Menu Close

Microsoft Key Management Services (KMS) Management Pack

 

image

 

Quick Download:  https://github.com/thekevinholman/Microsoft.KMS

 

Many customers still use KMS activation for on-prem deployments.  This management pack will discover and monitor your KMS servers.

This MP supports KMS on Windows Server 2012 and later

image

 

 

Discovers and Monitors:

  • KMS Servers

Key Monitoring Scenarios:

  • KMS Service
  • Idle Minutes Count
  • Low Activation Count
  • Initialization Failures
  • DNS Failures

 

Changes from the original Microsoft KMS MP:

  • Added discovery support out of the box for KMS on WS2016 and 2019 servers
  • Removed all manual reset monitors and switched to rules
  • Changed class design so source and path on alerts will contain the FQDN of the computer.
  • Renamed and reduced views to make it more useable
  • Changed discoveries and monitoring to more reasonable frequencies
  • Added number of samples (matchcount) to Service Monitor
  • Renamed and simplified MP Element IDs
  • Added basic logging to discovery scripts.
  • Note:  This MP will still create config churn as I did not change the design where the MP classes discover properties that will change often.  That will take a deeper redesign.

 

Troubleshooting:

  • The primary method of discovery is to search for a registry value “KeyManagementServiceListeningPort” in the following registry key: “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform” If your KMS is not getting discovered – you can add that registry value. The default is REG_SZ with “1688”

image

9 Comments

  1. Blake Mengotto

    Kevin, did you make this? What was the motivation? I have the old native MP running and it is one of the largest discovery pigs of all management packs, and that is with aggressive discovery tuning.

    • Kevin Holman

      I did. Because I saw that MSFT pulled the original. And it sucked anyway. I didn’t fix the config churn but changed some of how it worked. Made the defaults better. Deleted all the dumb stuff. Made it discover properly on 2012 and later (I think). Made the service monitor better. Changed anything manual reset monitor to a rule and deleted those stupid monitors that should have never been invented. Renamed stuff to make sense and got rid of stuff that didn’t. Once you peel back the onion, you realize there wasn’t much in there to begin with. I’d love feedback\recommendations.

  2. Sandro

    this is great, many thanks kevin!
    hmmm actually the discovery for our KMS (windows server 2019) does not work (over a day now since installed the MP -> discovery-workflow is running 1 time per day, right?)

    • Kevin Holman

      Yes once a day. Restart the Microsoft Monitoring service on the agent to make discovery run within 5 minutes. I tested on 2019 and it works here.

      The discovery is based on the existence of ONE of these registry values present in this key:

      SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\
      KeyManagementServiceVersion
      KeyManagementServicePort
      KeyManagementServiceListeningPort

      Check the registry and see if one of those exist.

      • Sandro

        ok, found the reg-keys unter the following path:

        Computer\HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\55c92734-d682-4d71-983e-d6ec3f16059f\de32eafd-aaee-4662-9444-c1befb41bde2

        not quite sure, if this is a normal behaviour or not (we did some inplace-upgrades in the past with our KMS?)

      • Martin

        Hi Kevin!

        I have a question about discovery. We have workstation servers (outside the domain) that we monitor.
        I noticed that they have the registry value: “KeyManagementServicePort”. Dont ask me why. I guess they have been configured to use KMS in a different way than we traditional do for the domain servers.

        My question is if it is possible to override KeyManagementServicePort in the discovery?

        Right now the Workstations servers shows up as KeyManagement Servers under the KMS “Server Role State” and in the “KMS Version” column the portnumber shows up.

Leave a Reply

Your email address will not be published.