KMS Authentication Guide

 


Overview

On-campus computers running Windows Enterprise or Windows Server installed using disks provided by the ITS must authenticate the OS installation using ITS’s on-campus authentication server, kms.sfsu.edu.

If the computer with Enterprise or Server is being joined to an existing Microsoft domain, the Microsoft DNS server for the domain should already have an SRV record created that will redirect OS authentication requests to kms.sfsu.edu. Authentication should take place automatically as soon as the computer is joined to the domain. Instructions describing how to create a KMS redirection SRV record for a domain to a Microsoft DNS server running Server 2003 are included in the Create SRV Records section.

Installations that are not joined to a domain should also authenticate automatically if the primary DNS server is set to 130.212.10.163 (thesun.sfsu.edu) or any DNS server that duplicates records from 130.212.10.163.

If automatic authentication does not work for any reason you can manually set the installed OS to request authentication from kms.sfsu.edu directly. Instructions describing how to manually set Vista Enterprise or Server 2008 to request authentication directly from kms.sfsu.edu are also provided Manual Authentication section below.

 


Create SRV Records

To create SRV records for Enterprise and Server KMS authentication in Microsoft Windows Server 2003 DNS tables:

  1. Log into your Windows DNS server as an administrator.
  2. Open the DNS management console using: Start | All Programs | Administrative Tools | DNS
  3. Select _tcp using the following path: DNS | (Your server name) | Forward Lookup Zones | (Your MS Domain Name) | _tcp
  4. Select Other New Records from the Action menu.
  5. Select Service Location (SRV) as the Resource Record Type, and then click on Create Record…
  6. Fill in the fields to create the SRV record as follows:
    • Service: _vlmcs
    • Protocol: _tcp (this should be the default value)
    • Priority: 0 (this should be the default value)
    • Weight: 0 (this should be the default value)
    • Port number: 1688
    • Host offering this service: kms.sfsu.edu
  7. Click OK, then click Done.
  8. Your SRV record should look like this: _vlmcs Service Location (SRV) [0][0][1688] kms.sfsu.edu
  9. If your DNS server is used for more than one Microsoft domain you need to create an SRV record within each domain.

 


Manual Authentication

Manually set Windows Vista or Windows Server 2008 to use kms.sfsu.edu to authenticate the OS installation:

  1. Log into Vista or Server 2008 using an administrative account.
  2. Open a command prompt as an administrator (right-click on the icon for a command prompt then select "Run as Administrator").
  3. If not already there, change directory into the system32 folder in your Windows folder.
  4. Run the following two commands. You should see verification that Windows has activated after the second command.
    • cscript slmgr.vbs -skms kms.sfsu.edu
    • cscript slmgr.vbs –ato
  5. Close the command prompt.