Another thought, perhaps at the time, to abandon this old KMS system and switch to Active Directory-based activation instead. It doesn`t have the minimum 25/5 operating system and no need to mess with ports, firewall rules, and all that. To enable clients, KMS uses a KMS host key. You can obtain this key from the Microsoft Volume Licensing Service Center (VLSC) Web site. By installing this key, you configure the server to act as a KMS host. Because the KMS host key from a newer version of Windows can be used to activate earlier versions of Windows, you should obtain and install only the latest KMS host key available in VLSC. Also note that the KMS host key for Windows servers can (and should) be used to enable Windows clients, so you can (and should) use a KMS host key to master them all. /sprt PortNumber Sets the TCP communication port on a KMS host. Replace PortNumber with the TCP port number that you want to use. The default value is 1688. To activate MS Office products on a KMS server, a special Microsoft Office Volume License Pack must be installed. Depending on the version of MS Office you are using, you may need to download and install a different version of volumelicensepack. Yes – You can use KMS on Windows Server 2012 R2 to activate Microsoft Office 2010.
However, Active Directory-based activation is not supported. You must allow return traffic to the client that calls the KMS server. Nothing else. The connection is established exclusively by the client, who needs to receive the answer. There are a few round trips, but everything is initiated as a client-side TCP connection and the KMS server simply responds. So, something like: Allow TCP kms-server EQ 1688 Allow TCP kms-server Also consider using Active Directory Based Activation (ADBA) to replace your old KMS server. Heloo I installed the KMS server for Office 2013 with KMS key and success, but when the client connection to the KMS server iam check the activation status on the client with this command, cscript ospp.vbs /dstatus all, key installed on the client with GVLK KBKQT-2NMXY-JJWGP-M62JB-92CD4, not with the key I have. Why this is happening for me I need to make a firewall request to open ports for KMS before implementing a KMS solution. However, the following text (Technet) led me to wonder if all communication between host and clients is done through TCP 1688. Multiple Activation Key (MAK) is another activation method for Microsoft products, including Windows and Office. Unlike KMS, MAK activation is used for one-time activation for Microsoft hosted activation services. This means that MAK does not require servers or services on your network, that is, the activation requirement approved by Microsoft servers, online or over the phone (for isolated environments that cannot connect to the Internet).
Link to registry setting to set KMS contribution outside the default value 1688 docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn502532(v=ws.11) After looking at some events and trying the command “C:WindowsSystem32>cscript slmgr.vbs /ato”, I quickly found that KMS client communication was blocked. I used TCPView .exe see which network packets were not passing and were dropped with SYN_SENT event. I am using the default configuration for KMS and TCP port 1688 has been used for communication. This traffic has been interrupted. By default, client computers use anonymous RPCs to connect to the KMS host for activation over TCP port 1688. (You can change the default port.) After establishing a TCP session with the KMS host, the client sends a single request packet. The KMS host responds with the number of activations. If the number reaches or exceeds the activation threshold for this operating system, the client is activated and the session is closed. The KMS client uses the same process for renewal requests. Communication per direction is 250 bytes. I know that the incoming port 1688 is necessary.
but I wonder which port I should open for the exit?. and I`m wondering what IP address ranges I need to set Make sure that all firewalls and routers between your client server and the KMS server allow traffic to port 1688, including Windows firewalls themselves (especially those on the KMS server). To activate a KMS client (Windows or Office), a special KMS public key must be specified – GVLK (Generic Volume License Key). After the GVLK is specified, the KMS client attempts to find an SRV record that matches the KMS server in DNS and is enabled. Make sure that the KMS client can reach the server by using the FQDN. If no DNS server is available, add a new Hosts record to enable IP resolution to FQDN KMS Server is enabled with a special enterprise CSVLK key (KMS host key) used by each Microsoft enterprise customer on the Microsoft Volume Licensing Web site (www.microsoft.com/Licensing/servicecenter/default.aspx – Log on to the website and go to the Microsoft Volume Licensing Service Center –> Licensing –> Relationship Summary -> Product Keys -> copy the KMS host key for Windows SRV 2019 DataCtr/Std KMS). The CSVLK key is specified in the KMS server settings, and the KMS server is enabled on Microsoft servers over the Internet.