Windows Activation: The KMS

Windows Activation: The KMS

A Key Management Server system is any system in your environment that you installed using a KMS key. That’s right, any system, Vista included. I have been to customers large and small who had five, ten, and more KMSs running their environment. Yikes. As I stated in part one (Windows Activation: The Basics), don’t use a KMS key unless you know what you’re doing.

KMSs respond to requests by Windows Vista and 2008 systems for activation (Windows 7 in the near future also). Unlike previous versions of Windows, all Vista and 2008 systems must be activated. Volume licensed systems have the option to be activated by an in-house KMS. These volume licensed systems locate a KMS using DNS and SRV records as described in part one of this post.

Each KMS maintains an internal counter of how many clients it has activated. The value of this counter is returned to each client when it tries to activate against a KMS. Vista clients will only activate if this value is 25 or over. Server 2008 systems will only activate if this value is five or over. The KMS does not increment the counter over 50. KMSs do not coordinate with each other, they are stand-alone systems. Thus, it is important that you design your KMS activation scheme carefully. Having multiple KMSes in an environment could prevent systems from being properly activated.

Each client that attempts activation is assigned a unique value that is tracked by both the client and the KMS. Activated clients, by default, attempt to contact the KMS every seven days; if an activated client cannot contact the KMS within 180 days, it will deactivate. Similarly, the KMS server will remove the record of an activated system if it has not heard from that system within 180 days; this may drop the number of activated systems below the five or 25 threshold causing other systems to deactivate when they next contact the KMS because the minimum activation number has not been met.

When a system contacts a KMS for activation, it also passes its product key to the KMS. The KMS validates the product key before it generates a client ID and successfully adds the client to its list of systems. The product key passed must be a valid KMS client key. Don’t confuse KMS client keys with KMS keys. KMS client keys are the generic keys that I referred to in the first part of this post. These keys will not activate against the Redmond servers and are automatically installed on volume license products. KMS client keys are freely distributable and available from Microsoft in the Volume Activation 2.0 Deployment Guide: there is only one client KMS per product for use by everyone; i.e., each organization does not get their own KMS client keys. Thus, if you’ve installed any other key on a system that you want to activate against a KMS, you must first remove the other key and install a KMS client key.

There are also four different levels of KMS server keys: client, A, B, and C. Each level dictates which editions of Windows that the KMS can activate. There is no limitation on which edition can host a KMS regardless of which key group the key is from. You should install the KMS key for the highest level of product that you are licensed for. The key groups are detailed in the following table:

Volume Product Key Group KMS Key Type Windows Editions
Client VOLUME_KMSCLIENT Windows Vista Business

Windows Vista Enterprise

A VOLUME_KMS_A Windows Web Server 2008

Editions listed in the Client Key Group

B VOLUME_KMS_B Windows Server 2008 Standard

Windows Server 2008 Standard without Hyper-V

Windows Server 2008 Enterprise

Windows Server 2008 Enterprise without Hyper-V

Editions listed in the A Key Group

C VOLUME_KMS_C Windows Server 2008 Datacenter

Windows Server 2008 Datacenter without Hyper-V

Windows Server 2008 for Itanium-Based Systems

Editions listed in the B Key Group

KMS is a very low overhead service that is hosted by the Software Licensing service. The general recommendation is to use a core services system such as a domain controller to also be your KMS system. Because systems do not immediately deactivate if they cannot contact a KMS, high-availability and redundancy are almost non-existant concerns. In the event of a failure of the KMS system, simply set up a new one.

That’s it; it really is that simple. There are always more details, but that covers most of it.

Basic Windows Activation Workflow with a KMS

Basic Windows Activation Workflow with a KMS

Windows Activation: The Basics

Next Article

Windows Activation: The Basics

No Comments