KMS Migration from 2008 R2 to Windows Server 2012 R2 and KMS Activation Known Issues

How to migratie an Windows Server 2008 R2 KMS to Windows Server 2012 R2, for volume activation of Microsoft products? On a new KMS server? You don’t, apparently there is no Windows Server 2008 (R2) KMS to Windows Server 2012 R2 migration. There is no way to automatically transfer your KMS role along with the products its activating to another server. Luckily Charity Shelbourne wrote up a handy how to for this task.

@Charity Shelbourne writes on blogs.technet.microsoft.com:

Let’s get a few things straight.
THERE IS NO MIGRATION.

There is no way to automatically transfer your KMS role along with the products its activating to another server.

But don’t panic.

Relax.

THIS IS NOT A BIG DEAL.

Your organization is not going to go up in smoke if your KMS host is unavailable for a short period of time.

It’s not mission critical.

But it is necessary (unless you’re on Windows 8/Windows Server 2012 and later and Office 2013 and later and can use Active Directory Based Activation).

So what’s the answer then?
You build a new one.

If you are prepared, the process takes all of 5 minutes, 30 minutes max. Yes, it really is that easy.

You don’t need to worry about your KMS count (remember we need a count of 25 for Windows servers/clients and a count of 5 for Office clients before we’ll activate). Your KMS count will increase almost immediately when KMS clients renew their activations and find your new KMS host or if you can force it by using VAMT, multi-selecting a bunch of clients, and tell them to activate in which case they’ll immediately go and renew their activation interval with the new KMS host.

KMS Migration from 2008 R2 to Windows Server 2012 R2 and KMS Activation Known Issues

Read about the complete KMS Migration from 2008 R2 to Windows Server 2012 R2.

Interesting:   Enable NTFS long paths in Windows Server 2016 by Group Policy

How-to verify your (new) KMS host address

You can verify your new KMS host address on the cmd.exe command-line in Windows, using nslookup:

On one of your clients, execute the following nslookup lookup to verify your newly created KMS host address in DNS: nslookup -type=srv _vlmcs._tcp.[active directory domain].

Verify successful Windows activation

Verify everything activated successfully by running the following command from an administrative command prompt:
Cscript C:\Windows\System32\slmgr.vbs /dlv All

All slmgr.vbs options are:

C:\Windows\System32>Cscript slmgr.vbs
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

Invalid combination of command parameters.

Windows Software Licensing Management Tool
Usage: slmgr.vbs [MachineName [User Password]] [<Option>]
           MachineName: Name of remote machine (default is local machine)
           User:        Account with required privilege on remote machine
           Password:    password for the previous account

Global Options:
/ipk <Product Key>
    Install product key (replaces existing key)
/ato [Activation ID]
    Activate Windows
/dli [Activation ID | All]
    Display license information (default: current license)
/dlv [Activation ID | All]
    Display detailed license information (default: current license)
/xpr [Activation ID]
    Expiration date for current license state

Advanced Options:
/cpky
    Clear product key from the registry (prevents disclosure attacks)
/ilc <License file>
    Install license
/rilc
    Re-install system license files
/rearm
    Reset the licensing status of the machine
/upk [Activation ID]
    Uninstall product key

/dti [Activation ID]
    Display Installation ID for offline activation
/atp <Confirmation ID> [Activation ID]
    Activate product with user-provided Confirmation ID

Volume Licensing: Key Management Service (KMS) Client Options:
/skms <Name[:Port] | : port> [Activation ID] [Activation ID]
    Set the name and/or the port for the KMS computer this machine will use. IPv6 address must be specified in the format [hostname]:port
/ckms [Activation ID]
    Clear name of KMS computer used (sets the port to the default)
/skhc
    Enable KMS host caching
/ckhc
    Disable KMS host caching

Volume Licensing: Token-based Activation Options:
/lil
    List installed Token-based Activation Issuance Licenses
/ril <ILID> <ILvID>
    Remove installed Token-based Activation Issuance License
/ctao
    Clear Token-based Activation Only flag (default)
/stao
    Set Token-based Activation Only flag
/ltc
    List Token-based Activation Certificates
/fta <Certificate Thumbprint> [<PIN>]
    Force Token-based Activation

Volume Licensing: Key Management Service (KMS) Options:
/sprt <Port>
    Set TCP port KMS will use to communicate with clients
/sai <Activation Interval>
    Set interval (minutes) for unactivated clients to attempt KMS connection. The activation interval must be between 15 minutes (min) and 30 days (max) although the default (2 hours) is recommended.
/sri <Renewal Interval>
    Set renewal interval (minutes) for activated clients to attempt KMS connection. The renewal interval must be between 15 minutes (min) and 30 days (max) although the default (7 days) is recommended.
/sdns
    Enable DNS publishing by KMS (default)
/cdns
    Disable DNS publishing by KMS
/spri
    Set KMS priority to normal (default)
/cpri
    Set KMS priority to low

See How to configure a KMS server in Windows Server 2008 R2 on ivan’s blog for more information on setting up a KMS server.

Interesting:   Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege

2 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Hi! Join the discussion, leave a reply!