KMS Event LOG

The 12290 event entry gives a significant amount of information that can be used to figure out what kind client contacted the host…and why a failure may occur.

 

 

In the event entry, you will find the following relevant information:

  • Minimum count needed to activate
    • The KMS client is reporting that the count from the KMS host must be 5 in order to activate.

That means this is a Server OS, though whether it is Windows Server 2008 or Windows Server 2008 R2 will not be clarified, nor will the specific edition. If your clients are not activating, make sure that the count is sufficient on the host.

  • Client Machine ID (CMID)
    • This is a unique value per system. If this is not unique it is because an image was not properly prepared for distribution (sysprep /generalize). This will manifest on the KMS host as a count that will not increase, despite a sufficient number of clients existing in the environment. See KB929829 for more info.
  • License State and Time to State Expiration
    • This is the license state that the client currently has. It can help you differentiate a client that is trying to activate for the first time versus one that is attempting to reactivate. The time entry will tell you how much longer the client will be in that state, if nothing changes.

    Another relevant event to look for on your KMS is the 12293. 

    This event indicates that the host failed to publish the required records in DNS. That will definitely cause failures and is something you should confirm after settting up your host and before deploying clients.

 

MinmumCountToActivate

ReplacementStrings[2]

ClientFQDN

ReplacementStrings[3]

ClientTimeStamp

ReplacementStrings[5]

VM

ReplacementStrings[6]

TimeToStateExpiration

ReplacementStrings[8]

ProductID

ReplacementStrings[9]

ClientMachineID

ReplacementStrings[4]

 

LicenseStatus

Data type: uint32

Access type: Read-only

Specifies the license status of this product application. The following values are possible.

 

Value

Description

0

Unlicensed

1

Licensed

2

OOBGrace

3

OOTGrace

4

NonGenuineGrace

5

Notification

6

ExtendedGrace

There is no "Volume Activation expiration" field, see below, the blank fields were removed for the purposes of posting. I've added the full text of what shows up in the KMS logs for the Window 10 devices.

12290 Event details:

0x0,25,pcname.domain.com,24ecc780-5463-4cfc-bc0c-71744241ee4f,2015/10/27 17:10,0,5,0,2de67392-b7a7-462a-b1ca-108dd189f588  

Ah. I meant the slmgr.vbs output from the KMSclient, not the KMShost.

But anyway, the 12290 event tells the story;

,0,5,0, = ,isNotAVirtualMachine, IsInNotificationState, ZeroMinutesUntilCurrentStateExpires

It's a zero, because it's already in Notification, so there is not further state to transition into, it has exhausted all less-impactful "Grace" states (or it transitioned/skipped them). The only possible transition is into Licensed=1 (or maybe rearm into OOB Grace=2)

[edit: apparently no Grace period in Win10.][thanks darrellg :)]

So, this machine needs to be correctly activated/renewed.

If this machine, when it contacts this KMShost, does not (re)activate, the problem wouldn't seem to be at the KMShost, rather, at the client.

Your KMShost is getting the requests, and seems to be responding with a suitable response for the client to activate.

If the client isn't becoming activated after that response, check the client.

Check the client anyway, you should see the "request" go out to the KMShost and the response come back from the KMShost and the client activation result (or failure) should be logged on the client.

Basically, KMSclients send up a request stating what they are (GenericSKU/productID) and who they are (uniqueCMID) and what minimum_current_count they require. Your host seems to be responding with all the required answers, so it's up to the client to accept and process that response, or to throw an error event (locally logged on the client).

 

##############CONNECTION SQL ###########$Connection###########
Get-Content "D:\xxxxx\SQLConnections_1.ps1" | Invoke-Expression

$SQLtable="tablename"
Add-PSSnapin SqlServerCmdletSnapin100
Add-PSSnapin SqlServerProviderSnapin100


$cmd=Invoke-Sqlcmd -ServerInstance $SQLServer -Database $SQLDatabase -Query "select MAX(EventIndexID) from [$SQLDatabase].dbo.[$SQLtable]"
$max=[string]$cmd.column1
$maxlength=$max.length
echo "$maxlength"
if ($maxlength -ne "1")
{

echo "start collect event"
$eventlogs=Get-EventLog -ComputerName KMSSERVERNAME -Logname "Key Management Service" | Select machinename,TimeGenerated,Message,ReplacementStrings,EventID,Index| Where-Object {$_.Index -gt "$max"}
}
else
{
echo "start collect event,no maxtRecordId"
$eventlogs=Get-EventLog -ComputerNameKMSSERVERNAME -Logname "Key Management Service" | Select machinename,TimeGenerated,Message,ReplacementStrings,EventID,Index
}

IF($eventlogs)
    {

    foreach($eventlog in $eventlogs)
        {
        $servername=$eventlog.machinename
        $TimeGenerated=$eventlog.TimeGenerated
        $EventId=$eventlog.EventID
        $EventIndexID=$eventlog.Index
        $Message=($eventlog.message) -Replace "'", "''"
        $MinmumCountToActivate=$eventlog.ReplacementStrings[2]
        $ClientFQDN=$eventlog.ReplacementStrings[3]
        $ClientTimeStamp=$eventlog.ReplacementStrings[5]
        $VM=$eventlog.ReplacementStrings[6]
        $TimeToStateExpiration=$eventlog.ReplacementStrings[8]
        $ProductID=$eventlog.ReplacementStrings[9]
        $ClientMachineID=$eventlog.ReplacementStrings[4]
    $insert="insert into tablename(ServerName, TimeGenerated,EventId, Message,EventIndexID,MinmumCountToActivate,ClientFQDN,ClientTimeStamp,VM,TimeToStateExpiration,ProductID,ClientMachineID) values(N'$servername',N'$TimeGenerated',N'$EventId',N'$Message',N'$EventIndexID',N'$MinmumCountToActivate',N'$ClientFQDN',N'$ClientTimeStamp',N'$VM',N'$TimeToStateExpiration',N'$ProductID',N'$ClientMachineID')" 
  $cmd1=new-object system.Data.SqlClient.SqlCommand($insert,$Connection) 
$cmd1.CommandTimeout=6000
$cmd1.ExecuteNonQuery()
        }

    }
    else{
    echo "no events"
    $insert="insert into tablename(ServerName,Message) values(N'$dc',N'No events')" 
  $cmd1=new-object system.Data.SqlClient.SqlCommand($insert,$Connection) 
$cmd1.CommandTimeout=6000
$cmd1.ExecuteNonQuery()
 }


 $errorcount=$error.count
    if($errorcount -eq "0")
    {
    $subject = "xxx" 
    $message="xxxxxx"
    Get-Content "D:\xxx\SQL_Data_Admin.ps1" | Invoke-Expression
    Send-mailmessage  –bodyashtml –from $from –to $to –subject $subject –body $message –smtpserver $smtpserver -Encoding ([System.Text.Encoding]::Utf8) 
    }


$Connection.Close()

 

posted @ 2017-07-05 14:49  寻香径  阅读(654)  评论(0编辑  收藏  举报