AWS and Windows Activation

Quick one today where I was on a client server hosted in AWS that wasn’t activated and trying to activate it via Settings App throws and error. Like most large scale cloud vendors (except Azure), AWS use KMS to activate their windows machines, however sometimes the servers need some help to reach the internal KMS servers at Amazon – especially so when using your own DNS servers.

Open an administrative PowerShell console and enter the following commands

Import-Module "C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Module\\Ec2Launch.psd1"
Add-Routes
Set-ActivationSettings

Then perform an activate online command as per a normal KMS activation (or you can wait…)

slmgr /ato

And that should get it activated and the watermark removed.

Activating Windows 8.1 clients on a KMS Host running Windows Server 2008 R2

I was recently helping out a friend who had a KMS server activating their Windows 7 machines but when they started moving their fleet to Windows 8.1 they saw they couldn’t install the KMS Host product key for Windows 8.1 recieving the following error:

0xc004f015: The Software Licensing Service reported that the license is not installed. 
SL_E_PRODUCT_SKU_NOT_INSTALLED

To allow Server 2008 R2 to activate newer versions of windows you need to install KB 2885698. The update adds support for Windows 8.1 and Windows Server 2012 R2 clients to Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 KMS hosts (see Windows Server 2012 R2 & Windows 8.1 KMS Service Activation).

Once you install the update you will need to restart the server (so do it out of hours if it’s on a DC or something critical). Once you’re back up and running, you simply need to issue the install product key command with your new KMS Host key.

slmgr.vbs /ipk YOUR-PROD-UCTK-EYHE-RE33

And your clients will begin activating once you hit the 25 client minimum. The key will continue to activate lower versions of Windows and if you install a Server key, it will do both Server and Client editions.

Upgrading your current KMS Server (Server 2008 R2) to support Windows 8 and Server 2012 activation

If you’re in an enterprise environment, chances are that you have a KMS server running (usually either Windows 7 or Server 2008 R2).  So now that Windows 8 and Server 2012 has hit VLSC for SA customers you’ll most likely want to begin testing and performing pilot deployments but we need to get our Key Management Server to accept these new clients.  If you have tried to activate your KMS keys with existing KMS hosts you will receive the following error message:

Error: 0xC004F050 The Software Licensing Service reported that the product 
key is invalid.

Thankfully for us, Microsoft has released an update that will upgrade Windows 7 or Server 2008 R2 KMS Hosts to support Windows 8 and Windows Server 2012, you can view the KB article by clicking here (KB2691586).  You will need to request the hotfix from the KB.  Once downloaded, open up an elevated command prompt and execute the update (which acts as a windows update package).  When it finishes installing you will need to restart your server.

Now that our server is back up, we need to replace the KMS Host key with one for 2012 or Windows 8.  Open an elevated command prompt and enter slmgr.vbs /upk which will show us Uninstalled product key successfully when complete.  Now we install our new key with slmgr.vbs /ipk product-key-here

You should now be presented with a product activated successfully window.  You can also run
slmgr.vbs /dlv and under description you should see VOLUME_KMS_2012.  Now you can start to activate your new Windows 8 and Server 2012 clients.

Office 2010 and Windows Sysprep Adventures

For our new roll out next year, we are deploying Microsoft Office 2010 and using KMS as our licensing method. Througthe use of sysprep’s generalize command, Windows will flush its Activation Status and associated hardware ID as well as rearming the activation state to its fresh install state (grace period).

With the introduction of Office 2010 brings improved piracy protection.  On our test deployment we found that our KMS Client count for Office 2010 wasn’t increasing and therefore wouldn’t reach the required count of 5 for activation, what was going on!  After a little bit of digging and the use of the Office 2010 Software Protection VB Script (ospp.vbs under the Office14 folder) we were able to see that the five of our test machines had the same CMID, therefore KMS thought that each was the same client. After a quick look through Technet we found out the issue.  When you run an Office Product it would automatically attempt to activate via KMS. Our Office installer also had its own activate upon installation command as well.

The fix for this issue and getting the count to increase (and finally activate) was to run a re-arm utility provided under program files (or program files x86, depending on your installed flavor):OSPP with DCMID

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\ospprearm.exe

Running the utility under an elevated command prompt will then show completed successfully. If you wish to double check you can then run ospp.vbs with the /dcmid switch and find that there is now no Client Machine ID.

Once this is compelte, run your sysprep as you would and you will find that for each client that you activate from now on for your KMS will increase your count.  You will also find that if you have some clients with the same ID then they will also all activate.

I plan on having some other articles covering articles regarding Windows 7 sysprep so stay tuned.

Check to see if your KMS can be contacted

Sometimes when deploying computers in our organisation, they don’t see our KMS server and automatically activate (even though they are told to do so via our unattend.xml). 9 times out of 10 it’s the client itself having issues just talking to your KMS server. To check and see if you can contact it, you can perform a DNS lookup for the KMS Host. Open a command prompt window and type in the following:

nslookup -type=srv _vlmcs._tcp.<FQDN>

replacing the <fqdn> with your fully qualified domain name. It will look up the DNS record which the Software Licensing service checks to contact a KMS host. From here you can try and ping the machine using the above DNS entry.

You can also use some other commands on the KMS host to ensure that it is working correctly and accepting clients and activating them. Opening an elevated command prompt window on your host machine you can use the following:

slmgr /dli
slmgr /dlv

These two commands will show you detailed information about your KMS host machine such as the number of failed/successful activations as well as client counts.