[SOLVED] KMS & VDI

[georgenoise]

I'm wondering if anyone out there happens to consider themselves an expert when it comes to KMS troubleshooting and maybe has a solution I haven't looked at. I have a client that uses KMS with their VDI setup(Hyper-V w/ vWorkspace management, non-presistent desktops), I'm not the one that originally setup the KMS so I don't know if it was done correctly originally or what was done. Before the Christmas break everything worked fine, now that they have returned all the vdi workstations are reporting that W7 isn't genuine and needs to be activated. Office also uses KMS and is having no issues, just the OS.

I've tried just about everything I know: DNS records are correct, nslookup verifies that too, I tried to rearm but it was at 0 so i had to reset the rearm, it rearmed but changed nothing, /ato to force activation will give an error that the count is insufficient from the KMS host but the count isn't increasing as machines hit it(assuming they hit it), I've tried a few other things to no avail that I can't recall.

The only thing I can guess is the issue is that the when a new vm spins up from the base image it isn't creating a new CMID, it just keeps the original from the base image. I tried to use the "sysprep /generalize /oobe" command to remedy this but it doesn't seem to change anything. Problem with that theory is that it has been working, no problems, for almost a year now.

My other theory was that the KMS key is possibly compromised and MS has something to do with it.

So anyway, if anyone out there happens to have a solution or tip please send it my way. I would grealy appreciate it.

 

[Markverhyden]

I this the KMS you are talking about? http://www.kms-software.com/

For grins have you tried to change the system date and time back to 2015? Some things are based on a calendar year and that this happened when it did makes me think some licensing matter needs to be addressed.

 

[fencepost]

No, he's talking about Microsoft's Key Management Server/Service (troubleshooting KMS) for volume licensing. There may be folks here who've worked with it a bit, but honestly my gut instinct would be to call Microsoft and say "Why is our Windows coming up unlicensed now?"

And if it wasn't properly licensed in the first place, well perhaps this is the ideal opportunity.

 

[nlinecomputers]

Sounds like the volume licence has been revoked or expired. Time to call Microsoft support.

 

[georgenoise]

Thanks guys, I was able to get it going.

The problem was more related to the VDI side of things but I found a script that basically forces up the count on the server and once it reaches the proper count it activates all the machines stored and waiting activation in its database. Found here: http://woshub.com/how-to-increase-kms-server-current-count/

The problem is actually that when the base image for the vm's was created it wasn't sysprep'd properly and now every time a new vm is created, sometimes hundreds per day, it generates a new machine but each machine is getting the same CMID. So when it happens that the CMID in the database that all the machines have falls out of grace, all the vm's do the same because they are all essentially the same machine as far as the database is concerned.

Basically I'll have to rebuild and properly sysprep a new base image and deploy it. Not a big deal, just a pain in then rump when all is said and done.

 

[nlinecomputers]

So basically, you burned through your allotment of licenses.

 

[fencepost]

So basically, you burned through your allotment of licenses.

The way I'm reading it is that the KMS only activates when it reaches a certain threshold (so it's not activating immediately for everything), but due to the way the VMs were set up it wasn't reaching that threshold. So more a case of "we have enough licenses, but the KMS doesn't think it's seen enough of them to bother doing anything yet."

 

[georgenoise]

Correct fencepost.

The licensing is there, the problem lies in the KMS server is only seeing one unique id through all the VM's in the environment so it never increases the KMS count to which in turn activates them. With KMS it will only activate machines once the threshold for the database is met(25 for most servers), it doesn't activate clients 1 at a time like traditional activation does. If a machine does not communicate back in 30 days, it's removed from the database and the count gets reduced by one.

So in this situation it was a perfect storm scenario. My best guess is when Christmas break rolled around that left 18 days with no communication to the KMS server from the vm's and hence no daily check in from any vm with that same CMID. When the client returned from break the KMS count was at 7(25 - 18 = 7) and since the same CMID was being added over and over the server essentially saw the same CMID requesting to be activated but since there were no other CMID's requesting activation the count never increased to get it to the threshold it required to push through the activation.