Getting Started with KMS (Key Management Service)

Introduction

KMS (Key Management Service) is an activation service that allows organizations to manage the activation of their Windows systems and Office by eliminating the need for individual computers to connect to Microsoft for product activation. This service makes activation easier to manage and control for mid-size and large-size companies.

Requirements

To use KMS within an organization, you need to have:

• At least one KMS server: Starting from Windows Server 2008, it is no longer required to install KMS service. Only the activation is required
• A KMS activation key: Contact your Microsoft Licenses vendor for more details about how you can get it
• The minimum number of either physical or virtual computers in a network environment (Activation Thresholds): https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=157#171

By meeting these requirements, you would be able to setup your KMS infrastructure and continue to the next sections.

How to enable a KMS server

Enabling a KMS server is very easy to do. Starting from Windows Server 2008, all you need to do is to activate the KMS service on the Windows Server using your KMS activation key. It is not required to have a dedicated KMS server as it can be a Windows Server that is running other services.

To activate your KMS server, you need to proceed like the following:

• Using CMD, run the command slmgr.vbs /ipk <KMS_Server_Key> command (Where <KMS_Server_Key> is your KMS activation Key

• Run slui.exe command

• Click on Activate Windows online now

• Make sure that the activation was done successfully and then click on Close

By finishing these steps, your KMS server becomes ready to manage your KMS clients – Of course, that supposes that the Activation Threshold is already met.

How to configure KMS clients

By default, Windows Vista and higher are KMS clients. This means that they will attempt to do a KMS activation unless if a MAK license has been assigned.

KMS clients can locate KMS servers using two possible ways:

1. By using the auto-discovery feature: KMS clients rely on DNS resolution to locate KMS servers
2. By hardcoding the KMS Server Name in the client registry entries (KeyManagementServiceName and KeyManagementServicePort keys under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform)

The first method is the most commonly used and is usually the most recommended one. However, it might be advantageous for some organizations to use the second method as it allows a better control of the load balancing of traffic to KMS servers.

Tip: By using a server alias as the hardcoded server name, you would be able to easily switch from a KMS server to another while doing migrations.

It also possible to revert back the hardcoding by running slmgr.vbs /ckms in CMD.

Many companies switch to using KMS clients after having MAK activated ones. The switch process require converting the MAK clients to KMS ones.
This could be easily done by referring to the following:

• Using CMD, run slmgr.vbs /ipk <KMS_Client_Key> (Where <KMS_Client_Key> key is the KMS Client Setup Key: http://technet.microsoft.com/en-us/library/ff793409.aspx#E4IAC)

• Click on OK

• Run cscript c:\windows\system32\slmgr.vbs /ato command

KMS and the auto-discovery process

KMS clients can use an auto-discovery process to locate KMS servers. In fact, KMS clients do a DNS query for **_vlmcs._tcp.domain.com **SRV record and will then attempt an activation against the KMS server(s) received in the results.

The registration of the DNS SRV record could be automatically done by the KMS server(s) if your DNS zones allow dynamic registration. If not, you can simply create the record(s) manually. To check your KMS server(s) DNS registration, you can simply use nslookup tool:

How to check the activation status for Windows and Office

You can check the activation status of Windows by running slmgr/xpr command in CMD:

You can do the same for Office but with running cscript ospp.vbs /dstatus from Office installation folder

As shared in the last two screen captures, the allocated licenses via a KMS server are temporary ones. In fact, an activation is valid for 180 days and is not permanent (Unlike MAK activations which are permanent).

Conclusion

This Wiki article shared the basics behind the management of Windows and Office activations using KMS. It shared the easy configuration steps that administrators within organizations can follow to implement a new KMS infrastructure. KMS remains a powerful and easy way to manage activations and this is what the Wiki focused on demonstrating.