Help Desk

• DoIT Home
• Help Desk
• E-mail / Accounts
• Training
• Computer Labs
• Software / Hardware
• Phones
• Network / Wireless
• Security / Policies
• Applications
• About DoIT

Search the DoIT Website

 

Server/Network System Status

Highlights

• Spam Filtering
• Safe Computing
• Inside SF State (Web mail)

Quick Links

Select a Link Quick Links DoIT Home Forms Help Desk Service Request Internet Account Request Password Change Server Maintenance Schedule Tech Support Documentation

Contact

Help Desk: (415) 338-1420
helpdesk@sfsu.edu

Directory

Last update: June 29, 2009

 

KMS Authentication

Contents

• Overview
• Create SRV Records
• Manual Authentication

---

Overview

On-campus computers running Windows Vista Enterprise or Windows Server 2008 installed using disks provided by the DoIT must authenticate the OS installation using DoIT’s on-campus authentication server, kms.sfsu.edu.

If the computer with Vista Enterprise or Server 2008 is being joined to an existing Microsoft domain, the Microsoft DNS server for the domain should already have an SRV record created that will redirect OS authentication requests to kms.sfsu.edu.  Authentication should take place automatically as soon as the computer is joined to the domain.  Instructions describing how to create a KMS redirection SRV record for a domain to a Microsoft DNS server running Server 2003 are included in the Create SRV Records section.

Installations that are not joined to a domain should also authenticate automatically if the primary DNS server is set to 130.212.10.163 (thesun.sfsu.edu) or any DNS server that duplicates records from 130.212.10.163.

If automatic authentication does not work for any reason you can manually set the installed OS to request authentication from kms.sfsu.edu directly.   Instructions describing how to manually set Vista Enterprise or Server 2008 to request authentication directly from kms.sfsu.edu are also provided Manual Authentication section below.

---

Create SRV Records

To create SRV records for Vista and Server 2008 KMS authentication in Microsoft  Windows Server 2003 DNS tables:

1. Log into your Windows DNS server as an administrator.
2. Open the DNS management console using:
   Start | All Programs | Administrative Tools | DNS
3. Select _tcp using the following path:
   DNS | (Your server name) | Forward Lookup Zones | (Your MS Domain Name) | _tcp
   
4. Select Other New Records from the Action menu.
5. Select Service Location (SRV) as the Resource Record Type, and then click on Create Record…
   
6. Fill in the fields to create the SRV record as follows:
   Service: _vlmcs
   Protocol: _tcp (this should be the default value)
   Priority: 0 (this should be the default value)
   Weight: 0 (this should be the default value)
   Port number: 1688
   Host offering this service: kms.sfsu.edu
   
7. Click OK, then click Done.
8. Your SRV record should look like this:
   _vlmcs  Service Location (SRV)  [0][0][1688] kms.sfsu.edu
9. If your DNS server is used for more than one Microsoft domain you need to create an SRV record within each domain.

---

Manual Authentication

Manually set Windows Vista or Windows Server 2008 to use kms.sfsu.edu to authenticate the OS installation:

1. Log into Vista or Server 2008 using an administrative account.
2. Open a command prompt as an administrator.  In Vista you must right-click on the icon for a command prompt then select "Run as Administrator". 
3. If not already there, change directory into the system32 folder in your Windows folder.
4. Run the following two commands.  You should see verification that Windows has activated after the second command.
   
   • cscript slmgr.vbs -skms kms.sfsu.edu
   • cscript slmgr.vbs –ato
5. Close the command prompt.