Key Management Service for Windows Server

2003
Supplemental Step-By-Step Guide
Microsoft Corporation
Published: February, 2007 (last updated 2/08/07)

Purpose
This supplemental guide provides planning, deployment, and operational
guidance for activating Key Management Service for Windows Server 2003.
The Windows Vista Volume Activation 2.0 Step-By-Step Guide is essential
reading and a prerequisite for understanding this document.

Who Should Use the Key Management Service for

Windows Server 2003?
This guide is targeted at IT professionals who are responsible for deploying
and managing KMS for Windows Vista deployment on Windows Server
2003 computers.

ii
Activation 2.0

Windows Vista Volume

Information in this document, including URL and other Internet Web site references, is subject to
change without notice.
Unless otherwise noted, the companies, organizations, products, domain names, e-mail
addresses, logos, people, places, and events depicted in examples herein are fictitious. No
association with any real company, organization, product, domain name, e-mail address, logo,
person, place, or event is intended or should be inferred.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright, no part of this document may be reproduced, stored in or introduced into
a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written
permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
2006 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveX, Windows, Windows 2000, Windows Server, Windows Vista,
and Windows XP are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.

Contents
Key Management Service for Windows Server 2003...................................................
Supplemental Step-By-Step Guide...........................................................................
Introduction.........................................................................................................
Problem.........................................................................................................
Volume Activation 2.0 Solution..........................................................................
Benefits of Volume Activation 2.0......................................................................
Key Management Service for Windows 2003 Server Overview....................................
Differences between Windows 2003 Server and Windows Vista KMS
Versions.........................................................................................................
Package Installation....................................................................................
No Graphical User Interface (GUI)................................................................
KMS Keys and Activation.............................................................................
No Out-of-Box Grace Period.........................................................................
KMS for Windows 2003 Release Notes................................................................
Available Versions.......................................................................................
KMS and OS Language Versions Must Match..................................................
KMS for Windows Server 2003 Will Not Run in a Virtual Machine......................
Known Issues............................................................................................
Obtaining Volume License Keys.........................................................................
Activation Limits.........................................................................................
Important Note..........................................................................................
Deployment Guidance...........................................................................................
General Considerations....................................................................................
KMS Activation Technical Overview...............................................................
Prerequisites for KMS Activation...................................................................
KMS Host Sizing.........................................................................................
Administrative Credentials...........................................................................
Steps for Installing the KMS package on Windows Server 2003.............................
Install a KMS Package.................................................................................
Remove a KMS Package..............................................................................
Steps for Configuring a KMS Activation..............................................................
Configuring KMS Hosts................................................................................
Operational Guidance..........................................................................................
Built-in Scripting Support...............................................................................
Microsoft Key Management Service MOM Pack...................................................
Known Issues with the MOM Pack...............................................................
KMS Health Monitoring..............................................................................

KMS Activity Reporting..............................................................................

Backup Requirements....................................................................................
Group Policy Support.....................................................................................
Troubleshooting..................................................................................................
KMS Activation Troubleshooting Steps..............................................................
Mapping Error Codes to Text Messages.............................................................
Reviewing Activation Events............................................................................
WMI Software Licensing Classes and Properties.................................................
Appendix 1: Installing the MOM 2005 Agent on 64-bit Systems................................
Additional Resources...........................................................................................

Introduction
Problem
Software asset and license management pose continual challenges for both
enterprise customers as well as software developers. The issue of genuine
software (running legitimately licensed operating systems and applications as
opposed to illegitimate software) not only impacts the software vendors but the
consumers, corporate users and partners. Yankee group (sponsored by Microsoft)
in its research concluded that consumers and businesses that deploy counterfeit
software put themselves, their end users, business partners and suppliers at
serious risk for:

Network downtime and lost data increases when the counterfeit software
malfunctions.

Technical service and support and interoperability issues involving

counterfeit software typically take longer to resolve because either the
gray market source is long gone or the legitimate software vendor will
spend more time trying to troubleshoot.

Businesses that knowingly or unwittingly use counterfeit software are at

increased risk of litigation from business partners, suppliers and
customers in the event their network operations are adversely affected
when something goes awry with the pirated software.

Non-genuine software also raises the risk of incompatibility with

legitimate Windows and Office patches, fixes and updates.

Research by IDC (sponsored by Microsoft) shows that acquiring and using

counterfeit software can pose real risks. The research examined websites that
offer counterfeit software as well as hacks, cracks and keygen tools available on
websites and P2P networks that enable the illegal use of software. The research
found there is a significant amount of malicious or unwanted code present in key
generators and crack tools, and on websites that offer counterfeit software.
Specifically, malicious or unwanted software was found in:

25% of the Web sites (25 of 98 sites) offering counterfeit product keys,
pirated software, key generators or crack tools

11% of key generators and crack tools (13 out of 116) from websites

59% of key generators and crack tools (55 of 94) downloaded from P2P
networks

Finally the previous versions of Microsoft Windows didnt provide tools and
solutions to enterprise customers that are necessary to protect and manage the
software and the associated license keys. Enterprise customers had no ability to
track the key usage or control its use within as well as outside of their managed
environment.

Windows Vista Volume Activation 2.0 Technical Guidance

For these reasons, Microsoft continually invests in technologies and programs to

help protect consumers and businesses from the risks and hidden costs of
counterfeit and unlicensed software while enabling the enterprise customers in
their software asset and license management efforts.

Volume Activation 2.0 Solution

Volume Activation 2.0 is a new requirement in the Windows Vista operating
system and Windows Server Code Name "Longhorn," which requires activation of
each Windows Vista license acquired under a Volume License agreement. When
designing and building the new volume activation technologies, Microsoft focused
on the following goals:
Close significant piracy loopholes (Volume License keys represent the majority of
the keys that are involved in Windows piracy.)
Enable protection and management of volume license keys with minimal impact to
deployment and management of the infrastructure
Improve the customer experience
Volume Activation 2.0 is designed to help increase protection and to help better
manage the Volume License keys in managed and non-managed environments as
well as provide flexible deployment options for customers. The process is
transparent for end users, and the Volume Activation 2.0 solution works in a
variety of customer environments.

Benefits of Volume Activation 2.0

Volume Activation 2.0 supports centrally managed Volume License keys. The Key
Management Service (KMS) key used for KMS activation is only installed on the
KMS host and never on individual computers. The Multiple Activation Key (MAK),
although resident on the individual computer, is encrypted and kept in a trusted
store so that users are not exposed to the key and are not able to obtain the key
once it has been installed on the computer.
Volume Activation 2.0 supports a simplified setup and is generally invisible to the
customers. By default, Volume editions do not require a product key to be entered
during setup. The computer must be activated during an automatic 30-day grace
period.
System Administrators can count KMS activations using standard system
management software including the Microsoft Operations Manager (MOM), as well
as the Volume Activation Management Tool (VAMT). Windows Management
Infrastructure (WMI), extensive event logging, and built-in Application
Programming Interfaces (APIs) may provide a wealth of detail about installed
licenses and about the license state and current grace or expiration period of MAK
and KMS-activated computers.
Volume Activation 2.0 also may provide enhanced security through frequent
background validations for Genuine modules. This is currently limited to critical
software, but may be expanded over time.

Key Management Service for Windows Server 2003

Key Management Service for Windows 2003

Server Overview
KMS for Windows Server 2003 behaves nearly identically to the Windows Vista
implementation. The design goal has been to ensure that interfaces (SLAPI, WMI),
tools (slmgr.vbs, MOM pack, SMS SP3), error logs, error codes and most
operational documentation apply identically to both versions.
Both KMS versions share the same Windows Vista KMS key. As with Windows Vista,
it is necessary to activate the KMS host before it can support KMS client
activations. Both versions must also be reactivated if there are significant changes
to underlying hardware or drivers.
The required minimum number of Windows Vista clients needed to support
activation remains at 25. (This is determined by the Windows Vista client, rather
than KMS.)
KMS clients can use either the Windows Vista or Windows 2003 KMS versions
interchangeably. DNS publishing and autodiscovery behave identically.

Differences between Windows 2003 Server and

Windows Vista KMS Versions
Although the Windows 2003 Server and Windows Vista implementations are very
similar, some differences exist and are discussed here.

Package Installation
The KMS for Windows Server 2003 service (sppsvc) is installed as a package over
the existing operating system. Installation is based on the familiar Software Update
Installer and is fast and easy. KMS can be removed using Add or Remove Programs
in the Control Panel.

No Graphical User Interface (GUI)

There is no GUI support for the Windows Server 2003 service. Therefore, all
interaction with KMS must be done using the built-in script, slmgr.vbs. Notably,
SLUI.exe, which in Windows Vista is the recommended tool to map error codes to
descriptive text, is not supported. Since nearly all KMS interactions require the use
of the slmgr.vbs script, the lack of a GUI has little impact.

KMS Keys and Activation

The Windows Vista KMS key is used to activate the KMS host functionality only.
This has no affect on the activation or other fuctions of the underlying server
operating system. Windows Server 2003 may need to be separately activated.
(Volume and OEM versions of Window Server 2003 do not require activation.) It is
also important to note that the KMS service for Windows Server 2003 and the
corresponding KMS key only support the activation of volume editions of the
Windows Vista operating system.

Windows Vista Volume Activation 2.0 Technical Guidance

Although both online (Internet) and offline (telephone) activation of the KMS
service are supported, offline activation of KMS for Windows Server 2003 can only
be done using the slmgr.vbs script.

No Out-of-Box Grace Period

The Windows 2003 version of KMS will be in the Unlicensed state immediately after
it is installed. There is no grace period, because the KMS host must be (and
remain) activated in order for KMS clients to use it to activate. Once the KMS key
has been installed and the KMS host has been activated, the license state will
change to Licensed.

KMS for Windows 2003 Release Notes

Available Versions
The KMS for Windows Server 2003 package is available in the following versions:

X86 and X64 versions (no IA64);

Windows Server 2003 SP1 or greater;

Windows Server 2003 Standard, Enterprise and Datacenter;

Initial language versions include US English, Japanese and German;

Support for all standard Windows Server 2003 languages is expected to be

available within 4 6 weeks from initial release

KMS and OS Language Versions Must Match

The KMS language version must match the language version of the underlying
operating system. KMS will not install properly if the languages do not match.
Additionally, an incorrect error may be displayed if installation is attempted on a
non-matching system.

KMS for Windows Server 2003 Will Not Run in a

Virtual Machine
By design, KMS for Windows 2003 is not supported within a VM. The KMS service
will install but will not activate, returning error 0xC004F068.

Known Issues
On installing or using KMS activation, you may encounter the following known
issues:

KMS must be uninstalled and reinstalled in order to repair an installation.

KMS must be uninstalled prior to upgrading the Windows 2003 system to

any version of Windows Server codename Longhorn.

The KMS installer reports that installation was successful, even if the
installation was cancelled.

Key Management Service for Windows Server 2003

Uninstalling the KMS host service (sppsvc) while it is running indicates that
the service should be stopped. Clicking Abort instead of Continue leaves
the system in a confused state, necessitating a reboot of the system.

Sysprep on Windows Server 2003 does not reset the KMS service state.
Remove the package before running sysprep and then reinstall and
reconfigure it.

Obtaining Volume License Keys

Organizations that participate in any Volume License programs can obtain KMS
Keys from the following portals. Additional activations can also be requested from
the Microsoft Activation Call Center, below.

eOpen (https://eopen.microsoft.com/EN/default.asp)

Microsoft Volume Licensing Services (MVLS)

(https://licensing.microsoft.com/eLicense/L1033/default.asp)

Microsoft Activation Call Center - US Customers call 1-888-352-7140.

For international customers, contact your local support center.
For phone numbers of activation centers worldwide, go to the following URL:
http://www.microsoft.com/licensing/resources/vol/numbers.mspx
Customers will need to provide their Volume License agreement information
and proof of purchase when they call.

Activation Limits
By default, a KMS key can be used on up to 6 different KMS hosts, with up to 10
activations on the same hardware. The KMS key can be used on any combination
of Windows Vista KMS or KMS for Windows Server 2003 KMS hosts. Customers can
request an override or special exception to extend the activation limit by calling
their Microsoft Activation Call Center.

Important Note
You are responsible for both the use of keys assigned to you and the activation of
products using your KMS hosts.

You should not disclose keys to third parties.

You may not provide unsecured access to your KMS hosts over an
uncontrolled network such as the Internet.

Windows Vista Volume Activation 2.0 Technical Guidance

Deployment Guidance
The Deployment Guidance section provides step-by-step instructions for installing,
configuring and activating the Key Management Service for Windows Sever 2003.
For general considerations, read the following sections:

KMS Activation Technical Overview

Prerequisites for KMS Activation

KMS Host Sizing

Administrative Credentials

For installing and configuring the KMS package, read the following
sections:

Steps for Installing the KMS package on Windows Server 2003

Steps for Configuring KMS Activation

General Considerations
This section provides general considerations on implementing and deploying the
Key Management Service for Windows Server 2003.

KMS Activation Technical Overview

KMS for Windows Server 2003 does not require dedicated computers to run it, and
can be easily co-hosted with other services. A single KMS host can support
hundreds of thousands of KMS clients. Most organizations should be able to
operate with just two KMS hosts for their entire infrastructure, although
organizational considerations may dictate deployment of additional KMS hosts. See
the Key Management Service section in Windows Vista Volume Activation 2.0
Step-By-Step Guide for further details. KB article 929712 contains an overview of
Volume Activation 2.0, and has links to many pertinent downloads and additional
technical documentation.

Prerequisites for KMS Activation

You must download the Key Management Service for Windows Server
2003 package from the Microsoft Download Center.

You may need to configure the Key Management Service event log, which is
under the Applications log, to ensure it is large enough to accommodate the
volume expected in your organization. Each 12290 event, which occurs every
time a KMS client connects to the KMS host, requires approximately 1,000
bytes. You can set the log options and size in the Log Properties dialog box.

Key Management Service for Windows Server 2003

KMS Host Sizing

KMS host processing capacity should not be a limiting factor for virtually any size
organization. A single KMS host is capable of supporting hundreds of thousands of
KMS clients, and KMS requests are only a few hundred bytes each. In addition,
when attempting to activate, the client computer makes a KMS request every two
hours and only once every seven days when activated (these defaults are
configurable). Normally, a client computer activates with the initial request.
Following are some considerations for planning a KMS host:

KMS is compute-cycle intensive while actively processing requests. CPU usage

can momentarily reach 100 percent on a single-processor computer under a
heavy request load.

KMS memory usage can vary from approximately 10 MB to around 25 MB,

depending on the number of incoming requests.

Network overhead is minimal. Fewer than 250 bytes are sent in each direction
for a complete client-KMS exchange, plus TCP session setup and teardown. The
only additional network traffic is for auto-discovery, which usually occurs only
once per client computer, as long as the same KMS continues to be available for
subsequent renewals.

Large organizations may want to configure multiple KMS hosts for loadbalancing and redundancy, or to satisfy organizational needs.

Co-Hosting KMS
To minimize cost, many organizations prefer to co-host KMS along with other
functions. KMS is designed to support co-hosting. KMS can easily coexist with
common server roles, including domain controllers. It has a small resource
footprint during normal operation, although it can become compute-bound as
noted in the previous section. This is most likely to occur after a large deployment
of KMS clients or if most users start their computers in a short period. If CPU
consumption is an issue, KMS supports a low priority option.

Administrative Credentials
To complete any of the following procedures, you must be a member of the
Administrators group. All script functions must be run from a command prompt as
a local administrator.

Windows Vista Volume Activation 2.0 Technical Guidance

Steps for Installing the KMS package on Windows

Server 2003
To install and configure KMS hosts, perform the steps provided in the following
sections:

Install a KMS Package

Remove a KMS Package

Install a KMS Package

Install a KMS Package using the following procedure.
To install a KMS package
1. Install Windows Server 2003 SP1 or later on a suitable computer and configure
required roles.
2. Download You must download the Key Management Service for Windows
Server 2003 package from the Microsoft Download Center.
3. Launch the Key Management Service for Windows 2003 executable and
follow the instructions. Steps include:
a. Accepting the License Agreement
b. Updating the system
c. Completing the installation.

Remove a KMS Package

Remove a KMS Package using the following procedure.
To Remove a KMS Package
1. Stop the KMS host service by stopping the Software Protection Platform service
using the Services MMC snap-in or run the following command from a
command prompt using admininstrative permissions:
net stop sppsvc /y
2. Open Add or Remove Programs in Control Panel.
3. Select Key Management Service for Windows 2003 and click the Remove
button.

Key Management Service for Windows Server 2003

Steps for Configuring a KMS Activation

To install and configure KMS hosts, perform the steps provided in the following
sections:

Configuring KMS Hosts

To configure KMS publishing to DNS, see the KMS Publishing to DNS section
in Windows Vista Volume Activation 2.0 Step-By-Step Guide

To install, configure, deploy, and activate KMS clients, refer to the KMS
Clients section in Windows Vista Volume Activation 2.0 Step-By-Step
Guide.

Configuring KMS Hosts

Most KMS configuration settings are optional and should only be used if required
for the local environment. All settings require that you launch a command prompt
with administrator privilege and use the built-in slmgr.vbs script.

Enable a KMS Host and Activate Online

Enable a KMS Host and Activate Offline

Configure KMS optional parameters

Restart the KMS service

Enable a KMS Host and Activate Online

Enable a computer as a KMS host and activate online using the following
procedure.
To Enable a KMS Host and Activate Online

1. Ensure your computer is able to connect to the Internet.

2. Log on to the computer with administrator privileges and launch a command
prompt.
3. Run the following script to install your KMS key:
cscript C:\windows\system32\slmgr.vbs /ipk <KMS Key>
4. Run the following script to activate the KMS host with Microsoft using online
activation:
cscript C:\windows\system32\slmgr.vbs /ato
5. If no error was reported, the KMS host is now ready to be used by KMS clients
for activation. Additional configuration is optional and will usually not be
required. You can confirm your KMS license state and settings by running:
cscript C:\windows\system32\slmgr.vbs /dli

10

Windows Vista Volume Activation 2.0 Technical Guidance

Enable a KMS Host and Activate Offline

Enable a computer as a KMS host and activate offline using the following
procedure.
To Enable a KMS Host and Activate Offline
1. Log on to the computer with administrator privileges and launch a command
window.
2. Run the following script to install your KMS key:
cscript C:\windows\system32\slmgr.vbs /ipk <Volume Key>
3. Run the following script to obtain the Installation ID for offline activation:
cscript C:\windows\system32\slmgr.vbs /dti
4. Obtain a telephone number for your region by opening and searching the text
file C:\Windows\System32\SLUI\phone.inf
5. Telephone the Microsoft Activation Center and provide the Installation ID;
carefully record the corresponding Confirmation ID that is read back to you.
6. Run the following script to activate the KMS do not add spaces or punctuation
to the Confirmation ID:
cscript C:\windows\system32\slmgr.vbs /atp <Confirmation ID>
7. If no error was reported, the KMS host is now ready to be used by KMS clients
for activation. Additional configuration is optional and will usually not be
required. You can confirm your KMS license state and settings by running:
cscript C:\windows\system32\slmgr.vbs /dli

Configure KMS optional parameters

Configure optional parameters for a KMS host using the following procedure.
To Configure KMS optional parameters
1. Optionally configure the TCP communications port that the KMS host will
use by running: cscript C:\windows\system32\slmgr.vbs /sprt <port>.
KMS clients that use direct registration have to be configured accordingly.
Clients that use auto-discovery will automatically receive and configure the
port when they select a KMS host.
2. Optionally disable automatic DNS publishing by using the following script:
cscript C:\windows\system32\slmgr.vbs /cdns
3. Re-enable automatic DNS publishing using the following script:
cscript C:\windows\system32\slmgr.vbs /sdns
4. Optionally set the KMS host to process using lowered scheduler priority:
cscript C:\windows\system32\slmgr.vbs /cpri
5. Revert to normal priority:
cscript C:\windows\system32\slmgr.vbs /spri
6. Optionally set the activation interval that clients will use if not activated
(default is 120 minutes). Run the script:
cscript C:\windows\system32\slmgr.vbs /sai <ActivationInterval>

Key Management Service for Windows Server 2003

11

To Configure KMS optional parameters

7. Optionally set the renewal interval that the clients will use for periodically
extending their activation expiration (in minutes default is seven days).
Run the following script:
cscript C:\windows\system32\slmgr.vbs /sri <RenewalInterval>
Note

You must restart the KMS service for most changes to take effect.

Restart the KMS Service

Configuration changes generally require you to restart the KMS Service using the
following procedure before they take effect.
To Restart the KMS Service
1. Launch the Services snap-in from Administrative Tools in the Start menu. Select
the Software Protection Platform service and use the Stop and Start commands
to restart the service, or
2. Run the following command:
net stop sppsvc /y && net start sppsvc

12

Windows Vista Volume Activation 2.0 Technical Guidance

Operational Guidance
This section of the Step-by-Step guide provides operational guidance on
implementing Volume Activation 2.0.

Built-in Scripting Support

The built-in script, slmgr.vbs, is required to support KMS for Windows Server 2003.
This script can be run locally on the target system or remotely from another
computer. Examples provided in this guide presume local script use for simplicity.
You must supply all the parameters shown in brackets for remote use.
The general syntax is:
C:\>cscript C:\windows\system32\slmgr.vbs
<ComputerName><UserName><Password> <Option>
You can also run the script using wscript or use the default script engine by simply
running slmgr.vbs. If the script is invoked without specifying an option, usage
information will be displayed. If you do not specify user name and password, the
script takes the credentials of the user that runs the script.
Important notes:

Even for the display-only options, all script functions must be run from a
command prompt using administrator permissions.
Slmgr.vbs will display a privacy statement the first time it is used. An
administrator must agree to its terms in order to continue.
Note For more information about the Windows Vista Privacy Statement, see
http://go.microsoft.com/fwlink/?LinkId=52526.

To run the script remotely, the name of the target computer and credentials
with appropriate privileges are required. Services and ports to support remote
use must be configured, along with appropriate firewall exceptions. Refer to the
Remote Scripting Support section in Windows Vista Volume Activation 2.0
Step-By-Step Guide for instructions on using the script on remote Windows
Vista clients.

Key Management Service for Windows Server 2003

13

Microsoft Key Management Service MOM Pack

You can use the Microsoft Windows Key Management Service MOM Pack to manage
the KMS environment, to meet established availability requirements, and to
support extensive reporting of KMS activations.
The KMS MOM Pack is shipped separately. To download the KMS MOM Pack, go to
http://www.microsoft.com/technet/prodtechnol/mom/mom2005/catalog.aspx
Documentation provided with the MOM Pack discusses installation, configuration
and use of KMS rules on your MOM Server as well as the KMS reports on your MOM
Data Warehouse.

Known Issues with the MOM Pack

On 64-bit versions of Windows Server 2003, the MOM 2005 Agent (which is 32
bits) cannot see the version number stored in the registry. This value is used to
determine membership in the Computer Group defined by the KMS MOM Pack.
Without being joined in the Computer Group, the KMS will not provide data to the
MOM server's data warehouse. The registry value is created by slmgr.vbs when the
KMS is activated and is stored by default in the 64-bit view of the registry. There
are two ways to work around this issue; for details, see Appendix 1: Installing the
MOM 2005 Agent on 64-bit Systems.

KMS Health Monitoring

The KMS MOM Pack monitors the health of the KMS hosts by checking for error
conditions and availability. It alerts administrators when a potential problem is
observed. Alerts are generated for the following conditions:

KMS initialization failures

DNS SRV publishing failures

KMS host count is below a specified threshold

No KMS activity has occurred for designated periods

KMS Activity Reporting

A sample set of SQL reports is provided for use as a basis for extensive reporting
on activation. These reports are as follows:

Activation Count Summary: Shows the number of KMS activations for each
Windows edition and for several historical time ranges.

Virtual Machine Summary: Displays the number of unique virtual machines

and physical machines that have activated using KMS activations for each
Windows edition in the past 14 days.

KMS Activity Summary: Shows daily new KMS activations for each Windows
edition. The Total Requests chart shows daily KMS request activity, which
includes both activations and renewals, for each Windows edition. Additionally,
a list of all contributing KMS hosts is displayed, and the reports can be filtered
to display only the traffic from specified KMS hosts.

Licensing Status Summary: Shows the number of days left to expiration for
computers that have connected to a KMS for each of the license states.

14

Windows Vista Volume Activation 2.0 Technical Guidance

Machine Expiration Chart: Shows the number of computers that are in OOB,
OOT/Exp, or non-Genuine grace, whose users could be locked out (Unlicensed)
in the next 30 days.

Machine Expiration Detail: Lists the computers that are in OOB, OOT/Exp or
non-Genuine grace whose users could fall into Reduced Functionality Mode
(Unlicensed) in the next 7 days.

Backup Requirements
Back up is not required for KMS hosts. However, if you need to track the KMS
activations, you can periodically export the Key Management Service Event log
data under Applications for activation history.

Group Policy Support

All configuration and property data is supported by WMI and/or the Windows
registry, and can therefore, be managed with Group Policy. There are no GroupPolicy specific additions or changes for Volume Licensing.

Troubleshooting
This section provides guidance on troubleshooting issues that are specific to KMS
on Windows Server 2003. Refer to the Troubleshooting section in Windows Vista
Volume Activation 2.0 Step-By-Step Guide to diagnose Windows Vista
activation issues.

KMS Activation Troubleshooting Steps

The following table presents issues related to KMS activation.
Issue

Resolution

How can I tell if my KMS

host is activated?

Run the slmgr.vbs /dli script.

slmgr.vbs /ato returns an

error code.

If no error text is included, you can determine the

corresponding error message. See Mapping Error
Codes to Text Messages.

License Status: shows whether KMS is activated

(Licensed). KMS is only able to support client
activation while it is activated.

Table 8: KMS Troubleshooting Steps

Key Management Service for Windows Server 2003

15

Mapping Error Codes to Text Messages

Key Management Service on Windows 2003 does not include a graphical user
interface. However, many common error descriptions are included directly in
slmgr.vbs.
For errors without descriptions, you can run slui.exe on a Windows Vista computer
to map most activation-related error codes to corresponding text messages:
Slui.exe 0x2a 0x<error code>
This will display a dialog box with the error information.
For example, if event 12293 contains an error code 0x8007267C, you can
determine the corresponding error message by running the following command on
a Windows Vista computer:
Slui.exe 0x2a 0x8007267C
The message will display No DNS servers configured for local system.

Reviewing Activation Events

The Windows event log provides detailed logging of activation events. The event
provider name for all activation events is Microsoft-Windows-Security-LicensingSLC. All licensing events are found in the Windows Application event log except for
the KMS activity event 12290, which is in its own Key Management Service log
under the Applications log. For a detailed list of events, see Volume Activation 2.0
Technical Attributes.xls (available as a download in the VA 2.0 Technical
Documentation).

WMI Software Licensing Classes and Properties

The built-in script, c:\windows\system32\slmgr.vbs, uses Windows Management
Infrastructure (WMI) to access available WMI classes and properties. Use
slmgr.vbs /dli to display activation-related information. For a list of software
licensing classes and properties, see Volume Activation 2.0 Technical
Attributes.xls.

16

Windows Vista Volume Activation 2.0 Technical Guidance

Appendix 1: Installing the MOM 2005 Agent on

64-bit Systems
On 64-bit versions of Windows 2003, the MOM 2005 Agent (which is 32 bits)
cannot see the version number stored in the registry. This value is used to
determine membership in the Computer Group defined by the KMS MOM Pack.
Without being joined in the Computer Group, the KMS will not provide data to the
MOM server's data warehouse. The registry value is created by slmgr.vbs when the
KMS is activated, and is stored by default in the 64-bit view of the registry.
There are two ways to workaround this installation issue:

This problem can be mitigated by creating a custom Computer Group on the

MOM server that explicitly adds all KMS hosts for collection. This can be keyed
off of Machine Name or any other queryable property.

Run REGEDIT.EXE as an administrator. Copy the value of

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVe
rsion\SL\KeyManagementServiceVersion
into
HKLM\Software\wow6432node\Microsoft\WindowsNT\CurrentVersion
\SL\KeyManagementServiceVersion

Regardless of the workaround chosen, it is critical that all KMS hosts running the
64-bit version of the operating system have the same workaround applied.
Important note: This section contains information about how to modify the registry. Make sure to back
up the registry before you modify it. Make sure that you know how to restore the registry if a problem
occurs. For more information about how to back up, restore, and modify the registry, click the following
article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft
Windows registry.

Key Management Service for Windows Server 2003

17

Additional Resources

The Windows Vista Volume Activation 2.0 Step-By-Step Guide is

essential reading and a prerequisite for understanding the KMS on Windows
2003 Step-By-Step Guide. It is available at
http://www.microsoft.com/technet/windowsvista/plan/volact1.mspx

Download Technical Documentation and Other Supporting Materials

http://go.microsoft.com/fwlink/?LinkID=75674

For answers to frequently asked questions about Windows Vista Volume

Activation 2.0, refer to the Volume Activation 2.0 FAQ" in
http://www.microsoft.com/technet/windowsvista/plan/faq.mspx

A management pack is available for the Key Management Service for Microsoft
Operations Manager 2005. It is available at
http://www.microsoft.com/technet/prodtechnol/mom/mom2005/catalog.aspx

For a list of WMI methods, KMS registry keys, KMS events, KMS error codes,
and KMS RPC messages, refer to the Volume Activation 2.0 Technical
Attributes.xls in
http://www.microsoft.com/technet/windowsvista/plan/volact2.mspx

For information about the Microsoft Solution Accelerator for Business Desktop
Deployment (BDD):
http://www.microsoft.com/technet/desktopdeployment/bdd/2007/default.mspx

For a list of Volume License products available, go to:

http://www.microsoft.com/licensing/default.mspx