Sunday, February 13, 2022

KMS setup

 function Select-Proxy ()

{
$h=hostname
$ret=""
$prx1 "10.81.10.66"
$prx2 "10.81.18.66"
$out1 = Test-NetConnection $prx1
$out2 = Test-NetConnection $prx2
$st1=($out1).PingReplyDetails.Status
$st2=($out2).PingReplyDetails.Status
$rtt1=($out1).PingReplyDetails.RoundtripTime   
$rtt2=($out2).PingReplyDetails.RoundtripTime   
 
if ($st1 -eq "Success" -and $st2 -eq "Success")
{
    #Write-Host "both Success"
    if ($rtt1 -le $rtt2)
    {
       $ret=$prx1
    }
    else
    {
       $ret=$prx2
    }
 
}
elseif ($st1 -eq "Success" -and $st2 -ne "Success")
{
    Write-Host "$prx1 is success."
    $ret=$prx1
}
elseif ($st1 -ne "Success" -and $st2 -eq "Success")
{
    Write-Host "$prx2 is success."
    $ret=$prx2
}
Write-Host "Proxy on $h : $ret"
$ret
}
 
 
[object] $objCred $null
[string] $strUser 'Administrator'
[System.Security.SecureString] $strPass ''
 
$strPass ConvertTo-SecureString -String "Welcome1" -AsPlainText -Force
$objCred New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($strUser$strPass)
 
 
$CompIP="10.81.16.48"
$CompName="ccskms001p"
 
invoke-command -ComputerName $CompIP -Credential $objCred -ScriptBlock {Rename-Computer -NewName $($suing:CompName)}
invoke-command -ComputerName $CompIP -Credential $objCred -ScriptBlock {shutdown /r /t 0}
 
 
 
$remote_proxy=Invoke-Command -ComputerName $CompIP -Credential $objCred -ScriptBlock ${Function:Select-Proxy}
 
Invoke-Command -ComputerName $CompIP -Credential $objCred -ScriptBlock {C:\windows\System32\bitsadmin.exe /Util /SetIEProxy NETWORKSERVICE Manual_proxy http://$($using:remote_proxy):3128 "*.statoilfuelretail.com;10.*"}
Invoke-Command -ComputerName $CompIP -Credential $objCred -ScriptBlock {C:\windows\System32\bitsadmin.exe /Util /SetIEProxy LOCALSYSTEM Manual_proxy http://$($using:remote_proxy):3128 "*.statoilfuelretail.com;10.*"}
                 
 
invoke-command -ComputerName $CompIP -Credential $objCred -ScriptBlock {
Install-PackageProvider -Name NuGet -Force -Proxy http://$($using:remote_proxy):3128
Install-Module PSWindowsUpdate -Force -Proxy http://$($using:remote_proxy):3128
 
}
 
Invoke-Command -ComputerName $CompIP -Credential $objCred -ScriptBlock  {New-Item -Path C:\temp -ItemType Directory}
 
Invoke-Command -ComputerName $CompIP -Credential $objCred -ScriptBlock {Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/poorleno1/scep_config/master/EPAMPolicy.xml' -OutFile "c:\\temp\\EPAMPolicy.xml" -Proxy "http:\\$($using:remote_proxy):3128"}
Invoke-Command -ComputerName $CompIP -Credential $objCred -ScriptBlock {Invoke-WebRequest -Uri 'http://wsus.ds.download.windowsupdate.com/c/msdownload/update/software/crup/2017/01/scepinstall_2c54f8168cc9d05422cde174e771147d527c92ba.exe' -OutFile "c:\\temp\\scepinstall.exe" -Proxy "http:\\$($using:remote_proxy):3128"}
Invoke-Command -ComputerName $CompIP -Credential $objCred -ScriptBlock  {
                                                            & {
                                                                $proc = Start-Process "c:\temp\scepinstall.exe" -ArgumentList "/s /q /NoSigsUpdateAtInitialExp /policy c:\temp\EPAMPolicy.xml" -PassThru
                                                                $handle $proc.Handle # cache proc.Handle http://stackoverflow.com/a/23797762/1479211
                                                                $proc.WaitForExit();
                                                            }
                                                        }
 
$adgroup="cg_s_"+$CompName+"_prod_adm"
New-ADGroup -Path "ou=Groups,dc=contoso,dc=local" -GroupScope -server dc1 -Name $adgroup
 
 
Invoke-Command -ComputerName $CompIP -Credential $objCred -ScriptBlock  {Add-Computer -DomainName statoilfuelretail.com -Credential sfr\a-sfr-jarekole -OUPath "ou=Computers,ou=OCloud,dc=statoilfuelretail,dc=com";shutdown /r /t 0}
#Wait until computer registers in DNS
 
invoke-command -ComputerName $CompName -ScriptBlock {hostname}
 
Invoke-Command -ComputerName $CompName -ScriptBlock  {Add-LocalGroupMember -Group Administrators -Member ocloud_server_adm}
Invoke-Command -ComputerName $CompName -ScriptBlock  {Add-LocalGroupMember -Group Administrators -Member $($using:adgroup)}
 
 
Invoke-Command -ComputerName $CompName -ScriptBlock  {Install-WindowsFeature -Name VolumeActivation -IncludeAllSubFeature -IncludeManagementTools}
 
Invoke-Command -ComputerName $CompName -ScriptBlock  {}
 
 
Invoke-Command -ComputerName $CompName -ScriptBlock  {Get-NetFirewallRule -DisplayName *key*| select enabled}
Invoke-Command -ComputerName $CompName -ScriptBlock  {Enable-NetFirewallRule -Name SPPSVC-In-TCP}



cscript.exe %windir%\system32\slmgr.vbs /ipk licenseKey
Cscript.exe %windir%\system32\slmgr.vbs /ato



VERIFICATION:

nslookup -q=SRV _VLMCS._TCP.contoso.local

verify statistics:

slmgr.vbs /dli
#list what product keys are installed
slmgr.vbs /dlv all

# add 6 more months to your trial version
slmgr.vbs /rearm



How to verify KMS clients (workstations):


  1. Run following command on affected machine:


(Get-WinEvent -FilterHashtable @{logname="application";id=12288} -MaxEvents 1).message


  1. Verify output:


The client has sent an activation request to the key management service machine.

Info:

0x00000000, 0x00000000, KMSSERVER:1688, 90af96d5-88ee-440c-b78f-990246b52969, 2019/12/16 12:05, 0, 1259146, 81671aaf-79d1-4eb1-b004-8cbbe173afea, 25


Red value should be all zeros and orange is value in minutes where reactivation should occur (259146 – 6 months). Green 1 means it’s licensed.

Reference:

  1. https://blogs.technet.microsoft.com/askpfeplat/2015/11/09/kms-migration-from-2008-r2-to-windows-server-2012-r2-and-kms-activation-known-issues/
  2. https://support.citrix.com/article/CTX219672
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)