How to Implement KMS (Key Management Services)

What is KMS and why should I use it?

KMS is Microsoft’s enterprise installation key management mechanism for Vista and Windows 2008.

 You all know the VLK (Volume License Key) from previous versions of windows. Microsoft decided that no activation at all is not good for her and so KMS was born.

KMS is a central location where all the clients ask for an activation key.

Microsoft did not want small organizations using it’s KMS services (I’m not sure why…), its policy limits the use of KMS services to Organizations with over 25 Vista or Win2008 installed on the network.   Till then the KMS will return an error that there are insufficient workstation on the network.

In the event of less then 25 Vista or Win2008 installed on network, use VMAT to manage your clients. (Link for the download at the end…)

How does it work?

 During installation   of Vista or Windows 2008 you will no be prompted for a key., that is due to a built-in key that forces the OS to search for the KMS server first and if it is not found, ask for a new key.

In the KMS mode, the client query the DNS for a SRV record named VLMCS and once it has the KMS server name it tries to connect via RPC over TCP (port 1688).

How do I activate it?

All of the work is done from one script located in system32 directory named “slmgr.vbs”.

 Server Side:

Step 1, add a key

Run the following command while replacing the KmsKey with the key you got from MS license site:

Cscript slmgr.vbs /ipk

Step 2, activate

Run the following command:

Cscript slmgr.vbs /ato

Step 3, Verify that it worked

The following DNS record should appear in you DNS server:

Service: _VLMCS

Protocol: _TCP

Port number: 1688

Run the following command, Nslookup _vlmcs._tcp.

If the KMS server name returns then it has been applied properly. (replace with your FQDN)

Client Side:

Although you do not need to do anything when installing a new OS, here are some helpful commands:

slmgr.vbs /ckms (will set the client to look in DNS)

slmgr.vbs /ato (manual activation of the client)

How to Change from MAK (A local key) to KMS:

Just run the following command when replacing the KmsSetupKey with a corresponding key from the list below.

Cscript slmgr.vbs /ipk

Cscript slmgr.vbs /ato

A list of KMS Client Setup Keys

How can I  verify its working?

Use the /dli and /dlv on the KMS server to see the status of the service.

Cscript slmgr.vbs /dli

Cscript slmgr.vbs /dlv

You can also use it remotely :

Cscript slmgr.vbs <RemoteServer> /parameters

Example:

Cscript slmgr.vbs kmssrv /dlv | find /I “Current count”

This will show you the amount of clients registered with the KMS.

References:

Planning Guide - http://technet.microsoft.com/he-il/library/cc303276(en-us).aspx

Deployment Guide - http://technet.microsoft.com/en-us/library/cc303280.aspx

Error Code Explained: http://technet.microsoft.com/en-us/library/cc303695.aspx#_Appendix_2:_Troubleshooting

Downloads:

Windows 2003 KMS - http://www.microsoft.com/downloads/details.aspx?FamilyId=81D1CB89-13BD-4250-B624-2F8C57A1AE7B&displaylang=en

VMAT (MAK management) - http://www.microsoft.com/downloads/details.aspx?familyid=12044DD8-1B2C-4DA4-A530-80F26F0F9A99&displaylang=en

Operation Manager 2007 Management Pack  - http://www.microsoft.com/downloads/details.aspx?FamilyId=A330D876-C965-4433-AFDF-7C61A9126FB3&displaylang=en&displaylang=en