Activating Microsoft Products Using the Key Management Service (KMS)

Northwestern provides access to a variety of Microsoft software,, including Windows, through a volume licensing agreement with the vendor. To use Windows on a departmental computer, users must activate the software through a Volume Activation (VA) process. This process uses a Key Management Service (KMS) host that each computer will need to access via the Northwestern network periodically to validate. Once successfully activated through a connection to the KMS, periodic reauthorization should occur in the background and users should not have to manually process activation requests to the KMS host.  Microsoft 365 is activated using a valid O365 login.  The Microsoft Select versions (ex. Office LTSC 2021) require a Multiple Activation Key (MAK).

Contents

  • 1 General
  • 2 Before you begin
    • 2.1 Verify the DNS suffix is set up correctly
    • 2.2 Verify the machine can connect to KMS
  • 3 Activation
  • 4 Setting up a SRV DNS Record for the NU KMS Host
  • 5 Technical Information

General

To activate Microsoft Windows with the University’s KMS Service, the following conditions must be met:

  • The Machine must have an IP address from a Northwestern University subnet, to include VPN connections (Firewall rules allow access to the KMS host to all Northwestern University IP ranges including VPN and Wireless.)
  • The Machine’s system date, time and time zone must be accurate (to within 3 minutes of GMT)
  • The Machine's BIOS must be up to date (Check computer manufacturer website, or consult manufacturer technical support)
    • If you get an error that states "No OEM license found", it may require a BIOS update to support volume upgrade activations.
  • Business Units and Departments may need to add the 'northwestern.edu' and 'ads.northwestern.edu' DNS suffix to a client host's network adaptor found under TCP/IP properties to resolve the DNS lookup and allow for the KMS activation.
    • Almost all KMS issues on computers outside the ADS domain (for example, Feinberg and Kellogg machines) are caused by the DNS suffix being absent.

Before you begin

To avoid issues with KMS activation, make sure to take these steps before you start the activation process.

1. Verify the DNS suffix is set up correctly

Almost all of the issues with KMS activation are caused by a missing DNS suffix. If you receive an error, first verify the DNS suffix is set up correctly:

  1. Click the Start Menu and search for Network and Sharing Center.
  2. In the top right corner, click Change Adapter Settings.
  3. Right click the active network (wireless, wired, or VPN) and click Properties.
  4. In the Networking tab, double-click Internet Protocol Version 4 (TCP/IPv4).
  5. In the General tab, click Advanced at the bottom.
  6. In the DNS tab, find the DNS suffix for this connection: box. Type northwestern.edu into this box, then click OK.
  7. Click OK to exit both open settings menus.

 

2. Verify the machine can connect to KMS

  1. Open the Command Prompt via "Run As Administrator". Right-click on Command Prompt in the start menu to bring up the option.
  2. Verify that the machine can connect to the SRV DNS record of the KMS host by running the following command: nslookup -type=srv _vlmcs._tcp.northwestern.edu.
  3. If the machine can resolve the connection, you should see something similar to the image below.
  4. If the machine cannot resolve the connection, ensure that the DNS suffixes are set up correctly.
  5. If the DNS suffixes are set up correctly and the client still cannot resolve the KMS host address, you may need to install Telnet Client (not installed by default) on Windows 7 to verify the client can access port 1688 on the KMS host.
  6. Once you are sure the machine can connect to the KMS host, proceed with the instructions below for activation.

Activation

Please reference the Volume Activation Troubleshooting Guide and Volume Activation Error Codes list to troubleshoot other KMS errors.

  • To clear out any existing/old KMS settings, run the following command: cscript c:\windows\system32\slmgr.vbs /ckms
  • Attempt to activate the Windows 10 license via KMS by running following command: cscript c:\windows\system32\slmgr.vbs /ato
  • Reboot the computer and check to see if the activation was successful.
  • (If required) To manually assign a KMS host address to a KMS client for Windows 8, run the following command:
    cscript c:\Windows\System32\slmgr.vbs /skms kms01.ads.northwestern.edu:1688

 

Setting up a SRV DNS Record for the NU KMS Host

Northwestern IT has established two SRV type records for KMS client activations within central DNS to point to 'kms01.ads.northwestern.edu' and 'kms02.ads.northwestern.edu'. Business Units and Departments may also request a separate SRV DNS record to be created under their local sub domain. Requests should be sent to hostmaster@northwestern.edu with the following details:

  • NAME: _vlmcs._tcp.
  • TYPE: SRV
  • PRIORITY: 0
  • WEIGHT: 0
  • PORT: 1688
  • HOSTNAME: kms01.ads.northwestern.edu

 

Technical Information

Microsoft TechNet: KMS Activation Timing and Discovery

In operation, the KMS client attempts to contact a KMS host on startup and again every Activation Interval minutes upon failure. By default, this happens every two hours. When KMS activation succeeds, the client receives and stores the KMS host's Renewal Interval, and Windows activates for 180 days. Activation renewal operates as a sliding window, similar to a DHCP lease. The client is activated for 180 days but still attempts reactivation every Renewal Interval minutes-by default, 7 days. If it succeeds, the 180-day period is reset. If it fails, the system will watch for network changes or other qualifying events to trigger another attempt. After 15 minutes, the system stops monitoring for qualifying events but still attempts every Activation Interval minutes.

If 180 days passes without successful reactivation, the client transitions into Out of Tolerance (OOT) Grace. If it does not activate within 30 days of transitioning to OOT, it falls into Notification mode.

Notification mode notifies the user that the client is using unlicensed software. Once the KMS client sees the KMS host, the notifications are no longer received. Volume licensed software in notification mode, does not lose any functionality.

 

Was this helpful?
33% helpful - 3 reviews
Print Article

Details

Article ID: 1533
Created
Thu 5/12/22 12:39 PM
Modified
Fri 4/21/23 9:51 AM