Moving your Key Management Server (KMS) to another server or host

Do you know which server hosts your KMS? By default it’s the first Windows 2008 Server server that you introduced into your domain infrastructure. But do you know which server that was? Because of the confusion that existed when Microsoft introduced their KMS licensing, you probably have no problem activating your Windows servers. Initially everybody just used their KMS key as a VLK and put it on every server making every server a KMS host in the process. It’s now been 3 years since the system was introduced, so I presume you admins all got this part of you infra in order and you know the slmgr.vbs utility =) Otherwise, read this and this first.

These are the slmgr.vbs parameters available on a KMS client:

These are the parameters available on a KMS server/host:

Now, I wanted to move my KMS server to another server. It still ran on the first Windows 2008 Server server and it needs to move to a dedicated (license) server. I also wanted to (still) use a DNS SRV record to let other servers find the KMS host through DNS. I didn’t want to change this ever again, so I created a CNAME record named KMS and pointed that to the new KMS host. These are the steps you need to do (in an elevated prompt mostly):

  • (DNS) Create a CNAME record named KMS and point it to your new KMS host.
  • (OLD KMS) slmgr -cdns => Disable DNS publishing
  • (OLD KMS) slmgr -upk => Uninstall Product Key
  • (OLD KMS) slmgr -cpky =>Clear Product Key from registry
  • (NEW KMS) slmgr -upk => Uninstall product key
  • (NEW KMS) slmgr -ipk <YOUR KMS KEY> => Install KMS key. This will  make this server the new KMS host.
  • (NEW KMS) slmgr -ato => Activate Windows. This will activate the new KMS host.
  • (NEW KMS) slmgr -sdns => Enable DNS publishing.
  • (NEW KMS) slmgr -dlv => Display license info. Check if everything is OK.
  • (NEW KMS) slmgr -xpr => Expiration date. The server should be permanently licensed.
  • (NEW KMS) reboot
  • (OLD KMS) reboot
  • (OLD KMS) slmgr -ipk <KMS Client Key for this Windows Edition>. All keys are publicly available and can be found here. You might get an activation error when you rebooted. Just put in the correct KMS Client Product Key.
  • (DNS) Check if a new SRV record named _VLMCS is created in DNS that points to you new KMS host. You can find it in <server name>\Forward Lookup Zones\<domain name>\_tcp\. Change the record to point to your CNAME record (kms.<your DNS Domain name>). Delete the SRV record that points to you old KMS host. To speed things up, do this on every DNS server manually.
  • (OLD KMS) ipconfig/flushdns => Flush the local DNS cache.
  • (OLD KMS) nbtstat -RR => Flush the local NETBIOS cache.
  • (OLD KMS) slmgr -ato => Activate Windows. This will activate this Windows client against the new KMS host.
  • (OLD KMS) slmgr -dlv => Review the license details.
  • (OTHER WINDOWS SERVERS) repeat the previous 4 steps.
When you receive an error 0xC004F038 saying ‘The returned count from your Key Management Service is insufficient’ you can find more info here.
You’ll just have to activate more Windows servers against this KMS host and the error will resolve itself. A KMS hosts will not work for less then 5 servers to prevent ‘pirated’ use in home/lab networks.
If you have servers that are not in your domain and you want to activate them, the SRV record in DNS might not be found. Use the command ‘slmgr -skms <kms server FQDN>:1688’ to force the KMS host address on that server.
Advertisements

About Yuri de Jager
Technology Addict

14 Responses to Moving your Key Management Server (KMS) to another server or host

  1. Chris says:

    Great guide. Thanx

  2. Scott S says:

    Why are you creating a CNAME in DNS? The SRV record the new KMS host automatically creates should be sufficient. There is nothing in Microsoft’s documentation that mentions anything about a CNAME for KMS (see: http://technet.microsoft.com/en-us/library/ff793405.aspx)

    • Yuri de Jager says:

      It is sufficient. A CNAME record is all about making things easy. I create them so I wont ever have to think about on which server a particular service/app is installed. Just like I create CNAME records for wsus, mail, etc.

  3. PaulB says:

    Nice guide. Any reason you couldn’t change the current _VLMCS record to the new KMS Cname first, then disable DNS publishing on both old and new Servers? this would seem to alleviate a couple of minor steps.. Or are there other configuration considerations that impact when it creates the SRV records?

    • Hi Paul. A very sharp observation. It’s been a while since I wrote this. Reading it again, doesn’t ring any bells on my reason to do it this way. So I recon your remarks are a valid ‘tweak’ to this guide. Thanks!

  4. Harry says:

    Hi all,
    What will happen with the clients? Like windows 7 with office 2010, do they work automatically with the new KMS server?
    What happens if you use new license keys as well? What is the impact on the end user / W7?
    Any experience here?
    Can you use KMS server cross forrest/domain (computer is in forest A and KMS is in forest B with full transitive trusts in between?)

    Thanks

    • Jordi says:

      Good job.
      I’ve the same doubts as Harry. I must migrate to different KMS host and key.
      What about threshold counter in new KMS server.
      Will our +1000 Office 2010 and W7 beeing poping up extrange messages when changing DNS records???
      Any references?

    • Pepedor says:

      I’m wondering this same here. Will this change affect end users in any way?

  5. Mayank Kapoor says:

    I’m doing a KMS migration from server 2003 to server 2008 / not sure if it will impact users while i am doing this also do i need to remove License keys for Win 7 , Office 2010 , server 2008 before i move then to new or will it cause issues if not removed from old KMS.

    anyone?

  6. Cristian says:

    Hi all! I need to move the KMS Host from one domain to another in the same forest. Any idea? Thanks in advance!

  7. cividan says:

    very good post, this option helped me refresh client so they point to the new KMS server: slmgr -cpky

  8. Pingback: Microsoft KMS Server Setup

  9. Pingback: Activating Windows via KMS | Chase’s Notes

  10. Pingback: Microsoft KMS / VAMT v2.x and v3.x – Error 0x80070054 – Storage to process this request is not available – blog – Alexander Ollischer | Citrix | Microsoft

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: