Key Management Service (KMS) is a cornerstone of efficient volume activation for Windows environments, operating on a client-server architecture within your local network. Kms Servers, also known as KMS hosts, are central to this process, providing activation services to KMS clients. These clients, upon connecting to the KMS server, seek activation based on the host key configured on the KMS server. This guide will meticulously walk you through the necessary steps to establish your own KMS host, ensuring a robust activation infrastructure. For a deeper understanding of KMS concepts and initial planning considerations, refer to our comprehensive guide on KMS activation planning.
Essential Prerequisites for KMS Server Deployment
A single KMS server is designed to handle a substantial number of KMS client activations, effectively supporting unlimited clients. However, for organizations managing over 50 clients, deploying at least two KMS servers is a best practice. This redundancy ensures uninterrupted activation services in case one KMS server experiences downtime. For most infrastructures, even with a large number of clients, two KMS servers are typically sufficient.
KMS servers are versatile and do not require dedicated hardware. They can be seamlessly co-hosted with other server roles on physical or virtual machines running supported Windows Server or Windows client operating systems.
The operating system you choose for your KMS server dictates the range of Windows versions it can activate. Consult the activation versions table to select the appropriate OS for your KMS host, aligning with your organization’s activation needs.
By default, KMS servers are designed to automatically register Service (SRV) resource records within your Domain Name System (DNS). This automation simplifies KMS client discovery and activation, eliminating manual client-side configuration. However, automatic publishing can be disabled, and manual record creation becomes necessary when DNS services lack dynamic update support, or for environments requiring precise control over DNS records.
Before proceeding with the KMS server setup, ensure you have the following:
- A system running Windows Server or Windows: A KMS host on Windows Server can activate both server and client operating systems. Conversely, a KMS host on a Windows client OS is limited to activating client operating systems only. Choose the OS based on your activation requirements.
- Administrative Privileges: The user account used for KMS host configuration must be a member of the Administrators group on the designated KMS host server.
- Compatibility Verification: Refer to the KMS activation planning guide to confirm compatibility between KMS host and client versions, and the supported Windows versions for hosting the KMS role.
- KMS Host Key: Obtain a KMS host key specific to your organization. This key is available in the Product Keys section of the Volume Licensing Service Center.
- Internet Connectivity: Internet access is required for online activation of the KMS host. If internet access is restricted, phone activation is an alternative.
Step-by-Step Installation and Configuration of a KMS Host
Follow these steps to install and configure your KMS host:
-
Install Volume Activation Services Role: Open an elevated PowerShell session and execute the following command to install the Volume Activation Services role along with its management tools:
Install-WindowsFeature -Name VolumeActivation -IncludeManagementTools -
Configure Windows Firewall: Adjust the Windows Firewall settings to permit network traffic to the Key Management Service. You can configure this rule for all network profiles or selectively for Domain, Private, and Public profiles. By default, KMS communication occurs over TCP port 1688. The example below demonstrates enabling the firewall rule for Domain and Private network profiles:
Set-NetFirewallRule -Name SPPSVC-In-TCP -Profile Domain,Private -Enabled True -
Launch Volume Activation Tools Wizard: Execute the command
vmw.exeto initiate the Volume Activation Tools wizard.vmw.exe -
Select KMS Activation: In the wizard, proceed past the introduction screen by clicking Next. Choose Key Management Service (KMS) as the activation type. In the Server name box, enter
localhostto configure the local server or specify the hostname of the remote server you intend to configure as the KMS host. -
Install KMS Host Key: Select Install your KMS host key, input your organization’s KMS product key, and click Commit.
-
Product Activation: After successful key installation, click Next to proceed with product activation.
-
Choose Activation Method: Select the product for activation from the dropdown menu. Choose your preferred activation method: Activate online or Activate by phone. For this example, select Activate online and then Commit.
-
Review and Close: Upon successful activation, the KMS host configuration details will be displayed. If the configuration is correct, click Close to exit the wizard. At this point, DNS records will be automatically created, and you can begin activating KMS clients. If manual DNS record creation is necessary, refer to the Manually Create DNS Records section below. To modify configuration settings, click Next.
-
Optional Configuration Changes: If needed, adjust the configuration settings based on your specific requirements and click Commit to apply changes.
Important Note on Activation Threshold: While your KMS server is now ready to activate clients, it’s crucial to understand the activation threshold. A network must have a minimum number of computers for KMS activation to succeed. KMS servers maintain a count of recent connection requests. When a client or server attempts activation with the KMS host, the host increments its count with the machine ID and responds with the current count value. Activation occurs if this count meets or exceeds the threshold. For Windows clients, the threshold is 25 or higher. For Windows Server and volume editions of Microsoft Office products, the threshold is five or greater. The KMS server only tracks unique connections within the last 30 days and stores a maximum of the 50 most recent contacts.
Manually Create DNS Records for KMS
In scenarios where your DNS service does not support dynamic updates, manual creation of resource records is required to publish the KMS host. Use the following information to manually create DNS resource records for KMS within your DNS service. Remember to adjust the default port number if you modified it during KMS host configuration:
| Property | Value |
|---|---|
| Type | SRV |
| Service/Name | _vlmcs |
| Protocol | _tcp |
| Priority | 0 |
| Weight | 0 |
| Port number | 1688 |
| Hostname | FQDN of the KMS host |
If dynamic updates are not supported by your DNS service, it’s also advisable to disable publishing on all KMS hosts to prevent event logs from being filled with DNS publishing failure events.
Tip: Manually created resource records can coexist with automatically published records from KMS hosts in other domains, provided all records are properly maintained to avoid conflicts.
Disabling Automatic DNS Record Publishing by KMS Host
To disable the automatic publishing of DNS records by the KMS host:
-
Launch Volume Activation Tools Wizard: Run
vmw.exeto open the Volume Activation Tools wizard.vmw.exe -
Navigate to Configuration: Proceed through the introduction screen, select Key Management Service (KMS) as the activation type, and enter
localhostor the hostname of your KMS server. -
Skip to Configuration Options: Choose Skip to Configuration and click Next.
-
Disable DNS Publishing: Uncheck the publish DNS records checkbox, and then click Commit to save the change.
By following these steps, you can successfully set up and configure a KMS server to manage volume activation within your organization, whether through automatic DNS publishing or manual record creation. This ensures a streamlined and efficient activation process for your Windows environment.
