Share via

Windows Server Activation Best Practices

  • Article

UPD: Updated with the information for Windows Server 2016.

Windows Server automatic activation is very important for IaaS services. Today I'll share some best practices for Windows Server activation in Service Provider environments. These practices also can be used for Enterprise environments. And of course they can be and must be used for Cloud OS Network Platform :)

I'll use KMS and AVMA activation methods. Enterprises can also leverage Active Directory Based Activation (automatic activation of OS after joining the properly configured domain), but it is not suitable for service provider environments because tenant VMs won't join the domain of service provider.

Install KMS Servers

KMS server is a core of your Windows Server activation process. So go to VLSC site and get Windows Server 2016 Datacenter KMS C key. A good explanation why you should use Level-C key is available here. Then create a VM and install Windows Server 2016 Datacenter on it. Configure KMS server using these commands:

slmgr.vbs /ipk <yourproductkey>
slmgr.vbs /ato

Such KMS server will be able to activate Windows Server 2016 and prior versions (2003, 2008, 2012) with Datacenter, Standard of Enterprise (for Windows Server 2008) editions. For high availability, you can install additional KMS server and configure DNS-based load balancing. Windows Server 2012 R2-based KMS server won't be able to activate Windows Server 2016.

Activate Hyper-V hosts

To leverage AVMA, you need to use Windows Server 2016 or 2012 R2 Datacenter on Hyper-V hosts and Windows Server 2016 or 2012 R2 Standard/Datacenter on guest VMs. If you are using Free Hyper-V Server edition, Windows Server 2016/2012R2 Standard or Windows Server 2012 nonR2 - AVMA won't work. If you are not familiar with AVMA - it is a new way to activate Windows Server-based VMs, introduced in Windows Server 2012 R2. It's idea is simple - if Hyper-V hosts is activated, then every new Guest VM will be activated automatically. No need to configure network access to KMS server or to the internet for MAK activation. It is the best approach for service providers.

So, after the KMS servers were deployed, activate Hyper-V hosts using KMS activation.

For Windows Server 2012 R2 Datacenter use this command:
slmgr.vbs /ipk W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9
slmgr.vbs /ato

For Windows Server 2016 Datacenter use this command:
slmgr.vbs /ipk CB7KF-BWN84-R7R2Y-793K2-8XDDG
slmgr.vbs /ato

I've got this key from here. You can use this key during Windows Server Datacenter installation to skip the manual activation step.

Hyper-V hosts will try to find a KMS server in the domain, where it is joined to. If you have a separate domain for Hyper-V hosts, that is different from the domain that KMS server was deployed to, use this command to manually specify the address of KMS server before /ato command:

slmgr.vbs /skms <KMSserverDNSnameOrIPAdress>

Configure Guest VMs activation with AVMA

If you are using Windows Server 2012 R2 Datacenter Hyper-V on hosts, you can use AVMA to activate Guest VMs with Windows Server 2012 R2 Datacenter. To leverage this, just use this key in your VM templates or during the OS installation:

Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW - for Windows Server 2012 R2 Datacenter
DBGBW-NPF86-BJVTX-K3WKJ-MTB6V - for Windows Server 2012 R2 Standard

CB7KF-BWN84-R7R2Y-793K2-8XDDG - for Windows Server 2016 Datacenter
WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY - for Windows Server 2016 Standard

I've got these keys from here.

Configure Guest VMs activation with KMS

For Windows Server versions prior to 2012 R2, you'll need to use traditional KMS activation method. The same story if you are using vSphere or other hypervisor (not Windows Server 2012R2/2016 Datacenter Hyper-V).

The potential problem for service providers is that Guest OS needs access to KMS server every 180 days at least to prolong the activation, otherwise it will deactivate. And in modern IaaS services, tenants manage their virtual networks by themselves. One of the ways to achieve this is to deploy KMS Server in the DMZ and make it accessible for tenant VMs. Be sure that KMS server is not accessible externally for other users in the internet. By default, KMS server uses TCP port 1688.

When preparing a Windows Server template, run the following command before Sysprep:

slmgr.vbs /skms <KMSserverDNSnameOrIPAdress>

Remember - you don't know which DNS server your tenant will use, so if you specify a DNS name of KMS server - be sure that it is resolvable by public DNS servers. Otherwise specify IP address of KMS server to be sure that tenant VM will be able to connect. After that, use KMS keys for your templates from this page. As an example:

74YFP-3QFB3-KQT8W-PMXWJ-7M648 - for Windows Server 2008 R2 Datacenter
48HP8-DN98B-MYWDG-T2DCC-8W83P - Windows Server 2012 nonR2 Datacenter

New guest VMs will try to connect to the specified KMS server and activate using it shortly after the deployment.

That's all about Windows Server activation for service providers. Remember - if you license your hosts with Windows Server Datacenter license (which allows unlimited guest virtualization), then there is absolutely no need to install Windows Server Standard on Guest VMs.

Comments

  • Anonymous
    February 01, 2016
    The comment has been removed
  • Anonymous
    September 28, 2016
    Hi, is to activate Server 2016 on a existing 2012 R2 KMS Server a new KMS Key required? Or must be the KMS Server a WS2016?
    • Anonymous
      September 28, 2016
      No, you need to run KMS server on Windows Server 2016 to activate Windows Server 2016.
    • Anonymous
      October 07, 2016
      In the past a patch was released to allow KMS running on previous editions of windows activate the new operating systems and Office versions. I expect the same thing will happen and there will be a hotfix patch made available for previous versions of Windows Server so you can upgrade your existing Windows 2008r2 (maybe), 20012, 2012r2 machines to act as the KMS host for Windows Server 2016 KMS keys.So if they continue that trend a hotfix will likely emerge in a month or two and then you will not require a Windows 2016 server running the KMS server to do your activations. But for now, only the brand new 2016 server can accept the Windows Server 2016 KMS activation keys. If you don't want to run Windows 2016 for your KMS host you will need to wait for some future patch for the older editions.
  • Anonymous
    January 29, 2017
    First Great Article. Thank you so much for contributing to the community,If I license the datacenter edition of Windows Server 2016 Datacenter and choose to deploy it as a 2016 NANO server image, how do I activate the guest VMs to take advantage of the unlimited OSE entitlement for the license level? On GUI or core installations, I would use an AVMA key in the guest OSE, which would be activated as long as the host is activated. Nano server does not appear to be capable of activating AVMA keys. Is this correct?
    • Anonymous
      January 30, 2017
      AVMA is currently not supported on hosts running Nano Server, so KMS is the only possible option. I'll let you know when it will change.
  • Anonymous
    June 23, 2017
    when will Server 2016 Nano version be used and what is the best approach when activating 2 New Nano Servers?
    • Anonymous
      June 28, 2017
      You can activate Nano Servicer using KVM.
  • Anonymous
    November 17, 2017
    The comment has been removed