Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Publishing Key Management Service (KMS) to DMS

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 29-07-2008
Lee Jefferies
 
Posts: n/a
Publishing Key Management Service (KMS) to DMS

I am getting the following error.
Event id 12293

Publishing the Key Management Service (KMS) to DNS in the 'domain
name' domain failed.
Info:
hr=0x800705B4

Can anyone tell me how go correct this error.

Thanks in advance

Lee Jefferies

Reply With Quote
  #2  
Old 29-07-2008
Meinolf Weber
 
Posts: n/a
Re: Publishing Key Management Service (KMS) to DMS

Hello Lee,

Maybe this helps:

Steps for Configuring KMS Publishing to DNS

- If you are using only one KMS host, you may not need to configure any permission,
because the default behavior is to allow a computer to create an SRV record
and then update it. However, if you have more than one KMS hosts (the usual
case), the others will be unable to update the SRV record unless SRV default
permissions are changed.This procedure is an example that has been implemented
in the Microsoft environment. It is not the only way to achieve the desired
result.Detailed steps for each of the tasks are not provided, because they
may differ from one organization to another.
- If you are a domain administrator and want to delegate the ability to carry
out the following steps to others in your organization, optionally create
a security group in Active Directory and add the delegates, for example,
create a group called Key Management Service Administrators, and then delegate
permissions to manage the DNS SRV privileges to this security group. The
remainder of this procedure assumes that either a domain administrator or
delegate is performing the steps.
- Create a global security group in Active Directory that will be used for
your KMS hosts, for example, Key Management Service Group.
- Add each of your KMS hosts to this group. They must all be joined to the
same domain.
Once the first KMS host is created, it should create the SRV record. Add
each KMS host to this security group.
- If the first computer is unable to create the SRV record, it may be because
your organization has changed the default permissions. In this case, you
will need to create the SRV record manually with the name _VLMCS._TCP (service
name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes).
- Set the permissions for the SRV group to allow updates by members of the
global security group.
To automatically publish KMS in additional DNS domains
On the KMS host, create the following registry key, using regedit.exe.
Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name:
DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain
that KMS should publish to on separate lines.
Restart the Software Licensing Service and the records should be created
immediately.The application event log will contain a 12294 event for each
successfully published domain and a 12293 event for each unsuccessful domain
publishing attempt.
For the 12293 event, the failure code can be diagnosed by running the following:slui.exe
0x2a 0x



Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> 12293
>



Reply With Quote
  #3  
Old 29-07-2008
Lee Jefferies
 
Posts: n/a
Re: Publishing Key Management Service (KMS) to DMS

Meinholf _ boy you are quick...
I just too new at the server software so I have some follow up
questions. Thanks for your big big response. My questions are
imbedded in your response. I hate to be so dumb in this policy
stuff. I am trying to learn. Thanks for your patience.

Lee
On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:

>Hello Lee,
>
>Maybe this helps:
>
>Steps for Configuring KMS Publishing to DNS
>
>- If you are using only one KMS host, you may not need to configure any permission,


I don't know who is my KMS host. I have a test environment with one
domain and a vista workstation as a remote desktop.

>because the default behavior is to allow a computer to create an SRV record
>and then update it. However, if you have more than one KMS hosts (the usual
>case), the others will be unable to update the SRV record unless SRV default
>permissions are changed.This procedure is an example that has been implemented
>in the Microsoft environment. It is not the only way to achieve the desired
>result.Detailed steps for each of the tasks are not provided, because they
>may differ from one organization to another.
>- If you are a domain administrator and want to delegate the ability to carry
>out the following steps to others in your organization, optionally create
>a security group in Active Directory and add the delegates, for example,
>create a group called Key Management Service Administrators, and then delegate
>permissions to manage the DNS SRV privileges to this security group. The
>remainder of this procedure assumes that either a domain administrator or
>delegate is performing the steps.
>- Create a global security group in Active Directory that will be used for
>your KMS hosts, for example, Key Management Service Group.


Where does this group fit. I tried to put in under domain >
Computers, so I could join the hosts.
When I added a host I could not see any records

>- Add each of your KMS hosts to this group. They must all be joined to the
>same domain.
>Once the first KMS host is created, it should create the SRV record. Add
>each KMS host to this security group.
>- If the first computer is unable to create the SRV record, it may be because
>your organization has changed the default permissions. In this case, you

Nothing has been changed. We are just starting...
>will need to create the SRV record manually with the name _VLMCS._TCP (service
>name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes).
>- Set the permissions for the SRV group to allow updates by members of the
>global security group.
>To automatically publish KMS in additional DNS domains
>On the KMS host, create the following registry key, using regedit.exe.
>Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name:
>DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain
>that KMS should publish to on separate lines.
>Restart the Software Licensing Service and the records should be created
>immediately.The application event log will contain a 12294 event for each
>successfully published domain and a 12293 event for each unsuccessful domain
>publishing attempt.
>For the 12293 event, the failure code can be diagnosed by running the following:slui.exe
>0x2a 0x
>
>
>
>Best regards
>
>Meinolf Weber
>Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>no rights.
>** Please do NOT email, only reply to Newsgroups
>** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> 12293
>>

>

Reply With Quote
  #4  
Old 29-07-2008
Meinolf Weber
 
Posts: n/a
Re: Publishing Key Management Service (KMS) to DMS

Hello Lee,

The KMS host is the machine where you installed KMS. So i assume the Domain
controller. By default it should create the records itself in a single domain.
What kind of Dynamic updates are configured in your DNS zone properties?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Meinholf _ boy you are quick...
> I just too new at the server software so I have some follow up
> questions. Thanks for your big big response. My questions are
> imbedded in your response. I hate to be so dumb in this policy
> stuff. I am trying to learn. Thanks for your patience.
> Lee
> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
>> Hello Lee,
>>
>> Maybe this helps:
>>
>> Steps for Configuring KMS Publishing to DNS
>>
>> - If you are using only one KMS host, you may not need to configure
>> any permission,
>>

> I don't know who is my KMS host. I have a test environment with one
> domain and a vista workstation as a remote desktop.
>
>> because the default behavior is to allow a computer to create an SRV
>> record
>> and then update it. However, if you have more than one KMS hosts (the
>> usual
>> case), the others will be unable to update the SRV record unless SRV
>> default
>> permissions are changed.This procedure is an example that has been
>> implemented
>> in the Microsoft environment. It is not the only way to achieve the
>> desired
>> result.Detailed steps for each of the tasks are not provided, because
>> they
>> may differ from one organization to another.
>> - If you are a domain administrator and want to delegate the ability
>> to carry
>> out the following steps to others in your organization, optionally
>> create
>> a security group in Active Directory and add the delegates, for
>> example,
>> create a group called Key Management Service Administrators, and then
>> delegate
>> permissions to manage the DNS SRV privileges to this security group.
>> The
>> remainder of this procedure assumes that either a domain
>> administrator or
>> delegate is performing the steps.
>> - Create a global security group in Active Directory that will be
>> used for
>> your KMS hosts, for example, Key Management Service Group.

> Where does this group fit. I tried to put in under domain >
> Computers, so I could join the hosts.
> When I added a host I could not see any records
>> - Add each of your KMS hosts to this group. They must all be joined
>> to the
>> same domain.
>> Once the first KMS host is created, it should create the SRV record.
>> Add
>> each KMS host to this security group.
>> - If the first computer is unable to create the SRV record, it may be
>> because
>> your organization has changed the default permissions. In this case,
>> you

> Nothing has been changed. We are just starting...
>
>> will need to create the SRV record manually with the name _VLMCS._TCP
>> (service
>> name and protocol) for the domain. Set the time-to-live (TTL to 60
>> minutes).
>> - Set the permissions for the SRV group to allow updates by members
>> of the
>> global security group.
>> To automatically publish KMS in additional DNS domains
>> On the KMS host, create the following registry key, using
>> regedit.exe.
>> Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue
>> Name:
>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
>> Domain
>> that KMS should publish to on separate lines.
>> Restart the Software Licensing Service and the records should be
>> created
>> immediately.The application event log will contain a 12294 event for
>> each
>> successfully published domain and a 12293 event for each unsuccessful
>> domain
>> publishing attempt.
>> For the 12293 event, the failure code can be diagnosed by running the
>> following:slui.exe
>> 0x2a 0x
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> 12293
>>>



Reply With Quote
  #5  
Old 30-07-2008
Lee Jefferies
 
Posts: n/a
Re: Publishing Key Management Service (KMS) to DMS

Hi Meinolf,
I think I blew it. I was looking at the SOA tab of my domain
properties in DNS and I noticed that the responsible person was
'hostmaster'. I looked at my users list and that user was not
defined. I really don't remember deleting the record, but I must
have. I have tried everything all in vain. I have no idea how to
create a default user or if I can. It's beginning to look like a OS
reload. To answer your question, the Dynamic Updates were set to
'Secure'. I tried changing them to 'Secure and Unsecure' and also
'none'. Nothing helped.

If I remove the domain and recreate it shouldn't the system correct my
error?

Lee

There is a _VLMCS SVC record under the domain. I have learned a lot
going through this exercise. Thanks for your help. If you have any
further suggestions, I would certainly appreciate them.

On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
<meiweb(nospam)@gmx.de> wrote:

>Hello Lee,
>
>The KMS host is the machine where you installed KMS. So i assume the Domain
>controller. By default it should create the records itself in a single domain.
>What kind of Dynamic updates are configured in your DNS zone properties?
>
>Best regards
>
>Meinolf Weber
>Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>no rights.
>** Please do NOT email, only reply to Newsgroups
>** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Meinholf _ boy you are quick...
>> I just too new at the server software so I have some follow up
>> questions. Thanks for your big big response. My questions are
>> imbedded in your response. I hate to be so dumb in this policy
>> stuff. I am trying to learn. Thanks for your patience.
>> Lee
>> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
>>> Hello Lee,
>>>
>>> Maybe this helps:
>>>
>>> Steps for Configuring KMS Publishing to DNS
>>>
>>> - If you are using only one KMS host, you may not need to configure
>>> any permission,
>>>

>> I don't know who is my KMS host. I have a test environment with one
>> domain and a vista workstation as a remote desktop.
>>
>>> because the default behavior is to allow a computer to create an SRV
>>> record
>>> and then update it. However, if you have more than one KMS hosts (the
>>> usual
>>> case), the others will be unable to update the SRV record unless SRV
>>> default
>>> permissions are changed.This procedure is an example that has been
>>> implemented
>>> in the Microsoft environment. It is not the only way to achieve the
>>> desired
>>> result.Detailed steps for each of the tasks are not provided, because
>>> they
>>> may differ from one organization to another.
>>> - If you are a domain administrator and want to delegate the ability
>>> to carry
>>> out the following steps to others in your organization, optionally
>>> create
>>> a security group in Active Directory and add the delegates, for
>>> example,
>>> create a group called Key Management Service Administrators, and then
>>> delegate
>>> permissions to manage the DNS SRV privileges to this security group.
>>> The
>>> remainder of this procedure assumes that either a domain
>>> administrator or
>>> delegate is performing the steps.
>>> - Create a global security group in Active Directory that will be
>>> used for
>>> your KMS hosts, for example, Key Management Service Group.

>> Where does this group fit. I tried to put in under domain >
>> Computers, so I could join the hosts.
>> When I added a host I could not see any records
>>> - Add each of your KMS hosts to this group. They must all be joined
>>> to the
>>> same domain.
>>> Once the first KMS host is created, it should create the SRV record.
>>> Add
>>> each KMS host to this security group.
>>> - If the first computer is unable to create the SRV record, it may be
>>> because
>>> your organization has changed the default permissions. In this case,
>>> you

>> Nothing has been changed. We are just starting...
>>
>>> will need to create the SRV record manually with the name _VLMCS._TCP
>>> (service
>>> name and protocol) for the domain. Set the time-to-live (TTL to 60
>>> minutes).
>>> - Set the permissions for the SRV group to allow updates by members
>>> of the
>>> global security group.
>>> To automatically publish KMS in additional DNS domains
>>> On the KMS host, create the following registry key, using
>>> regedit.exe.
>>> Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue
>>> Name:
>>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
>>> Domain
>>> that KMS should publish to on separate lines.
>>> Restart the Software Licensing Service and the records should be
>>> created
>>> immediately.The application event log will contain a 12294 event for
>>> each
>>> successfully published domain and a 12293 event for each unsuccessful
>>> domain
>>> publishing attempt.
>>> For the 12293 event, the failure code can be diagnosed by running the
>>> following:slui.exe
>>> 0x2a 0x
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers
>>> no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> 12293
>>>>

>

Reply With Quote
  #6  
Old 30-07-2008
Meinolf Weber
 
Posts: n/a
Re: Publishing Key Management Service (KMS) to DMS

Hello Lee,

See here for creating the KMS record by hand, scroll down to "To manually
create a KMS SRV record in a Microsoft DNS server":
http://technet.microsoft.com/en-us/l.../cc303280.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hi Meinolf,
> I think I blew it. I was looking at the SOA tab of my domain
> properties in DNS and I noticed that the responsible person was
> 'hostmaster'. I looked at my users list and that user was not
> defined. I really don't remember deleting the record, but I must
> have. I have tried everything all in vain. I have no idea how to
> create a default user or if I can. It's beginning to look like a OS
> reload. To answer your question, the Dynamic Updates were set to
> 'Secure'. I tried changing them to 'Secure and Unsecure' and also
> 'none'. Nothing helped.
> If I remove the domain and recreate it shouldn't the system correct my
> error?
>
> Lee
>
> There is a _VLMCS SVC record under the domain. I have learned a lot
> going through this exercise. Thanks for your help. If you have any
> further suggestions, I would certainly appreciate them.
>
> On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
> <meiweb(nospam)@gmx.de> wrote:
>
>> Hello Lee,
>>
>> The KMS host is the machine where you installed KMS. So i assume the
>> Domain controller. By default it should create the records itself in
>> a single domain. What kind of Dynamic updates are configured in your
>> DNS zone properties?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Meinholf _ boy you are quick...
>>> I just too new at the server software so I have some follow up
>>> questions. Thanks for your big big response. My questions are
>>> imbedded in your response. I hate to be so dumb in this policy
>>> stuff. I am trying to learn. Thanks for your patience.
>>> Lee
>>> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
>>>> Hello Lee,
>>>>
>>>> Maybe this helps:
>>>>
>>>> Steps for Configuring KMS Publishing to DNS
>>>>
>>>> - If you are using only one KMS host, you may not need to configure
>>>> any permission,
>>>>
>>> I don't know who is my KMS host. I have a test environment with one
>>> domain and a vista workstation as a remote desktop.
>>>
>>>> because the default behavior is to allow a computer to create an
>>>> SRV
>>>> record
>>>> and then update it. However, if you have more than one KMS hosts
>>>> (the
>>>> usual
>>>> case), the others will be unable to update the SRV record unless
>>>> SRV
>>>> default
>>>> permissions are changed.This procedure is an example that has been
>>>> implemented
>>>> in the Microsoft environment. It is not the only way to achieve the
>>>> desired
>>>> result.Detailed steps for each of the tasks are not provided,
>>>> because
>>>> they
>>>> may differ from one organization to another.
>>>> - If you are a domain administrator and want to delegate the
>>>> ability
>>>> to carry
>>>> out the following steps to others in your organization, optionally
>>>> create
>>>> a security group in Active Directory and add the delegates, for
>>>> example,
>>>> create a group called Key Management Service Administrators, and
>>>> then
>>>> delegate
>>>> permissions to manage the DNS SRV privileges to this security
>>>> group.
>>>> The
>>>> remainder of this procedure assumes that either a domain
>>>> administrator or
>>>> delegate is performing the steps.
>>>> - Create a global security group in Active Directory that will be
>>>> used for
>>>> your KMS hosts, for example, Key Management Service Group.
>>> Where does this group fit. I tried to put in under domain >
>>> Computers, so I could join the hosts.
>>> When I added a host I could not see any records
>>>> - Add each of your KMS hosts to this group. They must all be joined
>>>> to the
>>>> same domain.
>>>> Once the first KMS host is created, it should create the SRV
>>>> record.
>>>> Add
>>>> each KMS host to this security group.
>>>> - If the first computer is unable to create the SRV record, it may
>>>> be
>>>> because
>>>> your organization has changed the default permissions. In this
>>>> case,
>>>> you
>>> Nothing has been changed. We are just starting...
>>>
>>>> will need to create the SRV record manually with the name
>>>> _VLMCS._TCP
>>>> (service
>>>> name and protocol) for the domain. Set the time-to-live (TTL to 60
>>>> minutes).
>>>> - Set the permissions for the SRV group to allow updates by members
>>>> of the
>>>> global security group.
>>>> To automatically publish KMS in additional DNS domains
>>>> On the KMS host, create the following registry key, using
>>>> regedit.exe.
>>>> Navigate to HKLM\SOFTWARE\Microsoft\Windows
>>>> NT\CurrentVersion\SLValue
>>>> Name:
>>>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
>>>> Domain
>>>> that KMS should publish to on separate lines.
>>>> Restart the Software Licensing Service and the records should be
>>>> created
>>>> immediately.The application event log will contain a 12294 event
>>>> for
>>>> each
>>>> successfully published domain and a 12293 event for each
>>>> unsuccessful
>>>> domain
>>>> publishing attempt.
>>>> For the 12293 event, the failure code can be diagnosed by running
>>>> the
>>>> following:slui.exe
>>>> 0x2a 0x
>>>> Best regards
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> 12293
>>>>>



Reply With Quote
  #7  
Old 30-07-2008
Lee Jefferies
 
Posts: n/a
Re: Publishing Key Management Service (KMS) to DMS

Hi Meinolf,
Thanks for the post. The KMS SRV record exists. As far as I could
tell it is correct. I finally had to go in and disable publishing the
KMS SRV record to DNS. That stopped the error I was getting, however
there is still a long delay in logging on the remote desktop. The
Event tracker shows that the winlogon process took 96 seconds. Hope
that does not translate to normal operations.

Thanks for your help.

Lee
leejefferies@yahoo.com
On Wed, 30 Jul 2008 06:21:44 +0000 (UTC), Meinolf Weber
<meiweb(nospam)@gmx.de> wrote:

>Hello Lee,
>
>See here for creating the KMS record by hand, scroll down to "To manually
>create a KMS SRV record in a Microsoft DNS server":
>http://technet.microsoft.com/en-us/l.../cc303280.aspx
>
>Best regards
>
>Meinolf Weber
>Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>no rights.
>** Please do NOT email, only reply to Newsgroups
>** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi Meinolf,
>> I think I blew it. I was looking at the SOA tab of my domain
>> properties in DNS and I noticed that the responsible person was
>> 'hostmaster'. I looked at my users list and that user was not
>> defined. I really don't remember deleting the record, but I must
>> have. I have tried everything all in vain. I have no idea how to
>> create a default user or if I can. It's beginning to look like a OS
>> reload. To answer your question, the Dynamic Updates were set to
>> 'Secure'. I tried changing them to 'Secure and Unsecure' and also
>> 'none'. Nothing helped.
>> If I remove the domain and recreate it shouldn't the system correct my
>> error?
>>
>> Lee
>>
>> There is a _VLMCS SVC record under the domain. I have learned a lot
>> going through this exercise. Thanks for your help. If you have any
>> further suggestions, I would certainly appreciate them.
>>
>> On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
>> <meiweb(nospam)@gmx.de> wrote:
>>
>>> Hello Lee,
>>>
>>> The KMS host is the machine where you installed KMS. So i assume the
>>> Domain controller. By default it should create the records itself in
>>> a single domain. What kind of Dynamic updates are configured in your
>>> DNS zone properties?
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers
>>> no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Meinholf _ boy you are quick...
>>>> I just too new at the server software so I have some follow up
>>>> questions. Thanks for your big big response. My questions are
>>>> imbedded in your response. I hate to be so dumb in this policy
>>>> stuff. I am trying to learn. Thanks for your patience.
>>>> Lee
>>>> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
>>>>> Hello Lee,
>>>>>
>>>>> Maybe this helps:
>>>>>
>>>>> Steps for Configuring KMS Publishing to DNS
>>>>>
>>>>> - If you are using only one KMS host, you may not need to configure
>>>>> any permission,
>>>>>
>>>> I don't know who is my KMS host. I have a test environment with one
>>>> domain and a vista workstation as a remote desktop.
>>>>
>>>>> because the default behavior is to allow a computer to create an
>>>>> SRV
>>>>> record
>>>>> and then update it. However, if you have more than one KMS hosts
>>>>> (the
>>>>> usual
>>>>> case), the others will be unable to update the SRV record unless
>>>>> SRV
>>>>> default
>>>>> permissions are changed.This procedure is an example that has been
>>>>> implemented
>>>>> in the Microsoft environment. It is not the only way to achieve the
>>>>> desired
>>>>> result.Detailed steps for each of the tasks are not provided,
>>>>> because
>>>>> they
>>>>> may differ from one organization to another.
>>>>> - If you are a domain administrator and want to delegate the
>>>>> ability
>>>>> to carry
>>>>> out the following steps to others in your organization, optionally
>>>>> create
>>>>> a security group in Active Directory and add the delegates, for
>>>>> example,
>>>>> create a group called Key Management Service Administrators, and
>>>>> then
>>>>> delegate
>>>>> permissions to manage the DNS SRV privileges to this security
>>>>> group.
>>>>> The
>>>>> remainder of this procedure assumes that either a domain
>>>>> administrator or
>>>>> delegate is performing the steps.
>>>>> - Create a global security group in Active Directory that will be
>>>>> used for
>>>>> your KMS hosts, for example, Key Management Service Group.
>>>> Where does this group fit. I tried to put in under domain >
>>>> Computers, so I could join the hosts.
>>>> When I added a host I could not see any records
>>>>> - Add each of your KMS hosts to this group. They must all be joined
>>>>> to the
>>>>> same domain.
>>>>> Once the first KMS host is created, it should create the SRV
>>>>> record.
>>>>> Add
>>>>> each KMS host to this security group.
>>>>> - If the first computer is unable to create the SRV record, it may
>>>>> be
>>>>> because
>>>>> your organization has changed the default permissions. In this
>>>>> case,
>>>>> you
>>>> Nothing has been changed. We are just starting...
>>>>
>>>>> will need to create the SRV record manually with the name
>>>>> _VLMCS._TCP
>>>>> (service
>>>>> name and protocol) for the domain. Set the time-to-live (TTL to 60
>>>>> minutes).
>>>>> - Set the permissions for the SRV group to allow updates by members
>>>>> of the
>>>>> global security group.
>>>>> To automatically publish KMS in additional DNS domains
>>>>> On the KMS host, create the following registry key, using
>>>>> regedit.exe.
>>>>> Navigate to HKLM\SOFTWARE\Microsoft\Windows
>>>>> NT\CurrentVersion\SLValue
>>>>> Name:
>>>>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
>>>>> Domain
>>>>> that KMS should publish to on separate lines.
>>>>> Restart the Software Licensing Service and the records should be
>>>>> created
>>>>> immediately.The application event log will contain a 12294 event
>>>>> for
>>>>> each
>>>>> successfully published domain and a 12293 event for each
>>>>> unsuccessful
>>>>> domain
>>>>> publishing attempt.
>>>>> For the 12293 event, the failure code can be diagnosed by running
>>>>> the
>>>>> following:slui.exe
>>>>> 0x2a 0x
>>>>> Best regards
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers
>>>>> no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> 12293
>>>>>>

>

Reply With Quote
  #8  
Old 30-07-2008
Meinolf Weber
 
Posts: n/a
Re: Publishing Key Management Service (KMS) to DMS

Hello Lee,

Can not complete follow your Remote desktop login. You mean from the Vista
to the server? Also i can not see what login problems has to do with the
KMS problem.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hi Meinolf,
> Thanks for the post. The KMS SRV record exists. As far as I could
> tell it is correct. I finally had to go in and disable publishing the
> KMS SRV record to DNS. That stopped the error I was getting, however
> there is still a long delay in logging on the remote desktop. The
> Event tracker shows that the winlogon process took 96 seconds. Hope
> that does not translate to normal operations.
> Thanks for your help.
>
> Lee
> leejefferies@yahoo.com
> On Wed, 30 Jul 2008 06:21:44 +0000 (UTC), Meinolf Weber
> <meiweb(nospam)@gmx.de> wrote:
>> Hello Lee,
>>
>> See here for creating the KMS record by hand, scroll down to "To
>> manually create a KMS SRV record in a Microsoft DNS server":
>> http://technet.microsoft.com/en-us/l.../cc303280.aspx
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hi Meinolf,
>>> I think I blew it. I was looking at the SOA tab of my domain
>>> properties in DNS and I noticed that the responsible person was
>>> 'hostmaster'. I looked at my users list and that user was not
>>> defined. I really don't remember deleting the record, but I must
>>> have. I have tried everything all in vain. I have no idea how to
>>> create a default user or if I can. It's beginning to look like a OS
>>> reload. To answer your question, the Dynamic Updates were set to
>>> 'Secure'. I tried changing them to 'Secure and Unsecure' and also
>>> 'none'. Nothing helped.
>>> If I remove the domain and recreate it shouldn't the system correct
>>> my
>>> error?
>>> Lee
>>>
>>> There is a _VLMCS SVC record under the domain. I have learned a lot
>>> going through this exercise. Thanks for your help. If you have any
>>> further suggestions, I would certainly appreciate them.
>>>
>>> On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
>>> <meiweb(nospam)@gmx.de> wrote:
>>>
>>>> Hello Lee,
>>>>
>>>> The KMS host is the machine where you installed KMS. So i assume
>>>> the Domain controller. By default it should create the records
>>>> itself in a single domain. What kind of Dynamic updates are
>>>> configured in your DNS zone properties?
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Meinholf _ boy you are quick...
>>>>> I just too new at the server software so I have some follow up
>>>>> questions. Thanks for your big big response. My questions are
>>>>> imbedded in your response. I hate to be so dumb in this policy
>>>>> stuff. I am trying to learn. Thanks for your patience.
>>>>> Lee
>>>>> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
>>>>>> Hello Lee,
>>>>>>
>>>>>> Maybe this helps:
>>>>>>
>>>>>> Steps for Configuring KMS Publishing to DNS
>>>>>>
>>>>>> - If you are using only one KMS host, you may not need to
>>>>>> configure any permission,
>>>>>>
>>>>> I don't know who is my KMS host. I have a test environment with
>>>>> one domain and a vista workstation as a remote desktop.
>>>>>
>>>>>> because the default behavior is to allow a computer to create an
>>>>>> SRV
>>>>>> record
>>>>>> and then update it. However, if you have more than one KMS hosts
>>>>>> (the
>>>>>> usual
>>>>>> case), the others will be unable to update the SRV record unless
>>>>>> SRV
>>>>>> default
>>>>>> permissions are changed.This procedure is an example that has
>>>>>> been
>>>>>> implemented
>>>>>> in the Microsoft environment. It is not the only way to achieve
>>>>>> the
>>>>>> desired
>>>>>> result.Detailed steps for each of the tasks are not provided,
>>>>>> because
>>>>>> they
>>>>>> may differ from one organization to another.
>>>>>> - If you are a domain administrator and want to delegate the
>>>>>> ability
>>>>>> to carry
>>>>>> out the following steps to others in your organization,
>>>>>> optionally
>>>>>> create
>>>>>> a security group in Active Directory and add the delegates, for
>>>>>> example,
>>>>>> create a group called Key Management Service Administrators, and
>>>>>> then
>>>>>> delegate
>>>>>> permissions to manage the DNS SRV privileges to this security
>>>>>> group.
>>>>>> The
>>>>>> remainder of this procedure assumes that either a domain
>>>>>> administrator or
>>>>>> delegate is performing the steps.
>>>>>> - Create a global security group in Active Directory that will be
>>>>>> used for
>>>>>> your KMS hosts, for example, Key Management Service Group.
>>>>> Where does this group fit. I tried to put in under domain >
>>>>> Computers, so I could join the hosts.
>>>>> When I added a host I could not see any records
>>>>>> - Add each of your KMS hosts to this group. They must all be
>>>>>> joined
>>>>>> to the
>>>>>> same domain.
>>>>>> Once the first KMS host is created, it should create the SRV
>>>>>> record.
>>>>>> Add
>>>>>> each KMS host to this security group.
>>>>>> - If the first computer is unable to create the SRV record, it
>>>>>> may
>>>>>> be
>>>>>> because
>>>>>> your organization has changed the default permissions. In this
>>>>>> case,
>>>>>> you
>>>>> Nothing has been changed. We are just starting...
>>>>>
>>>>>> will need to create the SRV record manually with the name
>>>>>> _VLMCS._TCP
>>>>>> (service
>>>>>> name and protocol) for the domain. Set the time-to-live (TTL to
>>>>>> 60
>>>>>> minutes).
>>>>>> - Set the permissions for the SRV group to allow updates by
>>>>>> members
>>>>>> of the
>>>>>> global security group.
>>>>>> To automatically publish KMS in additional DNS domains
>>>>>> On the KMS host, create the following registry key, using
>>>>>> regedit.exe.
>>>>>> Navigate to HKLM\SOFTWARE\Microsoft\Windows
>>>>>> NT\CurrentVersion\SLValue
>>>>>> Name:
>>>>>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
>>>>>> Domain
>>>>>> that KMS should publish to on separate lines.
>>>>>> Restart the Software Licensing Service and the records should be
>>>>>> created
>>>>>> immediately.The application event log will contain a 12294 event
>>>>>> for
>>>>>> each
>>>>>> successfully published domain and a 12293 event for each
>>>>>> unsuccessful
>>>>>> domain
>>>>>> publishing attempt.
>>>>>> For the 12293 event, the failure code can be diagnosed by running
>>>>>> the
>>>>>> following:slui.exe
>>>>>> 0x2a 0x
>>>>>> Best regards
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers
>>>>>> no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> 12293
>>>>>>>



Reply With Quote
  #9  
Old 30-07-2008
Lee Jefferies
 
Posts: n/a
Re: Publishing Key Management Service (KMS) to DMS

Hi Meinolf,
I think we have solved my error condition and I want to express my
thanks. You responded quickly and helped me a lot. Again thanks.
The Logon delay is simply the system getting to the point it can
respond properly.

Lee
On Wed, 30 Jul 2008 10:44:01 +0000 (UTC), Meinolf Weber
<meiweb(nospam)@gmx.de> wrote:

>Hello Lee,
>
>Can not complete follow your Remote desktop login. You mean from the Vista
>to the server? Also i can not see what login problems has to do with the
>KMS problem.
>
>Best regards
>
>Meinolf Weber
>Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>no rights.
>** Please do NOT email, only reply to Newsgroups
>** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi Meinolf,
>> Thanks for the post. The KMS SRV record exists. As far as I could
>> tell it is correct. I finally had to go in and disable publishing the
>> KMS SRV record to DNS. That stopped the error I was getting, however
>> there is still a long delay in logging on the remote desktop. The
>> Event tracker shows that the winlogon process took 96 seconds. Hope
>> that does not translate to normal operations.
>> Thanks for your help.
>>
>> Lee
>> leejefferies@yahoo.com
>> On Wed, 30 Jul 2008 06:21:44 +0000 (UTC), Meinolf Weber
>> <meiweb(nospam)@gmx.de> wrote:
>>> Hello Lee,
>>>
>>> See here for creating the KMS record by hand, scroll down to "To
>>> manually create a KMS SRV record in a Microsoft DNS server":
>>> http://technet.microsoft.com/en-us/l.../cc303280.aspx
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers
>>> no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Hi Meinolf,
>>>> I think I blew it. I was looking at the SOA tab of my domain
>>>> properties in DNS and I noticed that the responsible person was
>>>> 'hostmaster'. I looked at my users list and that user was not
>>>> defined. I really don't remember deleting the record, but I must
>>>> have. I have tried everything all in vain. I have no idea how to
>>>> create a default user or if I can. It's beginning to look like a OS
>>>> reload. To answer your question, the Dynamic Updates were set to
>>>> 'Secure'. I tried changing them to 'Secure and Unsecure' and also
>>>> 'none'. Nothing helped.
>>>> If I remove the domain and recreate it shouldn't the system correct
>>>> my
>>>> error?
>>>> Lee
>>>>
>>>> There is a _VLMCS SVC record under the domain. I have learned a lot
>>>> going through this exercise. Thanks for your help. If you have any
>>>> further suggestions, I would certainly appreciate them.
>>>>
>>>> On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
>>>> <meiweb(nospam)@gmx.de> wrote:
>>>>
>>>>> Hello Lee,
>>>>>
>>>>> The KMS host is the machine where you installed KMS. So i assume
>>>>> the Domain controller. By default it should create the records
>>>>> itself in a single domain. What kind of Dynamic updates are
>>>>> configured in your DNS zone properties?
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers
>>>>> no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Meinholf _ boy you are quick...
>>>>>> I just too new at the server software so I have some follow up
>>>>>> questions. Thanks for your big big response. My questions are
>>>>>> imbedded in your response. I hate to be so dumb in this policy
>>>>>> stuff. I am trying to learn. Thanks for your patience.
>>>>>> Lee
>>>>>> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
>>>>>>> Hello Lee,
>>>>>>>
>>>>>>> Maybe this helps:
>>>>>>>
>>>>>>> Steps for Configuring KMS Publishing to DNS
>>>>>>>
>>>>>>> - If you are using only one KMS host, you may not need to
>>>>>>> configure any permission,
>>>>>>>
>>>>>> I don't know who is my KMS host. I have a test environment with
>>>>>> one domain and a vista workstation as a remote desktop.
>>>>>>
>>>>>>> because the default behavior is to allow a computer to create an
>>>>>>> SRV
>>>>>>> record
>>>>>>> and then update it. However, if you have more than one KMS hosts
>>>>>>> (the
>>>>>>> usual
>>>>>>> case), the others will be unable to update the SRV record unless
>>>>>>> SRV
>>>>>>> default
>>>>>>> permissions are changed.This procedure is an example that has
>>>>>>> been
>>>>>>> implemented
>>>>>>> in the Microsoft environment. It is not the only way to achieve
>>>>>>> the
>>>>>>> desired
>>>>>>> result.Detailed steps for each of the tasks are not provided,
>>>>>>> because
>>>>>>> they
>>>>>>> may differ from one organization to another.
>>>>>>> - If you are a domain administrator and want to delegate the
>>>>>>> ability
>>>>>>> to carry
>>>>>>> out the following steps to others in your organization,
>>>>>>> optionally
>>>>>>> create
>>>>>>> a security group in Active Directory and add the delegates, for
>>>>>>> example,
>>>>>>> create a group called Key Management Service Administrators, and
>>>>>>> then
>>>>>>> delegate
>>>>>>> permissions to manage the DNS SRV privileges to this security
>>>>>>> group.
>>>>>>> The
>>>>>>> remainder of this procedure assumes that either a domain
>>>>>>> administrator or
>>>>>>> delegate is performing the steps.
>>>>>>> - Create a global security group in Active Directory that will be
>>>>>>> used for
>>>>>>> your KMS hosts, for example, Key Management Service Group.
>>>>>> Where does this group fit. I tried to put in under domain >
>>>>>> Computers, so I could join the hosts.
>>>>>> When I added a host I could not see any records
>>>>>>> - Add each of your KMS hosts to this group. They must all be
>>>>>>> joined
>>>>>>> to the
>>>>>>> same domain.
>>>>>>> Once the first KMS host is created, it should create the SRV
>>>>>>> record.
>>>>>>> Add
>>>>>>> each KMS host to this security group.
>>>>>>> - If the first computer is unable to create the SRV record, it
>>>>>>> may
>>>>>>> be
>>>>>>> because
>>>>>>> your organization has changed the default permissions. In this
>>>>>>> case,
>>>>>>> you
>>>>>> Nothing has been changed. We are just starting...
>>>>>>
>>>>>>> will need to create the SRV record manually with the name
>>>>>>> _VLMCS._TCP
>>>>>>> (service
>>>>>>> name and protocol) for the domain. Set the time-to-live (TTL to
>>>>>>> 60
>>>>>>> minutes).
>>>>>>> - Set the permissions for the SRV group to allow updates by
>>>>>>> members
>>>>>>> of the
>>>>>>> global security group.
>>>>>>> To automatically publish KMS in additional DNS domains
>>>>>>> On the KMS host, create the following registry key, using
>>>>>>> regedit.exe.
>>>>>>> Navigate to HKLM\SOFTWARE\Microsoft\Windows
>>>>>>> NT\CurrentVersion\SLValue
>>>>>>> Name:
>>>>>>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
>>>>>>> Domain
>>>>>>> that KMS should publish to on separate lines.
>>>>>>> Restart the Software Licensing Service and the records should be
>>>>>>> created
>>>>>>> immediately.The application event log will contain a 12294 event
>>>>>>> for
>>>>>>> each
>>>>>>> successfully published domain and a 12293 event for each
>>>>>>> unsuccessful
>>>>>>> domain
>>>>>>> publishing attempt.
>>>>>>> For the 12293 event, the failure code can be diagnosed by running
>>>>>>> the
>>>>>>> following:slui.exe
>>>>>>> 0x2a 0x
>>>>>>> Best regards
>>>>>>> Meinolf Weber
>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>>> and
>>>>>>> confers
>>>>>>> no rights.
>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>> ** HELP us help YOU!!!
>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>> 12293
>>>>>>>>

>

Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Publishing Key Management Service (KMS) to DMS"
Thread Thread Starter Forum Replies Last Post
What is "Office Standard 2010 Key Management Service Host" Lindberg MS Office Support 1 21-05-2010 12:24 AM
How to use Management service of Windows Bansi_WADIA Windows Software 5 07-01-2010 05:34 AM
Meet Global Management Gurus at Goa Institute of Management (GIM) Career-Minded Education Career and Job Discussions 1 09-01-2009 05:21 PM
Study Diploma in Tourism & Hospitality Management from Nanyang Institute of Management – BMA INDIA Educated Education Career and Job Discussions 0 21-11-2008 11:49 AM
Windows Management Instrumentation service problem OviYan Windows XP Support 4 23-01-2008 10:25 PM


All times are GMT +5.5. The time now is 10:07 AM.