Microsoft KMS Activation Technology

Source ss64,com, MSBlog

Office Deployment Support Team Blog

How to discover Office and Windows KMS hosts via DNS and remove unauthorized instances

Source: TheWindowsClub.com written by View Licensing Status and Activation ID of your Windows OS

View Licensing Status and Activation ID of your Windows OS with slmgr.vbs

slmgr – Software Licensing Management Tool | Windows CMD | SS64.com

External articles: WindowsITPro.com

slmgr.vbs (Windows7/2008)

Software Licensing Management Tool. Windows Activation and Key Management Service (KMS)

Syntax
      slmgr [MachineName [Username Password]] [Option]
Key
  machinename   The machine to administer, by default the current local machine.

  username      An administrator equivalent user account for the remote computer.

  password      The password for the user account on the remote computer.

   /ato   Activate Windows license and product key against Microsoft's server.

   /atp Confirmation_ID   Activate Windows with user-provided Confirmation ID 

   /ckms  Clear the name of KMS server used to default and port to default.

   /cpky  Clear product key from the registry (prevents disclosure attacks)

   /dli   Display the current license information with activation
          status and partial product key.

   /dlv   Verbose, similar to -dli but with more information.

   /dti   Display Installation ID for offline activation

   /ipk Key  Enter a new product key supplied as xxxxx-xxxxx-xxxxx-xxxxx-xxxxx 

   /ilc License_file   Install license

   /rilc               Re-install system license files

   /rearm Reset the evaluation period/licensing status and activation state of the machine

   /skms activationservername:port 
          Set the Volume Licensing KMS server and/or the port used for KMS activation
          (where supported by your Windows edition)

   /skhc  Enable KMS host caching (default), this blocks the use of DNS priority and
          weight after the initial discovery of a working KMS host.
          If the system can no longer contact the working KMS host, discovery will be attempted again.

   /ckhc  Disable KMS host caching. This setting instructs the client to use DNS auto-discovery
          each time it attempts KMS activation (recommended when using priority and weight)

   /sai interval 
          Sets the interval in minutes for unactivated clients to attempt KMS connection.
          The activation interval must be between 15 minutes and 30 days, although the default (2 hours)
          is recommended.
          The KMS client initially picks up this interval from the registry but switches to the KMS
          setting after the first KMS response has been received.

   /sri interval
          Sets the renewal interval in minutes for activated clients to attempt KMS connection.
          The renewal interval must be between 15 minutes and 30 days.
          This option is set initially on both the KMS server and client sides.
          The default is 10080 minutes (7 days).

   /spri  Set the KMS priority to normal (default).
   /cpri  Set the KMS priority to low.
          Use this option to minimize contention from KMS in a co-hosted environment.
          Note that this could lead to KMS starvation, depending on what other applications
          or server roles are active. Use with care.

   /sprt port
          Sets the port on which the KMS host listens for client activation requests. The default TCP port is 1688.

   /sdns  Enable DNS publishing by the KMS host (default).
   /cdns  Disable DNS publishing by the KMS host.

   /upk   Uninstall current installed product key and return license status back to trial state.

   /xpr   Show the expiry date of current license (if not permanently activated)

Token-based activation:
   /lil   List the installed token-based activation issuance licenses.

   /ril ILID ILvID
	       Remove an installed token-based activation issuance license.

   /stao  Set the Token-based Activation Only flag, disabling automatic KMS activation.
   /ctao  Clear the Token-based Activation Only flag (default), enabling automatic KMS activation.
   /ltc   List valid token-based activation certificates that can activate installed software.
   /fta Certificate Thumbprint [PIN]
          Force token-based activation using the identified certificate.
          The optional personal identification number (PIN) is provided to unlock the private
          key without a PIN prompt when using certificates that are protected by hardware
          (for example, smart cards).

All actions (other than displaying status) require elevated administrator privileges.
Slmgr.vbs script is not intended to work across platforms i.e. between Vista and Windows 7

Examples

C:> cscript C:windowssystem32slmgr.vbs wkstn64 administrator pa55w0rd1 -dli

C:> cscript slmgr.vbs -skms 192.168.10.1:8090

C:> cscript slmgr.vbs -skms KMSServer:8090

“One resolution I have made, and try always to keep, is this: To rise above little things” ~ John Burroughs

Related:

SLUI – Software Licensing (Windows Activation) SLUI.exe 3 XXXXX.XXXXXX.XXXXXX.XXXXX
Activation Error Codes – TechNet
CERTREQ – Request certificate from a certification authority
WINVER – Display Licence Activation status
Q921471 – Activation fails when you try to activate Windows Vista, Windows 7…
PERMS – Show permissions for a user
SYSTEMINFO – List system configuration

Source: Windows Server 2012 KMS Service Activation | Working Hard In IT

Edited with additional notes and re-post of a MS Blog article.

// //

// // // <![CDATA[
var amznKeys = amznads.getKeys();
if (typeof amznKeys != “undefined” && amznKeys != “”) { for (var i =0; i // // // // //

Now we have the Windows Server 2012 R2 and Windows 8.1 OS in my environment and Volume Licenses, I will need to update our KMS Server to the latest version.In our case it is running on Windows Server 2008 R2.

Install the following update: An update is available for Windows 7 and Windows Server 2008 R2 KMS hosts to support Windows 8 and Windows Server 2012 as described in KB2691586. This is also the place where you can request this hotfix.  If you don’t install this hotfix registering a Windows Server 2012  KMS will throw an Error: 0xC004F050 The Software Licensing Service reported that the product key is invalid

Request the hotfix and install it from an elevated command prompt.

image

Once you’ve clicked OK the installation will start

image

After that’s finished you will be asked to restart the server. Do so. Just restarting the KMS service (“net stop sppsvc” and “net start sppsvc“) doesn’t suffice.

image

Now we have that out the way we can start putting our brand new KMS key into action.

Let’s take a look at what is already running:

slmgr.vbs /dlv => clearly the Windows 2008 R KMS key
image

Uninstall the current KMS key using slmgr.vbs /upk, please use an elevated command prompt

image

Now you can install the new KMS key.

slmgr.vbs /ipk xxxx-xxxxx-xxxxx-xxxxxx-xxxxx

image

Now activate your brandnew KMS key running slmgr.vbs /ato

image

Show what’s up and running now by running slmgr.vbs /dlv again and as you can see we’re in business to activate all our Windows Server 2012 R2 and Windows 8.1 hosts.

image

Notes:

SLMGR /UPK may be necessary in some organisations. Without this the new key wouldn’t activate.

 

The KMS key activates:
•Windows Server 2008 R2
•Windows Server 2008
•Windows 8
•Windows Server 2012
•Windows 7
•Windows Vista

There is no requirement to have any W2K12/Windows 8. So it doesn’t matter, you can do that update, never even install a new KMS activation key and even if you do never activate any Windows Server 2012 / Windows 8. Even if that counter is reset doens’t matter either. The moment you reach the required number it just starts counting again.There is nothing dangerous or magic about that counter bar from people’s tendency to sit around watching it count. KMS if done well is set en forget until a new OS arrives and that you just update the KMS host. Nothing to worry about and if you have Volume Licensing so Microsoft support will help you when in doubt. KMS is loose that you could blow it up and take weeks to set up a new one, meanwhile
the company will keep running. All of this very well documented http://technet.microsoft.com/en-us/library/ff793418.aspx and here’s the entry point for all Volume activation info http://technet.microsoft.com/en-us/library/ff719787.aspx

 

Server VL VOLUME_KMS_2012_C_channel activates:

Windows Vista Business
Windows Vista Enterprise
Windows 7 Professional
Windows 7 Enterprise
Windows 8 Professional
Windows 8 Enterprise
Windows 2008 (all editions)
Windows 2008 R2 (all editions)
Windows Server 2012 (all editions)

Activation on the Enterprise client machines- Open cmd prompt and enter: slmgr.vbs /ato

 How to install the Office 2010 KMS Host License Pack on Windows 8 or Windows Server 2012 – Office Deployment Support Team Blog – Site Home – TechNet Blogs

How to install the Office 2010 KMS Host License Pack on Windows 8 or Windows Server 2012

Source: Office Deployment Support Team Blog
by Eric Ellis
1/7/2013 UPDATE: The “Product activation failed” error that can occur when attempting to perform a phone activation of an Office 2010 KMS host installed on Windows 8 or Windows Server 2012 machines has been addressed in the latest release of the KeyManagementServiceHost*.exe file, which can be found in the link below.12/4/2012 UPDATE: This issue has been addressed in the latest version of the Office 2010 KMS Host License Pack, which can be found at the link below.

Microsoft is working on an update for the Office 2010 KMS Host License Pack which will allow it to be successfully installed on Windows 8 or Windows Server 2012 machines.

All of the steps below are no longer required as of 1/7/2013. See related note above in red, bold text.

In the meantime, the following steps can be used to work around the issue:

1) Download the Office 2010 KMS Host License Pack (http://go.microsoft.com/fwlink/p/?LinkID=169244)
2) Run the downloaded KeyManagementServiceHost.exe file to extract files that it contains. Ignore the “Unsupported operating system” error that occurs and click OK.
3) Press the Enter key to close the command window that is related to cscript.exe.
3) Browse to the %programfiles% or %programfiles(x86)% folder and navigate to the MSECacheOfficeKMS subfolder. If you installed the Office 2010 KMS Host License Pack on a 64-bit operating system, %programfiles% is the Program Files (x86) folder.
4) Rename the existing kms_host.vbs file to kms_host.old
5) Download the kms_host.zip file from the Office Deployment Support Team’s SkyDrive share at http://sdrv.ms/RiZ8Q9.
6) Extract the kms_host.vbs file from the zip file and place a copy of it in the %programfiles(x86)%MSECacheOfficeKMS or %programfiles%MSECacheOfficeKMS folder.

7) From an elevated command-prompt navigate to the %programfiles(x86)%MSECacheOfficeKMS or %programfiles%MSECacheOfficeKMS folder and run the following command:

cscript kms_host.vbs

7) If the KMS host machine has Internet connectivity, click Yes to enter the Office KMS host product key and activate online. Otherwise, click No, and press Enter to close the command window.

Open an elevated command prompt and run the following command line to check the installation, licensing state, and current status of the Office KMS host:

cscript slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864

See the following articles for additional information related to Office KMS host installation, activation, and troubleshooting:

Deploy volume activation of Office 2010
http://technet.microsoft.com/en-us/library/ee624357.aspx

Troubleshoot volume activation for Office 2010
http://technet.microsoft.com/en-us/library/ee624355.aspx

Office Deployment Support Team Blog, “Office 2010 KMS installation and troubleshooting”
http://blogs.technet.com/b/odsupport/archive/2010/06/01/office-2010-kms-installation-and-troubleshooting.aspx

Source: Windows Blogs

// // <![CDATA[
try { jQuery.telligent.evolution.site.configure({baseUrl:’/’,monthNames:[‘Jan’,’Feb’,’Mar’,’Apr’,’May’,’Jun’,’Jul’,’Aug’,’Sep’,’Oct’,’Nov’,’Dec’],dayNames:[‘Sun’,’Mon’,’Tue’,’Wed’,’Thu’,’Fri’,’Sat’],authorizationCookieName:’AuthorizationCookie’,defaultErrorMessage:’An error occurred. Please try again or contact your administrator.’,defaultMultiErrorMessagePrefix:’The following errors occurred: ‘,silverlightFileUploadEnabled:true});
jQuery.extend($.fn.evolutionUserFileTextBox.defaults,{removeText:’Remove’,selectText:’Select/Upload…’,noFileText:’No File Selected’});
jQuery.telligent.evolution.navigationConfirmation.configure({message:’==============================rnUnless you save before leaving this page, you will lose any changes you have made.rn==============================’});
jQuery.telligent.evolution.validation.registerExtensions({passwordInvalidMessage:’Password contains invalid chars …’,passwordRegex:’^.*$’,emailInvalidMessage:’Your email address is invalid.’,emailRegex:’^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$’,usernameInvalidMessage:’Your sign in name does not meet the requirements for this site.’,usernameRegex:’^[a-zA-Z0-9_\- @\.]+$’,emailsInvalidMessage:’One or more emails is invalid’,urlInvalidMessage:’URL not in correct format’,urlRegex:’^((http|https|mailto|mms):|/|#|~/)’});
jQuery.extend(jQuery.fn.evolutionLike.defaults,{likeText:’Like’,unlikeText:’Unlike’,modalTitleText:’People who like this’,modalShowMoreText:’Show More’,whoLikesOtherText:’{user_display_name} likes this’,whoLikesOtherTwoText:’{user_display_name} and 1 other like this’,whoLikesOtherMultipleText:’{user_display_name} and {count} others like this’,whoLikesAccessingText:’You like this’,whoLikesAccessingTwoText:’You and 1 other like this’,whoLikesAccessingMultipleText:’You and {count} others like this’});
jQuery.extend(jQuery.fn.evolutionInlineTagEditor.defaults,{editButtonText:’Edit tags’,selectTagsText:’Select tags’,saveTagsText:’Save’,cancelText:’Cancel’});
jQuery.extend(jQuery.fn.evolutionStarRating.defaults,{titles:[‘Terrible’,’Poor’,’Fair’,’Average’,’Good’,’Excellent’],ratingMessageFormat:’Average rating: {rating} out of {count} ratings.’});
jQuery.extend(jQuery.fn.evolutionModerate.defaults,{moderateLinkText:’moderate’,reportLinkText:’Flag as spam/abuse’,reportedLinkText:’Flagged as spam/abuse’,reportedNotificationMessageText:'{NAME}’s post has been flagged. Thank you for your feedback.’});
} catch(e) { };
// ]]>// // // // How to discover Office and Windows KMS hosts via DNS and remove unauthorized instances – Office Deployment Support Team Blog – Site Home – TechNet Blogs

External MS Blog post

How to discover Office and Windows KMS hosts via DNS and remove unauthorized instances

 Eric Ellis [MSFT] Eric Ellis [MSFT]
When troubleshooting KMS configuration and activation issues, our customers are often surprised to find unexpected Windows or Office KMS hosts in their environment.By default, Windows and Office clients discover KMS hosts via DNS and a related _vlmcs SRV record. To determine whether a KMS client can locate a KMS host and/or whether undesired KMS hosts exist on the network, run a command line similar to the following:

nslookup -type=srv _vlmcs._tcp >%temp%kms.txt

Review the kms.txt file. It should contain one or more entries similar to the following:

_vlmcs._tcp.contoso.com                            SRV service location:
priority       = 0
weight       = 0
port            = 1688
svr hostname   = kms-server.contoso.com

Running this nslookup command frequently reveals _vlmcs SRV entries which are tied to unauthorized Windows or Office KMS hosts.

In many cases, Windows KMS hosts may have been unintentionally set up by users who mistakenly entered a KMS host product key, rather than a Windows client product key. To remedy this issue, perform the following steps on the machine(s) in question, to replace the KMS product group key and “convert” it to a KMS or MAK client:

1) Open an elevated command prompt.
2) Run a command similar to the following:

cscript slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx   (where xxxxx-xxxxx-xxxxx-xxxxx-xxxxx is a 25 digit, Windows product key)

3) To prevent instability in the license service, the system should be restarted or the Software Protection Service should be restarted. The following command lines can be used to restart the Software Protection Service:

net stop sppsvc
net start sppsvc

4) Run a command line similar to the following to display the license information for the installed, active Windows edition:

cscript slmgr.vbs /dli

5) Using DNS Manager, in the appropriate forward lookup zone, delete the _vlmcs SRV records that exist for each machine which is not to serve as a Windows KMS host.
6) See the following articles for additional information:

Slmgr.vbs Options
http://technet.microsoft.com/en-us/library/ff793433.aspx

Windows 7 and Windows Server 2008 R2 Customer Hosted Volume Activation Guide / Deploying KMS Activation
http://technet.microsoft.com/en-us/library/ff793409.aspx

Unintentional creation of an Office KMS host is less common, because setting up an Office KMS requires a specific product key and the installation of the Microsoft Office 2010 KMS Host License Pack.

To determine whether a machine has the Office 2010 KMS Host License Pack installed and is an active Office KMS host, run a command line similar to the following:

cscript slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864

The output of a machine which has the Office 2010 KMS Host License Pack installed will resemble the following. Key items are “Partial Product Key: GB7AH” and “License Status: Licensed“, which indicate that the Office 2010 KMS host key is successfully installed and activated.

Name: Microsoft Office 2010, KMSHost edition
Description: Microsoft Office 2010 KMS, VOLUME_KMS channel
Activation ID: bfe7a195-4f8f-4f0b-a622-cf13c7d16864
Application ID: 59a52881-a989-479d-af46-f275c6370663
Extended PID: 55041-00096-199-000004-03-1033-7600.0000-3632009
Installation ID: 008523674214771124199799184000850026888810090415321136
Processor Certificate URL: http://go.microsoft.com/fwlink/p/?LinkID=88342
Machine Certificate URL: http://go.microsoft.com/fwlink/p/?LinkID=88343
Use License URL: http://go.microsoft.com/fwlink/p/?LinkID=88345
Product Key Certificate URL: http://go.microsoft.com/fwlink/p/?LinkID=88344
Partial Product Key: GB7AH
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 10/16/2011 2:07:42 PMKey Management Service is enabled on this computer
Current count: 0
Listening on Port: 1688
DNS publishing enabled
KMS priority: Normal

Perform the following steps to remove an Office KMS host in your environment:

1) Open an elevated command prompt.
2) Run a command similar to the following:

cscript slmgr.vbs /upk bfe7a195-4f8f-4f0b-a622-cf13c7d16864

 CAUTION: If the above command line is run without the Office activation ID (“bfe7a195-4f8f-4f0b-a622-cf13c7d16864”), all installed product keys are uninstalled, including those for Windows.

3) Run following command line again, to check the status of the Office KMS host:

cscript slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864

4) If the Office KMS host product key has been removed, the output will be similar to that below. Key items are “This license is not in use” and “License Status: Unlicensed“.

Name: Microsoft Office 2010, KMSHost edition
Description: Microsoft Office 2010 KMS, VOLUME_KMS channel
Activation ID: bfe7a195-4f8f-4f0b-a622-cf13c7d16864
Application ID: 59a52881-a989-479d-af46-f275c6370663
Extended PID:
Installation ID:
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88342
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88343
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88345
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88344
This license is not in use.
License Status: Unlicensed
Remaining Windows rearm count: 1
Trusted time: 8/16/2011 7:49:23 AM

5) Using DNS Manager, in the appropriate forward lookup zone, delete the _vlmcs SRV records that exist for each machine which is not to serve as an Office KMS host.
6) See the following articles for additional information:

Deploy volume activation of Office 2010
http://technet.microsoft.com/en-us/library/ee624357.aspx

Troubleshoot volume activation for Office 2010
http://technet.microsoft.com/en-us/library/ee624355.aspx

Source Office IT Blog: Migrate an Office 2013 KMS host from the command line or the UI

// // <![CDATA[
try { jQuery.telligent.evolution.site.configure({baseUrl:’/’,monthNames:[‘Jan’,’Feb’,’Mar’,’Apr’,’May’,’Jun’,’Jul’,’Aug’,’Sep’,’Oct’,’Nov’,’Dec’],dayNames:[‘Sun’,’Mon’,’Tue’,’Wed’,’Thu’,’Fri’,’Sat’],authorizationCookieName:’AuthorizationCookie’,defaultErrorMessage:’An error occurred. Please try again or contact your administrator.’,defaultMultiErrorMessagePrefix:’The following errors occurred: ‘,silverlightFileUploadEnabled:true});
jQuery.extend($.fn.evolutionUserFileTextBox.defaults,{removeText:’Remove’,selectText:’Select/Upload…’,noFileText:’No File Selected’});
jQuery.telligent.evolution.navigationConfirmation.configure({message:’==============================rnUnless you save before leaving this page, you will lose any changes you have made.rn==============================’});
jQuery.telligent.evolution.validation.registerExtensions({passwordInvalidMessage:’Password contains invalid chars …’,passwordRegex:’^.*$’,emailInvalidMessage:’Your email address is invalid.’,emailRegex:’^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$’,usernameInvalidMessage:’Your sign in name does not meet the requirements for this site.’,usernameRegex:’^[a-zA-Z0-9_\- @\.]+$’,emailsInvalidMessage:’One or more emails is invalid’,urlInvalidMessage:’URL not in correct format’,urlRegex:’^((http|https|mailto|mms):|/|#|~/)’});
jQuery.extend(jQuery.fn.evolutionLike.defaults,{likeText:’Like’,unlikeText:’Unlike’,modalTitleText:’People who like this’,modalShowMoreText:’Show More’,whoLikesOtherText:’{user_display_name} likes this’,whoLikesOtherTwoText:’{user_display_name} and 1 other like this’,whoLikesOtherMultipleText:’{user_display_name} and {count} others like this’,whoLikesAccessingText:’You like this’,whoLikesAccessingTwoText:’You and 1 other like this’,whoLikesAccessingMultipleText:’You and {count} others like this’});
jQuery.extend(jQuery.fn.evolutionInlineTagEditor.defaults,{editButtonText:’Edit tags’,selectTagsText:’Select tags’,saveTagsText:’Save’,cancelText:’Cancel’});
jQuery.extend(jQuery.fn.evolutionStarRating.defaults,{titles:[‘Terrible’,’Poor’,’Fair’,’Average’,’Good’,’Excellent’],ratingMessageFormat:’Average rating: {rating} out of {count} ratings.’});
jQuery.extend(jQuery.fn.evolutionModerate.defaults,{moderateLinkText:’moderate’,reportLinkText:’Flag as spam/abuse’,reportedLinkText:’Flagged as spam/abuse’,reportedNotificationMessageText:'{NAME}’s post has been flagged. Thank you for your feedback.’});
} catch(e) { };
// ]]>// // // // // // Migrate an Office 2013 KMS host from the command line or the UI – Office IT Pro Blog – Site Home – TechNet Blogs

You can find the basics for Office KMS host migration at  Migrate an Office 2010 KMS host. For Office 2013, there is a new Microsoft Office 2013
KMS Host License Pack
and activation ID. And if the migrated Office 2013 KMS host will be running on Windows 8 or Windows Server 2012, you can also set
up and activate the KMS host by using the Windows UI.To migrate an Office 2013 KMS host

1. Uninstall the Office 2013 KMS host key by running the following command:

cscript C:windowssystem32slmgr.vbs /upk 2E28138A-847F-42BC-9752-61B03FFF33CD

2. Delete the record from the Domain Name System (DNS):

a. Open the DNS console.

b. Expand the _tcp node under domain.com.

c. Delete the _VLMCS record.

After you do this, the Office 2013 KMS host is uninstalled.

3. On the Microsoft Office 2013 KMS Host License Pack website, download and then run office2013volumelicensepack_en-us_x86.exe on the new server.
You are then prompted to enter the product key, and the Office 2013 KMS host will try to become activated. If the activation fails, do the following:

a. On the new server, re-install the product key for the Office 2013 KMS host by running the following command from an elevated prompt:
cscript C:windowssystem32slmgr.vbs /ipk [ProductKey]

b. Activate the Office 2013 KMS host by running the following command from an elevated prompt:
cscript C:windowssystem32slmgr.vbs /ato 2E28138A-847F-42BC-9752-61B03FFF33CD

Note: For a complete list of slmgr.vbs commands for Office KMS host activation, see Prepare and configure the Office KMS host.

4. After activation is complete, restart the Software Licensing Service and verify in the DNS that the record is created for the new KMS host server. For more information about how to configure DNS for the KMS host, see Understanding KMS.

5. To verify that the Office 2013 KMS host is configured correctly, check the KMS activation request count to see whether it is increasing. On the KMS host,
the current count is displayed when you run the following command:
cscript C:windowssystem32slmgr.vbs /dlv 2E28138A-847F-42BC-9752-61B03FFF33CD

You can also check the Key Management Service log in the Applications and Services Logs folder, which is where activation requests from KMS clients are recorded, for the 12290 events. Each event displays the name of the computer and the time-stamp of the activation request.

To activate an Office 2013 KMS host that is running on Windows 8 or Windows Server 2012, you can also use the Windows UI. For more information, see Volume activation methods in Office 2013 and Volume Activation Overview.

 

View Licensing Status and Activation ID of your Windows OS with slmgr.vbs

Source: TheWindowsClub.com written by

Anand Khanse aka HappyAndyK is an end-user Windows enthusiast, a Microsoft MVP in Windows, since 2006, and the Admin of TheWindowsClub.com. Please create a System Restore Point before trying out any software & be careful about any third-party offers while installing freeware. Add me on Google+.

RECOMMENDED: Click here to fix Windows errors and optimize system performance

Windows Software Licensing Management Tool, slmgr.vbs is a command line licensing tool. It is a visual basic script used to configure licensing in Windows and also helps you see the licensing status of your Windows 7 or Windows 8 installation.

Activation is the initial process by which a Windows running on a PC is determined to be properly licensed and genuine, and it’s really quick and easy. It is different from Registration, in the sense that, Activation is the process of ensuring that your copy of Windows is used according to the Microsoft Software License Terms, whereas registration is the process of entering information to sign up for product support, tools and tips, and other product benefits.

View Licensing Status & Activation ID

To see the licensing status of your Windows 7 or Windows 8 installation, open the Run box, type the following and hit Enter:

slmgr.vbs /dlv

The following dialog box will appear.

To get all the Activation IDs for the installed version of Windows, open the Run box, type the following and hit Enter:

slmgr.vbs /dlv al

Because of WMI changes in Windows 7 and Windows Server 2008 R2, the Slmgr.vbs script is not intended to work across platforms. Using Slmgr.vbs to manage a Windows 8, Windows 7 or Windows Server 2008 R2 system from the Windows Vista operating system is not supported.

If you are looking for more Slmgr.vbs Options visit TechNet.

Troubleshooting Windows 7 Activation States may also interest you!

Go here to find out how to check the activation status & type of Microsoft Office.

Related Posts:

 

Error Codes:

Source: Microsoft Website

Applies To: Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Table 10 provides troubleshooting help for problems that occur when activating volume editions of Windows 7 and Windows Server 2008 R2 operating systems.

Table 10. Error codes and descriptions

Error code Error message Activation type Possible cause Troubleshooting steps
0xC004C001 The activation server determined the specified product key is invalid MAK An invalid MAK was entered. Verify that the key is the MAK provided by Microsoft.Contact the Microsoft Activation Call Center to verify that the MAK is valid.
0xC004C003 The activation server determined the specified product key has been blocked MAK The MAK is blocked on the activation server. Contact the Microsoft Activation Call Center to obtain a new MAK and install/activate the system.
0xC004C008 The activation server reported that the product key has exceeded its unlock limit. KMS The KMS key has exceeded the activation limit. KMS host keys will activate up to 10 times on six different computers. If more activations are necessary, contact the Microsoft Activation Call Center.
0xC004C020 The activation server reported that the Multiple Activation Key has exceeded its limit. MAK The MAK has exceeded the activation limit. MAKs by design have a limited number of activations. Contact the Microsoft Activation Call Center.
0xC004C021 The activation server reported that the Multiple Activation Key extension limit has been exceeded. MAK The MAK has exceeded the activation limit. MAKs by design have a limited number of activations. Contact the Microsoft Activation Call Center.
0xC004F009 The Software Protection Service reported that the grace period expired. MAK The grace period expired before the system was activated. Now, the system is in the Notifications state. See the section “User Experience.”
0xC004F00F The Software Licensing Server reported that the hardware ID binding is beyond level the of tolerance. MAK/KMS client/KMS host The hardware has changed or the drivers were updated on the system. MAK: Reactivate the system during the OOT grace period using either online or phone activation.KMS: Restart, or run slmgr.vbs /ato.
0xC004F014 The Software Protection Service reported that the product key is not available MAK/KMS client No product keys are installed on the system. Install a MAK product key, or install a KMS Setup key found in sourcesProduct.ini on the installation media.
0xC004F02C The Software Protection Service reported that the format for the offline activation data is incorrect. MAK/KMS client The system has detected that the data entered during phone activation is not valid. Verify that the CID is correctly entered.
0xC004F038 The Software Protection Service reported that the computer could not be activated. The count reported by your Key Management Service (KMS) is insufficient. Please contact your system administrator. KMS client The count on the KMS host is not high enough. The KMS count must be ≥5 for Windows Server or ≥25 for Windows client. More computers are needed in the KMS pool for KMS clients to activate. Run Slmgr.vbs /dli to get the current count on the KMS host.
0xC004F039 The Software Protection Service reported that the computer could not be activated. The Key Management Service (KMS) is not enabled. KMS client This error occurs when a KMS request is not answered. Troubleshoot the network connection between the KMS host and the client. Make sure that TCP port 1688 (default) is not blocked by a firewall or otherwise filtered.
0xC004F041 The Software Licensing Service determined that the Key Management Service (KMS) is not activated. KMS needs to be activated. Please contact system administrator. KMS client The KMS host is not activated. Activate the KMS host with either online or phone activation.
0xC004F042 The Software Protection Service determined that the specified Key Management Service (KMS) cannot be used. KMS client Mismatch between the KMS client and the KMS host. This error occurs when a KMS client contacts a KMS host that cannot activate the client software. This can be common in mixed environments that contain application and operating system-specific KMS hosts, for example.
0xC004F050 The Software Protection Service reported that the product key is invalid. KMS, KMS client, MAK This can be caused by a typo in the KMS key or by typing in a Beta key on a Released version of the operating system. Install the appropriate KMS key on the corresponding version of Windows. Check the spelling. If the key is being copied and pasted, make sure that em dashes have not been substituted for the dashes in the key.
0xC004F051 The Software Protection Service reported that the product key is blocked. MAK/KMS The product key on the activation server is blocked by Microsoft. Obtain a new MAK/KMS key, install it on the system, and activate.
0xC004F074 The Software Protection Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information. KMS Client All KMS host systems  returned an error. Troubleshoot errors from each event ID 12288 associated with the activation attempt.
0xC004F06C The Software Protection Service reported that the computer could not be activated. The Key Management Service (KMS) determined that the request timestamp is invalid. KMS client The system time on the client computer is too different from the time on the KMS host. Time sync is important to system and network security for a variety of reasons. Fix this issue by changing the system time on the client to sync with the KMS. Use of a Network Time Protocol (NTP) time source or Active Directory Domain Services for time synchronization is recommended. This issue uses UTP time and is independent of Time Zone selection.
0x80070005 Access denied. The requested action requires elevated privileges. KMS client/MAK/KMS host User Account Control (UAC) prohibits activation processes from running in a non-elevated command prompt. Run slmgr.vbs from an elevated command prompt. Right-click cmd.exe, and then click Run as Administrator.
0x8007232A DNS server failure. KMS host The system has network or DNS issues. Troubleshoot network and DNS.
0x8007232B DNS name does not exist. KMS client The KMS client cannot find KMS SRV RRs in DNS.If a KMS host does not exist on the network, a MAK should be installed. Confirm that a KMS host has been installed and DNS publishing is enabled (default).If DNS is unavailable, point the KMS client to the KMS host by using slmgr.vbs /skms <kms_host_name>.

Optionally, obtain and install a MAK; then, activate the system.

Finally, troubleshoot DNS.

0x800706BA The RPC server is unavailable. KMS client Firewall settings are not configured on the KMS host, or DNS SRV records are stale. Ensure the Key Management Service firewall exception is enabled on the KMS host computer.Ensure that SRV records point to a valid KMS host.

Troubleshoot network connections.

0x8007251D No records found for given DNS query. KMS client The KMS client cannot find KMS SRV RRs in DNS. Troubleshoot network connections and DNS.

See also

 

 

WMI Properties and Methods for Volume Activation

Source: Microsoft Website

Published: October 18, 2013

Updated: October 18, 2013

Applies To: Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Table 12 lists WMI properties and methods for the Software Protection Platform. Software Protection Platform properties are defined in the file %WinDir%System32wbemsppwmi.mof.

Table 12. Software protection platform WMI properties and methods

//properties SoftwareLicensingService Class
Version Version of the Software Protection Service
KeyManagementServiceMachine The name of the KMS host. Returns null if SetKeyManagementServiceMachine has not been called.
KeyManagementServicePort The TCP port used by clients to send KMS activation requests. Returns 0 if SetKeyManagementServicePort has not been called.
IsKeyManagementServiceMachine Indicates whether KMS is enabled on the computer: 0 if false, 1 if true.
VLActivationInterval The frequency, in minutes, of how often a client will contact the KMS host before the client is licensed.
VLRenewalInterval The frequency, in minutes, of how often a client will contact the KMS host after the client is licensed.
KeyManagementServiceCurrentCount The count of currently active KMS clients on the KMS host. -1 indicates that the host is not enabled as a KMS or has not received any client licensing requests.
RequiredClientCount The minimum number of clients required to connect to a KMS host in order to enable Volume Licensing.
PolicyCacheRefreshRequired Indicates whether the licensing policy cache needs to be updated: 0=not required, 1=Refresh required.
ClientMachineID The globally unique identifier (GUID) that identifies a KMS client to a KMS host. The client includes this in requests it sends to the KMS.
RemainingWindowsReArmCount Remaining number of times the client can be rearmed successfully.
KeyManagementServiceListeningPort The TCP port the KMS host uses to listen for activation requests.
KeyManagementServiceDnsPublishing Indicates the DNS publishing status of a KMS host: 0=Disabled, 1=Auto-publish enabled (default).
KeyManagementServiceLowPriority Indicates the thread priority status of KMS service: 0=Normal Priority (default), 1=Low priority.
KeyManagementServiceHostCaching Indicates the caching status of KMS host name and port: 0=Caching disabled, 1=Caching enabled (default).
KeyManagementServiceUnlicensedRequests The count of KMS requests from clients with License Status=0 (Unlicensed).
KeyManagementServiceLicensedRequests The count of KMS requests from clients with License Status=1 (Licensed).
KeyManagementServiceOOBGraceRequests The count of KMS requests from clients with License Status=2 (OOBGrace).
KeyManagementServiceOOTGraceRequests The count of KMS requests from clients with License Status=3 (OOTGrace).
KeyManagementServiceNonGenuineGraceRequests The count of KMS requests from clients with License Status=4 (NonGenuineGrace).
KeyManagementServiceNotificationRequests The count of KMS requests from clients with License Status=5 (Notification).
KeyManagementServiceTotalRequests The total count of valid KMS requests.
KeyManagementServiceFailedRequests The count of invalid KMS requests.
KeyManagementServiceActivationDisabled Indicates whether the volume activation through KMS is disabled.
//methods SoftwareLicensingService Class
InstallProductKey Installs a product key.
InstallLicense Installs a license.
InstallLicensePackage Installs a license package for the current product.
SetKeyManagementServiceMachine Sets the KMS host name to use for volume activation.
ClearKeyManagementServiceMachine Clears any previously configured KMS host name.
SetKeyManagementServicePort Sets the TCP port used by a client to make requests of a KMS host. If not specified, port 1688 is used.
ClearKeyManagementServicePort Clears any previously specified port number.
SetVLActivationInterval The activation frequency, in minutes, of how often KMS clients will contact the KMS host before they become licensed. The frequency must be ≥15 and ≤43,200. An error is returned if the method is called and the computer is not a KMS.
SetVLRenewalInterval The renewal frequency, in minutes, of how often KMS clients will contact the KMS host after they have become licensed. The frequency must be ≥15 and ≤43,200. An error is returned if the method is called and the computer is not a KMS.
ClearProductKeyFromRegistry Clears product key from the registry.
AcquireGenuineTicket Perform online Genuine Validation. Calling this method may change the Genuine status of the computer.
ReArmWindows Resets the licensing status of the computer to OOB Grace (see LicenseStatus).

Note
You must restart the client for the changes to take effect.
RefreshLicenseStatus Updates the licensing status of Windows so that applications have access to current licensing information.
SetKeyManagementServiceListeningPort Sets the TCP port used by a KMS host to listen for activation requests. Applies to KMS hosts only. If not specified, port 1688 is used.
ClearKeyManagementServiceListeningPort Clears any previously specified listening port. Applies to KMS hosts only.
DisableKeyManagementServiceDnsPublishing Enable/disable DNS Publishing on a KMS host computer: 0=Enable, 1=Disable.
EnableKeyManagementServiceLowPriority Enable/disable KMS service running with low priority: 0=Disable, 1=Enable.
DisableKeyManagementServiceHostCaching Enable/disable the caching of the KMS host name and port on a volume activation client computer: 0=Enable, 1=Disable.
DisableKeyManagementServiceActivation Enable/disable volume activation through a KMS computer: 0=Enable, 1=Disable.
DiscoveredKeyManagementServiceMachineName Last discovered KMS host name through DNS.
DiscoveredKeyManagementServiceMachinePort Last discovered KMS host port through DNS.
GenerateActiveDirectoryOfflineActivationId Generates an installation ID for use in Active Directory activation using the specified product key.
DepositActiveDirectoryOfflineActivationConfirmation Processes an installation ID, a confirmation ID, and ActivationObjectName to generate and publish the activation object in Active Directory.
DoActiveDirectoryOnlineActivation Performs online activation of Active Directory using a specified product key.
SetVLActivationTypeEnabled Sets the activation method.
ClearVLActivationTypeEnabled Clears previously specified activation method.
//properties SoftwareLicensingProduct Class
ID Product identifier
Name Product name
Description Product description
ApplicationID ID of current product’s application
ProcessorURL Software licensing server URL for the process certificate
MachineURL Software licensing server URL for the binding certificate
ProductKeyURL Software licensing server URL for the product certificate
UseLicenseURL Software licensing server URL for the user license
LicenseStatus License status of this product’s application:0=Unlicensed,

1=Licensed,

2=OOBGrace,

3=OOTGrace,

4=NonGenuineGrace,

5=Notification,

6=ExtendedGrace

LicenseStatusReason A diagnostic code that indicates why a computer is in a specific licensing state.
GracePeriodRemaining Remaining time in minutes before the parent application goes into Notification mode. For volume clients, this is the remaining time before reactivation is required.
EvaluationEndDate The expiration date of this product’s application. After this date, the LicenseStatus will be Unlicensed and cannot be activated.
OfflineInstallationId An identifier for this product’s application that can be used for telephone or offline activation. Returns null if a product key is not installed.
PartialProductKey Last five characters of this product’s key. Returns null if a product key is not installed.
ProductKeyID Product key ID. Returns null if a product key is not installed.
LicenseFamily The family identifier for the SKU used to determine license relationships for add-ons.
LicenseDependsOn The dependency identifier for the family of SKUs used to determine license relationships for add-ons.
LicenseIsAddon Returns True if the product is identified as an add-on license.
VLActivationInterval The frequency, in minutes, of how often a client will contact the KMS host before the product is licensed.
VLRenewalInterval The frequency, in minutes, of how often a client will contact the KMS host after the product is licensed.
KeyManagementServiceProductKeyID KMS product key ID. Returns null if not applicable.
KeyManagementServiceMachine The name of the KMS host. Returns null if SetKeyManagementServiceMachine has not been called.
KeyManagementServicePort The TCP port used by clients to send KMS activation requests. Returns 0 if SetKeyManagementServicePort has not been called.
DiscoveredKeyManagementServiceMachineName Last discovered KMS host name through DNS.
DiscoveredKeyManagementServiceMachinePort Last discovered KMS host port through DNS.
IsKeyManagementServiceMachine Indicates if KMS is enabled on the computer: 1 if true, 0 if false.
KeyManagementServiceCurrentCount The count of currently active KMS clients on the KMS host. -1 indicates that the computer is not enabled as a KMS or has not received any client licensing requests.
RequiredClientCount The minimum number of clients required to connect to a KMS host in order to enable Volume Licensing.
KeyManagementServiceUnlicensedRequests The count of KMS requests from clients with License Status=0 (Unlicensed).
KeyManagementServiceLicensedRequests The count of KMS requests from clients with License Status=1 (Licensed).
KeyManagementServiceOOBGraceRequests The count of KMS requests from clients with License Status=2 (OOBGrace).
KeyManagementServiceOOTGraceRequests The count of KMS requests from clients with License Status=3 (OOTGrace).
KeyManagementServiceNonGenuineGraceRequests The count of KMS requests from clients with License Status=4 (NonGenuineGrace).
KeyManagementServiceTotalRequests The total count of valid KMS requests.
KeyManagementServiceFailedRequests The count of failed KMS requests.
KeyManagementServiceNotificationRequests The count of KMS requests from clients with License Status=5 (Notification).
GenuineStatus Genuine status for this product’s application.
ExtendedGrace Extended grace time in minutes before the parent application becomes unlicensed.
TrustedTime Displays the currently stored trusted time in the system.
DisableKeyManagementServiceHostCaching Enable/disable the caching of the KMS host name and port on a volume activation client computer: 0=Enable, 1=Disable.
VLActivationType Defines the activation type used for the last successful client activation: 1=Active Directory, 2=KMS, 3=Token. If blank, the client was never activated.
VLActivationTypeEnabled Activation type configured for the volume licensing client: 1=Active Directory, 2=KMS, 3=Token. If blank or 0, all activation types are configured.
ADActivationObjectName Name of the activation object used for the last Active Directory activation.
ADActivationObjectDN The fully qualified distinguished name of the activation object used for the last Active Directory activation.
ADActivationCsvlkPid The CSVLK PID that is in the activation object used for the last Active Directory activation.
ADActivationCsvlkSkuId The CSVLK SKU ID that is in the activation object used for the last Active Directory activation.
// methods SoftwareLicensingProduct Class
UninstallProductKey Uninstalls a product key for the current product.
Activate Activates the current product.
DepositOfflineConfirmationId Activates a product by depositing an Offline Confirmation Identifier for this product when performing telephone or offline activation.
GetPolicyInformationDWord Gets license policy information of type DWORD.
GetPolicyInformationString Gets policy information of type string.
SetKeyManagementServiceMachine Sets the KMS host name to use for volume activation.
ClearKeyManagementServiceMachine Clears any previously configured KMS host name.
SetKeyManagementServicePort Sets the TCP port used by a client to make requests of a KMS host. If not specified, port 1688 is used.
ClearKeyManagementServicePort Clears any previously specified port number.
SetVLActivationTypeEnabled Sets the configured activation method for the volume licensing client.
ClearVLActivationTypeEnabled Clears any previously specified activation method configured for the volume licensing client.

See also

 

KMS Activation Timing and Discovery for Volume Activation

Source: Microsoft website

Published: October 18, 2013

Updated: October 18, 2013

Applies To: Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

On this page

KMS activation timing

KMS activation timing is controlled by two settings: the Activation and Renewal timers:

  • The KMS Activation Interval determines how often the KMS client attempts activation before it is activated. This value is set on the client by running slmgr.vbs /sai . See the sections “Slmgr.vbs Options” and “Registry Settings” for more information. Once a system contacts a KMS host, the KMS host setting will override the local client setting.
  • The KMS Renewal Interval determines how often the KMS client attempts reactivation with KMS, once it has been activated. This value can be set using slmgr /sri interval. The interval is set in minutes. The default value is 10,080 minutes (7 days). This value can be set on the client but will be overridden by the value that the KMS host provides.

In operation, the KMS client attempts to contact a KMS host on startup and again every Activation Interval minutes upon failure. By default, this happens every two hours. When KMS activation succeeds, the client receives and stores the KMS host’s Renewal Interval, and Windows activates for 180 days. Activation renewal operates as a sliding window, similar to a Dynamic Host Configuration Protocol (DHCP) lease. The client is activated for 180 days but still attempts reactivation every Renewal Interval minutes—by default, 7 days. If it succeeds, the 180-day period is reset. If it fails, the system will watch for network changes or other qualifying events to trigger another attempt. After 15 minutes, the system stops monitoring for qualifying events but still attempts every Activation Interval minutes.

KMS discovery search order

When KMS auto-discovery is enabled (default) and KMS host caching is not disabled, KMS clients will use the following order to determine which KMS to use (they will try each step until an activated KMS host with the correct key responds):

  • SKU-specific value in the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSoftwareProtectionPlatformAppIDSKUIDKeyManagementServiceName REG_SZ registry value
  • AppID-specific value in the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSoftwareProtectionPlatformAppIDKeyManagementServiceName REG_SZ registry value
  • Global value in the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSoftwareProtectionPlatformKeyManagementServiceName REG_SZ registry value
  • SKU-specific cached KMS host (This is the cached identity of the host used in the last successful KMS activation.)
  • DNS auto-discovery (weight and priority honored)

If a cached KMS does not respond, discovery is performed.

See also

Activation Policy Values for Volume Activation// // // // // // //

Activation Policy Values for Volume Activation

Published: October 18, 2013

Updated: October 18, 2013

Applies To: Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Table 8 lists policy values for Windows 8.1 and Windows Server 2012 R2.

Table 8. Windows 8.1 and Windows Server 2012 R2 policy values

Element Client value Server value Range
Rearm limit 1000 1000 Not configurable
KMS Client Count Threshold 25 5 Not configurable
KMS Activation duration 180 days 180 days Not configurable
KMS host listening port 1688 1688 Any open TCP port
OOB Grace Not available Not available Not configurable
OOT Grace Not available Not available Not configurable
KMS client reactivation (in minutes) 10,080 minutes(7 days—default) 10,080 minutes(7 days—default) 15–43,200 minutes(30 days—default)
Silent KMS retry interval—occurs on KMS activation failure 120 minutes 120 minutes 15–43,200 minutes(120 minutes—default)

Registry Settings for Volume Activation

Source: Microsoft Website

Published: October 18, 2013

Updated: October 18, 2013

Applies To: Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Registry settings

Table 3 describes the registry settings that Volume Activation supports.

Table 3. Registry settings

Value Type Description Scope
Registry subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSoftwareProtectionPlatform
ActivationAlternateURL REG_SZ Optionally contains an administrator-provided URL. If this key is populated, some activation dialog boxes will include a new link — Learn About Activation Online — that opens in the default browser. All
DisableDnsPublishing REG_DWORD Set this to a non-zero value to block auto-publishing to DNS by the KMS host. KMS
DnsDomainPublishList REG_MULTI_SZ Format: domain_name, <priority>, <weight>Optionally contains a list of fully qualified domains that KMS uses to auto-publish its DNS service (SRV) record. The KMS home domain is always used, so it is not necessary to include it here. This depends on the DisableDnsPublishing value.

The priority and weight parameters are optional. If not supplied, these are set to 0 in the SRV record.

KMS
EnableKmsLowPriority REG_DWORD Set this to a non-zero value to minimize contention from KMS in a co-hosted environment. Note that on a busy system, this can prevent the KMS host from maintaining a sufficient count. KMS
KeyManagementServiceListeningPort REG_SZ Set this on the KMS host to force KMS to listen on the TCP port specified. The host uses TCP port 1688 if this value is not specified. KMS
KeyManagementServiceName REG_SZ Set this value to force the use of a specific KMS host by the KMS client. No default.If you specify both App-ID and SKU-ID, this is created in a subkey under which the value is stored:..SoftwareProtectionPlatformAPPID_GUIDSKUID_GUID KeyManagementServiceName

If you specify only App-ID, SKU-ID is not allowed, and the resulting key is: ..SoftwareProtectionAPPID_GUID KeyManagementServiceName

If you specify neither App-ID nor SKU-ID, the resulting key is: ..SoftwareProtectionPlatform

KMS client
KeyManagementServicePort REG_SZ Set this to force the use of a specific TCP port by the KMS client when it communicates with a KMS. The client uses port 1688 if this value is not specified. KMS client
KeyManagementServiceVersion REG_SZ Set this for Microsoft Operations Manager (MOM) 2005 automatic discovery of the KMS. Delete this value if the KMS is no longer functional on the computer. KMS
UserOperations REG_DWORD This value does not exist by default, and the default is 0, which requires elevation. Create this value and set it to 1 to enable standard users to install product keys and activate and rearm computers without requiring elevation.This setting can also be configured by GPOs, which are stored under the policies registry subkey. All (not just KMS)
VLActivationInterval REG_DWORD This is set initially on both KMS server and client sides. The default is 120 minutes (2 hours). The KMS client initially picks up this interval from the registry but switches to the KMS setting after it receives the first KMS response. The minimum value is 15 minutes, and the maximum is 43,200 minutes (30 days). KMS Client and Server
VLRenewalInterval REG_DWORD This is set initially on both KMS server and client sides. The default is 10,080 minutes (7 days). The KMS client initially picks up this interval from the registry but switches to the KMS setting after it receives the first KMS response. As a result, the client-side setting will never be used. The minimum value is 15 minutes, and the maximum is 43,200 minutes (30 days). KMS Client and Server
(APP-ID)(SKU-ID)VLActivationType REG_DWORD Limits the type of activation to a single type.1 = Active Directory activation only

2 = KMS activation only

3 = Token activation only

0, blank, or values other than 1-3 = all activation types allowed (default value)

[???]
Registry subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSoftwareProtectionPlatformActivation
Manual REG_DWORD 0 = Allow automatic online activation (default)1 = Disable auto-activation MAK and KMS host but not KMS client

See also

Source: WorkingHardInIT.Wordpress.com 

It’s a great day as Windows Server 2012 R2 and Windows 8.1 bits have gone GA (“General Availability”). So it’s of to the Volume License Servicing Center to get the bits and the keys.

Before we start the roll out we need to either bring up a Windows Server 2012 R2 (or Windows 8.1) KMS host or upgrade the existing one that runs Windows Server 2012 or lower. In this example our KMS Service is running on Windows Server 2008 R2 so we need to do a couple of things.

Install the following update: KB 2885698: Update adds support for Windows 8.1 and Windows Server 2012 R2 clients to Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 KMS hosts (see Windows Server 2012 R2 & Windows 8.1 KMS Service Activation).  If you don’t install this hotfix registering a Windows Server 2012 R2 KMS key will throw an error:

0xc004f015: The Software Licensing Service reported that the license is not installed.
SL_E_PRODUCT_SKU_NOT_INSTALLED

So grab the hotfix and install it from an elevated command prompt. Just follow the instructions and you’ll be fine .

Once you’ve clicked “Yes” the installation will start

When the installation has finished you will be asked to restart the server. You need to do so. Just restarting the KMS service (“net stop sppsvc” and “net start sppsvc“) doesn’t seem to suffice.

When your server comes back up you’ll be ready to install and activate the Windows Server 2012 R2 KMS key.

First we take a look at the current situation:

slmgr.vbs /dlv => clearly the Windows 2012 KMS key

Uninstall the current KMS key using slmgr.vbs /upk, please use an elevated command prompt

Now you can install the new Windows 2012 R2 KMS key. If you run in to any issues here, restarting the KMS Service can help ((“net stop sppsvc” and “net start sppsvc“) . Try that first.

slmgr.vbs /ipk xxx-xxxx-xxxx-xxxx

Be patient, it’s not instantaneous.

The key listed here is for all you wannabe pirates out there, sorry, this is the navy. If you’re, looking for illegal keys, cracks, keygens, activators or dodgy KMS virtual machine for Windows 8.1 activation and such this is not the place.

You now need to activate your brand new KMS key running slmgr.vbs /ato

Show what’s up and running now by running slmgr.vbs /dlv again and as you can see we’re in business to activate all our Windows Server 2012 R2 and Windows 8.1 hosts. I’m happy to report that our users will be enjoying Windows 8.1 on the clients in 2014 & the infrastructure in the data center will be benefiting from the goodness Windows Server 2012 R2 brings.

Active Directory lockouts with Citrix Receiver

Active Directory lockouts with Citrix Receiver

Source: Did You Restart Blog?

Working on deploying new thin clients and encountered an issue where a single “bad password” would cause the account to become locked out.  That shouldn’t occur since the domain is set to lockout after 3 failed attempts.

Background:
Windows 2012 Active Directory
Citrix XenApp 6.5
Citrix Web Interface 5.4 (in this case hitting a services site aka PNAgent)
HP T520 Thin Client with ThinPro 5.1.0 build 07
The Citrix client installed was Receiver / icaclient 13.0.3
Active Directory set to lockout after 3 attempts

Issue:
User attempts to login from the thin client and with even a single mistyped password causes the users account to be locked out and ignores the AD three attempts policy.

Details:
The thin clients are replacing various flavors of thin clients (Wyse C30LE, HP t5530, HP t5540) all running Windows CE 5.0 and 6.0.

My understanding is that these older clients use the old style Program Neighborhood which enumerates the applications via XML.  Typically out of the box hitting the dns record “ica” which was normally setup with round robin dns to multiple XenApp / Presentation Servers.  This gave a list of possible applications to the end user prior to authentication.

The newer style thin clients based on Citrix receiver are a little different in that they authenticate at the thin client through Web Interface or Storefront and then present the application list to the user.

The problem with the new receiver method is that the user can authenticate, enumerating the apps available, and then walk away.  Then another user can walk up, launch the desktop or app they want and they just got access to the wrong user.  The old style prevented this because the user would launch the app and then have to authenticate.  The auto launch feature that some of these new thin clients helps with this alongside the “logout on last application close” options that many of the good ones are including.

HP took this a step farther and made it so that you could have multiple “connection profiles” in their connection manager!  So now we can make receiver profiles for various apps / desktops with their respective auto launch options we want based on the target user.  So, user walks up, clicks the familiar app / desktop they want and it prompts for credentials, they enter them and their desktop starts launching.  When they are done they logout and it automatically logs them out of the thin client once the app closes.  It mimics the old style, no need to train 50 – 65 yr old users how to do it differently! WIN

Problem:
Issue #1
The issue is that when “auto start resource” field is populated in ThinOS 5.x it will attempt to auto start the resource regardless of an authentication failure.  This results in 3 consecutive login attempts with the bad password and depending on the domain lockout threshold causes a lockout.

It looks to me based on the thin clients logs that the following is occurring.

  1. Attempts to use credentials – strike one
  2. Attempts to auto launch resource even though credentials failed – strike two
  3. Attempts to auto launch resource a second time! – strike three you’re locked ou

Connection starting
2014-12-09 09:12:33.256109510: XEN_WRAPPER: Starting xen_wrapper
2014-12-09 09:12:33.259483293: XEN_WRAPPER: Setting global vars
2014-12-09 09:12:33.390955220: XEN_WRAPPER: –UUID: {23285ceb-40f5-45f2-a09b-022148aa6608}
2014-12-09 09:12:33.394073686: XEN_WRAPPER: –ADDRESS: http://pna/Citrix/PNAgentTest/config.xml
2014-12-09 09:12:33.397168672: XEN_WRAPPER: –AUOSTARTRESOURCE: Desktop
2014-12-09 09:12:33.400411749: XEN_WRAPPER: –FORCE_HTTPS: 0
2014-12-09 09:12:33.403555042: XEN_WRAPPER: Finished setting global vars
2014-12-09 09:12:33.418721583: XEN_WRAPPER: Current XEN_CONN_METHOD: pnagent
2014-12-09 09:12:33.422322255: XEN_WRAPPER: Xen_wrapper_lock started
2014-12-09 09:12:33.433700476: XEN_WRAPPER: Xen_wrapper_lock finished (lock obtained)
2014-12-09 09:12:33.437209663: XEN_WRAPPER: startConnection started
2014-12-09 09:12:33.440670478: XEN_WRAPPER: clearOldData started
2014-12-09 09:12:33.565426467: XEN_WRAPPER: clearOldData ended
2014-12-09 09:12:33.568579181: XEN_WRAPPER: verifyPrereqs started
2014-12-09 09:12:33.584631374: XEN_WRAPPER: Skipping server connectivity check
2014-12-09 09:12:33.588346773: XEN_WRAPPER: Getting credentials
2014-12-09 09:12:33.604419882: XEN_WRAPPER: Attempting to use credentials from SSO manager
2014-12-09 09:12:33.685276288: XEN_WRAPPER: Saving the credentials
2014-12-09 09:12:33.737677029: XEN_WRAPPER: Finished saving credentials
2014-12-09 09:12:33.741336400: XEN_WRAPPER: Finished getting credentials
2014-12-09 09:12:33.747522104: XEN_WRAPPER: verifyPrereqs finished
2014-12-09 09:12:33.750782250: CONFIGURATION: setting up config files
WARNING /etc/templates/xen/appsrv.in/64: Could not find regkey root/ConnectionType/xen/general/type
WARNING /etc/templates/xen/appsrv.in/66: Could not find regkey root/ConnectionType/xen/general/application
WARNING /etc/templates/xen/appsrv.in/69: Could not find regkey root/ConnectionType/xen/general/directory
lpstat: No destinations added.
lpstat: No destinations added.
lpstat: No destinations added.
lpstat: No destinations added.
2014-12-09 09:12:34.200041676: CONFIGURATION: finished setting up config files
2014-12-09 09:12:34.203440412: SETUPUSBR: Setting up USBR
2014-12-09 09:12:34.504068780: SETUPUSBR: Finished setting up USBR
2014-12-09 09:12:34.508365874: CONNECTIVITY: Autolaunchresource started
2014-12-09 09:12:34.568366574: XEN_WRAPPER: Calling: hptc-citrix-connect -g ‘CitrixReceiver Linux HP ThinPro’ -f /tmp/citrix/{23285ceb-40f5-45f2-a09b-022148aa6608} -c /tmp/{23285ceb-40f5-45f2-a09b-022148aa6608}.credentials ‘-L’ ‘Desktop’ ‘-a’ ‘pnagent’ ‘http://pna/Citrix/PNAgentTest/config.xml&#8217;
/etc/xen/helperscripts//xen_err: line 98: 19959 Terminated              nice xmsg -pixmap /usr/share/icons/hptc-icons/48×48/hourglass.png -message “$msg” -caption “$caption” > /dev/null 2>&1
2014-12-09 09:12:36.918657058: XEN_WRAPPER: Processing Citrix connect error output in file /tmp/citrix/{23285ceb-40f5-45f2-a09b-022148aa6608}/error.log
2014-12-09 09:12:36.922922526: XEN_WRAPPER: Error info: Exit Code 2 ERR_CRE_BAD_CREDENTIALS ERR_INFO_URL: http://pna/Citrix/PNAgentTest/launch.aspx ERR_INFO_HTTP_CODE_ERROR: 500 ERR_INFO_DP_ERROR_ID: CharlotteErrorBadCredentials (V1.0.3-26636-19972-C.138-C.351-L.166-M.611)
2014-12-09 09:12:36.929542118: PNAGENT CONNECTION: pnagent launchapp function ended
2014-12-09 09:12:36.933493717: CONNECTIVITY: Failed to autolaunch resource: Desktop
2014-12-09 09:12:36.936785230: CONNECTIVITY: We will try again later after obtaining the full resource list
2014-12-09 09:12:36.940211790: CONNECTIVITY: Autolaunchresource finished
2014-12-09 09:12:36.943772291: CONNECTIVITY: Getresourcelist started
2014-12-09 09:12:36.947373640: PNAGENT CONNECTION: PNAgent list function started
2014-12-09 09:12:36.960696717: XEN_WRAPPER: Calling: hptc-citrix-connect -g ‘CitrixReceiver Linux HP ThinPro’ -f /tmp/citrix/{23285ceb-40f5-45f2-a09b-022148aa6608} -c /tmp/{23285ceb-40f5-45f2-a09b-022148aa6608}.credentials ‘-E’ ‘-a’ ‘pnagent’ ‘-i48x32’ ‘http://pna/Citrix/PNAgentTest/config.xml&#8217;
2014-12-09 09:12:37.140691247: XEN_WRAPPER: Processing Citrix connect error output in file /tmp/citrix/{23285ceb-40f5-45f2-a09b-022148aa6608}/error.log
2014-12-09 09:12:37.144597435: XEN_WRAPPER: Error info: Exit Code 2 ERR_CRE_BAD_CREDENTIALS ERR_INFO_URL: http://pna/Citrix/PNAgentTest/enum.aspx ERR_INFO_HTTP_CODE_ERROR: 500 ERR_INFO_DP_ERROR_ID: CharlotteErrorBadCredentials (V1.0.3-26636-20050-C.138-C.351-E.425-M.607)
2014-12-09 09:12:38.685672448: XEN_WRAPPER: Xen_wrapper_unlock started
2014-12-09 09:12:38.695702911: XEN_WRAPPER: Xen_wrapper_unlock finished
Connection stopped

Issue #2
Regardless of whether “auto start single application” checkbox is marked or not it will attempt to auto start the resource.  According to HP support, you should have to populate the “auto start resource” AND check mark the “Auto start single application”.  In the below image attempting to launch the connection will auto launch Desktop even though the box is not checked.

I see this as a “so what” issue since you can simple blank the resource field to fix.

HP Support: 
Working with HP support has been… challenging.  This is my typical experience with HP support.  In fact, some 4 or 5 years ago we had been deploying HP t5530 / 5540 units and we had a horrid, no good, very bad experience which led us to start buying Wyse C30LE’s instead.  Currently there is an open ticket and we’ve finally after much back and forth to sort out what the issue really is have gotten to where we have a call in a few days to talk directly with what they call “3ls” techs regarding the issue.

Update: 12/11/2014
Our call today went extremely well!  The 3ls techs looked at the issue and acknowledged that it this is not intended and is not correct functionality.  They are reviewing the Receiver launching scripts and debugging.  These techs where wonderful to work with.

In addition, it helped that I had just received more of these units in the mail yesterday with ThinPro 5.0.0 build 34 installed (Receiver 13.0.1) and they do NOT have this issue.

So, hopefully we should see a fix for this very soon.

Update: 12/15/2014
I received a potential fix from our tech.  After replacing one of the xen scripts it now does 2 login attempts on a failed password.  So, closer, but still a little ways to go.  I’ve let the tech know, but have not gotten a response back yet.  I’m very impressed with the amount of time it took HP 3ls from our call until getting a potential fix back to me, only 4 days (2 working days)!

Connection starting

2014-12-15 13:27:21.778743391: XEN_WRAPPER: Starting xen_wrapper

2014-12-15 13:27:21.782076328: XEN_WRAPPER: Setting global vars

2014-12-15 13:27:21.913645156: XEN_WRAPPER: –UUID: {23285ceb-40f5-45f2-a09b-022148aa6608}

2014-12-15 13:27:21.916861192: XEN_WRAPPER: –ADDRESS: http://pna/Citrix/PNAgentTest/config.xml

2014-12-15 13:27:21.920028613: XEN_WRAPPER: –AUOSTARTRESOURCE: Desktop

2014-12-15 13:27:21.924181954: XEN_WRAPPER: –FORCE_HTTPS: 0

2014-12-15 13:27:21.927354001: XEN_WRAPPER: Finished setting global vars

2014-12-15 13:27:21.942516253: XEN_WRAPPER: Current XEN_CONN_METHOD: pnagent

2014-12-15 13:27:21.946069435: XEN_WRAPPER: Xen_wrapper_lock started

2014-12-15 13:27:21.955204255: XEN_WRAPPER: Xen_wrapper_lock finished (lock obtained)

2014-12-15 13:27:21.958457047: XEN_WRAPPER: startConnection started

2014-12-15 13:27:21.963793994: XEN_WRAPPER: clearOldData started

2014-12-15 13:27:22.090175367: XEN_WRAPPER: clearOldData ended

2014-12-15 13:27:22.093326796: XEN_WRAPPER: verifyPrereqs started

2014-12-15 13:27:22.109287022: XEN_WRAPPER: Skipping server connectivity check

2014-12-15 13:27:22.113068311: XEN_WRAPPER: Getting credentials

2014-12-15 13:27:22.129233020: XEN_WRAPPER: Attempting to use credentials from SSO manager

2014-12-15 13:27:22.210081059: XEN_WRAPPER: Saving the credentials

2014-12-15 13:27:22.269983253: XEN_WRAPPER: Finished saving credentials

2014-12-15 13:27:22.274073256: XEN_WRAPPER: Finished getting credentials

2014-12-15 13:27:22.281205345: XEN_WRAPPER: verifyPrereqs finished

2014-12-15 13:27:22.284759139: CONFIGURATION: setting up config files

WARNING /etc/templates/xen/appsrv.in/64: Could not find regkey root/ConnectionType/xen/general/type

WARNING /etc/templates/xen/appsrv.in/66: Could not find regkey root/ConnectionType/xen/general/application

WARNING /etc/templates/xen/appsrv.in/69: Could not find regkey root/ConnectionType/xen/general/directory

lpstat: No destinations added.

lpstat: No destinations added.

lpstat: No destinations added.

lpstat: No destinations added.

2014-12-15 13:27:22.733353761: CONFIGURATION: finished setting up config files

2014-12-15 13:27:22.736815163: SETUPUSBR: Setting up USBR

2014-12-15 13:27:22.991945423: SETUPUSBR: Finished setting up USBR

2014-12-15 13:27:22.995309518: CONNECTIVITY: Autolaunchresource started

2014-12-15 13:27:23.051279037: XEN_WRAPPER: Calling: hptc-citrix-connect -g ‘CitrixReceiver Linux HP ThinPro’ -f /tmp/citrix/{23285ceb-40f5-45f2-a09b-022148aa6608} -c /tmp/{23285ceb-40f5-45f2-a09b-022148aa6608}.credentials ‘-L’ ‘Desktop’ ‘-a’ ‘pnagent’ ‘http://pna/Citrix/PNAgentTest/config.xml&#8217;

/etc/xen/helperscripts//xen_err: line 98:  1326 Terminated              nice xmsg -pixmap /usr/share/icons/hptc-icons/48×48/hourglass.png -message “$msg” -caption “$caption” > /dev/null 2>&1

2014-12-15 13:27:23.282579275: XEN_WRAPPER: Processing Citrix connect error output in file /tmp/citrix/{23285ceb-40f5-45f2-a09b-022148aa6608}/error.log

2014-12-15 13:27:23.286948526: XEN_WRAPPER: Error info: Exit Code 2 ERR_CRE_BAD_CREDENTIALS ERR_INFO_URL: http://pna/Citrix/PNAgentTest/launch.aspxERR_INFO_HTTP_CODE_ERROR: 500 ERR_INFO_DP_ERROR_ID: CharlotteErrorBadCredentials (V1.0.3-26636-1340-C.138-C.351-L.166-M.611)

2014-12-15 13:27:56.422385349: XEN_WRAPPER: Xen_wrapper_unlock started

2014-12-15 13:27:56.433475063: XEN_WRAPPER: Xen_wrapper_unlock finished

Connection stopped

Citrix 7.6 Administer profiles within and across OUs

Administer profiles within and across OUs

Updated: 2013-07-31

Within OUs

You can control how Profile management administers profiles within an Organizational Unit (OU). In Windows Server 2008 environments, use Windows Management Instrumentation (WMI) filtering to restrict the .adm or .admx file to a subset of computers in the OU. WMI filtering is a capability of Group Policy Management Console with Service Pack 1 (GPMC with SP1). For more information on WMI filtering, see http://technet.microsoft.com/en-us/library/cc779036(WS.10).aspx andhttp://technet.microsoft.com/en-us/library/cc758471(WS.10).aspx. For more information on GPMC with SP1, see http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en.

The following methods let you manage computers with different OSs using a single Group Policy Object (GPO) in a single OU. Each method is a different approach to defining the path to the user store:

  • Hard-coded strings
  • Profile management variables
  • System environment variables

Hard-coded strings specify a location that contains computers of just one type. This allows profiles from those computers to be uniquely identified by Profile management. For example, if you have an OU containing only Windows 7 computers, you might specify serverprofiles$%USERNAME%.%USERDOMAIN%Windows7 in Path to user store. In this example, the Windows7 folder is hard-coded. Hard-coded strings do not require any setup on the computers that run the Profile Management Service.

Profile management variables are the preferred method because they can be combined flexibly to uniquely identify computers and do not require any setup. For example, if you have an OU containing Windows 7 and Windows 8 profiles running on operating systems of different bitness, you might specify \serverprofiles$%USERNAME%.%USERDOMAIN%!CTX_OSNAME!!CTX_OSBITNESS! in Path to user store. In this example, the two Profile management variables might resolve to the folders Win7x86 (containing the profiles running on the Windows 7 32-bit operating system) and Win8x64 (containing the profiles running on the Windows 8 64-bit operating system). For more information on Profile management variables, see Profile Management Policies.

System environment variables require some configuration; they must be set up on each computer that runs the Profile Management Service. Where Profile management variables are not suitable, consider incorporating system environment variables into the path to the user store as follows.

On each computer, set up a system environment variable called %ProfVer%. (User environment variables are not supported.) Then, set the path to the user store as:

\upmserverupmshare%username%.%userdomain%%ProfVer%

For example, set the value for %ProfVer% to Win7 for your Windows 7 32-bit computers and Win7x64 for your Windows 7 64-bit computers. For Windows Server 2008 32-bit and 64-bit computers, use 2k8 and 2k8x64 respectively. Setting these values manually on many computers is time-consuming, but if you use Provisioning Services, you only have to add the variable to your base image.

An example of how to script this is at:

http://forums.citrix.com/thread.jspa?threadID=241243&tstart=0

This sample script includes lines for Windows Server 2000, which is unsupported by Profile management.

Tip: In Windows Server 2008 R2 and Windows Server 2012, you can speed up the creation and application of environment variables using Group Policy; in Group Policy Management Editor, click Computer Configuration > Preferences >Windows Settings > Environment, and then Action > New > Environment Variable.

Across OUs

You can control how Profile management administers profiles across OUs. Depending on your OU hierarchy and GPO inheritance, you can separate into one GPO a common set of Profile management policies that apply to multiple OUs. For example, Path to user store and Enable Profile management must be applied to all OUs, so you might store these separately in a dedicated GPO, enabling only these policies there (and leaving them unconfigured in all other GPOs).

You can also use a dedicated GPO to override inherited policies. For information on GPO inheritance, see the Microsoft Web site.

MyXenApp

A blog dedicated to Citrix technology

There's More to the Story: a blog about LIFE, chronic illness, and Mental Health

I’m the loud and relentless "patient" voice and advocate they warned you about. I happen to have type 1 diabetes, ADHD, anxiety, OCD, PCOS, endometriosis, thyroid issues, asthma, allergies, lactose intolerance (and more), but there’s more to story.

DeployWindows

Learn Troubleshoot and Manage Windows

Dirk & Brad's Windows Blog

Microsoft Platform How To's, Best Practices, and other Shenanigans from Highly-qualified Windows Dorks.

Ingmar Verheij

About Citrix, Remote Desktop, Performance, Workspace, Monitoring and more...

Virtual to the Core

Virtualization blog, the Italian way.

CloudPundit: Massive-Scale Computing

the business of Internet infrastructure, cloud computing, and data centers

UCSguru.com

Every Cloud Has a Tin Lining.

speakvirtual

See no physical, hear no physical, speak no physical - speakvirtual.com

IT BLOOD PRESSURE

IT can be easy

Ask the Architect

My workspace journey

blog.scottlowe.org

The weblog of an IT pro specializing in virtualization, storage, and servers

akosijesyang

a place under control of his big head

this is... The Neighborhood

the Story within the Story

Yellow Bricks

by Duncan Epping

THE SAN GUY

Enterprise Storage Engineer

My Virtual Vision

My thoughts on application delivery