Skip to content

How to avoid KMS becoming a challenge in your Windows 7 deployment project

Posted by on 25 January 2012, 11:44 pm

I’ve been involved in Windows 7 deployments since the Beta came out in 2009 and before Windows 7 there was Vista, XP, Windows 2000, Windows NT and even Windows 3.11 and although over time the technology has changed the basic challenges of every migration remained the same.

If today someone asks me what I consider as being one of the top 10 challenges I’ve seen in Windows 7 deployment projects I must mention KMS. Yes despite the fact that in theory this is nothing more than just a service you install on one or two servers in your datacenter and publish an SRV resource record in DNS, this is something that keeps people busy in nearly any project I’ve been involved so far.

In today’s blog post I want to talk about some of the experiences I’ve made, provide some considerations you should take and provide some useful tips and references that will hopefully help making your KMS deployment as smooth as possible.

Challenge #1 – What is KMS?

By now you would expect that anyone who’s dealing with Microsoft technology should be familiar with the term KMS right? Well if you’re a Windows engineer or consultant who’s busy with deployments this is probably an obvious thing, but hey let’s not forget our server admin who’s been busy keeping his Windows 2003 based infrastructure alive, so that the desktop guy could deploy his Windows XP boxes or the CTO who last poked within the Windows registry on a Windows NT 4.0 box. If they haven’t read about it yet and didn’t talk to their Microsoft TAM for a while, the term KMS doesn’t ring a bell for them. So the first thing that needs to happen is to create the awareness on the topic and ensure they understand what KMS is all about.

Now sending a whole bunch of technical references won’t help at this stage, what people need is a short presentation or video. The tech guy will get to the technical documentation later anyway.

Volume Activation for Windows and Office 2010

 

Challenge #2 – Where are the KMS keys?

The next challenge is often to obtain the volume license keys to activate KMS. Many companies have downloaded their enterprise media and license keys for Windows Server 2003 and XP long time ago, getting the Windows 7 installation sources and volume license keys can cause a challenge as often it’s unclear who has the access rights to the Microsoft volume Licensing Center. And even if they then make it to the portal, in the worst case they have to find out that their current license agreement doesn’t cover Windows 7 yet, and since often new license agreements aren’t negotiated over night this can cause further delays in deployment projects. So my advice here is to look at the licensing right at the beginning of any Windows 7 deployment project.

Challenge #3 – Do we need new servers for this?

When saying “We need a KMS infrastructure for rolling out Windows 7” some people immediately get worried, as when they hear the word “infrastructure” they imagine big servers, storage….costs. Fact is, most customers are pleased to hear that they can host KMS on their existing infrastructure, given it meets the system requirements for KMS about which I talk later in more detail. So the recommendation here is to explain right at the beginning that this is not like an SQL Cluster or Exchange server, it’s basically just a “Service” or even if that is not 100% correct for non-tech people just call it an application that runs on a server.

Challenge #4 – KMS Servers already exist, they just don’t know about it

This is where I have seen most of the issues so far. On any project I was involved I advised to check for existing KMS servers within the infrastructure before deploying the new what is supposed to be the global enterprise wide KMS infrastructure. The reason for doing so is that we’ve often seen that KMS has already been deployed for the activation of Windows 2008/2008-R2 servers or Windows Vista clients. In the worst case you will find several KMS servers that are all managed by different local IT departments. Now if you are planning companywide deployments you really want to put in place a corporate managed KMS infrastructure and get rid of the locally managed ones because they will cause problems when deploying Windows 7 and Office 2010 especially if they haven’t been configured with the correct activation keys.

To identify any KMS servers that have registered themselves in DNS simply run the following command:

nslookup -type=srv _vlmcs._tcp

If locally managed KMS servers were found the high level cleanup process could look as following:

  1. Put in place the new companywide KMS infrastructure and ensure all needed KMS license keys are configured.
  2. Remove the DNS records pointing to the local KMS servers, so that new clients and servers can’t find them anymore or at change the priority and weight settings in DNS.
  3. Make sure that the existing systems that used these local KMS servers are now properly talking to the new KMS servers. (Remove or update any hard coded registry settings if such were made).

Challenge #5 Windows Server 2008 can be a showstopper

Companies that plan to deploy Windows 7 and Office 2010 must be aware that only Server 2003 and Server 2008-R2 are supported to host the KMS service. Running KMS on a Windows 2008 server is not supported and there is no patch to make it work. More details on the subject here.

Challenge #6 We got it all up and running but clients don’t activate.

Patience is required because KMS requires a minimum number of computers (physical or VM) in a network environment. The organization must have at least 5 computers to activate Windows Server 2008 R2 and at least 25 computers to activate Windows 7 clients.

If you managed to get through or avoid the previously described challenges, KMS should really be a set and forget thing, nevertheless let me share some additional hints that might become useful when troubleshooting activation problems.

Hint #1 – There is no GUI, all configurations is done using a script

On both the server and client, almost all activation related configuration is done through the slmgr.vbs script that is included on every Windows 7 and Server 2008-R2 installation. For Office 2010 there is the ospp.vbs script. To become familiar with the options, just run slmgr.vbs or ospp.vbs.

Hint #2 – it’s all in the event logs

When troubleshooting just filter on Events 12288 through 12294. More details here.

Hint #3 – Get license status with just one command

At the command prompt or start menu just type SLUI.EXE and the Windows Activation window will open and show the activation status.

clip_image002

Hint #4 – What does that error code mean?

Troubleshooting at a customer site and not time to look up the error code on the internet? Then try this:

At the command prompt type Slui.exe 0x2a <errorcode> like slui 0x2a 0xC004F00F

More details here

clip_image004

Hint #5 – for those who like WMI

Much license activation information can be accessed through WMI for both Windows and Office. For Windows look at the WMI classes SoftwareLicensingProduct and SoftwareLicensingService and for Office look for the WMI classes OfficeSoftwareProtectionProduct and OfficeSoftwareProtectionService. More details here

Finally I recommend you read the FAQ about license keys and carefully read the documentation on TechNet here. Last but not least, the good news is that in the long run we’ll get Active Directory based volume activation, but only for Windows 8 systems.

Filed under Active Directory, DNS, KMS, Office2010, Windows 7. Tagged , , , , , , ,
1 Comment

How To test if your Antivirus program is working

Posted by on 20 January 2012, 3:29 pm

I was doing some Antivirus stuff this afternoon now let me share with you how to test if your Antivirus program is working, e.g. alerts you in the event of a virus. Of course you can go to certain places on the internet where it won’t take long until you get a real virus, but that’s probably not what you want to do, so here’s a brief description how to use the “Test-Virus”.

  1. Go to the eicar (European Institute for Computer Antivirus Research) website http://www.eicar.org/86-0-Intended-use.html and read the details
  2. Open notepad and paste the content of the test file, then save the file
  3. Your Antivirus program should now bring an alert

2012-01-20 15h16_08

2012-01-20 15h16_43

Filed under Antivirus. Tagged , , , ,
Comment

Protect our rights to free speech, privacy, and prosperity

Posted by on 17 January 2012, 9:54 pm

Filed under Internet. Tagged 
Comment

ToolTip: Adding your AD stored picture to your profile picture with ADUserTile

Posted by on 16 January 2012, 12:25 pm

Back in august 2011 I wrote about a utility called AD Photo Edit which allows you to upload your personal picture into Active Directory. Today I want to share with you another utility I came across called ADUserTile.

ADUserTile checks if you have a picture stored within the Active Directory thumbnailPhoto attribute and sets that picture as your profile picture within Windows 7 so it becomes visible at the logon screen and the Windows Desktop.

2012-01-16 09h46_25

2012-01-16 09h17_41

ADUserTile is free and can be downloaded from here. Also read documentation here on how to integrate ADUserTile within a GPO so that the tool runs automatically at user logon.

Filed under Active Directory, Tools, Windows7. Tagged , , , , , , ,
Comment

Windows 8 – What’s new in the Deployment Image Servicing and Management tool (DISM)

Posted by on 14 January 2012, 1:43 pm

On my journey discovering the new features within Windows 8 I’ve come across a bunch of new options within the Deployment Image Servicing and Management Tool aka DISM. When running launching the DISM command we get an overview of all the commands and options. The blue coloured commands and options below are the new ones added compared to Windows 7. At first we see a whole new command group being added called “Generic Imaging Commands. While the Windows 7 DISM command is used to service the current running operating system or WIM images, in Windows 8 the DISM tool has been extended with commands to service VHD type images.

GENERIC IMAGING COMMANDS:

  /Get-MountedImageInfo   – Displays information about mounted WIM and VHD images.
  /Get-ImageInfo          – Displays information about images in a WIM or VHD file.
  /Commit-Image           – Saves changes to a mounted WIM or VHD image.
  /Unmount-Image          – Unmounts a mounted WIM or VHD image.
  /Mount-Image            – Mounts an image from a WIM or VHD file.
  /Remount-Image          – Recovers an orphaned image mount directory.
  /Cleanup-Mountpoints    – Deletes resources associated with mounted
                            images that are corrupt.
WIM COMMANDS:

  /List-Image             – Displays a list of the files and folders within a
                            specified image.
  /Delete-Image           – Deletes the specified volume image from a .wim file
                            with multiple volume images.
  /Split-Image            – Splits an existing .wim file into multiple read-only
                            split .wim (SWM) files.
  /Export-Image           – Exports a copy of the specified image to another file.
  /Append-Image           – Adds an additional image to a .wim file.
  /Capture-Image          – Captures an image of a drive into a new .wim file.
                            Captured directories include all subfolders and data.
  /Apply-Image            – Applies an image.
  /Get-MountedWimInfo     – Displays information about mounted WIM images.
  /Get-WimInfo            – Displays information about images in a WIM file.
  /Commit-Wim             – Saves changes to a mounted WIM image.
  /Unmount-Wim            – Unmounts a mounted WIM image.
  /Mount-Wim              – Mounts an image from a WIM file.
  /Remount-Wim            – Recovers an orphaned WIM mount directory.
  /Cleanup-Wim            – Deletes resources associated with mounted WIM
                            images that are corrupt.

IMAGE SPECIFICATIONS:

  /Online                 – Targets the running operating system.
  /Image                  – Specifies the path to the root directory of an
                            offline Windows image.

DISM OPTIONS:

  /English                – Displays command line output in English.
  /Format                 – Specifies the report output format.
  /WinDir                 – Specifies the path to the Windows directory.
  /SysDriveDir            – Specifies the path to the system-loader file named
                            BootMgr.
  /LogPath                – Specifies the logfile path.
  /LogLevel               – Specifies the output level shown in the log (1-4).
  /NoRestart              – Suppresses automatic reboots and reboot prompts.
  /Quiet                  – Suppresses all output except for error messages.
  /ScratchDir             – Specifies the path to a scratch directory.

 

Note that all of the new commands listed under “Generic Imaging commands” apply to both WIM and VHD images. In fact for WIM files you can either use the Generic command or the one listed under the WIM commands. As an example the
/Get-MountedImageInfo does the same as the /Get-MountedWimInfo command.

Under WIM Commands we see a few new commands for managing WIM files, those who have used ImageX.exe which is part of the Windows Automated Installation Kit will be familiar with these commands. Beside new top level commands and options, DISM has also been extended by various image servicing commands like for listing, removing or adding Metro Style applications  (APPX Packages) from an image but I’ll cover that one in a separate post.

If you’re dealing with images frequently I strongly recommend you familiarize yourself with the new options provided in DISM.

Filed under DISM, Windows 8. Tagged , , , , , ,
Comment

ToolTip – HTTPCopy

Posted by on 10 January 2012, 6:15 pm

HTTPCopy is a FREE standalone executable that allows you to directly copy a web file or web page locally. Rather than going to a website and download content manually, you can automate this using the HTTPCopy utility. Below you see an example I am personally using to download the Maxmind GeoLiteCity database I use for one of my blog plugins.

HTTPCOPY.EXE http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz GeoLiteCity.dat.gz

You can download HTTPCopy from here

Filed under Tools, Web. Tagged , , , , , , ,
Comment

How to Reset Windows 8 without external media

Posted by on 9 January 2012, 12:46 pm

Yesterday I’ve talked about the Windows 8 Refresh Your PC feature, today I’d like to show how you can reset Windows 8 without using external media. When performing a Reset on a Windows 8 client, you are going to run a complete fresh installation of Windows 8 without preserving any user data or settings. You would use this option before you give back your system to anyone else and want to make sure that there is no personal data or settings left on the system.

image

Like the Refresh Your PC option, the Reset your PC feature can be launched from within a running Windows or from the Recovery Console. In this example I am going to launch it from within a running Windows.

image

Now unless you have the Windows 8 installation media still inserted / attached to your system, Windows 8 is going to ask you to insert them before it can continue the process.

image

Now here’s a little trick how you can prevent Windows 8 from asking for the external media, just in case you don’t have the media available all the time.

  1. Open an elevated prompt and create a folder called C:\OSMEDIA
  2. Then copy the install.wim file from the Windows Installation media Sources folder to C:\OSMEDIA
  3. Then enter the following command:
    reagentc.exe /setosimage /path C:\OSMEDIA /target c:\Windows /Index 1
  4. you should see the following message
    image
  5. When you type reagentc.exe /info you’ll get the following result:

    Extended configuration for the Recovery Environment

    6.     Windows RE enabled:   1
        Windows RE  staged:   0
        Setup enabled:        1
        User Wim enabled:     0
        Custom Recovery Tool: 0
        WinRE.WIM directory: 
        Recovery Environment: \\?\GLOBALROOT\device\harddisk0\partition1\Recovery\9dc3306c-3af5-11e1-8249-c48e1fe82496
        BCD Id:               9dc3306c-3af5-11e1-8249-c48e1fe82496
       Os recovery image:    \\?\GLOBALROOT\device\harddisk0\partition2\OSMEDIA
        Os image index:       1
        User image:          
        User image index:     0   
        Recovery Operation:   4
        Operation Parameter: 
        Boot Key Scan Code    0×0
    REAGENTC.EXE: Operation successful

Now the next time you start the Reset Your PC feature, Windows won’t prompt you to insert the media but use the sources provided locally.

image

image

image

Hope you found this useful, stay tuned, there’s more coming.

Filed under Windows 8. Tagged , , , , , ,
Comment

The Windows 8 Refresh Your PC Feature

Posted by on 8 January 2012, 5:30 pm

As recently illustrated on the Windows 8 Build blog Windows 8 comes with new features to Reset or Refresh your PC. The Reset Feature basically triggers a complete new installation of Windows 8 without taking care of any personal data hence this option should only be used when you have your data backed up already or when you intend to hand-out the system to someone else and you want to ensure that the system doesn’t have any personal data or settings stored. The Refresh option allows you to re-install Windows 8 but it will take care of your personal data, settings and Metro Style applications e.g. once the Windows 8 operating system installation has completed the user will still have access to his data and personalization settings. Furthermore the Refresh Your PC feature allows you not just to install a clean version of Windows 8 but one that does already include some of your self-installed applications so that you don’t have to install them all from scratch again.

The Refresh Feature can be accessed in two ways, either from a running Windows by selecting the Recovery options or from the Recovery Environment.

image

image

But before you can actually use he Refresh My PC feature, you must first create a custom image that serves as the baseline when refreshing your PC. For Home Computers it’s probably best to to this right after you have completed installing your applications and customized your system to your needs. I am not sure if the Refresh Your PC feature will also be suitable for Enterprise environments where usually computers are joined to a domain and I could imagine that there might be an issue with domain authentication e.g. the computer might have to be re-joined to the domain after the system has been refreshed. (I’ll add this to my “to look at list” and might come back with this in a later post).

To create an image that will be used by the Refresh Your Computer feature, open an elevated command prompt and then enter the following commands:

mkdir C:\RIMAGE

recimg -CreateImage C:\RIMAGE

Depending on the size of your OS, installed features and applications, this process can take a while.

2012-01-08 13h28_12

As mentioned in the Windows 8 build blog, recimg.exe creates an image and then registers the image so it can be used by the Refresh Your PC feature. Since the image will be stored on the local drive make sure that you have enough disk space available. So what does registering mean? Those of you already familiar with the Windows recovery environment probably know the reagentc.exe tool that ships with the Windows operating system. When executing reagentc.exe /info on a clean machine the output is as following:

Extended configuration for the Recovery Environment

    Windows RE enabled:   1
    Windows RE  staged:   0
    Setup enabled:        0
    User Wim enabled:     0
    Custom Recovery Tool: 0
    WinRE.WIM directory: 
    Recovery Environment: \\?\GLOBALROOT\device\harddisk0\partition1\Recovery\0ded5bed-3a44-11e1-9efd-fb0fdc966529
    BCD Id:               0ded5bed-3a44-11e1-9efd-fb0fdc966529
    Os recovery image:   
    Os image index:       0
    User image:          
    User image index:     0   
    Recovery Operation:   4
    Operation Parameter: 
    Boot Key Scan Code    0×0
REAGENTC.EXE: Operation successful

When running reagentc.exe /info on a system where recimg.exe completed successfully the output looks as following:

Extended configuration for the Recovery Environment

    Windows RE enabled:   1
    Windows RE  staged:   0
    Setup enabled:        0
    User Wim enabled:     1
    Custom Recovery Tool: 0
    WinRE.WIM directory: 
    Recovery Environment: \\?\GLOBALROOT\device\harddisk0\partition1\Recovery\0ded5bed-3a44-11e1-9efd-fb0fdc966529
    BCD Id:               3f82e61a-df46-11e0-a3e7-8fbeddb01d29
    Os recovery image:   
    Os image index:       0
    User image:           \\?\GLOBALROOT\device\harddisk0\partition2\rimage
    User image index:     1   
    Recovery Operation:   4
    Operation Parameter: 
    Boot Key Scan Code    0×0
REAGENTC.EXE: Operation successful

When launching the Refresh Your PC option the system will reboot into the Recovery Environment and apply the image you’ve previously created.

2012-01-08 15h40_09

Once the system is re-installed, you’ll notice a shortcut on the Desktop called “Removed Apps”.

2012-01-08 17h02_46

The shortcut points to a HTML file that lists all the applications that you will need to re-install, this because as mentioned above and explained in detail within the Windows 8 Build blog article traditional applications, so non-Metro Style applications are not preserved when refreshing the system.

2012-01-08 17h05_12

When looking at the root of the system drive you’ll notice that (if you enable showing the hidden items) that there is a folder called $SysReset and a folder called Widnows.old. The Windows.old folder can be removed manually using the Disk Cleanup utility. The $SysReset folder is not removed but I would consider that being the case with the final release of Windows 8. 

If I consider the amount of effort I had just recently re-installing 2 of our family systems with Windows 7, this is definitely a great time saving feature and allows you to blow new life into your system that might have ended up becoming slowly over time.

Filed under Windows 8. Tagged , , , , , , ,
Comment

ToolTip: Move Mouse

Posted by on 4 January 2012, 4:15 pm

Here’s a tool that has came in handy for me during the past 3 days, so let me share this one with you. Move Mouse is a simple application that generates mouse activity. You can either move the mouse pointer, click the left mouse button, send a keystroke, or any combination of the three.

2012-01-04 16h07_43

For more details and download  go to the Codeplex project page here.

Filed under Power, Tip, Tools, Windows 7. Tagged , , , , , ,
Comment

How to prevent pending updates from installing when shutting down Windows

Posted by on 3 January 2012, 7:03 pm

The meeting should have finished since 10 minutes but they keep on talking, you look at your watch and notice that you only have a few minutes until you need to leave the office so that you catch your train. Finally the call ended and you shutdown your machine, but then you get that message “Please do not power off or unplug your machine. Installing update 1 of 5”.

2012-01-03 17h02_02

Great, that train is probably going to leave without you. Well if this situation sounds familiar to you, here’s the good news. Next time when there you’re in a hurry before clicking on the Shutdown button have a look if the Button shows the Update sign.

2012-01-03 16h58_15

The update sign indicates that Windows will install pending updates before shutting down. Now if you are in a hurry and want to prevent Windows from installing updates before shutting down, simply press Ctrl+Alt+Delete and then select Shutdown, this will prevent Windows from installing pending updates.

2012-01-03 16h58_47

You’ll never miss a train or plain because of pending Updates.

Filed under Tip, Windows7. Tagged , , , ,
Comment
« Older Entries