Beginning in Provisioning Services 5.6 SP1, Citrix introduced a new feature designed to facilitate Key Management Services (KMS) license activation of the Operating System and of Microsoft Office installations for images streamed in Standard (Read-only) mode. In this blog post, we’ll attempt to remove some of the mystery surrounding the implementation of the KMS license activation feature in Provisioning Services.
A. Why is the PVS KMS feature needed?
B. Prerequisites and Planning
C. Important tips regarding KMS and PVS images
D. Why would I run the /Ato or the /Act command?
A. Why Is The PVS KMS Feature Needed?
The Microsoft KMS host machine identifies KMS clients with a unique Client Machine ID (CMID).
For a KMS client to successfully activate, the KMS host needs to meet a threshold, which is a minimum count for KMS clients. Once a KMS host records a count which meets or exceeds threshold, KMS clients will begin to activate successfully.
Each unique CMID recorded by KMS host adds towards the count threshold for KMS clients. Each unique CMID record is retained by the KMS host for a maximum of 30 days after the last activation request with that CMID.
Within PVS, when we deploy a single image to be used by multiple machines, the image has to be prepared so that each machine presents itself to the KMS host Server as a separate entity, as this will ensure minimum threshold count on KMS host machine is maintained.
The image preparation is the main and the only responsibility of the Citrix PVS KMS feature, the license activation process remains a function of Microsoft. This preparation is done by going through a specific set of steps, completed on both the PVS Targets and the Server, which must be done in the proper order, which will ensure unique CMID generation on Microsoft product start-up.
Note: Duplicate CMID only impacts on KMS host machine count of client machines. Once KMS host meets minimum threshold, KMS clients will activate regardless of CMID being unique for a subset of specific machines or not.
B. Prerequisites and Planning
- The Stream/SOAP service account is used in the image preparation process for unique CMID generation, so it’s important to make sure that proper permissions are configured prior to beginning the process:
- The Stream/SOAP service account has to be a domain user which is a member of the local administrator’s group on the PVS Servers in that farm.
- For KMS based images, Network Service cannot be used for Stream/SOAP Service account
- Before running the Rearm command, either for the first time or as a troubleshooting step, verify the Rearm count on the OS by running slmgr /dlv from a command prompt.
Important note: If you run out of rearms, activating by using a KMS host lets you rearm once. This ensures that once administrators can activate a KMS client, they will be able to issue a rearm. Example: A KMS client with a rearm count of 1: Issue a rearm using the remaining single rearm, and reboot. On reboot once the KMS client activates, the rearm count will return to a count of 1.
C. Important Tips Regarding KMS and PVS Images
As mentioned earlier, following the specific order of steps is crucial for unique CMID generation. The Knowledge Base article: http://support.citrix.com/article/CTX128276 provides guidance and the specific steps, including their order of operation, necessary to successfully prepare provisioned images for unique CMID generation, which ensures KMS host machines retain sufficient KMS client count for KMS clients to activate.
- Order of steps: Here are some examples from the KB article where skipping a step or doing the steps out of order may appear harmless but will cause activation failures:
- Office KMS activation is reporting a unique CMID however the Operating System itself is not reporting unique CMID. Regardless of the CMID status of Office, to ensure that the OS is properly prepared for unique CMID generation, the rearm command has to be run for both Office and the OS. Further details can be found in Scenario 1 of the article.
- Any time Volume licensing needs to be changed-from ‘None’ to ‘KMS’ or vice versa- it has to be done prior to changing the vDisk mode.
- Changing the Microsoft Volume license tab: After the image is activated and the volume license type is set to KMS in the PVS console, it must remain that license type for that image unless you are troubleshooting a KMS issue or there is a change in that image which requires the KMS option to be changed (e.g. Office install).
- Updating an image: Unless it’s an Office installation being updated, this doesn’t require a Rearm to be performed.
- Run the following commands to ensure that the CMIDs are unique:
- For the Operating System, run Slmgr /dlv
- For Office, navigate to the Office install directory and run cscript ospp.vbs /dcmid
- With vDisk versioning, users can update the image by creating new versions without the need to perform a Rearm. Scenario 2-B in the above KB article has more detail on this. It’s worth mentioning that you cannot introduce KMS license activation by creating a new version to an existing non-KMS licensed vDisk. To accomplish this you must follow the necessary steps mentioned in Scenario 1 ofCTX128276.
D. Why would I run the /Ato or /Act command? Sometimes after properly following the preparation steps, on start up the Operating System shows only 3 days remaining to be activated, or Office prompts users to activate now, or similar. This doesn’t necessarily indicate an issue with PVS image preparation, or with the streamed image. It’s up the KMS client (OS or Office) to start the activation process, which can be triggered at any time from KMS client product start up. To expedite this process, the following commands can be utilised:
- Operating Systems: slmgr /ato
- Office installations: launch the Office application and run cscript ospp.vbs /act
It’s important to understand that PVS has no control over when the activation will take place. If the/ato command is successful, Windows will show as ‘activated’ shortly. If it does not, this should be troubleshot as a KMS client activation issue outside of PVS. Remember PVS involvement is only to ensure unique CMID generation.
Reference:
http://support.citrix.com/article/CTX128276
http://technet.microsoft.com/en-us/library/ff793406.aspx
http://technet.microsoft.com/en-us/library/ee624350(v=office.14)
https://technet.microsoft.com/en-us/library/ee758033(v=ws.10).aspx
