Category Archives: Server 2012

Windows Server 2012 R2 / Windows 8.1 KMS Service Activation

Posted on by
Reply

This is an update from another post I did https://wibier.me/windows-server-2012-kms-service-activation/

In that post I describe how to add support for Server 2012 and Windows 8. Now we are at the point where we want to add support for Server 2012 R2 and Windows 8.1! And that is possible.

So when you activate a Server 2012 R2 KMS key you will still get the same error:

Or when you add the KMS key itself:

Error: 0xC004F050 The Software Licensing Service reported that the product key is invalid

To resolve:

Download and install the following update: KB2885698 (Update adds support for Windows 8.1 and Windows Server 2012 R2 clients to Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 KMS hosts).

Installation instructions

If you have a KMS host that is running Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, or Windows Server 2012, follow these steps to perform an upgrade:

  • Install the update (update 2885698).
  • Restart the computer when you are prompted to do so.
  • To install a new KMS host key for Windows 8.1 activation or for Windows Server 2012 R2 activation, run the following command:
cscript %windir%\system32\slmgr.vbs /ipk <KMS host key>

Note In this command, “<KMS host key>” is a placeholder for the new KMS host key for Windows 8.1 activation or for Windows Server 2012 R2 activation.

Important Every KMS host key is associated with a group of Windows editions. Additionally, a KMS host key that is associated with Windows client operating systems cannot be installed on Windows server operating systems, and vice-versa. This is true for all Windows operating systems except for Windows Server 2003. If you install a KMS host key on a Windows operating system that is not associated with that host key, you receive the following error message:

0xc004f015: The Software Licensing Service reported that the license is not installed.
SL_E_PRODUCT_SKU_NOT_INSTALLED


For example, you may receive this error message in the following situations:

  • You try to install a Windows 7 KMS host key (CSVLK) on a Windows Server 2008 R2 KMS host.
  • You try to install a Windows 8 KMS host key (CSVLK) on a Windows Server 2008 R2 KMS host or a Windows Server 2012 KMS host.
  • You try to install a Windows 8.1 KMS host key (CSVLK) on a Windows Server 2008 R2 KMS host or a Windows Server 2012 KMS host or a Windows Server 2012R2 KMS host.
  • To activate the new KMS host key on the host computer, run the following command:
cscript %windir%\system32\slmgr.vbs /ato
  • On an existing Windows Vista or Windows Server 2008 KMS host, restart the service by running the following command:
net stop slsvc && net start slsvc

Can’t connect to C$, ADMIN$ or any administrative share on workstations

Posted on by
20

If you are attempting to access a Windows 7, Windows 8, Vista or Server 2008 (R2), Server 2012 (R2) computer you may get  the” Access Denied – Failed to connect to ADMIN$ share” error , even when supplying the appropriate local user credentials that have Administrator access. If the target computer is not a member of a Windows 2003 or later Domain then this is most likely because the target system has Remote UAC enabled. Remote UAC prevents local administrative accounts from accessing ADMIN$. (more appropriately Remote UAC prevents local accounts from running in an elevated mode when connecting from the network) If you need to be able to access the ADMIN$ using a local account then you will need to disable Remote UAC. You can accomplish this by editing the registry.

Assuming you have all your other ducks in a row (Firewall exceptions, appropriate credentials of local administrative user, etc) then you just need to add a quick entry in the registry of the target computer. In the registry, navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

Create a DWORD value called LocalAccountTokenFilterPolicy and assign it a value of 1.

You then can restart the Server service (but a reboot would be ideal ;-)).

cant't connect to admin$ or administrative share

LocalAccountTokenFilterPolicy

* By default, when local credentials are used to access a Windows Vista (or later) system that is a member of a Windows Domain this problem does not exist. Your Windows domain may still disable Remote UAC.

** By default Remote administrative access is denied to local accounts when a Windows Vista (or later OS) is NOT a member of a Windows 2003 or later domain.

Microsoft info:

http://support.microsoft.com/kb/942817

http://support.microsoft.com/kb/951016

Set default OU for new AD computers

Posted on by
Reply

As we all know the standard Default Container for newly created computer objects is ‘Computers’

But I want my newly created computer objects in another Organizational Unit (OU), Always!

This can be easily achieved by an old friend: REDIRCMP

You have to use the Container-CN (which can be easily found with ADSIEdit!)

Always handy J

Microsoft KMS Client Setup Keys

Posted on by
Reply

I needed to change a Windows Server 2012 installation from STANDARD to DATACENTER with KMS activation.

The process is still the same as always, but you need the keys. The can be found HERE.

The procedure:

To install a client setup key, open an administrative command prompt on the client,
type slmgr /ipk <setup key> and press ENTER.

If you need to activate it:

To install a client setup key, open an administrative command prompt on the client,
type slmgr /ato and press ENTER.

Windows 2012 and Windows 8 Client Setup Keys

Operating system edition

KMS Client Setup Key
Windows 8 Professional

NG4HW-VH26C-733KW-K6F98-J8CK4
Windows 8 Professional N

XCVCF-2NXM9-723PB-MHCB7-2RYQQ
Windows 8 Enterprise

32JNW-9KQ84-P47T8-D8GGY-CWCK7
Windows 8 Enterprise N

JMNMF-RHW7P-DMY6X-RF3DR-X2BQT
Windows Server 2012 Core

BN3D2-R7TKB-3YPBD-8DRP2-27GG4
Windows Server 2012 Core N

8N2M2-HWPGY-7PGT9-HGDD8-GVGGY
Windows Server 2012 Core Single Language

2WN2H-YGCQR-KFX6K-CD6TF-84YXQ
Windows Server 2012 Core Country Specific

4K36P-JN4VD-GDC6V-KDT89-DYFKP
Windows Server 2012 Server Standard

XC9B7-NBPP2-83J2H-RHMBY-92BT4
Windows Server 2012 Standard Core

XC9B7-NBPP2-83J2H-RHMBY-92BT4
Windows Server 2012 MultiPoint Standard

HM7DN-YVMH3-46JC3-XYTG7-CYQJJ
Windows Server 2012 MultiPoint Premium

XNH6W-2V9GX-RGJ4K-Y8X6F-QGJ2G
Windows Server 2012 Datacenter

48HP8-DN98B-MYWDG-T2DCC-8W83P
Windows Server 2012 Datacenter Core

48HP8-DN98B-MYWDG-T2DCC-8W83P

 

For reference, the legacy (older) keys

Windows 7 and Windows Server 2008 R2

Operating system edition

KMS Client Setup Key
Windows 7 Professional

FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 7 Professional N

MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Windows 7 Professional E

W82YF-2Q76Y-63HXB-FGJG9-GF7QX
Windows 7 Enterprise

33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 7 Enterprise N

YDRBP-3D83W-TY26F-D46B2-XCKRJ
Windows 7 Enterprise E

C29WB-22CC8-VJ326-GHFJW-H9DH4
Windows Server 2008 R2 Web

6TPJF-RBVHG-WBW2R-86QPH-6RTM4
Windows Server 2008 R2 HPC edition

TT8MH-CG224-D3D7Q-498W2-9QCTX
Windows Server 2008 R2 Standard

YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Server 2008 R2 Enterprise

489J6-VHDMP-X63PK-3K798-CPX3Y
Windows Server 2008 R2 Datacenter

74YFP-3QFB3-KQT8W-PMXWJ-7M648
Windows Server 2008 R2 for Itanium-based Systems

GT63C-RJFQ3-4GMB6-BRFB9-CB83V

 

Windows Vista and Windows Server 2008

Operating system edition

KMS Client Setup Key
Windows Vista Business

YFKBB-PQJJV-G996G-VWGXY-2V3X8
Windows Vista Business N

HMBQG-8H2RH-C77VX-27R82-VMQBT
Windows Vista Enterprise

VKK3X-68KWM-X2YGT-QR4M6-4BWMV
Windows Vista Enterprise N

VTC42-BM838-43QHV-84HX6-XJXKV
Windows Web Server 2008

WYR28-R7TFJ-3X2YQ-YCY4H-M249D
Windows Server 2008 Standard

TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Windows Server 2008 Standard without Hyper-V

W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ
Windows Server 2008 Enterprise

YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Windows Server 2008 Enterprise without Hyper-V

39BXF-X8Q23-P2WWT-38T2F-G3FPG
Windows Server 2008 HPC

RCTX3-KWVHP-BR6TB-RB6DM-6X7HP
Windows Server 2008 Datacenter

7M67G-PC374-GR742-YH8V4-TCBY3
Windows Server 2008 Datacenter without Hyper-V

22XQ2-VRXRG-P8D42-K34TD-G3QQC
Windows Server 2008 for Itanium-Based Systems

4DWFP-JF3DJ-B7DTH-78FJB-PDRHK

Server 2012 DirectAccess: Useful NETSH Commands

Posted on by
2

During DirectAccess deployments, you can use several netsh commands as part of the initial deployment testing from a DirectAccess client. In the event of problems, this will often include the use of additional advanced netsh commands which are more troubleshooting focused.

The netsh tool is immensely powerful, and the following commands provide a good starting point to assess, understand and troubleshoot the DirectAccess client.

DirectAccess Client:

Settings and Status

Command: netsh dns show state

Description: This is probably the first and most useful command you will run, as it provides essential information on the current DirectAccess status and general configuration state.

netsh dns show state

netsh dns show state

Command: netsh namespace show policy

Description: This command is used to display the Name Resolution Policy Table (NRPT) that has been defined within Group Policy.

Command: netsh namespace show effectivepolicy

Description: This command is similar to the previous command but outputs the actual NRPT entries that are currently active on the DirectAccess client.

Common Transition Technology Interfaces

Command: netsh interface teredo show state

Description: This command shows the current status of the Teredo interface, if used at that time.

netsh interface teredo show state

netsh interface teredo show state

(Teredo not in use here)

Command: netsh interface httpstunnel show interfaces

Description: This command shows the current status of the IP-HTTPS interface, if used at that time.

netsh interface httpstunnel show interfaces

netsh interface httpstunnel show interfaces

Windows Firewall Settings and Status

Command: netsh advfirewall monitor show firewall

Description: This command is used to show the current status and configuration state of the local Windows Firewall.

netsh advfirewall monitor show firewall      netsh advfirewall monitor show firewall

Command: netsh advfirewall show currentprofile

Description: This command is used to show the current Windows Firewall profile that is in use.

netsh advfirewall show currentprofile

netsh advfirewall show currentprofile

Command: netsh advfirewall monitor show mmsa

Description: This command is used to show the current status of the Windows Firewall main mode security associations that are present when the DirectAccess infrastructure and intranet IPsec tunnels are active.

Command: netsh advfirewall monitor show consec

Description: This command is used to show the current status of the Windows Firewall connection security rules which are used to define the DirectAccess infrastructure and intranet IPsec tunnels.

These commands can save you a lot of time during initial deployment!

Data Deduplication in Windows Server 2012

Posted on by
Reply


With Windows Server 2012 Microsoft introduces a built-in software based data deduplication solution. Where some deduplication solutions provide their services file-based, the deduplication in Windows Server 2012 is block-based.

Deduplication in Windows Server 2012:

  • Only available in Windows Server 2012.
  • Deduplication is cluster aware.
  • Based on a filter driver per volume.
  • Not supported on boot- or system volumes, only intended for data storage volumes.
  • Does not work on compressed or NTFS encrypted files.
  • Deduplication requires an NTFS file system and is not supported for the new ReFS file system which is introduced in Windows Server 2012.
  • Does not work with Cluster Shared Volumes.
  • Does not work with encrypted files, files smaller than 32KB, re-parse points or files with extended attributes.
  • Not configurable through Group Policy.
  • It is a post-process deduplication process.
  • Windows caching is deduplication aware.

Data deduplication – Possible Savings
Microsoft has done some research in their deduplication technology and come up with some numbers on the storage savings deduplication provided:

Usage Possible Saving
General 50-60%
Documents 30-50%
Application Library 70-80%
VHD(X) Library 80-95%

Data deduplication – Performance

Data deduplication will cost you some performance, that is a fact.

Whether done on a storage level or in an OS…

Microsoft has offered some information about this.
Write actions have no direct performance hit since the deduplication process is done in the background when the system is idle.
Read actions do have a performance hit, around 3% when the file is not in cache.

My real life experience so far: the performance loss is totally neglectable and the you will love the amount of data you can put on that fast SSD!

Data deduplication and PowerShell
Deduplication can be configured, controlled and monitored via the new Server Manager GUI or by PowerShell.


To enable the deduplication feature by using PowerShell commands: 

Add-WindowsFeature -name FS-Data-Deduplication

To configure deduplication on volume D on a device:

Enable-DedupVolume D:

To get the statistics of a volume (the amount of storage we actually saved) use:

Get-DedupStatus

By default, the deduplication process will only affect files that have not been changed for 30 days.

To change this value to for example: 0 (process the file a.s.a.p.) use:

Set-DedupVolume D: -MinimumFileAgeDays 0

The deduplication process is done through scheduled tasks.

My advice: do not use the scheduled tasks if you are running Virtual Machines on the volume.
If this is your scenario (like mine), shut down the VM’s and do a manual optimization after creating one or more VM’s!
To start this process manually use:

Start-DedupJob D: –Type Optimization

To view the status of a job, use:

Get-DedupJob

We can use PowerShell to enable deduplication, but we can also disable deduplication on a volume with PowerShell.

Use this:

Start-DedupJob -Volume D: -Type Unoptimization

For the PowerShell cmdlet’s for deduplication use:

Help Dedup