I recently encountered a Windows 10 KMS (Key Management Service) activation issue reported by a customer. The problem was evident from the screenshot provided, where the device displayed an "Activation Required" message on the desktop.
The Issue
The activation issue was reported from a remote system, and unfortunately, there wasn’t much information on whether the devices at the customer’s site were activated using KMS or MAK (Multiple Activation Key).
Given the limited details and the fact that these devices are managed through SCCM/SCCM, I decided to leverage SCCM’s scripting capabilities to investigate the activation status.
Activation Methods Overview
If you're interested in understanding whether a device is activated through KMS, MAK, or a subscription-based method using Intune remediation, you can find detailed information in this https://eskonr.com/2023/07/using-intune-remediation-check-the-windows-license-activation-is-subscription-or-kms-based/
My Approach
For my specific scenario, I needed a method to determine if the devices were activated using KMS or MAK, as the customer had not yet transitioned to M365 with Windows subscription-based activation. My primary goal was to identify if any SCCM-managed devices were activated through KMS. This information would help guide the customer on the necessary infrastructure readiness steps, such as ensuring the correct firewall ports are open for communication between the devices and the KMS server.
Using slmgr.vbs to Check Activation
To determine if a device is activated via KMS or MAK, you can use the slmgr.vbs /dlv command. This command provides detailed information about the Windows activation status. For more details on slmgr.vbs, refer to the Microsoft documentation.
Output:
The output from this command will include the KMS server name if the device is activated through KMS.
PowerShell Script for SCCM
In this blog post, I’ll demonstrate how to use the slmgr.vbs script to capture the KMS server name and verify if the device is activated through KMS.
This approach will help streamline the troubleshooting process and assist in guiding the customer with the necessary steps for infrastructure readiness.
To automate the process of checking if a device is activated through KMS, you can use the following PowerShell script.
This script can be deployed through SCCM’s script feature and run on individual devices or device collections to capture details about the KMS server if found.
<#
Name:GetKMSServer_Information.ps1
Description: Check if the Windows OS license is activated through KMS server or not.
Author: Eswar Koneti
#>
#Run the slmgr.vbs /dlv command using cscript and capture the output
$output = cscript //Nologo "$env:SystemRoot\System32\slmgr.vbs" /dlv
#Convert the output to an array of strings, each representing a line of the output
$outputLines = $output -split "`n"
#Initialize a variable to hold the KMS machine name
$kmsMachineName = $null
#Iterate through each line to find the "KMS machine name from DNS"
foreach ($line in $outputLines)
{
if ($line -match "KMS machine name from DNS")
{
# Extract the value after the colon
$kmsMachineName = $line -replace ".KMS machine name from DNS\s:\s*", ""
break
}
}
#Output the KMS machine name
if ($kmsMachineName)
{
Write-Output "KMS machine name from DNS: $kmsMachineName"
}
else
{
Write-Output "KMS machine name from DNS not found."
}
Output of SCCM script
The output from running this SCCM script will show which devices are activated through a KMS server and which devices do not have a KMS server found. For example:
- Majority of Devices: Activated through 1 KMS server.
- Some Devices: No KMS server found.
This information is useful for further investigation, such as checking if devices can reach the KMS server over port 1688 (the default port) for activation.
If you have any issues using slmgr.vbs, you can use the following PowerShell querying the information from WMI.
# Fetch the SoftwareLicensingProduct objects related to KMS
$kmsProducts = Get-WmiObject -Query "SELECT * FROM SoftwareLicensingProduct WHERE LicenseStatus=1"
# Iterate through the KMS products to find the KMS server name
foreach ($product in $kmsProducts) {
if ($product.PartialProductKey) {
Write-host "KMS Details: $($product.DiscoveredKeyManagementServiceMachineName):$($product.DiscoveredKeyManagementServiceMachineport)"
break
}
}
# If KMS server information is not found
if (-not $kmsProducts) {
Write-Output "No KMS details found."
}
Script output
Here is the command line which can be used to activate the OS on a device using KMS server with port.
Activating the OS Using KMS Server
If you need to manually activate the OS on a device using a KMS server with a specific port, you can use the following two step command line process:
Replace the KMS server name (FQDN) with port number (1688 is the default port used for KMS activation)
Activate :
cscript %windir%\system32\slmgr.vbs /ato
I hope you find this blogpost useful