none
KMS clients using KMS host in trusted domain rather than joined domain

    Question

  • I have a customer with two domains.  They trust each other and each has a KMS host to volume activate Windows and Office.  I'm getting reports of clients on domain 1 trying to use domain 2's KMS host and vice versa.  These clients are showing expiration dates for the OS and are not activating.  Each domain has the proper _VLMCS service record in their respective DNS.  Why is this happening?  
    • Edited by PhilipD86 Wednesday, September 25, 2013 8:52 PM
    Wednesday, September 25, 2013 8:51 PM

Answers

  • check the DNS setups at the clients.

    KMShost/KMSclient doesn't care about domain membership at all, it uses DNS only.

    KMSclients will perform auto-discovery via DNS (looks for the _VLMCS._TCP RR's) and the KMSclient will locally cache whatever it gets back from DNS, and the client won't perform discovery again until an activation attempt is failed.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by PhilipD86 Thursday, September 26, 2013 9:00 PM
    Thursday, September 26, 2013 11:14 AM

All replies

  • Assuming you've configured DNS according to these steps or these steps, perhaps the TCP port 1688 inbound/outbound is blocked between the KMS and clients requiring activation?
    • Edited by 'sm Wednesday, September 25, 2013 9:42 PM
    Wednesday, September 25, 2013 9:39 PM
  • Does the computer list both DNS in the IP configuration ?


    MCP | MCTS - Exchange 2007, Configuring | Member of TechNet Wiki Community Council | French Moderator on TechNet Wiki (Translation Widget)

    Thursday, September 26, 2013 2:00 AM
  • check the DNS setups at the clients.

    KMShost/KMSclient doesn't care about domain membership at all, it uses DNS only.

    KMSclients will perform auto-discovery via DNS (looks for the _VLMCS._TCP RR's) and the KMSclient will locally cache whatever it gets back from DNS, and the client won't perform discovery again until an activation attempt is failed.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by PhilipD86 Thursday, September 26, 2013 9:00 PM
    Thursday, September 26, 2013 11:14 AM
  • DonPick, you were right.  Thanks!
    Thursday, September 26, 2013 9:00 PM