More on Provisioning Services and KMS

Last fall, we posted about Citrix Provisioning Services and Microsoft KMS activation. To briefly recap, here’s the issue:

  • When you convert a Windows 7 OS image to a shared image for provisioning, it breaks the Microsoft license key.
  • The way you deal with that is to use Microsoft’s Key Management Services (KMS) to auto-activate systems as they boot.
  • A KMS server must have a minimum number of systems checking in for activation before it will activate anything (5 different server systems must check in before it will begin activating servers, and an aggregate of 25 servers and/or workstations must check in before it will begin activating workstations.)
  • If your KMS server is running on Windows Server 2008 R2, both physical and virtual systems will increment the counter. If it’s running on an earlier server version, only physical systems will increment the counter.

In the comment thread of that earlier post, “Chris” stated that he was trying to use Provisioning Server to provision Windows 7 systems, but that they were not incrementing the counter on the KMS server. It turns out that he was absolutely right, and I thought this was important enough to bump the issue by writing another post rather than just going back and commenting on the older one.

It turns out that, although Provisioning Server changes the host name as systems boot, it does not change the machine ID (“CMID”). And, unfortunately, the CMID is what a KMS server looks at to determine whether a machine that’s checking in is a new one that hasn’t previously checked in. Therefore, all of your provisioned Windows 7 systems will look to the KMS server like the same system checking in over and over again, and will not continue to increment the threshold counter.

According to a blog post by Thomas Koetzing a couple of weeks ago, Citrix has told him that this will be fixed in the next release of Provisioning Services, scheduled for sometime in Q4.

Frankly, I’m pretty disappointed by this whole issue. Windows 7 has been out now for almost a year. The big push by both Citrix and Microsoft is that XenDesktop is a great way to roll out Windows 7. Provisioning Services is a must for any significant VDI deployment, because otherwise you eat up far too much of your expensive SAN storage. But yet we’re still stuck in a situation where we can’t use Provisioning Services to provision Windows 7 unless we have at least 25 physical systems checking in with our KMS server for activation. In my opinion, there is no excuse for this issue not being addressed long ago…particularly when it’s been a known issue since the release of Windows Vista.

I did find a workaround described by Kirk Kosinski in a Citrix forum post:

What I did was create a VM with VL media, sysprep and power off, convert to a template, then deploy the template 25 times and boot each VM once (a few required a reboot before contacting the KMS for whatever reason). My KMS server could then activate clients successfully, at least for a while… the activation count will decrease over time if the machine doesn’t contact the KMS server, so you will periodically need to redo this process.

The VMs don’t have to join the domain to activate so you don’t need a complicated sysprep script, just make sure to not include any license key in the script…

This strikes me as a bit of a pain, particularly when you’ve got to do it every six months or so to keep your systems alive, but it should at least work until Citrix and Microsoft get this sorted out.

7 replies
  1. SL
    SL says:

    But what if you already have an existing KMS server that works with an older Cirtix environment? We are trying to upgrade to use PVS 6.1, but nothing we do will keep the activation’s on the new desktops.
    They all start up with message that windows will automatically activate in three days, please activate now. My KMS server sees them within ten minutes and activates them. When you restart the three day message comes back. After three days the desktops all then say license invalid, please enter new key. Any ideas? Citrix has been terrible with support for this.
    Thank you

  2. Geoff Keate
    Geoff Keate says:

    Fantastic script and just what I needed. Windows does whinge at you about unlawful acts etc, but it does what it needs to. No more nursing 25 bad tempered greedy Windows 7 vms in order to prime my KMS. I do wish MS would realize what a complete PINA having to do this is for those of us using VDI.

  3. Chris
    Chris says:


    ok the Script with Windows 7 is working fine. But noch i have to activate Microsoft Office Pro Plus,
    andy idea how i can activate this via script.

    Thx for your helpt.

    Chris from Austria

  4. Marcus
    Marcus says:

    An easier way is to run up one Windows 7 vm then just execute this script i have created within it, It will increment the KMS counter to 25.


    REM Increment KMS to 25 so it starts activating clients 🙂
    REM save as a bat file.
    REM Windows 7 Enterprise inbuilt KMS Client key used in this one.

    setLocal EnableDelayedExpansion

    set /p X=how many time do you want to run
    set /a N+=1
    if !N! gtr !X! goto :eof
    echo your task goes here
    taskkill /im sppsvc.exe /f
    net stop sppsvc /y

    del C:WindowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat /q
    del C:WindowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat.bak /q
    attrib -H C:WindowsSystem32*.C7483456-A289-439d-8115-601632D005A0
    del C:WindowsSystem32*.C7483456-A289-439d-8115-601632D005A0 /q

    rem net start sppsvc /y

    cscript %systemroot%system32slmgr.vbs -ipk 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
    cscript %systemroot%system32slmgr.vbs /ckms
    cscript %systemroot%system32slmgr.vbs /ato
    goto :loop

    Have fun



Trackbacks & Pingbacks

  1. […] There was only one problem…turning a Win7 vDisk into a Standard Image broke the Microsoft license key. The only way around that was to use Key Management Services (KMS) to auto-activate systems as they were provisioned, but there were problems in using KMS with PVS, as we’ve documented in earlier posts. […]

  2. […] In fact, my only reservation about this video is that, like just about every other discussion I’ve seen regarding Windows 7 virtualization, it doesn’t mention the Microsoft license activation issue that’s inherent in provisioning Vista and Windows 7 desktops, the need for the Microsoft Key Management Service, and the nuances of getting KMS to work properly. But we’ve pummeled that issue elsewhere in this blog. […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.