Common Windows issues: Key Management Server activation

How–To Home

Cloud Servers

Common Windows issues: Key Management Server activation

Last updated on: 2019-12-04

Authored by: Rackspace Support

Problem: The Key Management Server (KMS) rejects periodic activation requests, and the Windows® operating system shows as unlicensed.

Cause: The two leading causes of this issue are:

Windows cannot locate the KMS.
The server’s clock differs from the KMS clock by more than four hours.

Use the steps in the following sections to resolve this issue.

Ensure that the Windows Server is configured to use the correct KMS server

Locate the appropriate KMS server in the following list:

Data center	KMS server
ORD (Chicago)	winactivate.ord1.servers.rackspacecloud.com
DFW (Dallas)	winactivate.dfw1.servers.rackspacecloud.com
IAD (Ashburn)	winactivate.iad3.servers.rackspacecloud.com
LON (London)	winactivate.lon3.servers.rackspacecloud.com
HKG (Hong Kong)	winactivate.hkg1.servers.rackspacecloud.com
SYD (Sydney)	winactivate.syd2.servers.rackspacecloud.com

Log in to your cloud server as administrator by clicking Start > All Programs > Accessories. Then, right-click Command Prompt and select Run as Administrator.
Confirm that you can ping the Rackspace KMS server by running the following command:
```
 ping kms-server-from-table-above
```
Note: If there is a reply, continue to step 3. No reply means that there is an interface, hardware, or routing issue. We recommend the following article for help resolving the issue: Update ServiceNet routes on cloud servers

Set the KMS manually within the registry:

 slmgr.vbs /skms kms-server-from-table-above:1688

Request activation from the KMS:
```
 slmgr.vbs /ato
```
Note: If you receive the error 0xC004F074 The Key Management Server (KMS) is unavailable, continue with the following steps to ensure the server clock synchronizes with the KMS clock.
If the device does not activate, the server might be set to MAK activation instead of KMS activation.

To confirm the activation method set on the device, run the following command:
```
 slmgr -dlv
```
Look for the Product Key Channel setting. Volume:GVLK means the device uses to KMS activation, Volume:MAK means the device uses to MAK activation.

The following images show sample outputs:

KMS activation output:

MAK activation output:
If your device uses MAK activation, then you should set the device back to KMS activation. First, find and take note of the appropriate KMS client setup key from Microsoft®: KMS Client Setup Keys

To find which server edition you are running, run the following command and look for the section labeled OS name:
```
 systeminfo | findstr OS
```
Example:
```
 PS C:\Users\Administrator> systeminfo | findstr OS
 OS Name:                   Microsoft Windows Server 2012 R2 Datacenter
```
Set the device to KMS activation by using the key found in the previously referenced article and entering the following command:
```
 slmgr /ipk %key%
```
Replace %key% with the key from the Microsoft® document.
To activate the device, run the below command:
```
 slmgr.vbs /ato
```

Ensure that the server clock synchronizes with the KMS clock

If step 1 above returned the error 0xC004F074 The Key Management Server (KMS) is unavailable, the time on the cloud server is drastically different than what is on the KMS.

At this point, you should configure the server to use a Network Time Protocol (NTP) time source by executing the appropriate command.

Data center	Command
ORD (Chicago)	`net stop w32time w32tm /config /manualpeerlist:time.ord1.rackspace.com /syncfromflags:MANUAL net start w32time`
DFW (Dallas)	`net stop w32time w32tm /config /manualpeerlist:time.dfw1.rackspace.com /syncfromflags:MANUAL net start w32time`
IAD (Ashburn)	`net stop w32time w32tm /config /manualpeerlist:time.iad3.rackspace.com /syncfromflags:MANUAL net start w32time`
LON (London)	`net stop w32time w32tm /config /manualpeerlist:time.lon3.rackspace.com /syncfromflags:MANUAL net start w32time`
HKG (Hong Kong)	`net stop w32time w32tm /config /manualpeerlist:time.hkg1.rackspace.com /syncfromflags:MANUAL net start w32time`
SYD (Sydney)	`net stop w32time w32tm /config /manualpeerlist:time.syd2.rackspace.com /syncfromflags:MANUAL net start w32time`

After the time synchronizes, attempt each of the following commands:
```
 w32tm /resync

 slmgr.vbs /ato
```
You must open User Datagram Protocol (UDP) port 123 to allow the sync.
Make sure your firewall allows outbound connections to Transmission Control Protocol (TCP) port 1688.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER

Cloud Servers