More on Provisioning Services and KMS
Last fall, we posted about Citrix Provisioning Services and Microsoft KMS activation. To briefly recap, here’s the issue:
- When you convert a Windows 7 OS image to a shared image for provisioning, it breaks the Microsoft license key.
- The way you deal with that is to use Microsoft’s Key Management Services (KMS) to auto-activate systems as they boot.
- A KMS server must have a minimum number of systems checking in for activation before it will activate anything (5 different server systems must check in before it will begin activating servers, and an aggregate of 25 servers and/or workstations must check in before it will begin activating workstations.)
- If your KMS server is running on Windows Server 2008 R2, both physical and virtual systems will increment the counter. If it’s running on an earlier server version, only physical systems will increment the counter.
In the comment thread of that earlier post, “Chris” stated that he was trying to use Provisioning Server to provision Windows 7 systems, but that they were not incrementing the counter on the KMS server. It turns out that he was absolutely right, and I thought this was important enough to bump the issue by writing another post rather than just going back and commenting on the older one.
It turns out that, although Provisioning Server changes the host name as systems boot, it does not change the machine ID (“CMID”). And, unfortunately, the CMID is what a KMS server looks at to determine whether a machine that’s checking in is a new one that hasn’t previously checked in. Therefore, all of your provisioned Windows 7 systems will look to the KMS server like the same system checking in over and over again, and will not continue to increment the threshold counter.
According to a blog post by Thomas Koetzing a couple of weeks ago, Citrix has told him that this will be fixed in the next release of Provisioning Services, scheduled for sometime in Q4.
Frankly, I’m pretty disappointed by this whole issue. Windows 7 has been out now for almost a year. The big push by both Citrix and Microsoft is that XenDesktop is a great way to roll out Windows 7. Provisioning Services is a must for any significant VDI deployment, because otherwise you eat up far too much of your expensive SAN storage. But yet we’re still stuck in a situation where we can’t use Provisioning Services to provision Windows 7 unless we have at least 25 physical systems checking in with our KMS server for activation. In my opinion, there is no excuse for this issue not being addressed long ago…particularly when it’s been a known issue since the release of Windows Vista.
I did find a workaround described by Kirk Kosinski in a Citrix forum post:
What I did was create a VM with VL media, sysprep and power off, convert to a template, then deploy the template 25 times and boot each VM once (a few required a reboot before contacting the KMS for whatever reason). My KMS server could then activate clients successfully, at least for a while… the activation count will decrease over time if the machine doesn’t contact the KMS server, so you will periodically need to redo this process.
The VMs don’t have to join the domain to activate so you don’t need a complicated sysprep script, just make sure to not include any license key in the script…
This strikes me as a bit of a pain, particularly when you’ve got to do it every six months or so to keep your systems alive, but it should at least work until Citrix and Microsoft get this sorted out.
But what if you already have an existing KMS server that works with an older Cirtix environment? We are trying to upgrade to use PVS 6.1, but nothing we do will keep the activation’s on the new desktops.
They all start up with message that windows will automatically activate in three days, please activate now. My KMS server sees them within ten minutes and activates them. When you restart the three day message comes back. After three days the desktops all then say license invalid, please enter new key. Any ideas? Citrix has been terrible with support for this.
Fantastic script and just what I needed. Windows does whinge at you about unlawful acts etc, but it does what it needs to. No more nursing 25 bad tempered greedy Windows 7 vms in order to prime my KMS. I do wish MS would realize what a complete PINA having to do this is for those of us using VDI.
ok the Script with Windows 7 is working fine. But noch i have to activate Microsoft Office Pro Plus,
andy idea how i can activate this via script.
Thx for your helpt.
Chris from Austria
Is that your unique product key in the code?
An easier way is to run up one Windows 7 vm then just execute this script i have created within it, It will increment the KMS counter to 25.
REM Increment KMS to 25 so it starts activating clients 🙂
REM save as a bat file.
REM Windows 7 Enterprise inbuilt KMS Client key used in this one.
set /p X=how many time do you want to run
set /a N+=1
if !N! gtr !X! goto :eof
echo your task goes here
taskkill /im sppsvc.exe /f
net stop sppsvc /y
del C:WindowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat /q
del C:WindowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat.bak /q
attrib -H C:WindowsSystem32*.C7483456-A289-439d-8115-601632D005A0
del C:WindowsSystem32*.C7483456-A289-439d-8115-601632D005A0 /q
rem net start sppsvc /y
cscript %systemroot%system32slmgr.vbs -ipk 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
cscript %systemroot%system32slmgr.vbs /ckms
cscript %systemroot%system32slmgr.vbs /ato