Understanding Volume Activation 2.0


Finally, it’s not enough to deploy Windows Server 2008-you also have to ensure that the product is properly licensed and activated. Microsoft products sold through OEM, retail, and Volume Licensing channels now include product activation technology to reduce software piracy and ensure that your copies of the products are genuine. Windows Server 2008 uses the same type of activation that was first introduced in Windows Vista-namely, Volume Activation (VA) 2.0. (Previous versions of Microsoft operating systems such as Windows XP and Windows Server 2003 use VA 1.0.) VA 2.0 uses two types of keys:

  • Multiple Activation Keys (MAKs) In this scenario, your product keys activate either individual computers or a group of computers by connecting over the Internet to special servers at Microsoft. (You can also activate your computers by telephone if needed.) MAKs can be used only a limited number of times, though the activation limit can be increased by calling your Microsoft Activation Center. Computers running Windows Vista or Windows Server 2008 can be activated with a MAK either by having each computer connect directly to Microsoft servers (something called individual activation) or by having multiple computers activated simultaneously using a single connection to Microsoft (called proxy activation, which is similar to how VA 1.0 works).

  • Key Management Service (KMS) In this scenario, your organization hosts its own internal KMS running on Windows Server 2008, Windows Vista, or Windows Server 2003. This KMS is used to automatically activate Windows Vista and Windows Server 2008. Computers that have been activated using KMS are required to reactivate by connecting to your KMS host at least once every six months.

VA 2.0 has been modified and enhanced in Windows Server 2008 in several ways:

  • Windows Server 2008 currently requires only a KMS count of 5 to activate, compared with the 25 required for Windows Vista activation. (This behavior might change before RTM, however.)

  • There are multiple KMS keys and a new Hierarchical KMS activation structure. These are described by one of our experts in the sidebar that follows.

image from book
From the Experts: Volume Activation 2.0 and Windows Server 2008

The following sidebar explains Volume Activation 2.0 in Windows Server 2008 and provides technical insight and recommendations for deploying a VA 2.0 solution.

Knowledge and Strategies for a Successful Deployment

Volume Activation 2.0 is a solution that helps IT Pros automate and manage the activation of volume editions of Windows Vista and Windows Server 2008. Product activation is a new requirement for each installed system covered under a Volume License agreement. Using volume activation can greatly speed up and simplify the deployment process, but it requires some planning up front.

There are multiple activation methods available, and they use two types of customer-specific keys-namely, Multiple Activation Key (MAK) and the Key Management Service (KMS). A MAK is a product key that can be installed on multiple computers and that activates a predefined number of times. Each MAK-activated computer must independently activate by phone or over the Internet, or be proxy activated over the Internet using the Volume Activation Management Tool (VAMT) found at http://go.microsoft.com/fwlink/?LinkID=77533. It should be noted that an update to VAMT will be required at Windows Server 2008 RTM for VAMT to function with Windows Server 2008 Volume Licensing. VAMT is currently available for use with Vista Volume Licensing at the link just mentioned.

The alternative method-KMS activation-is often the least understood aspect of VA 2.0. KMS is a trusted mechanism that, once the KMS host is activated, allows volume client computers within the enterprise to activate themselves without any interactions with Microsoft. The following section describes KMS functionality and strategies that can ensure a successful Windows Server 2008 KMS deployment.

For a complete description of Volume Activation 2.0, including both MAK and KMS activation, see the “Windows Vista Volume Activation 2.0 Step-by-Step Guide” found at http://go.microsoft.com/fwlink/?LinkID=76704.

Volume Licensing Changes

Windows Vista introduced VA 2.0, which represents a significant change from previous Volume Licensing (VL) solutions. Windows Server 2008 includes several changes and refinements in the implementation of VA 2.0. Under VA 2.0, volume clients do not need a product key during installation. By default, VL editions of Windows Server 2008 and Windows Vista install as KMS clients. With a properly configured KMS infrastructure, these clients automatically discover the KMS hosts on the network and activate themselves without administrative or user intervention. This can equate to a huge deployment savings, both in time and effort. However, organizations must also secure their KMS hosts from a public access point to comply with Microsoft product usage policies.

An important concept to understand about KMS activation is that the KMS returns only a count to the KMS clients. The client reads the count and decides whether or not the count is high enough for the client to activate. As of this writing, Windows Server 2008 KMS clients will activate if the count is 5 or higher. Windows Vista KMS clients require a count of 25.

There are many editions of Windows Server 2008. To simplify these for the purpose of Volume Licensing, they have been combined into three product groups: Group_A, Group_B, and Group_C. Product Group A includes Storage Server, Web Server, and Compute Cluster Editions. Product Group B includes Storage Server Enterprise and Windows Server 2008 Standard and Enterprise Editions. Product Group C includes Datacenter and Itanium Editions. MAK and KMS keys are associated with each product group. This is illustrated in Table 13-1. Specific attention should be paid to this key matrix to ensure that the proper keys are used so that all deployed systems will activate properly.

Table 13-1: Product Groups and Server Editions for Windows Server 2008
Open table as spreadsheet

Product group

Server editions

Group A

Storage Server

Web Server

Compute Cluster

Group B

Storage Server Enterprise

Standard Enterprise

Group C

Datacenter

Itanium

Note that Windows Server 2008 Storage Server editions can be activated by KMS, but they cannot host KMS.

The volume keys available for Windows Server 2008 follow the product grouping. For MAK, this is fairly intuitive, as shown in Table 13-2.

Table 13-2: MAK Keys Available for Windows Server 2008
Open table as spreadsheet

Product group

MAK used to activate

Group A

MAK_A

Group B

MAK_B

Group C

MAK_C

To ensure that organizations don’t need multiple KMS hosts to support the deployment of mixed Windows Server 2008 editions, KMS activation of Windows Server 2008 follows a hierarchical structure. Each successive product group can activate all the groups below it, and the KMS can be hosted on any edition that it can activate. Additionally, Windows Server 2008 KMS keys can be used with KMS for Windows Server 2003. Installing Windows Server 2008 keys in KMS for Windows Server 2003 requires an update at Windows Server 2008 RTM.

As detailed in Table 13-3, a KMS_A key can activate only product Group A and Windows Vista. A KMS_C key, on the other hand, can activate all three Windows Server 2008 product groups and Windows Vista. This same KMS_C key can be hosted on any edition of Windows Server 2008 listed in the three product groups, as well as on KMS for Windows Server 2003. Table 13-3 lists the KMS keys, the OS editions that can host a given KMS, and the KMS clients that key can activate.

Table 13-3: KMS Keys vs. Supported Hosts and Clients Activated
Open table as spreadsheet

KMS key

Hosts that support this KMS key

KMS clients activated by this key

Vista KMS keys

KMS for Windows Server 2003 Windows Vista

Windows Vista

KMS_A

KMS for Windows Server 2003

Windows Server 2008 Web Server

Windows Server 2008 Compute Cluster

Windows Vista

Windows Server 2008 Storage Server

Windows Server 2008 Web Server

Windows Server 2008 Compute Cluster

KMS_B

KMS for Windows Server 2003 Windows Server 2008 Web Server

Windows Server 2008 Compute Cluster

Windows Server 2008 Standard Edition

Windows Server 2008 Enterprise Edition

Windows Vista

Windows Server 2008 Storage Server

Windows Server 2008 Storage Server Enterprise

Windows Server 2008 Web Server

Windows Server 2008 Compute Cluster

Windows Server 2008 Standard Edition

Windows Server 2008 Enterprise Edition

KMS_C

KMS for Windows Server 2003

Windows Server 2008 Web Server

Windows Server 2008 Compute Cluster

Windows Server 2008 Standard Edition

Windows Server 2008 Enterprise Edition

Windows Server 2008 Datacenter

Windows Server 2008 Server Itanium

Windows Vista

Windows Server 2008 Storage Server

Windows Server 2008 Storage Server Enterprise

Windows Server 2008 Web Server

Windows Server 2008 Compute Cluster

Windows Server 2008 Standard Edition

Windows Server 2008 Enterprise Edition

Windows Server 2008 Datacenter

Windows Server 2008 Server Itanium

Always use the highest KMS key available to your organization. This ensures that the later installations of Windows Server 2008 KMS clients will be able to activate. If you later purchase a license from a higher product group, install that KMS key on the existing KMS hosts using slmgr /ipk <KMS Key> and then reactivate the KMS with Microsoft (by Internet or telephone). This process replaces the lower KMS key. KMS clients will pick up the new key the next time they renew their activation.

KMS Auto-Discovery

To get the greatest value from volume activation, KMS auto-publishing and KMS auto-discovery should be used as much as possible. This requires a working understanding of KMS interaction with DNS.

KMS clients query DNS automatically to locate KMS hosts, looking specifically for SRV records named _VLMCS._TCP. These SRV records identify KMS hosts on the network.

When a KMS key is installed on a KMS host, the host publishes an SRV record to the DNS zone identified in its Primary DNS Suffix (by default). (This requires Dynamic DNS, and the host must have write permissions. This is discussed in depth in the “Windows Vista Volume Activation 2.0 Step-by-Step Guide” mentioned earlier.)

However, a KMS host can be configured to publish to multiple domains by listing the domains in the following registry key. If you use this approach, make sure that all desired zones are listed-setting this value overrides the default publishing behavior:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL  Value Name: DnsDomainPublishList  Type: REG_MULTI_SZ

When a KMS client successfully contacts a KMS, the KMS host name is cached in the registry. As shown in Figure 13-1, when a KMS client attempts to activate or renew its activation, it first checks the registry for a cached KMS host. If no name is cached or if an activation attempt against a cached KMS host fails, the client queries the DNS zone specified in the Primary DNS Suffix. If no KMS SRV records are found or if the Primary DNS Suffix is empty, the KMS client determines whether or not the system is domain joined. KMS clients joined to an Active Directory domain query the DNS zone specified by Active Directory. Non-domain-joined computers query the DNS Suffix specified by DHCP Option 15. If no KMS SRV records are found, the KMS client attempts to activate again in two hours by default.

image from book
Figure 13-1: KMS auto-discovery algorithm

KMS Deployment Strategies

By understanding the KMS auto-discovery process and your DNS architecture, you can better plan the deployment of KMS hosts and minimize KMS client issues.

Following these steps and using the KMS ability to publish to multiple domains should ensure that KMS clients can locate your KMS hosts and activate without further administrative interaction:

  1. Primary DNS Suffix One of the following steps will be appropriate for your deployment:

    • If a Primary DNS Suffix exists on your volume clients, ensure that a KMS exists in the specified DNS zone.

    • If the KMS cannot be placed in the zone specified by the Primary DNS Suffix, ensure a KMS SRV record is published in that DNS zone.

  2. DHCP Ensure that Option 15 in all DHCP servers contains a DNS zone in which a KMS SRV record is published.

  3. Active Directory If Active Directory exists in the organization, ensure that a KMS SRV record exists in the AD domain.

  4. Network Access KMS clients contact the KMS using RPC over TCP. By default, the clients use Port 1688, but this is configurable. When planning the activation infrastructure, remember that not only do the clients need to find the KMS, they must be able to communicate with it and receive its response.

    Summary

    Windows Server 2008 and Windows Vista deployments can be simplified by creating an effective KMS infrastructure. Use the KMS key for the highest Windows Server 2008 product group you have licensed, and upgrade your KMS if you purchase a Volume License for a higher product group. This ensures that your high-end servers can activate. Take the time to fully understand KMS auto-discovery; this is the most important step in this process. In Windows Vista and Windows Server 2008, multilevel name searches do not use the DNS Suffix search list. Therefore, properly positioning the KMS SRV resource records in DNS is critical to a successful KMS client deployment.

    Finally, though it has not been described previously in this sidebar, always monitor your deployment for issues. Confirm that KMS SRV records exist in each identified DNS zone. Make sure that the volume clients in each subnet and site can locate the KMS and successfully contact it. Use the activation-related tools and methods described in the “Windows Vista Volume Activation 2.0 Step-by-Step Guide,” including the remote WMI functionality built into slmgr.vbs. Use VAMT, SMS-SP3, and the KMS Management Pack for MOM 2005 found at http://go.microsoft.com/fwlink/?LinkID=83216.

    Additional Resources

    I cannot recommend strongly enough that anyone planning or implementing a volume deployment of Windows Server 2008 or Windows Vista should read and understand the “Windows Vista Volume Activation 2.0 Step-by-Step Guide.” Afterward, use these links to find additional Volume Activation resources, documentation, and tools:

    • For answers to frequently asked questions about Windows Vista Volume Activation 2.0, refer to the Volume Activation 2.0 FAQ found at http://go.microsoft.com/fwlink/?LinkId=76702.

    • For a list of WMI methods, KMS registry keys, KMS events, KMS error codes, and KMS RPC messages, refer to the “Volume Activation 2.0 Technical Attributes” found at http://go.microsoft.com/fwlink/?LinkId=76703.

    • For the “Volume Activation 2.0 Troubleshooting Guide by Error Code,” go to http://go.microsoft.com/fwlink/?LinkID=83724.

    • For documentation and to download the Volume Activation Management Tool (VAMT), go to http://go.microsoft.com/fwlink/?LinkID=77533.

    • For documentation and download information on KMS for Windows Server 2003, go to http://go.microsoft.com/fwlink/?LinkID=82964 (for an x86 platform) or http://go.microsoft.com/fwlink/?LinkId=83041 (for x64).

    • For documentation and to download the KMS Management Pack for MOM 2005, go to http://go.microsoft.com/fwlink/?LinkID=83216.

    • For information about the Microsoft Solution Accelerator for Business Desktop Deployment (BDD), go to http://go.microsoft.com/fwlink/?LinkId=76620.

    • For a list of Volume License products available, go to http://www.microsoft.com/ licensing/default.mspx.

      –Aaron J. Smith

      Excell Data Corp

image from book




Microsoft Windows Server Team - Introducing Windows Server 2008
Introducing Windows Server 2008
ISBN: 0735624216
EAN: 2147483647
Year: 2007
Pages: 138

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net