Announcement

Collapse
No announcement yet.

KMS SRV Records in the DNS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • KMS SRV Records in the DNS

    hey guys , I am looking for exactly Step-By-Step directions on where and what permissions I need to add the KMS server object (a group that contains the Computer object) to the DNS to be able to register a SRV record in the DNS for more then one KMS server.

    if there is one KMS server then this is not needed , but since I going to be running more then one server I need it.
    I need to know where to put the permissions (e.g on the DNS server or on the DNS Zone or on the record itself, where) and I need to know exactly what permissions needed.
    any help would be blessed.

    BTW -
    1) My KMS servers would serve both 2008 and Vista SP1.
    2) My KMS servers are running on 2003 x86 STD w/SP2
    Last edited by Akila; 2nd July 2008, 10:56.

  • #2
    Re: KMS SRV Records in the DNS

    If you have dynamic updates enabled, KMS server can register the relevant SRV records on it's own with granting additional permissions (unless the zone permissions have been changed from the defaults).
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Re: KMS SRV Records in the DNS

      by the Deployment guide it is not done automatically if you have more then one KMS server, but the problem it doesn't say where to change the permissions.

      Originally posted by Volume Activation 2.0 Deployment Guide
      KMS hosts automatically publish their existence by creating service (SRV) resource records in the DNS server. If you have only one KMS host and DDNS, no action is required for the KMS host to create the SRV record that publishes the KMS service. However, if you have more than one KMS host, only the first KMS host can create an SRV record. Subsequent KMS hosts cannot change or update SRV records unless the default permissions on the DNS server are changed.

      To complete this procedure you must have administrative rights in the domain and the KMS hosts must all belong to the same Active DirectoryŽ domain.

      To change the default SRV permissions on a Microsoft DNS server
      1. Create a global security group in Active Directory for your KMS hosts.
      2. Add each of your KMS hosts to the new security group.
      3. Set the permissions on the DNS server to allow updates by members of the KMS host security group.
      as I mentioned in the original post, I need to know where to put the permissions (e.g on the DNS server or on the DNS Zone or on the record itself, where) and so what permissions exactly is needed.
      Last edited by Akila; 6th July 2008, 13:58.

      Comment


      • #4
        Re: KMS SRV Records in the DNS

        Interesting... From what I've seen multiple KMS servers were able to register in DNS without changing ANY permissions. Have you tested it in the lab ?
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          Re: KMS SRV Records in the DNS

          I found another document that tells you where, so here it is.
          So I guess that is solved.
          Just wanted to share it with you guys in case you were wondering.

          Originally posted by Volume Activation 2.0 Planning Guide
          You need to configure the KMS host so that it has the credentials needed to create and update SRV, A, and AAAA resource records on your DDNS servers, or you need to manually create these records. The recommended solution for giving the KMS host the needed credentials is to create a security group in Active DirectoryŽ and add all KMS hosts to that group. In the Microsoft DNS server, ensure that this security group is given full control permission over the _VLMCS._TCP record on each DNS domain that will contain the KMS SRV records.
          Last edited by Akila; 7th July 2008, 09:09.

          Comment


          • #6
            Re: KMS SRV Records in the DNS

            What I've seen was that if you do not touch the permissions, you might end up with multiple _VLMCS._tcp records.
            One of my clients accidentally used KMS Server keys when activating W2K8 servers and ended up with multiple records in DNS. Luckily we caught it before those KMS servers became active (there is a minimal amount of requests KMS has to receive before it will activate a client).
            Could be that this happens only with KMS running on W2K8/Vista - have never tested KMS service on W2K3.
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment

            Working...
            X