How to discover Office and Windows KMS hosts via DNS and remove unauthorized instances

How to discover Office and Windows KMS hosts via DNS and remove unauthorized instances

  • Comments 3
  • Likes

When troubleshooting KMS configuration and activation issues, our customers are often surprised to find unexpected Windows or Office KMS hosts in their environment.

By default, Windows and Office clients discover KMS hosts via DNS and a related _vlmcs SRV record. To determine whether a KMS client can locate a KMS host and/or whether undesired KMS hosts exist on the network, run a command line similar to the following:

nslookup -type=srv _vlmcs._tcp >%temp%\kms.txt

Review the kms.txt file. It should contain one or more entries similar to the following:

_vlmcs._tcp.contoso.com                            SRV service location:
                  priority       = 0
                  weight       = 0
                  port            = 1688
                  svr hostname   = kms-server.contoso.com

Running this nslookup command frequently reveals _vlmcs SRV entries which are tied to unauthorized Windows or Office KMS hosts.

In many cases, Windows KMS hosts may have been unintentionally set up by users who mistakenly entered a KMS host product key, rather than a Windows client product key. To remedy this issue, perform the following steps on the machine(s) in question, to replace the KMS product group key and "convert" it to a KMS or MAK client:

1) Open an elevated command prompt.
2) Run a command similar to the following:

cscript slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx   (where xxxxx-xxxxx-xxxxx-xxxxx-xxxxx is a 25 digit, Windows product key)

3) To prevent instability in the license service, the system should be restarted or the Software Protection Service should be restarted. The following command lines can be used to restart the Software Protection Service:

net stop sppsvc
net start sppsvc

4) Run a command line similar to the following to display the license information for the installed, active Windows edition:

cscript slmgr.vbs /dli

5) Using DNS Manager, in the appropriate forward lookup zone, delete the _vlmcs SRV records that exist for each machine which is not to serve as a Windows KMS host.
6) See the following articles for additional information:

Slmgr.vbs Options
http://technet.microsoft.com/en-us/library/ff793433.aspx

Windows 7 and Windows Server 2008 R2 Customer Hosted Volume Activation Guide / Deploying KMS Activation
http://technet.microsoft.com/en-us/library/ff793409.aspx

Unintentional creation of an Office KMS host is less common, because setting up an Office KMS requires a specific product key and the installation of the Microsoft Office 2010 KMS Host License Pack.

To determine whether a machine has the Office 2010 KMS Host License Pack installed and is an active Office KMS host, run a command line similar to the following:

cscript slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864

The output of a machine which has the Office 2010 KMS Host License Pack installed will resemble the following. Key items are "Partial Product Key: GB7AH" and "License Status: Licensed", which indicate that the Office 2010 KMS host key is successfully installed and activated.

Name: Microsoft Office 2010, KMSHost edition
Description: Microsoft Office 2010 KMS, VOLUME_KMS channel
Activation ID: bfe7a195-4f8f-4f0b-a622-cf13c7d16864
Application ID: 59a52881-a989-479d-af46-f275c6370663
Extended PID: 55041-00096-199-000004-03-1033-7600.0000-3632009
Installation ID: 008523674214771124199799184000850026888810090415321136
Processor Certificate URL: http://go.microsoft.com/fwlink/p/?LinkID=88342
Machine Certificate URL: http://go.microsoft.com/fwlink/p/?LinkID=88343
Use License URL: http://go.microsoft.com/fwlink/p/?LinkID=88345
Product Key Certificate URL: http://go.microsoft.com/fwlink/p/?LinkID=88344
Partial Product Key: GB7AH
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 10/16/2011 2:07:42 PM

Key Management Service is enabled on this computer
    Current count: 0
    Listening on Port: 1688
    DNS publishing enabled
    KMS priority: Normal

Perform the following steps to remove an Office KMS host in your environment:

1) Open an elevated command prompt.
2) Run a command similar to the following:

cscript slmgr.vbs /upk bfe7a195-4f8f-4f0b-a622-cf13c7d16864

 CAUTION: If the above command line is run without the Office activation ID ("bfe7a195-4f8f-4f0b-a622-cf13c7d16864"), all installed product keys are uninstalled, including those for Windows.

3) Run following command line again, to check the status of the Office KMS host:

cscript slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864

4) If the Office KMS host product key has been removed, the output will be similar to that below. Key items are "This license is not in use" and "License Status: Unlicensed".

Name: Microsoft Office 2010, KMSHost edition
Description: Microsoft Office 2010 KMS, VOLUME_KMS channel
Activation ID: bfe7a195-4f8f-4f0b-a622-cf13c7d16864
Application ID: 59a52881-a989-479d-af46-f275c6370663
Extended PID:
Installation ID:
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88342
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88343
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88345
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88344
This license is not in use.
License Status: Unlicensed
Remaining Windows rearm count: 1
Trusted time: 8/16/2011 7:49:23 AM

5) Using DNS Manager, in the appropriate forward lookup zone, delete the _vlmcs SRV records that exist for each machine which is not to serve as an Office KMS host.
6) See the following articles for additional information:

Deploy volume activation of Office 2010
http://technet.microsoft.com/en-us/library/ee624357.aspx

Troubleshoot volume activation for Office 2010
http://technet.microsoft.com/en-us/library/ee624355.aspx

Comments
  • Great post! I've come across the described situation on every customer where I've deployed MS Office 2010 so far. I've resolved the issues but had to gather information from many locations. This article makes it easier next time.

  • Very helpful, thanks!  

  • Good Stuff.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment