Office 2010 KMS Activiation and Case Studies

Article
01/09/2013

[Author: Fish Ge, Jennifer Zhang, Office/Project Support Team, Microsoft Asia Pacific Global Support Center]

[???: https://blogs.technet.com/b/officeasia/archive/2012/03/07/office-2010-kms.aspx ]

To avoid spread of pirate copy (including malware, virus and other security risk), Office 2010 leverages new mass activation technique: KMS and MAK. The same technique is is also used by Windows Vista/7/2008/2008 R2. MAK activation is handled by Microsoft public service, suitable for Small or Medium companies with less than 50 computers; KMS activation requires the company to host a KMS server, suitable for company with more than 50 computers. Two activation method are bound to product key within Windows and Office suites.

This article will introduce the mechanism of Office 2010 KMS activation and share two real case studies.

How to determine Office 2010 activation method?

Steps are below:

1. Start command line and navigate to Office 2010 installation path:

C:\Program Files\Microsoft Office\Office14

(32-bit PC+32-bit Office 2010, or 64-bit PC+64-bitOffice 2010)

C:\Program Files (x86)\Microsoft Office\Office14

(64-bit PC+32-bitOffice 2010)

2. Type in: cscript ospp.vbs /dstatus

3. Check LICENSE DESCRIPTION, the stringcontains KMS, then it is KMS activation; if the string contains MAK, then it is MAK activation

If you have both KMS and MAK activation products, but cannot activate using one of the techniques, you can change Office 2010 activation method by following this artile: How to use command line to change/activate MAK product key for Office 2010 installation?

KMS Activation Mechanism and Steps

Step1 is to install Office 2010 KMS Host key and actiavte KMS host server. The KMS host server can be physical or virtual server, with OS of Windows Server 2003 (Need extra patch, see here), Windows Server 2008 R2 and Windows 7. One side note is that Windows 7 KMS host can only activate Windows 7 KMS client.

After activating KMS host server, KMS service will store KMS host location using service (SRV) resource records (RR) in DNS. KMS host location will be published by Dynamic DNS, so that KMS client (computer with Office 2010 KMS activation method) can locate and connect to the host.

KMS host will keep a activation count as one criteria to activate Office 2010 client. On initial deployment, once a new Office 2010 client connects to KMS host, this count will increase. When the count reaches 5, all Office 2010 clients are activated. The count is maintained by KMS host afterwards.

In below illustration, A~C represent configuration on KMS host, 1~4 represent the way KMS host connects KMS host and activate itself. The illustration can be downloaded here:

A. Install KMS key on KMS Host using SLMGR command.

B. KMS host is activated with the KMS key using Microsoft’s Hosted Activation Services.

C. KMS Service registers SRV resource records in DNS each time it starts.

1. Discover KMS Host using registry entry. If no entry, then query DNS for KMS SRV record. KMS client will select a random KMS host from SRV provided by DNS. If the selected KMS host does not respond, KMS client will remove it from SRV record and select another KMS host randomly.

2. KSM client will connect to KMS host using anonymous RPCs over TCP with default port 1688 (it needs to be opened in firewall). After KMS client establishes TCP conversation with KMS host, KMS client will send request to KMS host to generate CMID. The request will be encrypted using AES encryption. On failure, retry—2 hours for computer in Grace, 7 days for KMS activated computer.

Note:If cached KMS host does not respond to client request to refresh activation status, KMS client will query for new KMS host in SRV record from DNS.

3. KMS host will add CMID to a table on KMS host server. Every activation request will stay 30 days in the table. When one client refreshes its activation, the CMID will be removed from the table and a new one generated (30 days life). If one KMS client does not refresh its activation within 30 days, the CMID will still be removed and activation count will reduce 1.

4. KMS host returns activation count to client.

5. KMS client evaluates activation count vs. license policy and activates itself if the activation threshold is met:

Store KMS Host product ID, intervals, and client hardware ID in license store.
On success, automatically renew activation every 7 days (default).

Futhermore, within 180 days after KMS client is activated, it needs to refresh its activation against KMS host server. Otherwise it will go into 30 days Grace Period. After Grace Period, Office 2010 Volume Licensed edition will show warning with red background in application title bar. Office 2010 Retail edition will go into Reduced Functionality Mode, that it can only view document but cannot edit.

Case study 1 (KMS host not activated)

Problem description

Need to activate Office KMS Host.

Solution

1. Download Office 2010 KMS Host License Pack

2. Upon notification, type in KMS Host key. Then continue to activate KMS host and receive error:

"An error occurred: 0x80072EE7"

3. Error 0x80072ee7 means network connectivity issue, the KMS host server may need to connect to Internet using proxy. Now if we open command line and navigate to c:\windows\system32, type in: cscript slmgr.vbs /ipk <Office 2010 KMS host key>, we can see below page with License Status showing Unlicensed:

If we need to dig down this issue we can capture Network Monitor package. But we can also use phone to activate KMS host.

4. Now in command line, navigate toc:\windows\system32, type in: cscript slmgr.vbs /dti bfe7a195-4f8f-4f0b-a622-cf13c7d16864, we will get Installation ID of Office 2010.

5. Run slui.exe 4, then call below phone number.

Note: You will be asked to provide Installation ID in phone call, please use the ID retrieved in step 4, but not the one in above picture (in red box).

6. When you hear response in the phone, type in Confirmation ID.

7. In command line, type in: cscript slmgr.vbs /atp <Confirmation ID> bfe7a195-4f8f-4f0b-a622-cf13c7d16864

8. To make sure Office 2010 KMS Host is correctly activated, type in:

cscript slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864 (only show Office 2010)

cscript slmgr.vbs /dlv all (show all KMS products, including Windows and Office)

For 1st command as example, we should see below output (License status showing Licensed):

Name: Microsoft Office 2010, KMSHost edition

Description: Microsoft Office 2010 KMS, VOLUME_KMS channel

Activation ID: bfe7a195-4f8f-4f0b-a622-cf13c7d16864

Application ID: 59a52881-a989-479d-af46-f275c6370663

Extended PID: 55041-00096-199-000004-03-1033-7600.0000-3632009

Installation ID: 008585014214769124199722184000850026888810090785321136

Processor Certificate URL: https://go.microsoft.com/fwlink/p/?LinkID=88342

Machine Certificate URL: https://go.microsoft.com/fwlink/p/?LinkID=88343

Use License URL: https://go.microsoft.com/fwlink/p/?LinkID=88345

Product Key Certificate URL: https://go.microsoft.com/fwlink/p/?LinkID=88344

Partial Product Key: RP3HH

License Status: Licensed

Remaining Windows rearm count: 1

Trusted time: 12/29/2009 1:45:54 PM

Key Management Service is enabled on this computer

Current count: 0

Listening on Port: 1688

DNS publishing enabled

KMS priority: Normal

Key Management Service cumulative requests received from clients

Total requests received: 0

Failed requests received: 0

Requests with License Status Unlicensed: 0

Requests with License Status Licensed: 0

Requests with License Status Initial grace period: 0

Requests with License Status License expired or Hardware out of tolerance: 0

Requests with License Status Non-genuine grace period: 0

Requests with License Status Notification: 0

9.Now we need to launch Office 2010 on at least 5 computers. If these KMS clients can contact KMS host, the Current count (or activation count) in step 8 output will increase. Once it reaches 5, all Office 2010 clients are activated.

Case study 2 (How to activate Office 2010 KMS client that is not in corp domain)

Problem description

Some companies have computers in different offices (or different locations) that have not joined corp domain, and need to activate Office 2010 on these computers.

Solution

The key issue here is KMS client needs to reach KMS host through IP resolution. In domain environment, DNS will automatically resolve IP addres and server name. When client machine does not join domain, it needs to reach KMS host by PING command. If PING command is sucessful, we can do below things:

1. Open command line and switch to Office 2010 installation path

C:\Program Files\Microsoft Office\Office14

(32-bit PC+32-bit Office 2010, or 64-bit PC+64-bit Office 2010)

C:\Program Files (x86)\Microsoft Office\Office14

(64-bit PC+32-bit Office 2010)

2. Specify KMS host:

cscript ospp.vbs /sethst: <IP address of KMS host>

3. Activate Office 2010:

cscript ospp.vbs /act