I've found lots and lots of posts & discussion on KMS activation and troubleshooting. All of them come down to:
- making sure the client can reach the KMS server
- The KMS server has been activated with a valid KMS key
- The minimum activation request count for the type of activation requested is met.
The key challenge that most people have (based on the number of posts I've found) seems to be that last item: making sure the minimum request count is maintained.
Every solution has to do with making sure unique CMIDs (Client Machine IDs) exist on the machines making requests; the CMID is supposed to be the unique identifier for activation.
Unfortunately, I can prove in a lab environment that this is not true; some other factor is also at play. Here is the procedure to reproduce the failure:
- Provision a domain controller in an isolated forest on an isolated network (so that you don't get noise or accidental client activation from any other KMS servers)
- Provision a KMS server as a domain member in the isolated forest. Install the KMS key (slmgr.vbs /ipk {kms key}) and activate it.
- Provision a VM (any hypervisor will do) as a test client machine (server or workstation) as a domain member on the isolated domain with a generic KMS client key and OS that should successfully activate on your KMS server. Take a snapshot of the VM so you can revert back to the original state before the "rearm counter" is reduced (Vista/Windows7 and Server 2008/2008R2 only allow 3 rearms, so reverting is faster than re-provisioning).
- Attempt to activate the test machine; it will fail due to insufficient unique cached requests. This is expected because we've just started to initialize the KMS server.
- Run "slmgr.vbs /rearm"; restart as requested.
- Log in to the test system. Check the event viewer for IDs 12288 and 12289; if you don't see activation attempts, manually attempt to activate using "slmgr.vbs /ato".
- On the KMS server, check the status of the unique client cache using "slmgr.vbs /dli"; the count should be at 1 or possibly 2, depending on whether the pre-rearm CMID was captured as a unique ID.
- Repeat steps 5 & 6, checking the KMS server count after each restart. If you run out of rearms, revert the VM and repeat.
- Note the CMID logged on the KMS server to be certain a unique ID was generated with each rearm.
In repeated testing, I've had no luck with getting the count to properly increase based on the simple use of /rearm, although I can clearly see the unique CMIDs being logged on the KMS. What's up with this? What else must be "uniqueified" to get KMS to acknowledge the new client?