KMS License Not in Use

KMS isn’t so bad. It is of course on the way out, to be replaced by Active Directory-based Activation in Server 2012, but KMS will stick around until all of our Server 2008 R2 machines are out of production. Given that we still manage some Windows 2003 servers (if we must), I think it’s fair to assume we’ll still be using KMS well into the next decade.

One of our clients has an environment running KMS on Windows Server 2008 R2. In June of last year, they started deploying Windows Server 2012 R2 servers. The KMS server had previously been patched to support Server 2012 and 2012 R2 KMS clients. Because no one complained in June, I had assumed that someone had activated the proper key on the KMS server to support the new version.

In December, he reported that his newest servers weren’t activating properly.

Their two most recently deployed servers were reporting activation errors. I logged into one of the machines that was reporting activation errors and ran the trusty activation command:

slmgr /ato

… and got this gem back in response:

Error: 0xC004F074
The Software Protection Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.

The first thing I do, naturally, was just to make sure my KMS server was in fact reachable from this machine. It was. Then, I started to dive into the rabbit-hole that is KMS troubleshooting:

At first blush, everything appeared to be fine. So then I refer back to the application event log, hoping against hope that the “additional information” wasn’t some weird circular reference. I found this error in the Windows Application log:

Source: Microsoft-Windows-Security-SPP
Event ID: 8198
Description:
License Activation (slui.exe) failed with the following error code:
hr=0xC004F074

You can actually see the text of the slui.exe errors with a command like this, run on a Windows machine with a GUI (i.e., not Core):

slui.exe 0x2a 0xC004F074

Which pops up a helpful “An error has occurred” window, with an optional details pane that indeed reports the exact text of the error message that we started with.

So I’ve got a KMS server that looks just fine that my new servers are complaining about.

So what’s the problem?

It turns out that the KMS server was in fact missing the proper key.

The reason I overlooked this problem in step 3 of my troubleshooting above was that the KMS server output for that channel looked valid, but had a few problem indicators that I missed.

Name: Windows Server(R), ServerDatacenter edition
Description: Windows Operating System - Windows Server(R), VOLUME_KMS_2012-R2 channel
Activation ID: abcd1234-b123-ffff-9944-aabbccddeeff
Application ID: 4321dcba-b123-ffff-9944-aabbccddeeff
Extended PID:
Installation ID:
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88342
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88343
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88345
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88344
This license is not in use.
License Status: Unlicensed
Remaining Windows rearm count: 3
Trusted time: 12/16/2015 3:05:50 PM

Key Management Service is enabled on this machine
Current count: 50
Listening on Port: 1688
DNS publishing enabled
KMS priority: Normal

Key Management Service cumulative requests received from clients
Total requests received: 19755
Failed requests received: 1372
Requests with License Status Unlicensed: 0
Requests with License Status Licensed: 18065
Requests with License Status Initial grace period: 140
Requests with License Status License expired or Hardware out of tolerance: 76
Requests with License Status Non-genuine grace period: 0
Requests with License Status Notification: 102

So what’s wrong?

  1. The Extended PID and Installation ID fields are empty. These appear to be added when a successful activation for the key is completed.
  2. There’s no “Partial product key” line.
  3. The two (glaringly obvious in retrospect) lines that report “license not in use” and “Status: Unlicensed.”

I glossed over these initially because I assumed that this state was referring to the local machine’s usage of the key, or lack thereof, as it was Server 2008 R2. My assumption was supported by the very high number of “Requests with License Status Licensed”. Finally, Google searches regarding these lines was wholly inconclusive.

As a troubleshooting step, I asked my client for their 2012 R2 KMS key. I then installed the key and performed activation (slmgr /ipk <your key here>; slmgr /ato <your activation id here>). This of course solved the problem entirely, altered the output to fix all of the issues I described above, and allowed my downstream KMS clients to activate to their heart’s content.

It’s also worth noting that when I attempted to preform the activation of the proper channel before installing the key, slmgr gave back a cryptic, yet accurate error:

Error: product not found

In retrospect, also true! Might be more useful to say something like “the activation ID you’re attempting to activate doesn’t have a product key associated with it,” but that’s just one man’s opinion.