Поделиться через


Step 1: Review and Select Activation Methods

 

Applies To: Windows 10, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

The first step in planning for Volume Activation services in Windows starting with Windows Server 2012 is to evaluate the features and deployment models that are available for activating client computers. When you understand the differences between and advantages of these features and deployment models, move to Step 2: Evaluate Client Connectivity and use this information to assess the types of network and clients that you have. Then move to Step 3: Determine Activation Method and Product License Requirements to identify which solution is best for each group of clients.

The Volume Activation server role in Windows Server provides three methods for implementing volume activation. You can use one, two, or all three methods of volume activation. The methods you choose will depend on the size, network infrastructure, connectivity, and security requirements of your organization. The following table highlights these methods.

Task Description
1.1. Plan for Active Directory-based Activation Identify and resolve key planning issues that are associated with Active Directory-based Activation.
1.2. Plan for Key Management Services (KMS) activation Identify and resolve key planning issues that are associated with KMS activation.
1.3. Plan for Multiple Activation Key (MAK) activation Identify and resolve key planning issues that are associated with MAK activation.

When you understand your volume activation options, you choose the right combination of methods to meet your organization’s needs.

1.1 Plan for Active Directory-based Activation

Active Directory-based Activation is a role service that allows you to use Active Directory Domain Services (AD DS) to store activation objects, which can greatly simplify the task of maintaining volume activation services for a network.

With Active Directory-based Activation, any computers running operating systems starting with Windows 8 or Windows Server 2012 with a KMS client setup key (GVLK) that are connected to the domain will activate automatically and transparently during computer startup. These clients stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller.

Activation takes place after the Software Protection service starts. When the Software Protection service starts, the computer contacts AD DS automatically, receives the activation object, and activates without user intervention.

The following are planning considerations when working with Active Directory-based Activation:

  • With Active Directory-based Activation, you do not need an additional host server; your existing domain controllers can support activation clients, with the following limitations:

    • Active Directory-based Activation cannot be configured on read-only domain controllers.

    • Active Directory-based Activation cannot be used with non-Microsoft directory services.

    • AD DS must be at the Windows Server 2012 schema level to store activation objects. Domain controllers running earlier versions of Windows Server can activate clients after their schemas have been updated using the Windows Server 2012 version of Adprep.exe. For more information, see Running Adprep.exe.

      Note

      For Windows Server 2012 R2, you do not have to run Adprep.exe again; the Windows Server 2012 schema level is adequate.

  • You only need one activation object forest.

    Note

    When the client and server KMS host keys are activated within an environment, two activation objects will exist in the forest. In this case, the activation object on the server activates computers running Windows 8 or Windows Server 2012 within the forest and the client activation object is not used. There is no harm in keeping the client activation object, but it can also safely be deleted.

  • Unlike using KMS, you do not need to meet any threshold limits before clients or servers can be activated.

The following are additional planning considerations for Active Directory-based Activation.

Using Active Directory-based Activation in mixed Windows activation environments

Many organizations have elaborate volume license infrastructures to support KMS and Office installations. To add Active Directory-based Activation to these environments, administrators must assess their current implementations and determine what role Active Directory-based Activation will play in the environment.

Some considerations include how to upgrade these operating systems and applications to versions that support Active Directory-based Activation.

For environments that will run Windows 8, Windows Server 2012, or newer client or server operating systems exclusively, Active Directory-based Activation is a suitable option for activating all clients and servers, and you may be able to remove any KMS hosts from your environment.

If an environment will continue to contain earlier volume-licensed operating systems and applications, administrators need a KMS host to maintain activation status for earlier volume-licensed editions of Windows and Office in addition to enabling Active Directory-based Activation for Windows 8 and Windows Server 2012 (or newer) clients.

Using Active Directory-based Activation failover capability

There can also be advantages to maintaining more than one activation method for your environment. To understand why, consider what happens when clients need to be reactivated. The activation status of clients that are joined to the domain and activated with Active Directory-based Activation lasts for 180 days. When a reactivation event occurs on an installation, the client queries AD DS for the activation object. Client systems examine the activation object and compare it to the local edition as defined by the GVLK. If the object and GVLK match, reactivation occurs.

If the AD DS object is not reachable, clients attempt to use activation methods in the following order:

  1. Active Directory-based Activation

  2. KMS activation

  3. MAK activation

If an installation was previously activated, a successful activation event will reset the activation period to 180 days. If an activation attempt fails, activation will be attempted every seven days by default until reactivation is successful. If the full 180-day activation period expires, the activation fails, a notification is displayed to the user, and an event is logged in the Windows Application Event Log.

If Active Directory-based Activation is not available, computers that were originally activated by using Active Directory-based Activation attempt to use KMS activation, and they continue to do so until the activation is successful. The next time the computer attempts to reactivate, the client first attempts to use Active Directory-based Activation. If that attempt is successful, the client is again based on Active Directory-based Activation.

Computers that are no longer members of a domain will fail activation when the computer or Software Protection service are restarted.

1.2 Plan for Key Management Services activation

The following information outlines initial planning considerations that you need to review for Key Management Services (KMS) activation.

KMS uses a client-server model to active clients. KMS clients connect to a KMS server, called the KMS host, for activation. The KMS host must reside on your local network.

KMS hosts do not need to be dedicated servers, and KMS can be cohosted with other services. You can run a KMS host on any physical or virtual system that is running Windows 10, Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista SP1 or SP2.

A KMS host running on Windows 8, Windows 7, or Windows Vista can only activate computers running client operating systems.

The following table summarizes KMS host and client requirements for networks that include Windows Server 2012 and Windows 8 (or newer) clients.

Product key group KMS can be hosted on Note: Updates might be required on the KMS server to support activation of any of these newer clients. If you receive activation errors, check that you have the appropriate updates listed below this table. Windows editions activated by this KMS host
Volume License for Windows Server 2016 Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019
Any operating system that supports KMS, including:

Windows Server 2019 (all editions)

Windows Server 2016 (all editions)

Windows 10 LTSB (2015 and 2016)

Windows 10 Professional

Windows 10 Enterprise

Windows Server 2012 R2 (all editions)

Windows 8.1 Professional

Windows 8.1 Enterprise

Windows Server 2012 (all editions)

Windows 8 Professional

Windows 8 Enterprise

Windows 2008 R2 (all editions)

Windows 7 Professional

Windows 7 Enterprise

Windows 2008 (all editions)

Windows Vista Business

Windows Vista Enterprise
Volume license for Windows 10 Windows 7

 Windows 8

 Windows 8.1

 Windows 10
Windows 10 Professional

Windows 10 Professional N

Windows 10 Enterprise

Windows 10 Enterprise N

Windows 10 Education

Windows 10 Education N

Windows 10 Enterprise LTSB

Windows 10 Enterprise LTSB N

Windows 8.1 Professional

Windows 8.1 Enterprise

Windows 8 Professional

Windows 8 Enterprise

Windows 7 Professional

Windows 7 Enterprise

Windows Vista Business

Windows Vista Enterprise
Volume license for "Windows Server 2012 R2 for Windows 10" Windows Server 2008 R2

 Windows Server 2012 Standard

 Windows Server 2012 Datacenter

 Windows Server 2012 R2 Standard

 Windows Server 2012 R2 Datacenter
Windows 10 Professional

Windows 10 Enterprise

Windows Server 2012 R2 (all editions)

Windows 8.1 Professional

Windows 8.1 Enterprise

Windows Server 2012 (all editions)

Windows 8 Professional

Windows 8 Enterprise

Windows 2008 R2 (all editions)

Windows 7 Professional

Windows 7 Enterprise

Windows 2008 (all editions)

Windows Vista Business

Windows Vista Enterprise
Volume license for Windows 8.1 Windows Vista

Windows 7

 Windows 8

 Windows 8.1
Windows 8.1 Enterprise

 Windows 8.1 Pro

 Windows 8 Professional

 Windows 8 Enterprise

Windows 7 Professional

Windows 7 Enterprise

Windows Vista Business

Windows Vista Enterprise
Volume license for Windows Server 2012 R2 Windows Server 2008

Windows Server 2008 R2

 Windows Server 2012 Standard

 Windows Server 2012 Datacenter

 Windows Server 2012 R2 Standard

 Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 (all editions)

 Windows 8.1 Enterprise

 Windows 8.1 Pro

 Windows Server 2012 (all editions)

 Windows 8 Professional

 Windows 8 Enterprise

Windows 2008 (all editions)

Windows 2008 R2 (all editions)

Windows 7 Professional

Windows 7 Enterprise

Windows Vista Business

Windows Vista Enterprise

Note

Depending on which operating system your KMS server is running and which operating systems you want to activate, you might need to install one or more of these updates:

A single KMS host can support an unlimited number of KMS clients. If you have more than 25 clients, we recommend that you have at least two KMS hosts in case one of your KMS hosts becomes unavailable. Most organizations can operate with as few as two KMS hosts for their entire infrastructure.

Addressing KMS operational requirements

KMS can activate physical and virtual computers, but to qualify for KMS activation, a network must have a minimum number of computers (called the activation threshold). KMS clients activate only after this threshold is met. To ensure that the activation threshold is met, a KMS host counts the number of computers that are requesting activation on the network.

KMS hosts count the most recent connections. When a client or server contacts the KMS host, the host adds the machine ID to its count and then returns the current count value in its response. The client or server will activate if the count is high enough. Clients will activate if the count is 25 or higher. Servers and volume editions of Microsoft Office products will activate if the count is five or greater. The KMS only counts unique connections from the past 30 days, and only stores the 50 most recent contacts.

KMS activations are valid for 180 days, a period known as the activation validity interval. KMS clients must renew their activation by connecting to the KMS host at least once every 180 days to stay activated. By default, KMS client computers attempt to renew their activation every seven days. After a client’s activation is renewed, the activation validity interval begins again.

Addressing KMS functional requirements

KMS activation requires TCP/IP connectivity. KMS hosts and clients are configured by default to use Domain Name System (DNS). By default, KMS hosts use DNS dynamic update to automatically publish the information that KMS clients need to find and connect to them. You can accept these default settings, or if you have special network and security configuration requirements, you can manually configure KMS hosts and clients.

After the first KMS host is activated, the KMS key that is used on the first host can be used to activate up to five more KMS hosts on your network. After a KMS host is activated, administrators can reactivate the same host up to nine times with the same key.

If your organization needs more than six KMS hosts, you should request additional activations for your organization’s KMS key—for example, if you have ten physical locations under one volume licensing agreement and you want each location to have a local KMS host.

Note

To request this exception, contact your Activation Call Center. For more information, see Microsoft Volume Licensing.

Computers that are running volume licensing editions of Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008 are, by default, KMS clients with no additional configuration needed.

If you are converting a computer from a KMS host, MAK, or retail edition of Windows to a KMS client, install the applicable KMS Client Setup Key. For more information, see Appendix A: KMS Client Setup Keys.

KMS clients can locate a KMS host automatically by querying DNS for SRV records that publish the KMS service. If your network environment uses a nonstandard DNS configuration or complex DNS zoning, an administrator must manually configure a KMS client to use a specific KMS host. For more information, see Configuring KMS Clients.

1.3 Plan for Multiple Activation Key activation

The following information outlines initial considerations that you need to review for Multiple Activation Key (MAK) activation.

MAK is used for a one-time activation with activation services that are hosted by Microsoft. Each MAK key has a predetermined number of allowed activations. This number is based on your volume licensing agreements, and it does not match your organization’s exact license count. Each activation that uses a MAK with activation services that are hosted by Microsoft counts towards the activation limit.

A MAK activation is recommended for computers that rarely or never connect to the corporate network and for environments where the number of physical computers that need activation does not meet the KMS activation threshold.

Note

Computers running Windows 8 or Windows Server 2012 or newer operating systems can be converted from Active Directory-based Activation or KMS activation to MAK activation at any time. For information, see Converting KMS Clients to MAK Activation.

There are two ways to activate computers by using MAK:

  • MAK Independent: MAK Independent activation requires that each computer independently connect and activate with Microsoft over the Internet or by telephone. MAK Independent activation is best suited for computers within an organization that do not maintain a connection to the corporate network.

  • MAK Proxy: MAK Proxy activation enables a centralized activation request on behalf of multiple computers with one connection to Microsoft. MAK Proxy activation is configured by using the Volume Activation Management Tool (VAMT). MAK Proxy activation is appropriate for environments where security concerns can restrict direct access to the Internet or the corporate network. It is also suited for development and test labs that lack this connectivity.

    Note

    VAMT is a standalone application that collects activation requests from several systems then sends them, in bulk, to Microsoft. For more information, see Volume Activation Management Tool (VAMT) Overview.

MAK can be used for individual computers or with an image that can be duplicated or provided for download by using Microsoft deployment solutions. MAK can also be used on a computer that was originally configured to use KMS activation, if that computer’s activation is about to or has reached the end of its activation validity interval.

See also