KMS request to the 2003 server in domain A
0
 
Adam LeinssCommented:
KMS works on port 1688 and does not rely on domain membership to work.  You could open it up to the Internet and start activating random clients on Internet: it does not care.  Several companies already have gotten in trouble for that, so don't do that :)
0
 
tobe1424Author Commented:
aha..

So if i bring the 2003 KMS server, those clients will automatically switch over to the 2008 KMS server ? That simple?
0
 
Adam LeinssCommented:
If you mean take the 2003 server and put it into domain b, yes that will work.  However, 2003 is going end of life soon so you will probably want to move it to another server anyways.
0
 
tobe1424Author Commented:
That is the exactly why we are migrating the KMS server. I want to migrate this onto a 2008 server on domain b

I know how to configure the KMS server from scratch. However, I am not sure how to migrate the KMS host/clients to the newly founded 2008 KMS server and not "break" anything
0
 
Adam LeinssCommented:
If you publish the DNS records for the new KMS server, they will find it.  You have about 180 days of a grace period from the last activation to erect a working KMS.  Just make sure the DNS records are correct and then block 1688 on the old server and see if you get activations on the new server.  Depending on the key you may have to wait until 25 clients check in before you start seeing success.
0
 
tobe1424Author Commented:
I see what you mean with respect to the DNS records. I have both records in my DNS server. One for the 2003 server and the other for 2008.

the 2003 server and 2008 are in different domains. However, there is an A record of the 2008 server in domain B with the FQDN showing up as domain A

So would this be as simple as decommissioning the 2003 domain A server ? Or turning it off and invoking a KMS client to successfully activate on the 2008 KMS in DOMAIN B
0
 
Adam LeinssCommented:
0
 
tobe1424Author Commented:
thanks for the input. I think there is enough info there to help me out.

I found the SRV record that needs to be changed for clients to point to the new KMS.

However, the KMS server already exists in my other domain. Can I simply add the keys from my old KMS server?
0
 
Adam LeinssCommented:
That should work.  I forget the number of times you can activate a KMS key.  I want to say it's at least 5 per key.
0
 
tobe1424Author Commented:
i see.

I will assume the KMS keys have only been activate once on the server.

so i hope this won't be an issue.

thanks adam you have been very responsive.
0
 
tobe1424Author Commented:
Can i simply remove the current KMS from the network? I assume i don't actually have to uninstall the keys, disable dns publushing, clear the product key from registry.


Can i simply shut off this server and install the keys on the new/current KMS server?
0
 
Adam LeinssCommented:
Uncharted territory for me.  I've done the steps in the blog, but never just shutting off the old KMS server since it is still running in our environment hosting other services.   I guess the answer would be yes, you can, but if it ever comes back online I'm not sure what kind of results you are going to get.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 10
  • 7
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now