Results 1 to 9 of 9

Thread: Publishing Key Management Service (KMS) to DMS

  1. #1
    Lee Jefferies Guest

    Publishing Key Management Service (KMS) to DMS

    I am getting the following error.
    Event id 12293

    Publishing the Key Management Service (KMS) to DNS in the 'domain
    name' domain failed.
    Info:
    hr=0x800705B4

    Can anyone tell me how go correct this error.

    Thanks in advance

    Lee Jefferies

  2. #2
    Meinolf Weber Guest

    Re: Publishing Key Management Service (KMS) to DMS

    Hello Lee,

    Maybe this helps:

    Steps for Configuring KMS Publishing to DNS

    - If you are using only one KMS host, you may not need to configure any permission,
    because the default behavior is to allow a computer to create an SRV record
    and then update it. However, if you have more than one KMS hosts (the usual
    case), the others will be unable to update the SRV record unless SRV default
    permissions are changed.This procedure is an example that has been implemented
    in the Microsoft environment. It is not the only way to achieve the desired
    result.Detailed steps for each of the tasks are not provided, because they
    may differ from one organization to another.
    - If you are a domain administrator and want to delegate the ability to carry
    out the following steps to others in your organization, optionally create
    a security group in Active Directory and add the delegates, for example,
    create a group called Key Management Service Administrators, and then delegate
    permissions to manage the DNS SRV privileges to this security group. The
    remainder of this procedure assumes that either a domain administrator or
    delegate is performing the steps.
    - Create a global security group in Active Directory that will be used for
    your KMS hosts, for example, Key Management Service Group.
    - Add each of your KMS hosts to this group. They must all be joined to the
    same domain.
    Once the first KMS host is created, it should create the SRV record. Add
    each KMS host to this security group.
    - If the first computer is unable to create the SRV record, it may be because
    your organization has changed the default permissions. In this case, you
    will need to create the SRV record manually with the name _VLMCS._TCP (service
    name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes).
    - Set the permissions for the SRV group to allow updates by members of the
    global security group.
    To automatically publish KMS in additional DNS domains
    On the KMS host, create the following registry key, using regedit.exe.
    Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name:
    DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain
    that KMS should publish to on separate lines.
    Restart the Software Licensing Service and the records should be created
    immediately.The application event log will contain a 12294 event for each
    successfully published domain and a 12293 event for each unsuccessful domain
    publishing attempt.
    For the 12293 event, the failure code can be diagnosed by running the following:slui.exe
    0x2a 0x



    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

    > 12293
    >




  3. #3
    Lee Jefferies Guest

    Re: Publishing Key Management Service (KMS) to DMS

    Meinholf _ boy you are quick...
    I just too new at the server software so I have some follow up
    questions. Thanks for your big big response. My questions are
    imbedded in your response. I hate to be so dumb in this policy
    stuff. I am trying to learn. Thanks for your patience.

    Lee
    On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:

    >Hello Lee,
    >
    >Maybe this helps:
    >
    >Steps for Configuring KMS Publishing to DNS
    >
    >- If you are using only one KMS host, you may not need to configure any permission,


    I don't know who is my KMS host. I have a test environment with one
    domain and a vista workstation as a remote desktop.

    >because the default behavior is to allow a computer to create an SRV record
    >and then update it. However, if you have more than one KMS hosts (the usual
    >case), the others will be unable to update the SRV record unless SRV default
    >permissions are changed.This procedure is an example that has been implemented
    >in the Microsoft environment. It is not the only way to achieve the desired
    >result.Detailed steps for each of the tasks are not provided, because they
    >may differ from one organization to another.
    >- If you are a domain administrator and want to delegate the ability to carry
    >out the following steps to others in your organization, optionally create
    >a security group in Active Directory and add the delegates, for example,
    >create a group called Key Management Service Administrators, and then delegate
    >permissions to manage the DNS SRV privileges to this security group. The
    >remainder of this procedure assumes that either a domain administrator or
    >delegate is performing the steps.
    >- Create a global security group in Active Directory that will be used for
    >your KMS hosts, for example, Key Management Service Group.


    Where does this group fit. I tried to put in under domain >
    Computers, so I could join the hosts.
    When I added a host I could not see any records

    >- Add each of your KMS hosts to this group. They must all be joined to the
    >same domain.
    >Once the first KMS host is created, it should create the SRV record. Add
    >each KMS host to this security group.
    >- If the first computer is unable to create the SRV record, it may be because
    >your organization has changed the default permissions. In this case, you

    Nothing has been changed. We are just starting...
    >will need to create the SRV record manually with the name _VLMCS._TCP (service
    >name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes).
    >- Set the permissions for the SRV group to allow updates by members of the
    >global security group.
    >To automatically publish KMS in additional DNS domains
    >On the KMS host, create the following registry key, using regedit.exe.
    >Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name:
    >DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain
    >that KMS should publish to on separate lines.
    >Restart the Software Licensing Service and the records should be created
    >immediately.The application event log will contain a 12294 event for each
    >successfully published domain and a 12293 event for each unsuccessful domain
    >publishing attempt.
    >For the 12293 event, the failure code can be diagnosed by running the following:slui.exe
    >0x2a 0x
    >
    >
    >
    >Best regards
    >
    >Meinolf Weber
    >Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    >no rights.
    >** Please do NOT email, only reply to Newsgroups
    >** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >
    >> 12293
    >>

    >


  4. #4
    Meinolf Weber Guest

    Re: Publishing Key Management Service (KMS) to DMS

    Hello Lee,

    The KMS host is the machine where you installed KMS. So i assume the Domain
    controller. By default it should create the records itself in a single domain.
    What kind of Dynamic updates are configured in your DNS zone properties?

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

    > Meinholf _ boy you are quick...
    > I just too new at the server software so I have some follow up
    > questions. Thanks for your big big response. My questions are
    > imbedded in your response. I hate to be so dumb in this policy
    > stuff. I am trying to learn. Thanks for your patience.
    > Lee
    > On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
    >> Hello Lee,
    >>
    >> Maybe this helps:
    >>
    >> Steps for Configuring KMS Publishing to DNS
    >>
    >> - If you are using only one KMS host, you may not need to configure
    >> any permission,
    >>

    > I don't know who is my KMS host. I have a test environment with one
    > domain and a vista workstation as a remote desktop.
    >
    >> because the default behavior is to allow a computer to create an SRV
    >> record
    >> and then update it. However, if you have more than one KMS hosts (the
    >> usual
    >> case), the others will be unable to update the SRV record unless SRV
    >> default
    >> permissions are changed.This procedure is an example that has been
    >> implemented
    >> in the Microsoft environment. It is not the only way to achieve the
    >> desired
    >> result.Detailed steps for each of the tasks are not provided, because
    >> they
    >> may differ from one organization to another.
    >> - If you are a domain administrator and want to delegate the ability
    >> to carry
    >> out the following steps to others in your organization, optionally
    >> create
    >> a security group in Active Directory and add the delegates, for
    >> example,
    >> create a group called Key Management Service Administrators, and then
    >> delegate
    >> permissions to manage the DNS SRV privileges to this security group.
    >> The
    >> remainder of this procedure assumes that either a domain
    >> administrator or
    >> delegate is performing the steps.
    >> - Create a global security group in Active Directory that will be
    >> used for
    >> your KMS hosts, for example, Key Management Service Group.

    > Where does this group fit. I tried to put in under domain >
    > Computers, so I could join the hosts.
    > When I added a host I could not see any records
    >> - Add each of your KMS hosts to this group. They must all be joined
    >> to the
    >> same domain.
    >> Once the first KMS host is created, it should create the SRV record.
    >> Add
    >> each KMS host to this security group.
    >> - If the first computer is unable to create the SRV record, it may be
    >> because
    >> your organization has changed the default permissions. In this case,
    >> you

    > Nothing has been changed. We are just starting...
    >
    >> will need to create the SRV record manually with the name _VLMCS._TCP
    >> (service
    >> name and protocol) for the domain. Set the time-to-live (TTL to 60
    >> minutes).
    >> - Set the permissions for the SRV group to allow updates by members
    >> of the
    >> global security group.
    >> To automatically publish KMS in additional DNS domains
    >> On the KMS host, create the following registry key, using
    >> regedit.exe.
    >> Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue
    >> Name:
    >> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
    >> Domain
    >> that KMS should publish to on separate lines.
    >> Restart the Software Licensing Service and the records should be
    >> created
    >> immediately.The application event log will contain a 12294 event for
    >> each
    >> successfully published domain and a 12293 event for each unsuccessful
    >> domain
    >> publishing attempt.
    >> For the 12293 event, the failure code can be diagnosed by running the
    >> following:slui.exe
    >> 0x2a 0x
    >> Best regards
    >>
    >> Meinolf Weber
    >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >> confers
    >> no rights.
    >> ** Please do NOT email, only reply to Newsgroups
    >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>> 12293
    >>>




  5. #5
    Lee Jefferies Guest

    Re: Publishing Key Management Service (KMS) to DMS

    Hi Meinolf,
    I think I blew it. I was looking at the SOA tab of my domain
    properties in DNS and I noticed that the responsible person was
    'hostmaster'. I looked at my users list and that user was not
    defined. I really don't remember deleting the record, but I must
    have. I have tried everything all in vain. I have no idea how to
    create a default user or if I can. It's beginning to look like a OS
    reload. To answer your question, the Dynamic Updates were set to
    'Secure'. I tried changing them to 'Secure and Unsecure' and also
    'none'. Nothing helped.

    If I remove the domain and recreate it shouldn't the system correct my
    error?

    Lee

    There is a _VLMCS SVC record under the domain. I have learned a lot
    going through this exercise. Thanks for your help. If you have any
    further suggestions, I would certainly appreciate them.

    On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
    <meiweb(nospam)@gmx.de> wrote:

    >Hello Lee,
    >
    >The KMS host is the machine where you installed KMS. So i assume the Domain
    >controller. By default it should create the records itself in a single domain.
    >What kind of Dynamic updates are configured in your DNS zone properties?
    >
    >Best regards
    >
    >Meinolf Weber
    >Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    >no rights.
    >** Please do NOT email, only reply to Newsgroups
    >** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >
    >> Meinholf _ boy you are quick...
    >> I just too new at the server software so I have some follow up
    >> questions. Thanks for your big big response. My questions are
    >> imbedded in your response. I hate to be so dumb in this policy
    >> stuff. I am trying to learn. Thanks for your patience.
    >> Lee
    >> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
    >>> Hello Lee,
    >>>
    >>> Maybe this helps:
    >>>
    >>> Steps for Configuring KMS Publishing to DNS
    >>>
    >>> - If you are using only one KMS host, you may not need to configure
    >>> any permission,
    >>>

    >> I don't know who is my KMS host. I have a test environment with one
    >> domain and a vista workstation as a remote desktop.
    >>
    >>> because the default behavior is to allow a computer to create an SRV
    >>> record
    >>> and then update it. However, if you have more than one KMS hosts (the
    >>> usual
    >>> case), the others will be unable to update the SRV record unless SRV
    >>> default
    >>> permissions are changed.This procedure is an example that has been
    >>> implemented
    >>> in the Microsoft environment. It is not the only way to achieve the
    >>> desired
    >>> result.Detailed steps for each of the tasks are not provided, because
    >>> they
    >>> may differ from one organization to another.
    >>> - If you are a domain administrator and want to delegate the ability
    >>> to carry
    >>> out the following steps to others in your organization, optionally
    >>> create
    >>> a security group in Active Directory and add the delegates, for
    >>> example,
    >>> create a group called Key Management Service Administrators, and then
    >>> delegate
    >>> permissions to manage the DNS SRV privileges to this security group.
    >>> The
    >>> remainder of this procedure assumes that either a domain
    >>> administrator or
    >>> delegate is performing the steps.
    >>> - Create a global security group in Active Directory that will be
    >>> used for
    >>> your KMS hosts, for example, Key Management Service Group.

    >> Where does this group fit. I tried to put in under domain >
    >> Computers, so I could join the hosts.
    >> When I added a host I could not see any records
    >>> - Add each of your KMS hosts to this group. They must all be joined
    >>> to the
    >>> same domain.
    >>> Once the first KMS host is created, it should create the SRV record.
    >>> Add
    >>> each KMS host to this security group.
    >>> - If the first computer is unable to create the SRV record, it may be
    >>> because
    >>> your organization has changed the default permissions. In this case,
    >>> you

    >> Nothing has been changed. We are just starting...
    >>
    >>> will need to create the SRV record manually with the name _VLMCS._TCP
    >>> (service
    >>> name and protocol) for the domain. Set the time-to-live (TTL to 60
    >>> minutes).
    >>> - Set the permissions for the SRV group to allow updates by members
    >>> of the
    >>> global security group.
    >>> To automatically publish KMS in additional DNS domains
    >>> On the KMS host, create the following registry key, using
    >>> regedit.exe.
    >>> Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue
    >>> Name:
    >>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
    >>> Domain
    >>> that KMS should publish to on separate lines.
    >>> Restart the Software Licensing Service and the records should be
    >>> created
    >>> immediately.The application event log will contain a 12294 event for
    >>> each
    >>> successfully published domain and a 12293 event for each unsuccessful
    >>> domain
    >>> publishing attempt.
    >>> For the 12293 event, the failure code can be diagnosed by running the
    >>> following:slui.exe
    >>> 0x2a 0x
    >>> Best regards
    >>>
    >>> Meinolf Weber
    >>> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >>> confers
    >>> no rights.
    >>> ** Please do NOT email, only reply to Newsgroups
    >>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>>> 12293
    >>>>

    >


  6. #6
    Meinolf Weber Guest

    Re: Publishing Key Management Service (KMS) to DMS

    Hello Lee,

    See here for creating the KMS record by hand, scroll down to "To manually
    create a KMS SRV record in a Microsoft DNS server":
    http://technet.microsoft.com/en-us/l.../cc303280.aspx

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

    > Hi Meinolf,
    > I think I blew it. I was looking at the SOA tab of my domain
    > properties in DNS and I noticed that the responsible person was
    > 'hostmaster'. I looked at my users list and that user was not
    > defined. I really don't remember deleting the record, but I must
    > have. I have tried everything all in vain. I have no idea how to
    > create a default user or if I can. It's beginning to look like a OS
    > reload. To answer your question, the Dynamic Updates were set to
    > 'Secure'. I tried changing them to 'Secure and Unsecure' and also
    > 'none'. Nothing helped.
    > If I remove the domain and recreate it shouldn't the system correct my
    > error?
    >
    > Lee
    >
    > There is a _VLMCS SVC record under the domain. I have learned a lot
    > going through this exercise. Thanks for your help. If you have any
    > further suggestions, I would certainly appreciate them.
    >
    > On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
    > <meiweb(nospam)@gmx.de> wrote:
    >
    >> Hello Lee,
    >>
    >> The KMS host is the machine where you installed KMS. So i assume the
    >> Domain controller. By default it should create the records itself in
    >> a single domain. What kind of Dynamic updates are configured in your
    >> DNS zone properties?
    >>
    >> Best regards
    >>
    >> Meinolf Weber
    >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >> confers
    >> no rights.
    >> ** Please do NOT email, only reply to Newsgroups
    >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>> Meinholf _ boy you are quick...
    >>> I just too new at the server software so I have some follow up
    >>> questions. Thanks for your big big response. My questions are
    >>> imbedded in your response. I hate to be so dumb in this policy
    >>> stuff. I am trying to learn. Thanks for your patience.
    >>> Lee
    >>> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
    >>>> Hello Lee,
    >>>>
    >>>> Maybe this helps:
    >>>>
    >>>> Steps for Configuring KMS Publishing to DNS
    >>>>
    >>>> - If you are using only one KMS host, you may not need to configure
    >>>> any permission,
    >>>>
    >>> I don't know who is my KMS host. I have a test environment with one
    >>> domain and a vista workstation as a remote desktop.
    >>>
    >>>> because the default behavior is to allow a computer to create an
    >>>> SRV
    >>>> record
    >>>> and then update it. However, if you have more than one KMS hosts
    >>>> (the
    >>>> usual
    >>>> case), the others will be unable to update the SRV record unless
    >>>> SRV
    >>>> default
    >>>> permissions are changed.This procedure is an example that has been
    >>>> implemented
    >>>> in the Microsoft environment. It is not the only way to achieve the
    >>>> desired
    >>>> result.Detailed steps for each of the tasks are not provided,
    >>>> because
    >>>> they
    >>>> may differ from one organization to another.
    >>>> - If you are a domain administrator and want to delegate the
    >>>> ability
    >>>> to carry
    >>>> out the following steps to others in your organization, optionally
    >>>> create
    >>>> a security group in Active Directory and add the delegates, for
    >>>> example,
    >>>> create a group called Key Management Service Administrators, and
    >>>> then
    >>>> delegate
    >>>> permissions to manage the DNS SRV privileges to this security
    >>>> group.
    >>>> The
    >>>> remainder of this procedure assumes that either a domain
    >>>> administrator or
    >>>> delegate is performing the steps.
    >>>> - Create a global security group in Active Directory that will be
    >>>> used for
    >>>> your KMS hosts, for example, Key Management Service Group.
    >>> Where does this group fit. I tried to put in under domain >
    >>> Computers, so I could join the hosts.
    >>> When I added a host I could not see any records
    >>>> - Add each of your KMS hosts to this group. They must all be joined
    >>>> to the
    >>>> same domain.
    >>>> Once the first KMS host is created, it should create the SRV
    >>>> record.
    >>>> Add
    >>>> each KMS host to this security group.
    >>>> - If the first computer is unable to create the SRV record, it may
    >>>> be
    >>>> because
    >>>> your organization has changed the default permissions. In this
    >>>> case,
    >>>> you
    >>> Nothing has been changed. We are just starting...
    >>>
    >>>> will need to create the SRV record manually with the name
    >>>> _VLMCS._TCP
    >>>> (service
    >>>> name and protocol) for the domain. Set the time-to-live (TTL to 60
    >>>> minutes).
    >>>> - Set the permissions for the SRV group to allow updates by members
    >>>> of the
    >>>> global security group.
    >>>> To automatically publish KMS in additional DNS domains
    >>>> On the KMS host, create the following registry key, using
    >>>> regedit.exe.
    >>>> Navigate to HKLM\SOFTWARE\Microsoft\Windows
    >>>> NT\CurrentVersion\SLValue
    >>>> Name:
    >>>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
    >>>> Domain
    >>>> that KMS should publish to on separate lines.
    >>>> Restart the Software Licensing Service and the records should be
    >>>> created
    >>>> immediately.The application event log will contain a 12294 event
    >>>> for
    >>>> each
    >>>> successfully published domain and a 12293 event for each
    >>>> unsuccessful
    >>>> domain
    >>>> publishing attempt.
    >>>> For the 12293 event, the failure code can be diagnosed by running
    >>>> the
    >>>> following:slui.exe
    >>>> 0x2a 0x
    >>>> Best regards
    >>>> Meinolf Weber
    >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
    >>>> and
    >>>> confers
    >>>> no rights.
    >>>> ** Please do NOT email, only reply to Newsgroups
    >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>>>> 12293
    >>>>>




  7. #7
    Lee Jefferies Guest

    Re: Publishing Key Management Service (KMS) to DMS

    Hi Meinolf,
    Thanks for the post. The KMS SRV record exists. As far as I could
    tell it is correct. I finally had to go in and disable publishing the
    KMS SRV record to DNS. That stopped the error I was getting, however
    there is still a long delay in logging on the remote desktop. The
    Event tracker shows that the winlogon process took 96 seconds. Hope
    that does not translate to normal operations.

    Thanks for your help.

    Lee
    leejefferies@yahoo.com
    On Wed, 30 Jul 2008 06:21:44 +0000 (UTC), Meinolf Weber
    <meiweb(nospam)@gmx.de> wrote:

    >Hello Lee,
    >
    >See here for creating the KMS record by hand, scroll down to "To manually
    >create a KMS SRV record in a Microsoft DNS server":
    >http://technet.microsoft.com/en-us/l.../cc303280.aspx
    >
    >Best regards
    >
    >Meinolf Weber
    >Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    >no rights.
    >** Please do NOT email, only reply to Newsgroups
    >** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >
    >> Hi Meinolf,
    >> I think I blew it. I was looking at the SOA tab of my domain
    >> properties in DNS and I noticed that the responsible person was
    >> 'hostmaster'. I looked at my users list and that user was not
    >> defined. I really don't remember deleting the record, but I must
    >> have. I have tried everything all in vain. I have no idea how to
    >> create a default user or if I can. It's beginning to look like a OS
    >> reload. To answer your question, the Dynamic Updates were set to
    >> 'Secure'. I tried changing them to 'Secure and Unsecure' and also
    >> 'none'. Nothing helped.
    >> If I remove the domain and recreate it shouldn't the system correct my
    >> error?
    >>
    >> Lee
    >>
    >> There is a _VLMCS SVC record under the domain. I have learned a lot
    >> going through this exercise. Thanks for your help. If you have any
    >> further suggestions, I would certainly appreciate them.
    >>
    >> On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
    >> <meiweb(nospam)@gmx.de> wrote:
    >>
    >>> Hello Lee,
    >>>
    >>> The KMS host is the machine where you installed KMS. So i assume the
    >>> Domain controller. By default it should create the records itself in
    >>> a single domain. What kind of Dynamic updates are configured in your
    >>> DNS zone properties?
    >>>
    >>> Best regards
    >>>
    >>> Meinolf Weber
    >>> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >>> confers
    >>> no rights.
    >>> ** Please do NOT email, only reply to Newsgroups
    >>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>>> Meinholf _ boy you are quick...
    >>>> I just too new at the server software so I have some follow up
    >>>> questions. Thanks for your big big response. My questions are
    >>>> imbedded in your response. I hate to be so dumb in this policy
    >>>> stuff. I am trying to learn. Thanks for your patience.
    >>>> Lee
    >>>> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
    >>>>> Hello Lee,
    >>>>>
    >>>>> Maybe this helps:
    >>>>>
    >>>>> Steps for Configuring KMS Publishing to DNS
    >>>>>
    >>>>> - If you are using only one KMS host, you may not need to configure
    >>>>> any permission,
    >>>>>
    >>>> I don't know who is my KMS host. I have a test environment with one
    >>>> domain and a vista workstation as a remote desktop.
    >>>>
    >>>>> because the default behavior is to allow a computer to create an
    >>>>> SRV
    >>>>> record
    >>>>> and then update it. However, if you have more than one KMS hosts
    >>>>> (the
    >>>>> usual
    >>>>> case), the others will be unable to update the SRV record unless
    >>>>> SRV
    >>>>> default
    >>>>> permissions are changed.This procedure is an example that has been
    >>>>> implemented
    >>>>> in the Microsoft environment. It is not the only way to achieve the
    >>>>> desired
    >>>>> result.Detailed steps for each of the tasks are not provided,
    >>>>> because
    >>>>> they
    >>>>> may differ from one organization to another.
    >>>>> - If you are a domain administrator and want to delegate the
    >>>>> ability
    >>>>> to carry
    >>>>> out the following steps to others in your organization, optionally
    >>>>> create
    >>>>> a security group in Active Directory and add the delegates, for
    >>>>> example,
    >>>>> create a group called Key Management Service Administrators, and
    >>>>> then
    >>>>> delegate
    >>>>> permissions to manage the DNS SRV privileges to this security
    >>>>> group.
    >>>>> The
    >>>>> remainder of this procedure assumes that either a domain
    >>>>> administrator or
    >>>>> delegate is performing the steps.
    >>>>> - Create a global security group in Active Directory that will be
    >>>>> used for
    >>>>> your KMS hosts, for example, Key Management Service Group.
    >>>> Where does this group fit. I tried to put in under domain >
    >>>> Computers, so I could join the hosts.
    >>>> When I added a host I could not see any records
    >>>>> - Add each of your KMS hosts to this group. They must all be joined
    >>>>> to the
    >>>>> same domain.
    >>>>> Once the first KMS host is created, it should create the SRV
    >>>>> record.
    >>>>> Add
    >>>>> each KMS host to this security group.
    >>>>> - If the first computer is unable to create the SRV record, it may
    >>>>> be
    >>>>> because
    >>>>> your organization has changed the default permissions. In this
    >>>>> case,
    >>>>> you
    >>>> Nothing has been changed. We are just starting...
    >>>>
    >>>>> will need to create the SRV record manually with the name
    >>>>> _VLMCS._TCP
    >>>>> (service
    >>>>> name and protocol) for the domain. Set the time-to-live (TTL to 60
    >>>>> minutes).
    >>>>> - Set the permissions for the SRV group to allow updates by members
    >>>>> of the
    >>>>> global security group.
    >>>>> To automatically publish KMS in additional DNS domains
    >>>>> On the KMS host, create the following registry key, using
    >>>>> regedit.exe.
    >>>>> Navigate to HKLM\SOFTWARE\Microsoft\Windows
    >>>>> NT\CurrentVersion\SLValue
    >>>>> Name:
    >>>>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
    >>>>> Domain
    >>>>> that KMS should publish to on separate lines.
    >>>>> Restart the Software Licensing Service and the records should be
    >>>>> created
    >>>>> immediately.The application event log will contain a 12294 event
    >>>>> for
    >>>>> each
    >>>>> successfully published domain and a 12293 event for each
    >>>>> unsuccessful
    >>>>> domain
    >>>>> publishing attempt.
    >>>>> For the 12293 event, the failure code can be diagnosed by running
    >>>>> the
    >>>>> following:slui.exe
    >>>>> 0x2a 0x
    >>>>> Best regards
    >>>>> Meinolf Weber
    >>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
    >>>>> and
    >>>>> confers
    >>>>> no rights.
    >>>>> ** Please do NOT email, only reply to Newsgroups
    >>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>>>>> 12293
    >>>>>>

    >


  8. #8
    Meinolf Weber Guest

    Re: Publishing Key Management Service (KMS) to DMS

    Hello Lee,

    Can not complete follow your Remote desktop login. You mean from the Vista
    to the server? Also i can not see what login problems has to do with the
    KMS problem.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

    > Hi Meinolf,
    > Thanks for the post. The KMS SRV record exists. As far as I could
    > tell it is correct. I finally had to go in and disable publishing the
    > KMS SRV record to DNS. That stopped the error I was getting, however
    > there is still a long delay in logging on the remote desktop. The
    > Event tracker shows that the winlogon process took 96 seconds. Hope
    > that does not translate to normal operations.
    > Thanks for your help.
    >
    > Lee
    > leejefferies@yahoo.com
    > On Wed, 30 Jul 2008 06:21:44 +0000 (UTC), Meinolf Weber
    > <meiweb(nospam)@gmx.de> wrote:
    >> Hello Lee,
    >>
    >> See here for creating the KMS record by hand, scroll down to "To
    >> manually create a KMS SRV record in a Microsoft DNS server":
    >> http://technet.microsoft.com/en-us/l.../cc303280.aspx
    >>
    >> Best regards
    >>
    >> Meinolf Weber
    >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >> confers
    >> no rights.
    >> ** Please do NOT email, only reply to Newsgroups
    >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>> Hi Meinolf,
    >>> I think I blew it. I was looking at the SOA tab of my domain
    >>> properties in DNS and I noticed that the responsible person was
    >>> 'hostmaster'. I looked at my users list and that user was not
    >>> defined. I really don't remember deleting the record, but I must
    >>> have. I have tried everything all in vain. I have no idea how to
    >>> create a default user or if I can. It's beginning to look like a OS
    >>> reload. To answer your question, the Dynamic Updates were set to
    >>> 'Secure'. I tried changing them to 'Secure and Unsecure' and also
    >>> 'none'. Nothing helped.
    >>> If I remove the domain and recreate it shouldn't the system correct
    >>> my
    >>> error?
    >>> Lee
    >>>
    >>> There is a _VLMCS SVC record under the domain. I have learned a lot
    >>> going through this exercise. Thanks for your help. If you have any
    >>> further suggestions, I would certainly appreciate them.
    >>>
    >>> On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
    >>> <meiweb(nospam)@gmx.de> wrote:
    >>>
    >>>> Hello Lee,
    >>>>
    >>>> The KMS host is the machine where you installed KMS. So i assume
    >>>> the Domain controller. By default it should create the records
    >>>> itself in a single domain. What kind of Dynamic updates are
    >>>> configured in your DNS zone properties?
    >>>>
    >>>> Best regards
    >>>>
    >>>> Meinolf Weber
    >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
    >>>> and
    >>>> confers
    >>>> no rights.
    >>>> ** Please do NOT email, only reply to Newsgroups
    >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>>>> Meinholf _ boy you are quick...
    >>>>> I just too new at the server software so I have some follow up
    >>>>> questions. Thanks for your big big response. My questions are
    >>>>> imbedded in your response. I hate to be so dumb in this policy
    >>>>> stuff. I am trying to learn. Thanks for your patience.
    >>>>> Lee
    >>>>> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
    >>>>>> Hello Lee,
    >>>>>>
    >>>>>> Maybe this helps:
    >>>>>>
    >>>>>> Steps for Configuring KMS Publishing to DNS
    >>>>>>
    >>>>>> - If you are using only one KMS host, you may not need to
    >>>>>> configure any permission,
    >>>>>>
    >>>>> I don't know who is my KMS host. I have a test environment with
    >>>>> one domain and a vista workstation as a remote desktop.
    >>>>>
    >>>>>> because the default behavior is to allow a computer to create an
    >>>>>> SRV
    >>>>>> record
    >>>>>> and then update it. However, if you have more than one KMS hosts
    >>>>>> (the
    >>>>>> usual
    >>>>>> case), the others will be unable to update the SRV record unless
    >>>>>> SRV
    >>>>>> default
    >>>>>> permissions are changed.This procedure is an example that has
    >>>>>> been
    >>>>>> implemented
    >>>>>> in the Microsoft environment. It is not the only way to achieve
    >>>>>> the
    >>>>>> desired
    >>>>>> result.Detailed steps for each of the tasks are not provided,
    >>>>>> because
    >>>>>> they
    >>>>>> may differ from one organization to another.
    >>>>>> - If you are a domain administrator and want to delegate the
    >>>>>> ability
    >>>>>> to carry
    >>>>>> out the following steps to others in your organization,
    >>>>>> optionally
    >>>>>> create
    >>>>>> a security group in Active Directory and add the delegates, for
    >>>>>> example,
    >>>>>> create a group called Key Management Service Administrators, and
    >>>>>> then
    >>>>>> delegate
    >>>>>> permissions to manage the DNS SRV privileges to this security
    >>>>>> group.
    >>>>>> The
    >>>>>> remainder of this procedure assumes that either a domain
    >>>>>> administrator or
    >>>>>> delegate is performing the steps.
    >>>>>> - Create a global security group in Active Directory that will be
    >>>>>> used for
    >>>>>> your KMS hosts, for example, Key Management Service Group.
    >>>>> Where does this group fit. I tried to put in under domain >
    >>>>> Computers, so I could join the hosts.
    >>>>> When I added a host I could not see any records
    >>>>>> - Add each of your KMS hosts to this group. They must all be
    >>>>>> joined
    >>>>>> to the
    >>>>>> same domain.
    >>>>>> Once the first KMS host is created, it should create the SRV
    >>>>>> record.
    >>>>>> Add
    >>>>>> each KMS host to this security group.
    >>>>>> - If the first computer is unable to create the SRV record, it
    >>>>>> may
    >>>>>> be
    >>>>>> because
    >>>>>> your organization has changed the default permissions. In this
    >>>>>> case,
    >>>>>> you
    >>>>> Nothing has been changed. We are just starting...
    >>>>>
    >>>>>> will need to create the SRV record manually with the name
    >>>>>> _VLMCS._TCP
    >>>>>> (service
    >>>>>> name and protocol) for the domain. Set the time-to-live (TTL to
    >>>>>> 60
    >>>>>> minutes).
    >>>>>> - Set the permissions for the SRV group to allow updates by
    >>>>>> members
    >>>>>> of the
    >>>>>> global security group.
    >>>>>> To automatically publish KMS in additional DNS domains
    >>>>>> On the KMS host, create the following registry key, using
    >>>>>> regedit.exe.
    >>>>>> Navigate to HKLM\SOFTWARE\Microsoft\Windows
    >>>>>> NT\CurrentVersion\SLValue
    >>>>>> Name:
    >>>>>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
    >>>>>> Domain
    >>>>>> that KMS should publish to on separate lines.
    >>>>>> Restart the Software Licensing Service and the records should be
    >>>>>> created
    >>>>>> immediately.The application event log will contain a 12294 event
    >>>>>> for
    >>>>>> each
    >>>>>> successfully published domain and a 12293 event for each
    >>>>>> unsuccessful
    >>>>>> domain
    >>>>>> publishing attempt.
    >>>>>> For the 12293 event, the failure code can be diagnosed by running
    >>>>>> the
    >>>>>> following:slui.exe
    >>>>>> 0x2a 0x
    >>>>>> Best regards
    >>>>>> Meinolf Weber
    >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
    >>>>>> and
    >>>>>> confers
    >>>>>> no rights.
    >>>>>> ** Please do NOT email, only reply to Newsgroups
    >>>>>> ** HELP us help YOU!!!
    >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
    >>>>>>> 12293
    >>>>>>>




  9. #9
    Lee Jefferies Guest

    Re: Publishing Key Management Service (KMS) to DMS

    Hi Meinolf,
    I think we have solved my error condition and I want to express my
    thanks. You responded quickly and helped me a lot. Again thanks.
    The Logon delay is simply the system getting to the point it can
    respond properly.

    Lee
    On Wed, 30 Jul 2008 10:44:01 +0000 (UTC), Meinolf Weber
    <meiweb(nospam)@gmx.de> wrote:

    >Hello Lee,
    >
    >Can not complete follow your Remote desktop login. You mean from the Vista
    >to the server? Also i can not see what login problems has to do with the
    >KMS problem.
    >
    >Best regards
    >
    >Meinolf Weber
    >Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    >no rights.
    >** Please do NOT email, only reply to Newsgroups
    >** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >
    >> Hi Meinolf,
    >> Thanks for the post. The KMS SRV record exists. As far as I could
    >> tell it is correct. I finally had to go in and disable publishing the
    >> KMS SRV record to DNS. That stopped the error I was getting, however
    >> there is still a long delay in logging on the remote desktop. The
    >> Event tracker shows that the winlogon process took 96 seconds. Hope
    >> that does not translate to normal operations.
    >> Thanks for your help.
    >>
    >> Lee
    >> leejefferies@yahoo.com
    >> On Wed, 30 Jul 2008 06:21:44 +0000 (UTC), Meinolf Weber
    >> <meiweb(nospam)@gmx.de> wrote:
    >>> Hello Lee,
    >>>
    >>> See here for creating the KMS record by hand, scroll down to "To
    >>> manually create a KMS SRV record in a Microsoft DNS server":
    >>> http://technet.microsoft.com/en-us/l.../cc303280.aspx
    >>>
    >>> Best regards
    >>>
    >>> Meinolf Weber
    >>> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >>> confers
    >>> no rights.
    >>> ** Please do NOT email, only reply to Newsgroups
    >>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>>> Hi Meinolf,
    >>>> I think I blew it. I was looking at the SOA tab of my domain
    >>>> properties in DNS and I noticed that the responsible person was
    >>>> 'hostmaster'. I looked at my users list and that user was not
    >>>> defined. I really don't remember deleting the record, but I must
    >>>> have. I have tried everything all in vain. I have no idea how to
    >>>> create a default user or if I can. It's beginning to look like a OS
    >>>> reload. To answer your question, the Dynamic Updates were set to
    >>>> 'Secure'. I tried changing them to 'Secure and Unsecure' and also
    >>>> 'none'. Nothing helped.
    >>>> If I remove the domain and recreate it shouldn't the system correct
    >>>> my
    >>>> error?
    >>>> Lee
    >>>>
    >>>> There is a _VLMCS SVC record under the domain. I have learned a lot
    >>>> going through this exercise. Thanks for your help. If you have any
    >>>> further suggestions, I would certainly appreciate them.
    >>>>
    >>>> On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
    >>>> <meiweb(nospam)@gmx.de> wrote:
    >>>>
    >>>>> Hello Lee,
    >>>>>
    >>>>> The KMS host is the machine where you installed KMS. So i assume
    >>>>> the Domain controller. By default it should create the records
    >>>>> itself in a single domain. What kind of Dynamic updates are
    >>>>> configured in your DNS zone properties?
    >>>>>
    >>>>> Best regards
    >>>>>
    >>>>> Meinolf Weber
    >>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
    >>>>> and
    >>>>> confers
    >>>>> no rights.
    >>>>> ** Please do NOT email, only reply to Newsgroups
    >>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>>>>> Meinholf _ boy you are quick...
    >>>>>> I just too new at the server software so I have some follow up
    >>>>>> questions. Thanks for your big big response. My questions are
    >>>>>> imbedded in your response. I hate to be so dumb in this policy
    >>>>>> stuff. I am trying to learn. Thanks for your patience.
    >>>>>> Lee
    >>>>>> On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:
    >>>>>>> Hello Lee,
    >>>>>>>
    >>>>>>> Maybe this helps:
    >>>>>>>
    >>>>>>> Steps for Configuring KMS Publishing to DNS
    >>>>>>>
    >>>>>>> - If you are using only one KMS host, you may not need to
    >>>>>>> configure any permission,
    >>>>>>>
    >>>>>> I don't know who is my KMS host. I have a test environment with
    >>>>>> one domain and a vista workstation as a remote desktop.
    >>>>>>
    >>>>>>> because the default behavior is to allow a computer to create an
    >>>>>>> SRV
    >>>>>>> record
    >>>>>>> and then update it. However, if you have more than one KMS hosts
    >>>>>>> (the
    >>>>>>> usual
    >>>>>>> case), the others will be unable to update the SRV record unless
    >>>>>>> SRV
    >>>>>>> default
    >>>>>>> permissions are changed.This procedure is an example that has
    >>>>>>> been
    >>>>>>> implemented
    >>>>>>> in the Microsoft environment. It is not the only way to achieve
    >>>>>>> the
    >>>>>>> desired
    >>>>>>> result.Detailed steps for each of the tasks are not provided,
    >>>>>>> because
    >>>>>>> they
    >>>>>>> may differ from one organization to another.
    >>>>>>> - If you are a domain administrator and want to delegate the
    >>>>>>> ability
    >>>>>>> to carry
    >>>>>>> out the following steps to others in your organization,
    >>>>>>> optionally
    >>>>>>> create
    >>>>>>> a security group in Active Directory and add the delegates, for
    >>>>>>> example,
    >>>>>>> create a group called Key Management Service Administrators, and
    >>>>>>> then
    >>>>>>> delegate
    >>>>>>> permissions to manage the DNS SRV privileges to this security
    >>>>>>> group.
    >>>>>>> The
    >>>>>>> remainder of this procedure assumes that either a domain
    >>>>>>> administrator or
    >>>>>>> delegate is performing the steps.
    >>>>>>> - Create a global security group in Active Directory that will be
    >>>>>>> used for
    >>>>>>> your KMS hosts, for example, Key Management Service Group.
    >>>>>> Where does this group fit. I tried to put in under domain >
    >>>>>> Computers, so I could join the hosts.
    >>>>>> When I added a host I could not see any records
    >>>>>>> - Add each of your KMS hosts to this group. They must all be
    >>>>>>> joined
    >>>>>>> to the
    >>>>>>> same domain.
    >>>>>>> Once the first KMS host is created, it should create the SRV
    >>>>>>> record.
    >>>>>>> Add
    >>>>>>> each KMS host to this security group.
    >>>>>>> - If the first computer is unable to create the SRV record, it
    >>>>>>> may
    >>>>>>> be
    >>>>>>> because
    >>>>>>> your organization has changed the default permissions. In this
    >>>>>>> case,
    >>>>>>> you
    >>>>>> Nothing has been changed. We are just starting...
    >>>>>>
    >>>>>>> will need to create the SRV record manually with the name
    >>>>>>> _VLMCS._TCP
    >>>>>>> (service
    >>>>>>> name and protocol) for the domain. Set the time-to-live (TTL to
    >>>>>>> 60
    >>>>>>> minutes).
    >>>>>>> - Set the permissions for the SRV group to allow updates by
    >>>>>>> members
    >>>>>>> of the
    >>>>>>> global security group.
    >>>>>>> To automatically publish KMS in additional DNS domains
    >>>>>>> On the KMS host, create the following registry key, using
    >>>>>>> regedit.exe.
    >>>>>>> Navigate to HKLM\SOFTWARE\Microsoft\Windows
    >>>>>>> NT\CurrentVersion\SLValue
    >>>>>>> Name:
    >>>>>>> DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS
    >>>>>>> Domain
    >>>>>>> that KMS should publish to on separate lines.
    >>>>>>> Restart the Software Licensing Service and the records should be
    >>>>>>> created
    >>>>>>> immediately.The application event log will contain a 12294 event
    >>>>>>> for
    >>>>>>> each
    >>>>>>> successfully published domain and a 12293 event for each
    >>>>>>> unsuccessful
    >>>>>>> domain
    >>>>>>> publishing attempt.
    >>>>>>> For the 12293 event, the failure code can be diagnosed by running
    >>>>>>> the
    >>>>>>> following:slui.exe
    >>>>>>> 0x2a 0x
    >>>>>>> Best regards
    >>>>>>> Meinolf Weber
    >>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
    >>>>>>> and
    >>>>>>> confers
    >>>>>>> no rights.
    >>>>>>> ** Please do NOT email, only reply to Newsgroups
    >>>>>>> ** HELP us help YOU!!!
    >>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
    >>>>>>>> 12293
    >>>>>>>>

    >


Similar Threads

  1. What is "Office Standard 2010 Key Management Service Host"
    By Lindberg in forum MS Office Support
    Replies: 1
    Last Post: 21-05-2010, 12:24 AM
  2. How to use Management service of Windows
    By Bansi_WADIA in forum Windows Software
    Replies: 5
    Last Post: 07-01-2010, 05:34 AM
  3. Meet Global Management Gurus at Goa Institute of Management (GIM)
    By Career-Minded in forum Education Career and Job Discussions
    Replies: 1
    Last Post: 09-01-2009, 05:21 PM
  4. Replies: 0
    Last Post: 21-11-2008, 11:49 AM
  5. Windows Management Instrumentation service problem
    By OviYan in forum Windows XP Support
    Replies: 4
    Last Post: 23-01-2008, 10:25 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,670,346.16511 seconds with 16 queries