Table of Contents
Own KMS server allows you to significantly simplify the process of activating Microsoft products on the corporate network and in contrast to a usual the activation process doesn’t require granting each computer an access to the Internet to Microsoft activation servers. KMS infrastructure is rather simple, reliable and easily scalable (a single KMS server can serve thousands of clients).
In this article, we describe how to install and activate the KMS server on Windows Server on the local corporate network.
Install and Configure the Volume Activation Services Role
KMS requires installation and configuration of a separate server role – Volume Activation Services. You can install this role using the Server Manager console or PowerShell:
Install-WindowsFeature -Name VolumeActivation -IncludeAllSubFeature -IncludeManagementToolsPS:\> Install-WindowsFeature -Name VolumeActivation -IncludeAllSubFeature -IncludeManagementTools
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {Volume Activation Services}If you are going to install a role through the graphical interface of the Server Manager console, run the Add Roles and Features Wizard, and in the Server Roles selection step, select Volume Activation Services.
After the installation is complete, start Volume Activation Tools console. The activation service installation wizard will start. Specify that you are going to install Key Management Service (KMS) server.
Next you need to obtain your corporate KMS key (KMS host key – this is the KMS server activation key). Usually, when you bought license from Microsoft, you can request them to get the KMS host key then insert the key into the KMS server.
If the system accepts the key, you will immediately be prompted to activate it. Based on the entered key, the system will determine the product to which it applies, and will offer two options for activation (by phone or Internet). In the second case, you will have to give the server temporary access to the Internet (only for the activation time).
After the key is activated, you have to configure Key Management Service options: activation and renewal intervals (by default, the clients will renew the activation every 7 days), port (by default, KMS listens on port 1688) and Windows Firewall exceptions. To automatically create a DNS record necessary to automatically search a KMS server in the domain (SRV record _vlmcs._tcp), check the option DNS Records – Publish.
If the KMS server is designed to serve clients from different domains, you can publish DNS records in other DNS zones. Specify the zone names in the Publish to Custom DNS zones list.
If you have Windows Firewall enabled, make sure that the rule that allows incoming connections to port 1688 is active. If there is no active rule, enable it via PowerShell:
Get-NetFirewallRule -DisplayName *key*
Enable-NetFirewallRule -Name SPPSVC-In-TCPPS C:\> Get-NetFirewallRule -DisplayName *key*
Name : SPPSVC-In-TCP
DisplayName : Key Management Service (TCP-In)
Description : Inbound rule for the KMS to allow for machine counting and
Enabled : False
Direction : Inbound
Action : Allow
...
PS C:\> Enable-NetFirewallRule -Name SPPSVC-In-TCP
PS C:\> Get-NetFirewallRule -DisplayName *key*
Name : SPPSVC-In-TCP
DisplayName : Key Management Service (TCP-In)
DisplayGroup : Key Management Service
Enabled : True
Profile : Any
Platform : {}
Direction : Inbound
Action : Allow
...Using KMS for Activation of Volume-Licensed Systems
Now the configuration is over. Verify that a special DNS record pointing to your KMS server was created:
PS C:\> nslookup -type=srv _vlmcs._tcp.bg.local
Server: UnKnown
Address: 10.10.5.1
_vlmcs._tcp.bg.local SRV service location:
priority = 0
weight = 0
port = 1688
svr hostname = kms1.bg.local
kms1.bg.local internet address = 10.10.230.26Then get the information about the KMS server current status using the following command:
cscript slmgr.vbs /dlvC:\Windows\System32>cscript slmgr.vbs /dlv
Software licensing service version: 10.0.17763.2145
Name: Windows(R), ServerStandard edition
Description: Windows(R) Operating System, VOLUME_KMS_WS22 channel
Activation ID: 661f7658-7035-4b4c-xxxx-010682943ec2
Application ID: 55c92734-d682-xxxx-xxxx-d6ec3f16059f
Extended PID: 03612-04573-xxx-xxxxxx-03-1033-17763.0000-3052022
Product Key Channel: Volume:CSVLK
Installation ID: 4272080136512045911805517055xxxxxxxxxxxxx
Use License URL: https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx
Validation URL: https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx
Partial Product Key: XBXCH
License Status: Licensed
Remaining Windows rearm count: 1001
Remaining SKU rearm count: 1001
Trusted time: 11/1/2022 9:20:08 PM
Key Management Service is enabled on this machine
Current count: 0
Listening on Port: 1688
DNS publishing enabled
KMS priority: Normal
Key Management Service cumulative requests received from clients
Total requests received: 0
Failed requests received: 0
Requests with License Status Unlicensed: 0
Requests with License Status Licensed: 0
Requests with License Status Initial grace period: 0
Requests with License Status License expired or Hardware out of tolerance: 0
Requests with License Status Non-genuine grace period: 0
Requests with License Status Notification: 0Pay attention to the following fields:
- Partial Product Key – the last 5 symbols of the KMS key are shown.
- License status – license activation status (it should be Licensed).
- Total requests received – the number of activation requests (0 yet).
Remember that a KMS server has so called activation threshold counter. It means that an activated KMS server starts to activate clients only when the number of clients that addressed it in the last 30 days exceeds the pre-defined thresholds:
- The activation threshold for client operating systems: Vista / Windows 7 / Windows 8 / Windows 10 is 25 clients.
- In case of server operating systems: Windows Server 2008/ 2008 R2 / 2012 / 2012 R2 / 2016 it is 5 clients.
- It is necessary that at least 5 clients with Microsoft Office access to the server for obtaining a license (activation threshold).
Key Management Service is enabled on this machine
Current count: 1
Listening on Port: 1688
DNS publishing enabled
KMS priority: Normal
Key Management Service cumulative requests received from clients
Total requests received: 1
Failed requests received: 0
Requests with License Status Unlicensed: 0
Requests with License Status Licensed: 1
Requests with License Status Initial grace period: 0
Requests with License Status License expired or Hardware out of tolerance: 0
Requests with License Status Non-genuine grace period: 0
Requests with License Status Notification: 0Key Management Service is enabled on this machine
Current count: 50
Listening on Port: 1688
DNS publishing enabled
KMS priority: Normal
Key Management Service cumulative requests received from clients
Total requests received: 194
Failed requests received: 9
Requests with License Status Unlicensed: 0
Requests with License Status Licensed: 35
Requests with License Status Initial grace period: 149
Requests with License Status License expired or Hardware out of tolerance: 0
Requests with License Status Non-genuine grace period: 0
Requests with License Status Notification: 1Now the KMS server can activate clients. To successfully activate your systems on the KMS server, you need to perform a number of actions on the client side:
1. Specify the public KMS GVLK key from the corresponding edition of Windows on the client.
slmgr /ipk xxxxx-xxxxx-xxxxx-xxxxx–xxxxx2. If your KMS server is not published in DNS, specify it address manually:
slmgr /skms kms1.bonguides.com:16883. Activate the OS with the command:
slmgr /atoFor example, activate a Windows 10 Pro client using the KMS server:
slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
slmgr /skms kms1.bonguides.com:1688
slmgr /atoC:\Windows\system32>cscript.exe slmgr.vbs /ato
Activating Windows(R), Professional edition (2de67392-b7a7-462a-b1ca-108dd189f588) ...
Product activated successfully.
C:\Windows\system32>cscript.exe slmgr.vbs /dlv
Software licensing service version: 10.0.19041.2130
Name: Windows(R), Professional edition
Description: Windows(R) Operating System, VOLUME_KMSCLIENT channel
Activation ID: 2de67392-b7a7-462a-xxxx-108dd189f588
Application ID: 55c92734-d682-4d71-xxxx-d6ec3f16059f
Extended PID: 03612-03311-000-000001-03-xxxx-19044.0000-3052022
Product Key Channel: Volume:GVLK
Installation ID: 416969575808225819722300283098855114995930900229506284237383841
Partial Product Key: T83GX
License Status: Licensed
Volume activation expiration: 259200 minute(s) (180 day(s))
Remaining Windows rearm count: 1001
Remaining SKU rearm count: 1001
Trusted time: 11/1/2022 10:10:52 PM
Configured Activation Type: All
Most recent activation information:
Key Management Service client information
Client Machine ID (CMID): aa750de7-xxxx-4b2d-92e3-abc39887e303
Registered KMS machine name: kms1.bonguides.com:1688
KMS machine IP address: 10.10.230.26
KMS machine extended PID: 03612-04573-000-052426-03-xxxx-17763.0000-3052022
Activation interval: 120 minutes
Renewal interval: 10080 minutes
KMS host caching is enabledTo activate Microsoft Office on clients, let’s using GVLKs for Office.
cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx–xxxxx
cscript ospp.vbs /sethst:kms1.bonguides.com:1688
cscript ospp.vbs /actThe KMS server that is activated with the KMS host key for Windows Server 2019 supports the activation of all Windows operating systems up to Windows 11 / Windows Server 2022.
- Public KMS keys (GVLK – Generic Volume License Key) for all Windows editions.
- Public KMS keys GVLK for Microsoft Office.
