KMS Windows 2008 R2 - problems and solutions
On August 25, 2009, Microsoft published an update for the operating systems Windows Server 2008 - KB968912. This update allows to use existing KMS-hosts for the activation of Windows 7 and Windows 2008 Server R2 operating systems (preliminary, of course, having registered on KMS-hosts appropriate keys). A similar update, numbered KB968915, was also published on August 11th for operating systems Windows Server 2003 family. The given fact is absolutely not interesting to us - since year 2009 comes to an end;)
Little theory without going into detail of licensing. Since operating systems Windows 2008 / Vista, Microsoft has proposed two new ways to activate their products - either using the MAK-key, or by KMS-servers.
MAK-key is the key which you get for example when buying an operating system in the store - it is printed out for you on a sticker. The given scenario of activation is intended, basically, for simple users or small organisations.
KMS-server is a computer with Windows 2003 / 2008 / Vista / 7 / 2008 R2 operating system which has been activated with usage of a KMS-key intended for activation of KMS-hosts. This scenario is designed for organizations - we look at it. The KMS-host activates, as it is not difficult to guess, KMS-clients. KMS-clients are computers with Windows Vista / 2008 / 7 / 2008 R2 operating systems. The given computers (KMS-clients) not activated and no key is entered into them - neither MAK, nor KMS. I.e. by default any computer with just installed Windows Vista / 2008 / 7 / 2008 R2 operating system is the KMS-client.
Nevertheless, there is a division among KMS-keys. Besides KMS-keys of the KMS-hosts intended for activation there are KMS-keys for KMS-clients. Accordingly, the question arises - for what client KMS-keys are necessary if by default any not activated computer is already KMS-client? The given keys basically are used for reset of KMS-hosts in a mode of KMS-clients. It is necessary to mark also that the given keys do not activate your system. In addition, each release of operating systems have their own keys - they are distributed freely - just in case I have them listed below:
Windows Vista Business - YFKBB-PQJJV-G996G-VWGXY-2V3X8
Windows Vista Business N - HMBQG-8H2RH-C77VX-27R82-VMQBT
Windows Vista Enterprise - VKK3X-68KWM-X2YGT-QR4M6-4BWMV
Windows Vista Enterprise N - VTC42-BM838-43QHV-84HX6-XJXKV
Windows Server 2008 Datacenter - 7M67G-PC374-GR742-YH8V4-TCBY3
Windows Server 2008 Datacenter without Hyper-V - 22XQ2-VRXRG-P8D42-K34TD-G3QQC
Windows Server 2008 for Itanium-Based Systems - 4DWFP-JF3DJ-B7DTH-78FJB-PDRHK
Windows Server 2008 Enterprise - YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Windows Server 2008 Enterprise without Hyper-V - 39BXF-X8Q23-P2WWT-38T2F-G3FPG
Windows Server 2008 Standard - TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Windows Server 2008 Standard without Hyper-V - W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ
Windows Web Server 2008 - WYR28-R7TFJ-3X2YQ-YCY4H-M249D
Windows 7 Professional - FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 7 Professional N - MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Windows 7 Enterprise - 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 7 Enterprise N - YDRBP-3D83W-TY26F-D46B2-XCKRJ
Windows 7 Enterprise E - C29WB-22CC8-VJ326-GHFJW-H9DH4
Windows Server 2008 R2 HPC Edition - FKJQ8-TMCVP-FRMR7-4WR42-3JCD7
Windows Server 2008 R2 Datacenter - 74YFP-3QFB3-KQT8W-PMXWJ-7M648
Windows Server 2008 R2 Enterprise - 489J6-VHDMP-X63PK-3K798-CPX3Y
Windows Server 2008 R2 for Itanium-Based Systems - GT63C-RJFQ3-4GMB6-BRFB9-CB83V
Windows Server 2008 R2 Standard - YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Web Server 2008 R2 - 6TPJF-RBVHG-WBW2R-86QPH-6RTM4
To reset KMS-host in a mode of the KMS-client and to activate it on a certain KMS-host it is possible as follows (by running cmd as administrator):
slmgr /ipk YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
slmgr /skms srv-kms-01.london.local:1688
slmgr /ato
Besides it KMS-keys for hosts are divided into classes A, B and C - on releases of operating systems which can be activated by the given keys. At registration KMS-host in corporate network in the DNS SRV-record is created showing to KMS-clients where to go for activation (see figure):
It is necessary to mark also that to start activation by a KMS-host of servers and workstations it is necessary, that certain threshold value of calls to the given KMS-host has been reached - to start activation of servers it is 5 calls, to start activation of client operating systems (Vista / 7) it is 25 calls.
On it with the theory it is possible to complete;) And so - on August, 25th, immediately after update allowing KMS-hosts existing in a corporate network on the Windows 2008 Server operating systems basis to activate Windows 2008 Server R2 was published, it was decided to immediately implement this functionality.
In principle, no problems during the implementation phase should arise - first of all it is necessary to instal update, further to enter a KMS-host key, to activate it and it actually all.
However in practice the following problem has appeared - the KMS-host with a new key without problems activated Windows 2008 / Vista operating systems, but produced error messages at activation of Windows 2008 R2 / 7 operating systems:
0x80070005 Access is denied: the requested action requires elevated privileges
Further it was clarified that the given KMS-host can activate Windows 2008 Server R2 KMS-clients, but only, if the given clients not in the domain. Search on the Internet for all sorts of forums, did not give the results - there are similar problems, but no solution. For problem solution it has been spent an order of two working days - had plunged into a deep debugging;)
It has been first of all clarified that activation of KMS-clients flies at their input in the domain. Further the Group Policy which application involves activation loss has been installed. By process of elimination was found in Group Policy setting, which leads to the above described effect - and the problem appeared ONLY in Windows 2008 R2 / 7 operating systems. The problem consisted in automatic start of Plug and Play service. Having installed the given Group Policy setting in value Not Configured KMS-clients beginning to be activated without any problems.
Thus, due to automatically start of Plug and Play Service, prescribed in Group Policy can arise problems at activation by a KMS-host of Windows 2008 Server R2 and Windows 7 operating systems.
Comments
For information,
Adding the "read" permission through the GPO to "plug and play" service at "Network Services" solve the access denied of KMS client in 2008r2 and 7.
So it's not need to unconfigure this service in GPO to allow the KMS clients to work.
Regards
Hi there
Could you give me a bit more information on how to set the read permission you talked about in the follow-up.
Many thanks
Create or select desired group policy in Group Policy Managment -> Edit -> Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services -> Plug and Play.
Select Properties -> Define this policy setting -> Edit Security... In ACL add Network Service and READ permission to it.
Thank you for the explanation. Could you be a bit more specific on how to set the read permission? Where do I find the plug and play service permissions?
Regards
:) When you select System Services in your Group Policy on the right panel you will see service list -- in this list you will find Plug and Play service. Next you must click on it (right button) and select Properties. In a Properties List select Edit Security, next click. Then select tick on Read. Thays all.