How to configure a KMS server in Windows Server 2008 R2

How to configure a KMS server in Windows Server 2008 R2

Well I have had the pleasure of setting up a KMS server in our environment, and found that the documentation from Microsoft is somewhat confusing. In light of this I will write the steps I used to configure the first KMS server in our organisation for use with Windows Server, Windows client and Microsoft Office activation. These steps will only include the installation of 1 KMS server. I will add a second server in a couple of months when I have my seconds Windows 2008 R2 Domain Controller in our head office.

Installing first KMS Server

These are the steps I followed to install the KMS server. We determined that due to the number of client activations, and the capacity of our infrastructure we had no problems installing this server on our secondary domain controller. From here on we will call it DC2.

1. Log onto https://www.microsoft.com/licensing/servicecenter/ and fetch your key: “Win Srv 2008 R2 Data Ctr/Itan KMS C” – Note your key may be similar, but either way it must end in either KMS B, or KMS C.
2. On DC2 we run CMD with elevation
3. Type slmgr /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx where the last section is the Key from your volume licensing website.
4. Open “Windows Firewall with Advanced Security” via Start menu -> Administrative Tools.
5. Under Inbound Rules scroll down to “Key Management Service (TCP-In)”, right click and select enable.
6. Reboot the machine – note you can restart the Software Licensing service but I preferred to reboot it (seeing as the server was not in use for anything else)

   1	net stop sppsvc && net start sppsvc

7. Active server after reboot. This can be done via the GUI or by executing the following command from an elevated command prompt:

   1	slmgr.vbs /ato

8. Enables automatic DNS publishing by the KMS host by entering the below command in an elevated command promt. Note this should already be enabled, but just in case, we execute the command.

   1	slmgr /sdns

Now you are done installing your KMS server.Note this will provide activation for clients and/or servers depending on the KMS key you used to activate DC2. Office KMS activation will be covered in a later section.

I do recommend verifying that the SRV record in DNS is created. Note that you should have no problems with the automatic creation if you are using the vanilla install of AD and have no specific security restrictions in DNS. To verify that the DNS record has been created open up DNS and check. Refer to the screenshot below to see where it lives:

Installing Office KMS Host

As mentioned above we have determined that the one KMS box (DC2) is suitable to do all of our activations for Microsoft products, so now we have to configure the Office KMS host on DC2. To do this we do the following:

1. Log onto https://www.microsoft.com/licensing/servicecenter/ and fetch your key: “Office 2010 Suites and Apps KMS” – Note your key may be similar. If unsure speak to your Microsoft Account Manager.
2. Download the Office 2010 KMS Host License Pack from the Microsoft website:http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=97b7b710-6831-4ce5-9ff5-fdc21fe8d965. Its only 903kb so wont take too long.
3. Execute KeyManagementServiceHost.exe from your existing KMS server> In our case its DC2. Follow the prompt to finish the setup process.
4. When prompted enter the KMS key for Office 2010.

Thats it. Just as easy to setup. Now you are ready to activeate Office 2010 with KMS. to help monitor this, please refer the the section below.

Administering the KMS server

I take it now you want to see whether it works and if clients can be activated. Now i will go into administering the KMS server, which will be quite brief as there is not much to it, and is really only there to aid in troubleshooting, and to have a sticky beak when implementing it. Once its running there is no real reason to keep going in and checking up on it.

All functions to view settings and make changes are done through the already used VBS script slmgr.vbs. To see all the commands simply run slmgr from the command prompt. Note to execute changes you will need elevated command prompt. You will see the following screens:

So the most common command that i used was:

Displays license information (KMS Activation Count)

1	cscript slmgr.vbs /dli

Displays detailed license information

1	cscript slmgr.vbs /dlv all

For Office specific information you can run the below command to get the info wanted:

1	cscript slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864

Note I add cscript to the front of the command so that the output stays within the command window, this lets me output/scroll if there is a lot of data where as the usual vbs dialog crops the output.

Configuring KMS Clients

By default, Volume Licensing edition of Windows Vista, Windows 7 , Windows Server 2008, and Windows Server 2008 R2 are KMS clients. If the computers the organisation wants to activate using KMS are using any of these operating systems and the network allows DNS auto-discovery, no further configuration is needed.

If required you can configure the KMS client to connect to a specific KMS host, use a specific port and disable KMS auto-discovery.

When deploying KMS clients using WAIK you can use 2 different methods to prepare the client:

• SYSPREP – run Sysprep /generalize which will reset the activation timer along with removing SID and a few other settings. Read about this before actually using it.
• Software License Manager – run slmgr.vbs /rearm in an elevated command prompt to reset the grace period back to 30 days. Note you can only perform this 3 times in total.

You can also manually force activation of the client by using the GUI from Control Panel -> System or by running slmgr /ato.

If you want to convert MAK installations of Windows or Office to KMS, you need to change their product key, and then reactivate. Use the below keys to perform this:

Operating system edition	Product key
Windows 7
Windows 7 Professional	FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 7 Professional N	MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Windows 7 Enterprise	33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 7 Enterprise N	YDRBP-3D83W-TY26F-D46B2-XCKRJ
Windows Server 2008 R2
Windows Server 2008 R2 HPC Edition	FKJQ8-TMCVP-FRMR7-4WR42-3JCD7
Windows Server 2008 R2 Datacenter	74YFP-3QFB3-KQT8W-PMXWJ-7M648
Windows Server 2008 R2 Enterprise	489J6-VHDMP-X63PK-3K798-CPX3Y
Windows Server 2008 R2 for Itanium-Based Systems	GT63C-RJFQ3-4GMB6-BRFB9-CB83V
Windows Server 2008 R2 Standard	YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Web Server 2008 R2	6TPJF-RBVHG-WBW2R-86QPH-6RTM4

Office 2010 Suites
	Office Professional Plus 2010	VYBBJ-TRJPB-QFQRF-QFT4D-H3GVB
	Office Standard 2010	V7QKV-4XVVR-XYV4D-F7DFM-8R6BM
	Office Home and Business 2010	D6QFG-VBYP2-XQHM7-J97RH-VVRCK
Office 2010 Stand-alone products
	Access 2010	V7Y44-9T38C-R2VJK-666HK-T7DDX
	Excel 2010	H62QG-HXVKF-PP4HP-66KMR-CW9BM
	SharePoint Workspace 2010	QYYW6-QP4CB-MBV6G-HYMCJ-4T3J4
	InfoPath 2010	K96W8-67RPQ-62T9Y-J8FQJ-BT37T
	OneNote 2010	Q4Y4M-RHWJM-PY37F-MTKWH-D3XHX
	Outlook 2010	7YDC2-CWM8M-RRTJC-8MDVC-X3DWQ
	PowerPoint 2010	RC8FX-88JRY-3PF7C-X8P67-P4VTT
	Project Professional 2010	YGX6F-PGV49-PGW3J-9BTGG-VHKC6
	Project Standard 2010	4HP3K-88W3F-W2K3D-6677X-F9PGB
	Publisher 2010	BFK7F-9MYHM-V68C7-DRQ66-83YTP
	Word 2010	HVHB3-C6FV7-KQX9W-YQG79-CRY7T
Visio 2010
	Visio Premium 2010	D9DWC-HPYVV-JGF4P-BTWQB-WX8BJ
	Visio Professional 2010	7MCW8-VRQVK-G677T-PDJCM-Q8TCP
	Visio Standard 2010	767HD-QGMWX-8QTDB-9G3R2-KHFGJ

You can convert Windows and Office from MAC to KMS using the GUI available, or you can use the following commands:

Windows
To install a KMS key, type slmgr.vbs /ipk KmsKey at a command prompt.
To active online, type slmgr.vbs /ato at a command prompt.
To activate by using the telephone, type slui.exe 4 at a command prompt.

Office
To install a KMS key, type ospp.vbs /inpkey:KmsKey at a command prompt.
To active online, type ospp.vbs /act at a command prompt.

Windows Server 2008 Core – Installation and Initial Configuration

Windows Server 2008 Core – Installation and Initial Configuration

More particularly, we will see:

• the installation of the OS
• the activation of the OS
• the renaming of the server
• how to set a password on the local Administrator account
• how to join the server to a domain

I recommend you reading the Server Core Installation Option of Windows Server “Longhorn” Step-By-Step Guide for detailed information on how to setup/configure Windows Server Core. You can find the document here.

OK, so now let’s start. First of all the installation. As usual, the process is quite straightforward. Boot from the DVD, select the keyboard type

Click Install now:

Select the Server Core edition of Windows Server 2008:

 

Accept the license agreement:

As we are doing a fresh install, let’s go for the custom type:

Then we select the partition on which we want to install Server Core:

The installation is ongoing:

When the installation is over, we are welcomed by the usual screen:

Important to know: the local administrator account has no password set after the Server Core installation.

So for the first logon, we just need to specify the Administrator account without password:

After the logon, we are greeted by the command prompt:

Now that the OS is installed, we need to activate the license. To do so, first make sure that the server is connected to Internet, as the activation process requires connectivity to Microsoft Activation servers.

Then, we can invoke the slmgr.vbs script (more info here):

We even receive a confirmation pop-up:

During the installation of Server Core, the setup assigns some random computer name to the server. In my case, the name of the server was LH-BE9610E35DZJ, not really funny  . So I decided to change this to something more inline with my naming convention.

I used the command netdom renamecomputer in order to rename my server to SRO-LH-02 (SRO-LH-01 being my DC, DNS and DHCP server).

Now, let’s (try to) secure our server a bit by setting a password on the local administrator account. To do this, we can use the command net user administrator *:

The following step is to configure the network settings. When installed, Server Core is configured to use DHCP. The current DHCP-assigned IP address of the server is 192.168.200.102 (the DHCP server leases address from 192.168.200.100 to 200).

Let’s change this so that we have:

• static IP address: 192.168.200.2
• subnet mask: 255.255.255.0
• default gateway: none
• DNS server: 102.168.200.1 (we aboslutely need the DNS resolution as we will later on join the server to our domain)

First, we need to determine the index of the network card. To do this, we use the command netsh interface ipv4 show interfaces. In our example, we can see that the Local Area Connection is on Index 2.

Then we use the appropriate netsh command to set the static IP address, subnet mask and default gateway:

A little check with ipconfig:

Setting the DNS server on the interface requires the use of another netsh command:

Finally, let us join the server to our SRO-LH.local Active Directory. The command netdom join allows us to do so:

After the reboot, we are finished so far.

Install and Configure NLB (WLBS) on Windows Server 2008

Install and Configure NLB (WLBS) on Windows Server 2008

In this article I will load balance 2 servers and take you through the process step-by-step. Load Balancing takes 2 or more servers and lets them share one IP address so both servers can serve client requests. At the end of this article you should be able to configure NLB.

Gathering Information



Log onto both of the servers and run IPCONFIG /ALL from the command prompt. We need the name, domain and IP address of each server that will be in the NLB Cluster. We will also need to make up an additional name for the cluster in this example we will use SERVER-LB for the virtual cluster name.



The 2 servers we will be Load Balancing are PL2008-01 and PL2008-02. The virtual cluster name will be PL2008-V. So if this was a web server users would go to http://PL2008-V, depending how we configure NLB either PL2008-01, PL2008-02 or both servers will service the web request.

SERVER NAME                         IP ADDRESS                 TYPE


PL2008-01.pintolake.net           192.168.1.180                     Server 1

PL2008-02.pintolake.net           192.168.1.181                     Server 2

PL2008-V.pintolake.net            192.168.1.182              Virtual cluster name and IP address of Servers 1/2


In this example both servers only have one network card. If you have multiple network cards you will still be able to load balance the 2 servers. You need to configure one NIC per server for NLB, both NIC’s should be on the same VLAN and be they should able to contact each other.



PL2008-01







PL2008-02







Installation of NLB feature on all NLB nodes



This should be done on ALL NODES in the NLB Cluster. In this case we are performing this installation on PL2008-01 and PL2008-02.



Open Server Manager, you can open this several different ways in Windows Server 2008. Probably the quickest way to open Server Manager is to right click "My Computer" and choose "Manage", another way is open "Control Panel" go to "Program and Features" and select "Turn Windows features on or off". A third way to open it is "Server Manager" option under Administrative Tools.



Select "Features" from the Server Manager menu on the left

Press "Add Features"





Select the checkbox next to "Network Load Balancing"

Press "Next"





Press "Install"





Installation will proceed to install the necessary components




Installation has successes. It is highly recommended that you repeat this process on all nodes in the NLB cluster at this point before continuing with configuration



Press "Close"





NOTE: Network Load Balancing may also be installed from a command prompt with elevated privileges (right click on the command prompt in the Start menu and select Run as administrator) by running the servermanagercmd -install nlb command.
          
                   For example:

C:\Windows\system32>servermanagercmd -install nlb

......

Start Installation...

[Installation] Succeeded: [Network Load Balancing].

<100>

Success: Installation succeeded.

Configuring NLB on NODE 1 (PL2008-01)



Network Load Balanced clusters are built using the Network Load Balancing Manager which you can start from Start -> All Programs -> Administrative Tools menu or from a command prompt by executing nlbmgr.



Under the Cluster Menu option select "New"





Enter the first node in the cluster which is PL2008-01

Press "Connect"







You will have the option to choose which network adapter you want to use, the NIC should be on the same subnet as the other servers in the NLB cluster



Press "Next"





Enter the Priority ID as, 1 (each node in the NLB cluster should have a UNIQUE ID)

Make sure the correct adapter was selected under "Dedicated IP Address"

Select "Started" for the "Initial host state" (this tells NLB whether you want this node to participate in the cluster at startup)

Press "Next"





Press "Add"

Enter the Cluster IP and Subnet mask

Press "OK"





You can add multiple IP Addresses for the cluster, enter as many as you want.



Make sure the "Cluster IP addresses" are correct

Press "Next"





Select the IP Address for this cluster

Enter the NLB address "PL2008-V.pintolake.net"

Enter "Unicast" as the "Cluster operation mode"

Press "Next"





    Unicast vs Multicast
Unicast/Multicast is the way the MAC address for the Virtual IP is presented to the routers. In my experience I have almost always used Multicast, which if you use you should enter a persistent ARP entry on all upstream switches or you will not be able to ping the servers remotely.

In the unicast method:
The cluster adapters for all cluster hosts are assigned the same unicast MAC address.

The outgoing MAC address for each packet is modified, based on the cluster host’s priority setting, to prevent upstream switches from discovering that all cluster hosts have the same MAC address.

In the multicast method:
The cluster adapter for each cluster host retains the original hardware unicast MAC address (as specified by the hardware manufacture of the network adapter).

The cluster adapters for all cluster hosts are assigned a multicast MAC address.

The multicast MAC is derived from the cluster’s IP address.

Communication between cluster hosts is not affected, because each cluster host retains a unique MAC address.

Selecting the Unicast or Multicast Method of Distributing Incoming Requests http://technet.microsoft.com/en-us/library/cc782694.aspx



I am leaving all the default for the port rules; by default its set to all ports with Single affinity, which is sticky. For more information on Port Rules, see my Note below.

Press "Finish"

NOTE: Add/Edit Port Rule Settings

For most scenarios I would keep the default settings. The most important setting is probably the filtering mode. "Single" works well for most web application, it maintains a users session on one server so if the user server requests go to PL2008-01, PL2008-02 will continue to serve that request for the duration of the session.

None

You want to ensure even load balancing among cluster hosts

Client traffic is stateless (for example, HTTP traffic).

  Single

You want to ensure that requests from a specific client (IP address) are sent to the same cluster host.

Client state is maintained across TCP connections (for example, HTTPS traffic).

Class C

Client requests from a Class C IP address range (instead of a single IP address) are sent to the same cluster host.

Clients use multiple proxy servers to access the cluster, and they appear to have multiple IP addresses within the same Class C IP address range.

Client state is maintained across TCP connections (for example, HTTPS traffic).

For more information on this please see this TechNet article:



Specifying the Affinity and Load-Balancing Behavior of the Custom Port Rule http://technet.microsoft.com/en-us/library/cc759039.aspx




You should see a couple of things in the NLB Manager, this will let us know that this node successfully converged on our new PL2008-V.pintolake.net NLB Cluster



Make sure the node’s status changes to "Converged"

Make sure you see a "succeeded" message in the log window





Configuring NLB for NODE 2 (PL2008-02)


We will configure PL2008-02 from PL2008-01. If we wanted to configure this from PL2008-02 then we would need to connect to the PL2008-V cluster first then add the host to the cluster.



Right click the cluster name "PL2008-V.pintolake.net" and select "Add Host to Cluster"





Enter PL2008-02 and press "Connect"





A list of Network adapters will show up



Select the network adapter you want to use for Load Balancing

Press "Next"





This step is very important; each node in the NLB cluster should have a unique identifier. This identifier is used to identify the node in the cluster.



Enter the Priority ID as, 2 (each node in the NLB cluster should have a UNIQUE ID)

Make sure the correct adapter was selected under "Dedicated IP Address"

Select "Started" for the "Initial host state" (this tells NLB whether you want this node to participate in the cluster at startup)

Press "Next"




Press "Finish"





You should see a couple of things in the NLB Manager, this will let us know that both nodes successfully converged on our new PL2008-V.pintolake.net NLB Cluster



Make sure that both node’s status changes to "Converged"

Make sure each node has a unique "host priority" ID

Make sure each node is "started" under "initial host state"

Make sure you see a "succeeded" message in the log window for the second node



A closer look at the configuration information for this NLB cluster



Testing



Go to the command prompt and type "wlbs query", as you can see HOST 1 and HOST 2 converged successfully on the cluster. This means things are working well.

Ping each server locally and remotely

Ping the virtual IP locally and remotely – you should do this three times from each location. If you cannot ping remotely you may need to add a static ARP entry in your switches and/or routers where the host machines reside



1 – Both nodes up

2 – Node 1 down

3 – Node 2 down



NLB Documentation (from Windows Help)

Availability, scalability, and clustering technologies

Windows Server 2008 provides two clustering technologies: failover clusters and Network Load Balancing (NLB). Failover clusters primarily provide high availability; Network Load Balancing provides scalability and at the same time helps increase availability of Web-based services.

Your choice of cluster technologies (failover clusters or Network Load Balancing) depends primarily on whether the applications you run have long-running in-memory state:

Failover clusters are designed for applications that have long-running in-memory state, or that have large, frequently updated data states. These are called stateful applications, and they include database applications and messaging applications. Typical uses for failover clusters include file servers, print servers, database servers, and messaging servers.

Network Load Balancing is intended for applications that do not have long-running in-memory state. These are called stateless applications. A stateless application treats each client request as an independent operation, and therefore it can load-balance each request independently. Stateless applications often have read-only data or data that changes infrequently. Front-end Web servers, virtual private networks (VPNs), File Transfer Protocol (FTP) servers, and firewall and proxy servers typically use Network Load Balancing. Network Load Balancing clusters can also support other TCP- or UDP-based services and applications.

Network Load Balancing overview

The Network Load Balancing (NLB) service enhances the availability and scalability of Internet server applications such as those used on Web, FTP, firewall, proxy, virtual private network (VPN), and other mission-critical servers.

What are NLB clusters?

A single computer running Windows can provide a limited level of server reliability and scalable performance. However, by combining the resources of two or more computers running one of the products in Windows Server 2008 into a single virtual cluster, NLB can deliver the reliability and performance that Web servers and other mission-critical servers need.

Each host runs a separate copy of the desired server applications (such as applications for Web, FTP, and Telnet servers). NLB distributes incoming client requests across the hosts in the cluster. The load weight to be handled by each host can be configured as necessary. You can also add hosts dynamically to the cluster to handle increased load. In addition, NLB can direct all traffic to a designated single host, which is called the default host.

NLB allows all of the computers in the cluster to be addressed by the same set of cluster IP addresses, and it maintains a set of unique, dedicated IP addresses for each host. For load-balanced applications, when a host fails or goes offline, the load is automatically redistributed among the computers that are still operating. When a computer fails or goes offline unexpectedly, active connections to the failed or offline server are lost. However, if you bring a host down intentionally, you can use the drainstop command to service all active connections prior to bringing the computer offline. In any case, when it is ready, the offline computer can transparently rejoin the cluster and regain its share of the workload, which allows the other computers in the cluster to handle less traffic.

Hardware and software considerations for NLB clusters

1.NLB is installed as a standard Windows networking driver component.

2.NLB requires no hardware changes to enable and run.

3.NLB Manager enables you to create new NLB clusters and to configure and manage clusters and all of the cluster’s hosts from a single remote or local computer.

4.NLB lets clients access the cluster by using a single, logical Internet name and virtual IP address—known as the cluster IP address (it retains individual names for each computer). NLB allows multiple virtual IP addresses for multihomed servers.

Note:
In the case of virtual clusters, the servers do not need to be multihomed to have multiple virtual IP addresses.

NLB can be bound to multiple network adapters, which allows you to configure multiple independent clusters on each host. Support for multiple network adapters is different from virtual clusters in that virtual clusters allow you to configure multiple clusters on a single network adapter.



Installing the NLB feature

To use Network Load Balancing (NLB), a computer must have only TCP/IP on the adapter on which NLB is installed. Do not add any other protocols (for example, IPX) to this adapter. NLB can load balance any application or service that uses TCP/IP as its network protocol and is associated with a specific Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port.

To install and configure NLB, you must use an account that is listed in the Administrators group on each host. If you are not using an account in the Administrators group as you install and configure each host, you will be prompted to provide the logon credentials for such an account. To set up an account that NLB Manager will use by default: in NLB Manager, expand the Options menu, and then click Credentials. We recommend that this account not be used for any other purpose.

You can use Initial Configuration Tasks or Server Manager to install NLB. To install NLB, in the list of tasks, click Add features and in the list of features in the wizard, click Network Load Balancing.

Managing NLB

Server roles and features are managed by using Microsoft Management Console (MMC) snap-ins. To open the Network Load Balancing Manager snap-in, click Start, click Administrative Tools, and then click Network Load Balancing Manager. You can also open Network Load Balancing Manager by typing Nlbmgr at a command prompt.

Additional references for NLB

To learn more about NLB, you can view the Help on your server. To do this, open Network Load Balancing Manager as described in the previous section and press F1.

For deployment information for NLB, see http://go.microsoft.com/fwlink/?LinkId=87253

For instructions on how to configure NLB with Terminal Services, see http://go.microsoft.com/fwlink/?LinkId=80406

For operations information for NLB, see http://go.microsoft.com/fwlink/?LinkId=87254

For troubleshooting information for NLB, see http://go.microsoft.com/fwlink/?LinkId=87255