Tonight, I will be setting up a KMS server to activate Windows Server 2022 using Microsoft provided volume activation keys. I will be utilizing Alma Linux VM and Vlmcsd to accomplish this. Let’s begin!
Setup The Host Environment
- Give the host and IP address and hostname.
// Give the host an IP address
nmtuiThis TUI will allow you to set a static IP address and hostname. Remember, if you are joining this computer to the domain like I am, you must enter the FQDN in the hostname field. For example: KMS1.internal.domain.com.
2. Join the server to the domain.
// Join server to domain
sudo dnf install realmd oddjob oddjob-mkhomedir sssd adcli
sudo realm join -U Administrator internal.domain.com -u Administrator
// Type in domain admin password to authenticate.
// Tweak SSSD
vi /etc/sssd/sssd.conf
fallback_homedir = /home/%u
use_fully_qualified_names = False3. Install needed packages.
// Install needed packages
sudo dnf update
sudo dnf install git gcc
// Allow weak crypto
update-crypto-policies --set DEFAULT:SHA14. Install the KMS emulator.
// cd to /tmp
cd /tmp
//clone the repo
git clone https://github.com/Wind4/vlmcsd
//cd to the directory we just downloaded
cd vlmcsd
// Compile the program
make
// cd to directory where compiled application is stored
cd bin
// We need to move this compiled binary to a /usr/bin and create a systemd service so it starts automatically.
cp vlmcsd /usr/bin
touch /etc/systemd/system/kms-script.service
chmod 664 /etc/systemd/system/kms-script.service
vi /etc/systemd/system/kms-script.service
// Paste the following into this file:
[Unit]
Description=MSFT KMS Server Emulator
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/vlmcsd
RemainAfterExit=yes
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target5. Make a SELinux Exception
sudo dnf install policycoreutils-python-utils
sudo semanage fcontext -a -e /usr/bin/vlmcsd
sudo restorecon -vR /usr/bin/vlmcsd6. Open firewall ports
// Open firewall ports
sudo firewall-cmd --zone=public --permanent --add-port=1688/tcp
sudo firewall-cmd --reload7. Start the services.
//Start the services and make sure they are running
sudo systemctl daemon-reload
sudo systemctl start kms-script.service
sudo systemctl status kms-script.service
sudo systemctl enable kms-script.serviceThe service should be running!
8. Phew! The hard part is out of the way. If you’re like me you are running Microsoft Active Directory. We can push KMS keys to clients by adding a DNS record. Login to your domain controller, launch an administrator powershell and enter the following code:
// Add Windows Server DNS Record
Add-DnsServerResourceRecord -Srv -Name "_VLMCS._tcp" -ZoneName "internal.domain.com" -DomainName "10.1.81.12" -Priority 0 -Weight 0 -Port 1688Note: You’ll have to change internal.domain.com to your own domain name and 10.1.81.12 to the IP of your KMS server.
9. Let’s activate a Windows Server now! Remember: Microsoft provides KMS keys for all of their products here. They do not guard them, but if you follow this guide without paying and you get audited, you’re screwed. Now, with that secondary scary disclaimer out of the way, let’s proceed:
// Login to a Windows Server and execute the following commands. In this example, I am using Windows Server 2022. If you are using a different product, supplement the proper key from the link above.
slmgr.vbs -ipk VDYBN-27WPP-V4HQT-9VMD4-VMK7H
slmgr.vbs -skms 10.1.81.12
slmgr.vbs -atoWe’re done! Enjoy your volume activation service! If you’ve enjoyed this post, be sure to check out my other ones located here.
Start the discussion at forum.sysadminafterdark.com