Hey everyone! I'm working with an older environment and I suspect that my KMS server has become unused. I need to figure out how to verify if it's truly inactive so I can shut it down. This server is running on Windows Server 2016 and it doesn't seem to authorize keys for newer servers like the one from 2025. Initially, I intended to upgrade it, but I started questioning whether it serves any purpose anymore. I've been using AD to manage our volume licensing, so I don't think I need a dedicated VM just for this.
Here's some background information:
- All our keys are managed in Active Directory. When I run slmgr.vbs /dlv on a workstation, it shows "AD activation client information" alongside some OUs where the keys are stored.
- I have always installed the keys directly into AD, and everything has been activating just fine.
- I noticed some traffic to the KMS server on port 1688, according to our firewall logs, but I'm unsure which machines are contacting it. It could be those machines that have lost their trust relationship, but I wonder if they would default to DNS in that scenario.
- We do have the DNS record for the KMS server labeled _VLMCS.
- Running slmgr.vbs /dlv on this server only indicates its own status and reveals that it seems to be using a MAK key for some reason.
- Also, slmgr.vbs /dli shows only its own status.
From what I've researched, only really old machines (like Windows 7 and before) don't support AD activation, and we don't have any of those left.
Can anyone help me determine if this server can definitely be considered defunct? Should I trust AD more than KMS? Is there a way to find out if any machine is actually activating using KMS instead of AD? And should I remove the DNS record since it appears only to tie to KMS and not AD? Any advice would be greatly appreciated!
3 Answers
It sounds like you’re on the right track! If you’re not seeing any KMS-related info from the commands you’re running, it’s pretty safe to say it’s not being used. A good test would be to disable the KMS service temporarily and try activating a device. If the device activates fine without the KMS server available, then you’re all set to turn it off without any issues for at least 180 days, plus the renewal time! Just double-check that all your devices are using the same activation method first before proceeding.
If the Windows key on your KMS server isn’t a KMS key, then it’s not handling Windows activation. It’s possible it was set up for old Office versions instead. If you don’t have any older Office installations (like Office 2016 or earlier), shutting it down could be the way to go!
You might want to take a look at your network or DNS logs to see if there's any ongoing contact with the KMS server. A network trace could also help, though that’s a bit tricky to set up for extended periods.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures