Tag Archive: Windows


Troubleshooting KMS

I had an interesting situation today around troubleshooting KMS and trying to figure out what was happening. I was told the server was not working at all and could not be probed from the likes the VAMT (volume activation tool) from Microsoft Corporation. Here is the steps I took to help me determine the root cause of the KMS failures.

1. Logged on to server and did a quick check on the health. This involved looking at the ip configuration, the event viewer and the task manager.

I did notice something funny with the ip configuration but nothing that would be directly related to KMS health. Event viewer was client and task manager showed nothing out of the ordinary

2. Next step was to see if KMS was indeed running and listening on the box in question

I opened a command from and issues a netstat –an |more. This command displays the connections listening on the box and one of the first entries in the list was TCP 1688 listening on All addresses. Which means it is ok and discounts my ip configuration issue in step 1

3. Next we looked at the DNS records and check the srv record by using the following command from a command prompt nslookup –type srv _vlmsc._tcp

This returned the correct server name and port.

4. Next we checked the licensing information on the KMS server to ensure it actually has something to hand out to clients. To do this I ran slmgr /dli from a command prompt and a screen pop up display license information and general statistics was shown. I saw no licenses installed. This is obviously a big problem!

5. I completed one final check, I am aware there was no license problems but I needed to know that if there was licenses could a client actually connect to port 1688 on the KMS. I logged onto a client and from a command prompt ran telnet servername 1688 and hit return. The connection was refused and highlighted a second problem to me. Since I already knew the server was listening on this port locally on the box I knew it was probably that windows firewall was activated. I checked the server configuration and the firewall was indeed turned on and the rule for KMS was disabled. I enabled the rule and reconnected successfully.

Following up I obtained license keys and installed them onto the KMS server.

From a client I ran again from the command prompt SLMGR –dlv to see if it would successfully contact the KMS server and it did

Problem solved!

Advertisements

i am adding to this script but take it and try it out for yourself…

#****************************************************************

# This script will test direct access
# it is very much work in progress and will be modified…
# at the minute this script will test which tunnel mode you are using
# i have a deep problem into teredo and will do the reset!

$useteredo = “0”
$use6to4 = “0”
$usehttps = “0”

$6to4 = netsh interface 6to4 show state
write-host “Checking to see if you are using 6to4……..”
Foreach ($6 in $6to4)
{
if ($6 -match “disabled”)
{
write-host “6to4 protocol is disabled”
write-host “You must be behind a NAT Device..”
}
else
{
$use6to4 = “1”
}

}

$teredo = netsh interface teredo show state
write-host “Checking to see if you are using teredo……..”
Foreach ($t in $teredo)
{
if ($t -match “disabled”)
{
write-host “Teredo protocol is disabled”
write-host “Your NAT Device Seems to be blocking UDP 3544”
}
else
{
$useteredo = “1”

}

}

$iphttps = netsh interface httpstunnel show interface

Foreach ($i in $iphttps)
{
 

if ($i -match “disabled”)
{
write-host “IPHTTPS protocol is disabled”

}

else
{
$usehttps = “1”

}

}

if($useteredo -eq “1”)
{
write-host “You are using Teredo”
$teredo1 = netsh interface teredo show state
$teredo2 = $teredo1 | where-object {$_ -match “Server Name”} |foreach-object {$_.Split(“:”)[1].Trim()}
$teredo3 = $teredo2.split(“(“)
Write-Host
Write-Host
Write-host “Direct Access Public Hostname is…. :” $teredo3[0]
Write-Host
Write-Host “Pinging host….” $teredo3[0]
$ping = ping $teredo3
$ping1 = $ping | Where-Object{ $_ -match “Request”}
$ping2 = $ping | Where-Object{ $_ -match “Reply”}
Write-Host
Write-Host
if ($ping1 -ne $null)
{
write-host $teredo3[0] “could not be contacted”
$noreach = 1
}
elseif ($ping2 -ne $null)
{
Write-Host $teredo3[0] “could be reached”
$noreach = 0
}

if ($noreach = 1)
{
write-host “Testing Internet Connection…..”
$testhost = “tpm.daccess.microsoft.com”
$inettest = ping $testhost
$inettest1 = $inettest | Where-Object{ $_ -match “Reply”}

if ($inettest1 -ne $null)
{
Write-Host “You have a connection to the internet!”
}
else {write-host ” you have no internet connection please check with your provider”}
}

}
elseif($use6to4 -eq “1”)
{
write-host “You are using 6to4”
}
elseif($usehttps -eq “1”)
{
write-host “You are using HTTPSTUNNEL”
}
else
{write-host “All protocols are disabled”}

#*************************************************************************************************