Author Archives: Leldance40k

Config Manager client scan error

Yup, I’ve been a bit quiet of late.

Out of the blue, my Windows 10 device suddenly stopped patching. I checked the WUAHANDLER.log and found something new. Which is always nice. Here is the log:

Cheers Microsoft.

Continue reading

Key Management Service – Troubleshooting!

So, is the KMS working? I’ve popped together some things to run through to verify Thingsβ„’. No glossy pictures – I’ve covered most of this in greater depth with pretty pictures in my previous KMS posts πŸ™‚

  • Verify the KMS server record(s) is available via DNS.

The KMS servers must be registered in DNS so that the KMS clients can find them. Execute the following command:

nslookup -type=srv _vlmcs._tcp

…this will return all _vlmcs records. When setting up the KMS server, you will have the option to register it in DNS. Assuming it’s a Microsoft DNS and you have the appropriate permissions, it’s a no brainer! It’s also good for tracking down rogue KMS servers…

  • Check the Event logs on client and the server.

It’s a straight forward process, that should happen on every working system. The KMS client sends a request to the KMS server, found courtesy of the _VLMCS records in DNS. This generates an event ID 12288.

This is the KMS client talking to the KMS server.

The server should then respond, and in turn log an event ID 12290, detailing the machine name, licence type, activation threshold and the result. You’ll find this in the KMS log on the KMS server.

The client, should then report an event ID 12289. This is effectively a closure. Everything has worked as expected. Happy days.

  • The SLMGR.VBS tool.

The SLMGe.VBS came about with VISTA, and was probably the only good thing one could about the initial release of VISTA. SLMGR.VBS has a host, hah no pun intended >_<, of options to choose from. You can manually point the KMS client at a KMS server instead of using DNS discovery for example. You can also strip out VLKs and apply a MAK, or vice versa.

Typically, for troubleshooting, you’ll be querying the KMS client for information. The top two commands I’ve used thus far are:

  1. slmgr.vbs /dli
  2. slmgr.vbs /dlv

You can run these on both KMS client and KMS server.

Thanks for reading o/

Key Management Service – Shutting Down the Old KMS

Just a couple of quick tips from my experience. I kept the original KMS server active, but offline in case I needed a fallback.

1: Disable the KMS service. Seriously, stop it. In fact, burn it with fire as it has a habit of restarting at the most inopportune of times πŸ˜›

2: Your old KMS server will still receive requests if it remains in DNS. This isn’t too bad, as when a client cannot get to the KMS server, it will try something else from DNS.

As stated in earlier blogs, use the nslookup ocmmand to find the _VLMCS entries. You *must* have your new KMS servers in DNS!

3: If you’re happy with hte new KMS sevrer(s), then you need to remove DNS publishing and from DNS itself.

This is a great step by article, and really helped me through this process.

IIS 8.5 – Certificate Rebind

Heya! It has been a while, but the sun is out so I thought I’d share a gem of a find!

One of the longest running logistical headaches with certificates has been renewing them, and subsequently binding them in IIS. Client certificates aren’t a problem; a wee sprinkle of Group Policy, and all your certificates just automagically renew. However, when you throw server authentication couple with Subject Alternative Names into the mix, you lose the truly luxurious option of automatic renewal.

Continue reading

Key Management Service – Interpretting the Event Logs

At first glance, you may think the event logs on the KMS client are simple, but they actually provide a wealth of information, if you know what to look for.

A successful client to host communication will result in two events being recorded on the KMS client:

  • 12288
  • 12289

Continue reading

Key Management Service – Is it Working?

Really quick post!

Following my setup of multiple KMS servers in my domain, I was desperate to know if things were working. A new KMS server will need a minimum of activations before you’ll see anything on a client. So how do you know if it is working?

It’s simple!

Continue reading

Key Management Service – Licensing previous versions of Office

Okies, hit an interesting snag. I am getting very close to decommissioning my old KMS server. but I had a slight niggle on my new KMS boxes. Namely:

An activation request has been processed.

Why you no license?

Why you no license?

Continue reading