Demystifying KMS and Provisioning Services

An article by Mitra Ahi from Citrix Blogs

Beginning in Provisioning Services 5.6 SP1, Citrix introduced a new feature designed to facilitate Key Management Services (KMS) license activation of the Operating System and of Microsoft Office installations for images streamed in Standard (Read-only) mode. In this blog post, we’ll attempt to remove some of the mystery surrounding the implementation of the KMS license activation feature in Provisioning Services.

The following points will be discussed in more detail:

A. Why is the PVS KMS feature needed?

B. Prerequisites and Planning

C. Important tips regarding KMS and PVS images

D. Why would I run the /Ato or the /Act command?


A. Why is the PVS KMS feature needed?

The Microsoft KMS host machine identifies KMS clients with a unique Client Machine ID (CMID). When we deploy a single image to be used by multiple machines, the image has to be prepared so that each machine presents itself to the KMS host Server as a separate entity, otherwise, they won’t be validated and activated by the KMS host.

The image preparation is the main and the only responsibility of the Citrix PVS KMS feature, the license activation process remains a function of Microsoft. This preparation is done by going through a very specific set of steps done on both the PVS Targets and the Server which must be done in the proper order for the activation to succeed.

Note: In some cases, administrators report duplicate CMID entries for streamed Targets but the OS appears to be activated. This is a misleading situation. The fact is that successful KMS activation is always accompanied by unique CMIDs. Any machines with a duplicate CMID will eventually lose their activation.

B. Prerequisites and Planning

  • The Stream/SOAP service account is used in the image preparation process to activate KMS so it’s important to make sure that proper permissions are configured prior to beginning the process:
    • The Stream/SOAP service account has to be a domain user which is a member of the local administrator’s group on the PVS Servers in that farm.
    • For KMS based images, Network Service cannot be used for Stream/SOAP Service account
  • Before running the Rearm command, either for the first time or as a troubleshooting step, verify the Rearm count on the OS by running slmgr /dlv from a command prompt. It’s highly recommended to have more than (not equal) 1 rearm left on HDD in case further Rearms are required after the image is built. If there is only a single Rearm count left on the image, as a precaution, make a backup copy of the image (pvp, vhd and avhds) to avoid running out of rearms if KMS activation fails for any reason. Zipping the image file will reduce the size of the image significantly so take advantage of that when space is a concern.

C. Important tips regarding KMS and PVS images

As I mentioned earlier, following the specific order of steps is crucial for successful KMS activation. The Knowledge Base article: provides guidance and the specific steps, including their order of operation, necessary to successfully activate provisioned KMS images and to maintain the activation status of the images during updates.

Read More


Tags: , ,


No comments so far.

  • Leave a Reply
    Your gravatar
    Your Name