NeuroAgent

Deploying a KMS Server for Local Microsoft Activation

Complete guide to deploying a KMS server in a local network without internet. Automatic activation of Windows and Office through Group Policy. Optimized for corporate networks.

#gpo-configuration#kms-server#local-network#volume-licensing#windows-activation
Question

How can I deploy a KMS server for automatic activation of Microsoft products in a local network without internet access?

Colleagues, I need instructions for deploying a KMS server in our local network (LAN) without internet access for automatic activation of Microsoft products. Our network contains a large number of computers, and manual activation of Office and operating systems takes considerable time. I’m wondering if it’s possible to deploy a KMS server in our local network for automatic activation, and how this can be configured using Group Policy Objects (GPO)? Please share your knowledge on this topic. I would be very grateful for any assistance.

NeuroAgent

Deploying a KMS Server in a Local Network Without Internet Access

Deploying a KMS server in a local network without internet access is completely possible and is standard practice for organizations with Microsoft corporate licenses. This requires installing a server with the KMS host role, activating it using a special Customer Specific Volume License Key (CSVLK), and configuring clients to automatically connect to this server through Group Policy.

Contents

Requirements and Preparation

Before deploying a KMS server, you need to ensure your organization meets the basic requirements:

Minimum Hardware Requirements:

  • Operating System: Windows Server 2016 or newer
  • Processor: 2 cores or more
  • RAM: Minimum 4 GB
  • Disk Space: 20 GB of free space
  • Network card with TCP/IP support

Software Requirements:

  • Activated copy of Windows Server with corporate license
  • Access to Volume Licensing keys
  • Administrative rights on the Active Directory domain

Important: The KMS server must be deployed in a trusted zone of your local network, as clients require direct access to its network address.

Network Requirements:

  • Stable network connection between clients and KMS server
  • Open ports: TCP/1688 (primary port for KMS)
  • Ability to resolve DNS names or use a static IP address

Reference: According to the Volume Activation Deployment Guide, for large organizations with multiple KMS hosts, proper DNS SRV RR configuration is necessary.

KMS Server Installation

Step 1: Selecting and preparing the server

  1. Select a server in your network that will serve as the KMS host
  2. Install Windows Server with a corporate license
  3. Update the system to the latest version via Windows Update (internal update server)
  4. Assign a static IP address to the server

Step 2: Installing necessary roles and components

powershell
# Install KMS server role
Install-WindowsFeature -Name VolumeActivation

Step 3: Configuring DNS

  1. Add an A record in DNS for the KMS server
  2. Create an SRV record in DNS for automatic discovery by clients:
    • Service: _vlmcs
    • Protocol: _tcp
    • Port: 1688
    • Target: FQDN of your KMS server

Example SRV record:

_kms._tcp.yourdomain.com. 3600 IN SRV 0 100 1688 kms01.yourdomain.com.

KMS Host Activation

Obtaining the License Key

To activate the KMS host, you need a special CSVLK (Customer Specific Volume License Key), which can be obtained:

  1. Through the Volume Licensing Service Center (VLSC)
  2. From your Microsoft account manager
  3. From your enterprise licensing agreement

Server Activation

  1. Open Command Prompt as administrator
  2. Run the command to install the key:
    cmd
    slmgr /ipk <your-CSVLK-key>
  3. Activate the server:
    cmd
    slmgr /ato

Important: According to the TechDirectArchive guide, you must activate the KMS host with Microsoft using the Microsoft Customer Specific Volume License Key (CSVLK).

Verifying Activation

cmd
slmgr /dlv

The output should show activation status and activation period (typically 180 days).

Client Configuration via GPO

Creating a Group Policy

  1. Open the Group Policy Management Console (gpmc.msc)
  2. Create a new GPO or edit an existing one
  3. Configure the following parameters:

Configuring KMS Server in the Registry

Path Data Type Value
HKLM\SOFTWARE\Policies\Microsoft\Windows\Software Protection Platform\KMSName REG_SZ FQDN of your KMS server
HKLM\SOFTWARE\Policies\Microsoft\Windows\Software Protection Platform\KMSPort REG_DWORD 1688

Setting Activation Frequency

powershell
# Set activation interval every 7 days
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Software Protection Platform" /v KMSActivationInterval /t REG_DWORD /d 604800 /f

# Set activation timeout
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Software Protection Platform" /v KMSRenewalInterval /t REG_DWORD /d 10080000 /f

Applying the Policy

  1. Link the GPO to the required Organizational Units (OU)
  2. Update Group Policy on clients:
    cmd
    gpupdate /force
  3. Restart clients to apply settings

Testing and Troubleshooting

Checking Client Activation Status

cmd
cscript //nologo %windir%\system32\slmgr.vbs /dli

Activation Logging

  1. Enable verbose logging:
    cmd
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Software Protection Platform" /v KMSDebugLogging /t REG_DWORD /d 1 /f
  2. Log files are located at: C:\Windows\System32\LogFiles\SoftwareProtectionPlatform

Common Issues and Solutions

Issue Solution
Clients don’t see KMS server Check DNS SRV records and network connectivity
Error 0xC004F012 Verify CSVLK and host activation
Activation doesn’t persist Ensure server and client clocks are synchronized
Activation threshold exceeded Minimum of 5 Windows clients or 25 Office clients

Reference: According to SilverPC Blog, virtual machines also require separate KMS keys.

Optimization for Large Networks

Scaling KMS Infrastructure

For large organizations (more than 10,000 computers), it’s recommended to:

  1. Deploy multiple KMS servers in different network segments
  2. Use load balancing
  3. Configure DNS SRV record priorities

Performance Optimization

  • Place KMS servers in data centers
  • Use high-performance hardware
  • Monitor server load

Deployment Automation

Create scripts for automatic installation and configuration of KMS servers:

powershell
# Example script for automatic configuration
$KMSHost = "kms01.yourdomain.com"
$KMSPort = 1688

# Configure registry
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Software Protection Platform" -Force
New-ItemProperty -Path "HKLM\SOFTWARE\Policies\Microsoft\Windows\Software ProtectionPlatform" -Name "KMSName" -Value $KMSHost -PropertyType String -Force
New-ItemProperty -Path "HKLM\SOFTWARE\Policies\Microsoft\Windows\Software ProtectionPlatform" -Name "KMSPort" -Value $KMSPort -PropertyType DWord -Force

# Update policy
gpupdate /force

Security and Maintenance

KMS Server Protection

  1. Configure Windows Firewall:
    powershell
    netsh advfirewall firewall add rule name="KMS" dir=in action=allow protocol=TCP localport=1688
  2. Restrict access to the server to trusted IP addresses only
  3. Use SSL/TLS for traffic encryption (if supported)

Monitoring and Maintenance

  • Regularly check activation status
  • Maintain activation logs for auditing
  • Update server components as new versions are released
  • Backup KMS server configuration

License Updates

  1. Track expiration dates of current keys
  2. Prepare new keys in advance
  3. Update keys on the KMS server:
    cmd
    slmgr /ipk <new-key>
slmgr /ato

Conclusion

Deploying a KMS server in a local network without internet access is an effective solution for automatic activation of Microsoft products in large organizations. The main advantages of this approach include:

  1. Activation automation - eliminates manual activation of hundreds or thousands of computers
  2. Centralized management - single point of control for all licenses
  3. Cost reduction - optimization of corporate license usage
  4. Security - activation occurs within a secure local network

For successful KMS infrastructure implementation, you need to:

  • Obtain proper license keys through Volume Licensing
  • Correctly configure DNS and network parameters
  • Configure Group Policies for automatic settings distribution
  • Regularly maintain and update KMS servers

This technology is widely used by Microsoft enterprise customers and is the standard for license management in large networks. With proper configuration, the KMS server will ensure uninterrupted activation of all Microsoft products in your organization.

Sources

  1. How to set up and configure the Key Management System (KMS) - TechDirectArchive
  2. Troubleshoot KMS Activation on Windows Server - The Windows Club
  3. Windows Server 2025 Licensing Guide: Pricing & CALs Explained - BryteSoft
  4. Why You’re Unable to Activate Windows Server 2019 on Hyper-V Using the Same Key as the Host - SilverPC Blog
How to check the activation status of KMS clients in a local network?What to do if clients in the network don't see the KMS server?How to configure multiple KMS servers for load balancing in a large network?Which ports need to be opened for a KMS server to work in a corporate network?How to update the license key on an already running KMS server?Can one KMS server be used to activate both Windows and Office?
Ask NeuroAgent