Key Management Service – Shutting Down the Old KMS

Just a couple of quick tips from my experience. I kept the original KMS server active, but offline in case I needed a fallback.

1: Disable the KMS service. Seriously, stop it. In fact, burn it with fire as it has a habit of restarting at the most inopportune of times 😛

2: Your old KMS server will still receive requests if it remains in DNS. This isn’t too bad, as when a client cannot get to the KMS server, it will try something else from DNS.

As stated in earlier blogs, use the nslookup ocmmand to find the _VLMCS entries. You *must* have your new KMS servers in DNS!

3: If you’re happy with hte new KMS sevrer(s), then you need to remove DNS publishing and from DNS itself.

This is a great step by article, and really helped me through this process.


Flame on xD

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s