Remove From My Forums

SCCM/KMS: Clients don't connect to KMS host

Question
0

Sign in to vote

Hi all,

I hope I didn't pick the very wrong forum for this topic.
Currently I'm having the issue that my clients, being deployed with SCCM 2007, don't connect to my KMS host which is running on the same machine as SCCM does which means that the clients can connect to this machine/IP without any problems.

In the task sequence I'd added the Windows 7 to use with a KMS host. In the KMS' configuration I'd added the KMS key for activating the Windows licenses.
We'd also added the appropriate DHCP-options and followed every how to we had found.

Does anybody have a clue where the problem is ?

Thursday, January 20, 2011 3:30 PM

Answers

0

Sign in to vote
So, yes Win 7 clients by default are KMS clients -- they essentially have the KMS Client Key built in. In Vista it was actually in a file called pid.txt in the source directory of the meida but they have now "hidden" this somewhere else.

"And this key I had requested by our software cooperative who also told me that we still can activate up to XXX Windows installations when using the key provided by him."

If the ket you got will only activate a certain number of clients, then it is not a KMS host key. KMS Host keys simply activate a KMS Host which have unlimited activations. MAK keys are limited to a specific number of activations so I suspect this is what you actually have.

What does "slmgr -dlv" output?
Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
- Proposed as answer by Anoop C NairMVP Friday, January 21, 2011 3:34 PM
- Marked as answer by Yog Li Tuesday, February 8, 2011 10:22 AM
Friday, January 21, 2011 3:31 PM

All replies

0

Sign in to vote

Stupid question here but do machines not deployed via OSD connect to KMS okay?

John Marcum | http://myitforum.com/cs2/blogs/jmarcum/|

Thursday, January 20, 2011 3:51 PM
0

Sign in to vote

Which key are you using on the clients? The one you got off your MVLS site?

What do the logs say on the client (Windows system log) and on the KMS host (there is a separate KMS log)?

Is the KMS server properly registered in DNS?

DHCP has no role in KMS activation so not sure what you did there?

What does this statement mean in technical terms: "In the KMS' configuration I'd added the KMS key for activating the Windows licenses"? Does it mean you used slmgr.vbs to add the KMS key?

Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

Thursday, January 20, 2011 8:42 PM
0

Sign in to vote

Hi all,

@John: no, obviously no machine connects since I don't see any entries/machines in KMS. When adding them manually and trying to update their details I get an error that KMS wasn't succesful in doing so.

@Jason: For the clients I used the key mentioned on http://news.softpedia.com/news/Access-Windows-7-KMS-Client-Setup-Keys-117216.shtml : Windows 7 Professional FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Although I think that this key is only needed when changing a MAK client to a KMS client. Windows 7 seems to use Windows Server 2008 KMS for activation by default.

KMS should be properly registered, yes. For setup and configuration I followed this guide: http://www.server-talk.eu/2008/10/19/how-to-key-management-service-kms-mit-windows-server-2008/ .

Concerning the key in KMS: As I understand KMS need it's own key - KMS-key - which activates KMS and legitimates it's activation of the clients. And this key I had requested by our software cooperative who also told me that we still can activate up to XXX Windows installations when using the key provided by him.
And yes: I used slmgr.vbs succesfully and followed the steps on http://www.sepago.de/d/thorsten/2009/03/19/aufbau-einer-kms-infrastruktur succesfully (look below the table of Windows volume product groups).

I forgot to mention that KMS/SCCM and the clients are in different VLANs (Server VLAN and client VLAN). Could this be a reason for the connectin issues ?

@John: Where can I find the appropriate logfiles ?

Friday, January 21, 2011 8:59 AM
0

Sign in to vote
So, yes Win 7 clients by default are KMS clients -- they essentially have the KMS Client Key built in. In Vista it was actually in a file called pid.txt in the source directory of the meida but they have now "hidden" this somewhere else.

"And this key I had requested by our software cooperative who also told me that we still can activate up to XXX Windows installations when using the key provided by him."

If the ket you got will only activate a certain number of clients, then it is not a KMS host key. KMS Host keys simply activate a KMS Host which have unlimited activations. MAK keys are limited to a specific number of activations so I suspect this is what you actually have.

What does "slmgr -dlv" output?
Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
- Proposed as answer by Anoop C NairMVP Friday, January 21, 2011 3:34 PM
- Marked as answer by Yog Li Tuesday, February 8, 2011 10:22 AM
Friday, January 21, 2011 3:31 PM
0

Sign in to vote

The absence of a key for Windows 7 Professional/Enterprise will prompt the OS to automatically look for a KMS server and activate, so no key is needed for deployment.

Also, what happens when you manually try to activate? Start -> Run -> CMD -> slmgr -ato?

Next try specifying the KMS server by running slmgr -skms <kmsserver>:<kmsport> before running slmgr -ato

If this works then it's possible that there are multiple machines that are responding to KMS replies, none reaching the activation threshold, and none being the machine you are actually wanting to serve requests.

I've seen this happen with a KMS key was incorrectly used to activate machines instead of being KMS clients resulting in multiple KMS hosts.

Friday, January 21, 2011 3:34 PM
0

Sign in to vote

So, yes Win 7 clients by default are KMS clients -- they essentially have the KMS Client Key built in. In Vista it was actually in a file called pid.txt in the source directory of the meida but they have now "hidden" this somewhere else.

"And this key I had requested by our software cooperative who also told me that we still can activate up to XXX Windows installations when using the key provided by him."

If the ket you got will only activate a certain number of clients, then it is not a KMS host key. KMS Host keys simply activate a KMS Host which have unlimited activations. MAK keys are limited to a specific number of activations so I suspect this is what you actually have.

What does "slmgr -dlv" output?

Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

Hi Jason,

no I received a KMS key. It is only company wide limited to a certain amount of activations (SA ?!). I know the difference between KMS and MAK and like to install some machines with the appropriate methods. But currently it's the KMS thing which is not working.

slmgr -dlv says:

[...]
Key Management Service is is enabled on this machine.
Current count: 0
Listening on port: 168
DNS Publishing enabled
KMS priority: normal

Key Management Service cumulative requests received from clients
Total requests received: 14
Failed requests received: 415
[...] (the following entries have the value "0")
Requests with License Status Notification: 14

I'll try Jamie's hint by leaving out the activation key in my task sequence (will modify it) and retry it.
I'll respond to your questions after next week to post my results, since I'll be out of office :)

Thanks so far !

Friday, January 21, 2011 3:45 PM
0

Sign in to vote

What OS is hosting the KMS currently?

While your EA agreement may limit the number of licenses of Win7that you may deploy, a KMS Host will never technically limit activations
Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

Friday, January 21, 2011 4:01 PM
0

Sign in to vote
This is not a true statement:

"The absence of a key for Windows 7 Professional/Enterprise will prompt the OS to automatically look for a KMS server and activate, so no key is needed for deployment."

See http://technet.microsoft.com/en-us/library/ff793421.aspx: "In volume installations, the setup key is installed by default, which makes the system a KMS client."

Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
- Marked as answer by Nicholas Li Tuesday, February 8, 2011 10:03 AM
- Unmarked as answer by Nicholas Li Tuesday, February 8, 2011 10:04 AM
Friday, January 21, 2011 4:03 PM
0

Sign in to vote

Also, how many clients do you have trying to activate?

There is a threshold of 25 clients before any will successfully activate.

From the output above, it looks like you only have 14.
Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

Friday, January 21, 2011 4:05 PM
0

Sign in to vote

This is not a true statement:

"The absence of a key for Windows 7 Professional/Enterprise will prompt the OS to automatically look for a KMS server and activate, so no key is needed for deployment."

See http://technet.microsoft.com/en-us/library/ff793421.aspx: "In volume installations, the setup key is installed by default, which makes the system a KMS client."

Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
Hmm, isn't that stating the same thing? Since the key is installed by default, not specifying a key will direct Windows setup to use the preinstalled KMS key? As stated in your document, the only time you use a key is if you convert from one to another:
By default, the Windows 7 and Windows Server 2008 R2 operating systems use KMS for activation. In volume installations, the setup key is installed by default, which makes the system a KMS client. If you are converting a computer from a KMS host, MAK, or retail edition of Windows to a KMS client, install the applicable setup key (GVLK) from Table 9 using slmgr /ipk "setup key".
Perhaps a better statement would have been: "Since the KMS key is installed by default no key needs to be specified during setup if you are attempting to activate through KMS"

Friday, January 21, 2011 4:25 PM
0

Sign in to vote

Also, how many clients do you have trying to activate?

There is a threshold of 25 clients before any will successfully activate.

From the output above, it looks like you only have 14.

Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
Current count should also show 14, however it will only activate clients once that count reaches 25. 25 for Workstations OS (Vista/7) 5 for Server OS(2008/2008 R2) 5 for Office (Office 2010) if you have the Office KMS installed.

The counts max out at double the activation threshold.

Regardless, I would attempt to manually activate a client using "slmgr -ato" to rule out network connectivity and DNS resolution to the KMS server. Also, the default port is 1688 and I see you are using 168. Is this specified also in DNS?

Friday, January 21, 2011 4:27 PM
0

Sign in to vote

Jamie,

Yes, you are correct. I read your statement incorrectly.
Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

Friday, January 21, 2011 5:26 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

SCCM/KMS: Clients don't connect to KMS host

Question

Answers

All replies