Win8 KMS Activation Principle Detailed

Windows 8 Bulk activation

WINDOWS8 provides two kinds of bulk activation methods for enterprises: KMS and MAK. Mak's activation service is accepted by Microsoft's public platform and is suitable for small and medium-sized enterprises below 50 computers; KMS requires the enterprise to provide a server that accepts the service, and is suitable for large enterprises above 50 PCs.

KMS activation principle (Key Management Service)

KMS employs a client-server topology, and a personal computer can obtain authorization services only through the local network. A KMS client computer connects to a KMS host through a DNS domain Name system or a static configuration, and the KMS host grants authorization through RPC remote Procedure calls. A KMS host can be run in a physical machine or virtual machine that installs Windows Server 2003 and above systems.

KMS activation process

The first step in deploying KMS activation is to install Windows KMS host key and activate the KMS host, and after the KMS host activation is complete, KMS stores the KMS host location with the SRV (Service resource records) in the DNS server. KMS hosts are automatically released by default through dynamic DNS (active DNS), and KMS clients (using KMS-activated WIN8) find and connect KMS hosts through published information.

The KMS master saves an "activation count" as one of the conditions for activating a Windows 8 client. On initial deployment, the activation count increases whenever a new Windows 8 client connects successfully to a KMS host. When the activation count reaches a threshold of 25 o'clock, all Windows 8 clients are automatically activated. The activation count will be maintained by the KMS host, and the KMS host will automatically remove the Cmid record for more than 30 days.

1. KMS host installs Windows 8 KMS host key

2. Activate KMS host via internet or telephone

3. The KMS service adds SRV record service resource records to DNS each time it starts

4. Each time a KMS client queries the KMS service information to DNS, it randomly selects a KMS host from the list of Service resource records provided by DNS. If the selected KMS host is not responding, the KMS client computer deletes the KMS host record from its list of SRV records and randomly selects a new KMS host from the list.

5. The client computer connects to the KMS host through TCP Anonymous remote procedure calls, with the default port of 1688. After a TCP session is established between the client computer and the KMS host, the client computer generates the CMID client identity and then sends the request record to the KMS host. This request record is signed with the AES encryption algorithm. The activated client sends a request Refresh activation record every 7 days, and the inactive Windows 8 client sends a request to activate every 2 hours.

Note: If the cached KMS host is unable to respond to subsequent activation status updates, the KMS client computer will find the new KMS host again through the KMS SRV record in DNS.

6. The KMS master saves the client identity (CMID) in a table on the KMS host. The lifetime of each activation request in this table is 30 days. When a Windows 8 client refreshes its activation, the client's cached Cmid is deleted from the table, and a new record is created, and the lifetime is changed to 30 days. If a KMS client does not refresh its activation within 30 days, then the corresponding cmid will be removed from the table while activating the Count minus 1.

7. The KMS host returns the activation count to the client, which contrasts the value of the activation count with the authorization policy and activates if the activation threshold is met. Windows 8 clients automatically activate once a week by default.