At first glance, you may think the event logs on the KMS client are simple, but they actually provide a wealth of information, if you know what to look for.
A successful client to host communication will result in two events being recorded on the KMS client:
If you see these two events, you’re looking good, content notwithstanding.
Filter the Application log, for ease of use:
Okay, so you’ll know hopefully have a few entries which are entirely relevant to what we’re looking for. Let’s start with 12288. 12288 is the KMS client sending a request off the a KMS host. If you examine the log, it will detail the FQDN of the host it has attempted to contact.
The screenshot below, although redacted, demonstrates this. The red highlight is the FQDN of the host, and the associated port. The preceding hex-decimal strings are where to look for any errors.
The string to the right of the port, in yellow, is the CMID.
The circled number in green indicates the machine is currently licensed.
The number circled in purple is the time to license expiration.
The final number at the far side, circled in brown, indicates how many activations are needed for this particular KMS host to be active. Windows tends to be 25, with Office being 5.
So assuming the KMS does and can respond, you’ll get a corresponding 12289 log on the KMS client. However this does not always mean you’ve had a successful activation, so it is important to check both logs.
In the screenshot below, the blue circled number represents the state of the attempt. In this case, a returned number 1 indicates a success.
The number circled in red indicates how many are pooled on the KMS. This needs to be over the threshold activation.
That’s it for today o/