This section includes procedures for installing and configuring computers as KMS hosts.
Installing KMS Hosts
Install and activate a computer as a KMS host using the following procedure.
To install KMS hosts for KMS activation
1.
Choose and install the desired volume licensed media. No product key is required during setup.
2.
Start the computer, log on, and launch a command window with elevated privileges.
3.
Install your KMS key. Do not use the Windows interface for this. Run the following script: cscript C:\windows\system32\slmgr.vbs -ipk <Volume License Key>
4.
Activate the KMS host with Microsoft, either using online activation or telephone activation: - For online activation (You must be able to access the Internet from the computer), run the following script: cscript C:\windows\system32\slmgr.vbs -ato - For telephone activation (if you do not have access to the Internet), run the following command and follow the on-screen instructions: slui.exe 4
The KMS host is now ready to be used by KMS clients for activation. Additional configuration is optional and will usually not be required.
Configuring KMS Hosts
All KMS configurations are optional and should only be used if required for the local environment. All configuration options require that you launch an elevated command prompt and use the built-in script.
To configure KMS hosts for KMS activation
1.
Optionally configure the TCP communications port that the KMS host will use by running: cscript C:\windows\system32\slmgr.vbs -sprt <port> KMS clients that use direct registration have to be configured accordingly. Clients that use auto-discovery will automatically receive and configure the port when they select a KMS host. Remember to restart the slsvc.exe service or restart the computer if you want this to take effect immediately.
2.
Optionally disable automatic DNS publishing by using the following scripts: cscript C:\windows\system32\slmgr.vbs -cdns Re-enable automatic DNS publishing using the following script: cscript C:\windows\system32\slmgr.vbs -sdns
3.
Optionally set the KMS host to process using lowered scheduler priority: cscript C:\windows\system32\slmgr.vbs -cpri Revert to normal priority: cscript C:\windows\system32\slmgr.vbs –spri
4.
Optionally set the activation interval that clients will use if not activated (default is 120 minutes). Run the script: cscript C:\windows\system32\slmgr.vbs -sai <ActivationInterval>
5.
Optionally set the renewal interval that the clients will use for periodically extending their activation expiration (in minutes – default is seven days).
6.
Run the following script: cscript C:\windows\system32\slmgr.vbs -sri <RenewalInterval>
Note You must restart the KMS service (or the computer) for changes to take effect. To restart the KMS service, you can use the Services snap-in or run these commands in an elevated command window (answer Y when prompted): net stop slsvc && net start slsvc
KMS Publishing to DNS
KMS publishing allows clients to automatically locate a KMS (called auto-discovery) with zero client configuration. Clients automatically use DNS auto-discovery if they have not been registered to use a specific KMS.
KMS Publishing to DNS Overview
KMS hosts automatically attempt to publish their existence in SRV Resource Records as defined in RFC2782 (http://www.ietf.org/rfc/rfc2782.txt). SRV records can contain multiple entries. These include DNS Address records, which provide the fully qualified domain name for their KMS service providers, as well as attributes, namely priority, port, and weight. KMS only supports the port attribute – priority and weight are ignored.
KMS publishes its host name (A record) and port in the SRV record. Clients query DNS and retrieve a list of KMS SRV records. They select a KMS host randomly from this list and then attempt to use this information to connect to the KMS. If the connection is successful, the KMS location is cached for subsequent connections. Otherwise, the process repeats until the client is able to connect to a KMS or until the list is exhausted.
Advantages of using SRV records include:
•
Does not require the use of Active Directory
•
Is not limited to Active Directory forests
•
The KMS host’s TCP port number is configurable without having to touch the clients.
Site affinity, DNS priority, DNS weight, or other optimizations are not supported by KMS in the Vista release. One way to control which KMS host will be used by clients that use DNS auto-discovery is to use different SRV records for different DNS domains. Alternatively, you would need to use direct KMS registration on each client computer.
Publishing is enabled by default as soon as a computer is configured as KMS. It attempts to self-publish its location and port in its own DNS domain. Publishing can be disabled by setting the registry value DisableDnsPublishing, as described in Configure KMS hosts for KMS Activation. System administrators can also create a list of DNS domains that a KMS host will use to automatically publish their SRV records, see Automatically publish KMS in additional DNS domains.
For KMS publishing to work, the DNS system must support Dynamic updates (DDNS). It may also be necessary to configure DNS security so that KMS hosts have the required permissions to create or update these records. For more information about DDNS, see http://www.ietf.org/rfc/rfc2136.txt. Windows servers support DDNS, starting with Windows 2000, as do versions of BIND8.x and later.
A KMS host will automatically update its SRV entries if the software licensing service (slsvc.exe) detects that the computer name or TCP port has changed during service startup. It will also update them once each day, in order to ensure that they are not automatically removed (scavenged) by the DNS system.
Not all DNS systems support SRV publishing. In these cases, it is necessary to create or copy the SRV record manually. This can readily be accomplished from a command line or by scripting.
Prerequisites for KMS Publishing to DNS
To complete this task, ensure that you meet the following requirements:
•
The following procedures assume you are using Active Directory and DNS service. Configuring non-Microsoft DNS services, for example, BIND 9.x, is outside the scope of this guide. However, it should always be possible to configure SRV records manually.
•
Clients that will need access to KMS hosts across another domain or forest are able to do so.
•
If you are using Active Directory and Microsoft’s DNS server, you must be a member of the Domain Administrators group, have delegated privileges, or have arranged for the procedures to be carried out by the authority responsible for DNS in your organization. Equivalent requirements apply for non-Microsoft DNS services.
Known Issues for KMS Publishing to DNS
KMS publishing has been successfully tested with BIND 9.x. Any server that supports DDNS and SRV resource records per the RFCs should support KMS publishing. Any deployment that is using a non-Microsoft DNS should be fully tested before use in production.
Steps for Configuring KMS Publishing to DNS
To configure DNS in Active Directory, complete the following tasks:
If you are using only one KMS host, you may not need to configure any permission, because the default behavior is to allow a computer to create an SRV record and then update it. However, if you have more than one KMS hosts (the usual case), the others will be unable to update the SRV record unless SRV default permissions are changed. This procedure is an example that has been implemented in the Microsoft environment. It is not the only way to achieve the desired result. Detailed steps for each of the tasks are not provided, because they may differ from one organization to another.
2.
If you are a domain administrator and want to delegate the ability to carry out the following steps to others in your organization, optionally create a security group in Active Directory and add the delegates, for example, create a group called Key Management Service Administrators, and then delegate permissions to manage the DNS SRV privileges to this security group. The remainder of this procedure assumes that either a domain administrator or delegate is performing the steps.
3.
Create a global security group in Active Directory that will be used for your KMS hosts, for example, Key Management Service Group.
4.
Add each of your KMS hosts to this group. They must all be joined to the same domain.
5.
Once the first KMS host is created, it should create the SRV record. Add each KMS host to this security group.
6.
If the first computer is unable to create the SRV record, it may be because your organization has changed the default permissions. In this case, you will need to create the SRV record manually with the name _VLMCS._TCP (service name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes).
7.
Set the permissions for the SRV group to allow updates by members of the global security group.
To automatically publish KMS in additional DNS domains
1.
On the KMS host, create the following registry key, using regedit.exe.
2.
Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL
Value Name: DnsDomainPublishList
Type: REG_MULTI_SZ
Value Data: Enter each DNS Domain that KMS should publish to on separate lines.
Important note: This section contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 (http://support.microsoft.com/kb/256986/) Description of the Microsoft Windows registry.
It is useful to export the registry key for later use or to import into another KMS host.
3.
Restart the Software Licensing Service and the records should be created immediately.
The application event log will contain a 12294 event for each successfully published domain and a 12293 event for each unsuccessful domain publishing attempt.
4.
For the 12293 event, the failure code can be diagnosed by running the following:
This section includes procedures for installing and configuring computers as KMS clients.
Install KMS clients
Install KMS clients using this procedure.
To install KMS clients for KMS activation
1.
Choose and install the desired volume licensed media. No product key is required during setup.
2.
If you use DNS auto-discovery, no further configuration is required.
3.
For domain-joined computers, the DNS auto-discovery of KMS requires that the DNS zone corresponding to either the primary DNS suffix of the computer or the Active Directory DNS domain contain the SRV resource record for a KMS.
4.
For workgroup computers, DNS auto-discovery of KMS requires that the DNS zone corresponding to either the primary DNS suffix of the computer or the DNS domain name assigned by DHCP (option 15 per RFC 2132) contain the SRV resource record for a KMS.
Configuring KMS Clients
Configure KMS clients using this procedure.
To configure KMS clients for KMS activation
1.
Configuration is only required for KMS clients that will use direct registration with their KMS host. Direct registration overrides DNS auto-discovery. Configuration can be scripted to run remotely and can use Group Policy or logon scripts, assuming that:
•
The required services are enabled on the computer.
•
The port used for KMS communications is not blocked in firewalls or routers.
•
Access permissions are set correctly. (All methods that are implemented in WMI or through the registry require Administrator privileges unless standard user activation has been enabled).
2.
On the KMS client, register the KMS host's fully qualified domain name (FQDN), for example kms03.site5.contoso.com and, optionally, the TCP port used to communicate with KMS (if you are not using the default):
To re-enable auto-discovery for a client computer that was registered to use a specific KMS, run the following built-in script:
cscript \windows\system32\slmgr.vbs –ckms
Deploying KMS Clients
Deploy KMS clients using this procedure.
To deploy KMS clients for KMS activation
1.
Run sysprep /generalize immediately prior to shutting down your deployment reference image. This resets the activation timer, security identifier, and other important parameters. Resetting the activation timer is important to prevent images from requiring activation immediately after starting first boot. Note that running Sysprep does not remove the installed product key and you will not be prompted for a new key during mini-setup.
2.
Use an imaging technology that is compatible with Windows Vista.
3.
Deploy using standard techniques such as disk duplication or WDS .
Activating a KMS Client Manually for KMS Activation
You can activate a computer that uses KMS activation with thefollowing procedures. Note that KMS clients attempt to activate automatically at preset intervals. However you may wish to be sure that some clients (mobile clients, for instance) are activated before distributing them.
To activate a KMS client manually using the Windows interface
1.
Open System properties in Control Panel.
If you are prompted for permission, click Allow.
2.
Click Click here to activate Windows now.
This launches the activation wizard. If you are prompted for permission, click Allow.
If your computer has access to the network and a KMS, Windows reports that activation was successful.
If the activation fails, the wizard reports the failure. For activation to occur, it is necessary for 25 computers to be present. Until that happens, activation will fail with error code 0xC004F038.
To activate a KMS client manually using a script
1.
Launch a command window (with elevated privileges if not running as Administrator).
2.
Run the following script to activate: cscript \windows\system32\slmgr.vbs –ato
The script reports activation success or failure, along with a result code.
If you were unable to activate, the wizard will report the failure. For activation to occur, it is necessary for 25 computers to be present. Until that happens, activation will fail with error code 0xC004F038.
O / S/WINDOWS
최근에 달린 댓글
링크
최근에 받은 트랙백
태그목록