none
Help with KMS setup in a single domain with multiple child companys (Each company has their own license)

    Question

  • Good afternoon,

    I have been tasked with configuring KMS in our environment. I have found several helpful forums on how to do so and it all does seem very straight forward however, in my particular case we are using 1 domain (internally) :domain.local: but we manage 14 different companies total in this single internal domain. Each physical location has a local DC on site & everything is kept nice and clean using OU's. My challenge is  we recently upgraded to Windows 7, the Admin purchased KMS keys for EACH separate company rather then under one large corporation.

    With that being said, it appears so long as I own the licenses this shouldn't be an issue and I can let one KMS host activate all my clients is that correct? My next issue is we are using Office 2010 as well, same thing here "All the keys are registered per company" Will this be an issue moving forward?

    Can I just pick a key off my list and install a KMS Host for my Servers/Windows 7 Clients/Office 2010 or do I need to disable (DNS Publishing) and point each PC to their local Domain controllers using (slmgr.vbs /skms <server>:1688) via a one time startup script? Then configure each local DC with its licenses key "according to company" to service the clients?

    That will take more work no problem but my next question to that is (Not every location has more then 25 PC's) so will a KMS even work if I had to do it that way?

    I hope I was detailed enough that someone can help me out here. I have already used the /rearm command just to get my 30day eval to reset. Since some PC's are showing up as "unlicensed now". I need to get this resolved ASAP and I just want to be sure I am going about this the correct way.

    Thank you,

    Monday, November 04, 2013 9:17 PM

Answers

  • Hi,

    the MS documentation says that as long as you are entitled/licensed for the products, then it doesn't matter which company/agreement product keys (or KMS) you use.

    So, yes, you can choose any one of the KMShost product keys, setup your KMShost with that single key, and have all machines discover that single KMShost via DNS, and activate to that single host, and be compliant with your agreement/s.

    KMS network traffic is very lightweight, and the KMShost service adds very little processing burden on the host machine.

    Each KMShost requires 25 Windows KMSclients before it will begin issuing activations to Windows client OS's, so it sounds like you would need to aggregate the solution for the smaller (<25) sites anyway.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by Ben282 Monday, November 04, 2013 11:01 PM
    Monday, November 04, 2013 10:22 PM

All replies

  • Hi,

    the MS documentation says that as long as you are entitled/licensed for the products, then it doesn't matter which company/agreement product keys (or KMS) you use.

    So, yes, you can choose any one of the KMShost product keys, setup your KMShost with that single key, and have all machines discover that single KMShost via DNS, and activate to that single host, and be compliant with your agreement/s.

    KMS network traffic is very lightweight, and the KMShost service adds very little processing burden on the host machine.

    Each KMShost requires 25 Windows KMSclients before it will begin issuing activations to Windows client OS's, so it sounds like you would need to aggregate the solution for the smaller (<25) sites anyway.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by Ben282 Monday, November 04, 2013 11:01 PM
    Monday, November 04, 2013 10:22 PM
  • Don,

    I appreciate the reply, I actually left the service on and didn't disable the DNS Publishing, I noticed when I ran "slmgr /dlv" I got the following

    Key Management Service is enabled on this machine
        Current count: 9
        Listening on Port: 1688
        DNS publishing Enabled
        KMS priority: Normal

    Key Management Service cumulative requests received from clients
        Total requests received: 392
        Failed requests received: 0
        Requests with License Status Unlicensed: 0
        Requests with License Status Licensed: 1
        Requests with License Status Initial grace period: 376
        Requests with License Status License expired or Hardware out of tolerance: 0

        Requests with License Status Non-genuine grace period: 0
        Requests with License Status Notification: 15

    How come only 1 got licensed, my understanding is the clients check in every 2 hours or so until they are activated then every 180days correct?

     

    Monday, November 04, 2013 11:16 PM
  • Key Management Service cumulative requests received from clients
        Total requests received: 392
        Failed requests received: 0
        Requests with License Status Unlicensed: 0
        Requests with License Status Licensed: 1
        Requests with License Status Initial grace period: 376
        Requests with License Status License expired or Hardware out of tolerance: 0

        Requests with License Status Non-genuine grace period: 0
        Requests with License Status Notification: 15

    How come only 1 got licensed, my understanding is the clients check in every 2 hours or so until they are activated then every 180days correct?

    everything below the bold/italic line, is reflecting the state a KMSclient *was* in when it contacted the KMShost and requested activation/renewal - it *isn't* the state the KMSclient went away with.
    So, you had one client which was already in "licensed" state, when it contacted the KMShost.

    The important counter is the "Current count", you're running at 9, which means you have a few more to get to the 25 you need. (9 is enough for Windows Server OS, for that you only need 5).

    KMSclients will attempt to contact a KMShost, on different cycles, depending on the licensing state of that KMSclient. They will also attempt to contact the KMShost at every machine restart, regardless of the cycle.

    180days isn't a contact-cycle, that's the maximum for a KMSclient to be out of contact with a KMS, at which time the client will transition into Notification mode.

    In my organisation, where there is a big mix of Servers, Workstations, Laptops, and Office - all restarting at different times and moving around (or not for servers ;), the KMShost is constantly seeing the same clients attempting contact and renewing activations.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Tuesday, November 05, 2013 12:18 AM
  • Can you tell us where this MS documentation can be found? I have the same problem but the information I got from my co-worker was that this possibility (1 KMS host for all companies) isn't allowed.

    Friday, December 13, 2013 8:33 AM
  • Can you tell us where this MS documentation can be found? I have the same problem but the information I got from my co-worker was that this possibility (1 KMS host for all companies) isn't allowed.

    http://technet.microsoft.com/en-us/library/dd981009.aspx

    Your Activation Infrastructure can be Shared across Your Organization

    As long as your individual systems are licensed properly, your activation infrastructure can be shared across your entire organizational environment. We understand that in large organizations, software can be purchased through multiple channels and under various licensing agreements and terms. However, Microsoft activation has been designed in such a way that a single activation method can be used for software acquired through any number of different licensing arrangements that your company may have. For example, a KMS host can activate any volume licensing version of Windows 7 or Windows Server 2008 R2, whether that volume license came from a volume license program like Software Assurance or from an MSDN subscription; the only requirement is that the individual system be able to connect to the KMS host.

    Also:

    http://technet.microsoft.com/en-us/library/ff678211(v=office.14).aspx

    If a “child” company (owned by a “parent” company) has an individual agreement, can the parent company use the same key (such as a Windows Server 2008 Standard/Enterprise R2 KMS key) to deploy Windows 7 and Windows Server 2008 R2 across both companies?

    Although they can choose to do so, customers do not have to use keys provided under a specific Licensing ID (agreement, enrollment, affiliate, or license) with the licenses specified under that Licensing ID. Customers have this flexibility so that they can centrally manage their deployment/image. They can choose to use keys specific to agreements/licenses or one set of keys for all.


    Can I expose my KMS host to the Internet so my outside users can activate against it?

    You are responsible for both the use of keys assigned to you and the activation of Office 2010 clients through your KMS hosts. You should not disclose keys to non-Microsoft parties, and you must not provide unsecured access to your KMS over an uncontrolled network such as the Internet.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)


    • Edited by DonPick Friday, December 13, 2013 10:15 AM
    Friday, December 13, 2013 10:15 AM