VDI-in-a-Box Best Practices for Windows Activation

VDI-in-a-Box Best Practices for Windows Activation

book

Article ID: CTX134349

calendar_today

Updated On:

Description

This article contains information about VDI-in-a-Box best practices for Windows activation.

Requirements

VDI-in-a-Box grid.

Background

This article is intended to provide information regarding VDI-in-a-Box golden image activation. VDI-in-a-Box 5.x supports both KMS and MAK Volume Licensing for Windows 7 desktops. Volume Activation methods were introduced with Windows 7 and do not apply to Windows XP. VDI-in-a-Box only supports Volume Licensed versions of Windows XP, which do not require activation with Microsoft. Retail versions of Windows XP require (online/phone) activation, but are not supported by VDI-in-a-Box.

Refer to Microsoft documentation (links found at the end of this article) for the most current information regarding licensing. In this article, the primarily focus is on the differences between MAK and KMS activation methods. In most cases KMS is the preferred method for VDI in general and not specifically for the VDI-in-a-Box product.

The following is a chart showing some of the major differences between the Volume Licensing methods available for Windows 7:

User-added image

KMS Activation

This is the preferred method for most customers that have at least 25 unique Windows activations across both physical and virtual (VDI-in-a-Box) machines every 30 days. KMS allows for unlimited number of activations, can be easily managed by a KMS host and VAMT, and usually requires no change to the golden image.

Most deployments include dynamic or pooled desktops, which are refreshed on a regular basis. When a desktop is refreshed it goes through the Microsoft Sysprep process (VDI-in-a-Box 5.1 defaults to its own method called VDIprep). Optionally, administrators can enable the Fast Desktop Refresh option on a golden image. VDI-in-a-Box 5.1 configures Fast Desktop Refresh at the template level, as opposed to 5.0 or earlier in which Fast Desktop Refresh is configured at the golden image level. This feature will revert desktops to a snapshot when refreshed; this is faster than Sysprep or VDIprep, less resource-intensive on the server, and will not affect KMS activations. 

Point to Existing KMS Hosts 

It has been decided to use KMS Volume Activation for a VDI-in-a-Box deployment. If the environment is already using a KMS Host, the only thing an administrator needs to do is ensure that the DNS SRV records are available to the VDI-in-a-Box virtual desktops. The administrator can always configure the golden image to contact a KMS Host manually as described in the following section.

Specify KMS Host Using Slmgr.vbs Utility 

By default KMS Clients will automatically discover a KMS Host and this will not be required. However, in an event where the KMS Host resides in a different location, an administrator can follow these steps to point the virtual desktops to the KMS Host.

  1. Import or edit a Windows 7 golden image in VDI-in-a-Box.

  2. Connect to the draft copy of the golden image as an administrator.

  3. Open Command Prompt (you might need to Run as Administrator).

  4. Run the following command:
    slmgr.vbs /skms <value>:<port>

    • <value> is either the KMS Host’s FQDN, IP address, or NetBIOS name. IP address is the safest method, but if using FQDN or NetBIOS name ensure it can be resolved by pinging it.

    • <port> is the TCP port used by the KMS Host.

    • An example would be: slmgr.vbs /skms kms01.company.com:1688

  5. Run the following command to force activation:
    slmgr.vbs /ato

  6. Run the following command to verify activation information:
    slmgr.vbs /dlv

  7. Make any other changes to the golden image as desired.

  8. Prepare and publish the golden image.

  9. Create template(s) and spin up some desktops.

  10. Log on into the desktops and verify that the desktops are activated. This can be accomplished by opening the Command Prompt and running the following command:
    slmgr /dlv.
    The activation count should increase by one each time a new desktops contacts the KMS Host. Keep in mind the desktops will not be activated until the 25 count threshold has been met.

Configuring a New KMS Deployment

A KMS Host can be deployed if one does not already exist to be used by the VDI-in-a-Box virtual desktops. The configuration and steps will be exactly the same as if deploying a KMS Host for any other physical or virtual environment; these steps are not specific to VDI-in-a-Box. Refer to the Microsoft TechNet KMS Activation Deployment Guides for more detailed information.

This section will describe the general steps required to configure KMS:

  1. Decide if the KMS Host will be a Windows 7 or Windows 2008 R2 Server (physical or virtual) machine, and log on as an administrator.

  2. Ensure the host has a static IP address and a meaningful hostname, such as kms01.company.com.

  3. Install the correct KMS Host Key using the following command: slmgr.vbs –ipk kms_host_key.

  4. Activate the KMS host using the command: slmgr.vbs /ato.

  5. Click Yes when prompted to make this machine a KMS Host.

  6. DNS Records should have been automatically created and can be verified using DNS Management > Forward Lookup Zone > Your Domain > _tcp > _VLMCS.
    Follow instructions in the Microsoft TechNet article in the preceding section to manually create the necessary DNS records if they are not created automatically.

  7. Restart DNS Service through GUI or the command: net stop sppsvc & net start sppsvc.

  8. Log on to the VDI-in-a-Box golden image (draft) as an administrator.

  9. Open Command Prompt.

  10. Type the following command to verify the DNS SRV Record:
    nslookup –type=srv _vlmcs._tcp

  11. Ping the KMS Hostname configured to verify the DNS A Record:
    ping <kmshost.domain.com>

  12. Attempt Windows 7 KMS Client activation using the following command:
    slmgr.vbs /ato

  13. Since KMS requires 25 unique activation requests to activate the clients, you will want to verify if the KMS Host received the client requests. Log on into the KMS Host.

  14. Open Command Prompt.

  15. Type the following command to verify the activation count is 1:
    slmgr.vbs /dlv

  16. Optionally, you can publish this golden image, spin up several desktops and wait for them to contact the KMS Host. Check the activation count again to verify all the desktops are communicating with the KMS Host. The desktops will activate once the 25 activation count is reached within 30 days.

KMS Activation Timer Reset

VDI-in-a-Box 5.1 offers a new setting at the template level to reset the activation timer. Leaving this cleared implies that the image's activation clock is not rearmed during prepare. Selecting the box implies that the image's activation clock is rearmed during prepare, decrementing the activation count. If the image's activation clock is rearmed more than 3 times before the image is activated by KMS, the image cannot be prepared because the /generalize will fail.

User-added image

According to Microsoft: “Resetting the activation timer prevents the image’s grace period from expiring before the image is deployed. Running Sysprep.exe does not remove the installed product key, and administrators are not prompted for a new key during mini-setup. When building demo virtual machines (VMs) for internal use (for example, building VMs for the organization’s sales department or to set up a temporary training environment), running the Slmgr.vbs script with the /rearm command-line option extends the grace period for another 30 days, which in turn resets the activation timer but makes no other changes to the computer. The activation timer can be reset three times for computers running Windows 7 or Windows Server 2008 R2.”

MAK Activation

The other option for Windows 7 Volume Activation is to use a Multiple Activation Key (MAK). This is perfect fit for smaller deployments where 25 unique activations are not encountered every 30 days. This can be a more cost-effective solution, especially if used in a VDI deployment with persistent desktops that are not refreshed (or dynamic desktops that are not frequently refreshed). The primary limitation, or concern, with MAK activations is the count depletion whenever a Windows 7 desktop needs to activate.

Note: MAK activation  for Microsoft Office products is currently NOT SUPPORTED.

Configuring VDI-in-a-Box to Retain MAK Activation Status

VDI-in-a-Box does not require any change to Windows 7 golden images to work with MAK activations, but in some cases it will help reduce the number of activations used by the deployment. There is no method available to eliminate all MAK activation depletion. Refer to CTX132220 - How to Prepare the VDI-in-a-Box Desktops to Retain Their MAK Activation Status for more information and detailed instructions.

When should these instructions be followed? Any user using Windows 7 for a MAK license can use these instructions to reduce the activation count. However, the script forces activation when the desktops are spun up so it is recommended to only add it when VDI-in-a-Box is ready to go production. This way the administrator can make various modifications to the golden images, spin up desktops, spin down desktops, etc. All of this can be done without forcing all the “test” desktops to deplete the MAK count. The only requirements are to have VDI-in-a-Box 5.0 or newer, and Fast Desktop Refresh must be enabled. This script is usually not needed if the VDI-in-a-Box deployment will have mostly persistent desktops, as these are not refreshed.

Will editing a golden image deplete the MAK count? Yes. When a golden image is published with the above script and is later edited, a draft image is always created before publishing the golden image (test phase). This draft image is just like any other desktop and is linked to the golden image, so the activation script will run and deplete the MAK count. In turn, all dynamic desktops (refresh on logout or scheduled) will need to go through the respective prepare process to be linked to the new version of the golden image. These instances will also run the activation script, each depleting the MAK count. Keep in mind these desktops will only deplete the count whenever the golden image is updated or when a new desktop is spun up (not one that is refreshed).

Some Gotchas with MAK Volume Licensing

It is important to understand there is no specific number of activations allotted to a MAK; the number of activations is based on the customer agreement with Microsoft. License and activation information can be determined using Microsoft’s online portal, Volume Activation Management Tool (VAMT), or by calling Microsoft. In some cases where dynamic or pooled desktops have depleted all available MAK activations, Microsoft might be able to assist in increasing the activation count. Citrix and the VDI-in-a-Box team do not have control over the number of Windows activations a customer is allotted. 

Another important thing to note is that Microsoft does not prevent the same machine (physical or virtual) from using depleting multiple activations, even if it has not gone through Sysprep. For example, a customer can log into a Windows 7 desktop, open the Command Prompt, and then run the slmgr.vbs /ato command numerous times. Each time the command is processed (assuming there is an Internet connection) it will deplete the MAK count. This is by design and behavior is consistent amongst both physical and virtual deployments.

Personal vDisk Desktops

This section describes how personal desktops will affect licensing. VDI-in-a-Box 5.1 has introduced RingCube technology called Personal vDisk (PvD). This feature allows administrators to create desktops that are linked to a golden image and can be refreshed manually or once the golden image is updated. This process is similar to that of pooled or dynamic desktops, with the exception of users being assigned a second disk which is their PvD. This is essentially a difference disk; all user profile data and installed applications are placed on this disk. Administrators can reduce golden image clutter by assigning both dynamic and personal desktops to different users, even if they are linked to the same golden image. Dynamic desktops are refreshed and do not retain user data or installed apps, while personal desktops retain all user data and installed applications on the PvD.

PvD with MAK Volume Licensing

It is important to retain the Windows 7 activation status when possible, and the results with personal desktops are similar to that of dynamic desktops. By default the activation status is not held when the personal desktops are refreshed. Typically, personal desktops are only refreshed when the administrators updates the golden image.

To prevent unnecessary depletion of MAK activations and to ensure the desktops are always in an activated state, refer to CTX132220 - How to Prepare the VDI-in-a-Box Desktops to Retain Their MAK Activation Status. Essentially, the administrator will edit the golden image used by the personal desktops, add the activation line to an existing batch file, ensure the image is activated, and then save the image. This process typically takes no more than 15 minutes to complete. 

PVD with KMS Volume Licensing

No special requirements or steps are required with Windows 7 PvD-enabled desktops when using KMS. The same information found in the KMS sections of this article apply to personal desktops.

Additional Resources

Microsoft Licensing Home Page

Microsoft TechNet: Volume Activation Home

Licensing and Volume Activation

Deploying KMS Activation

Understanding KMS

Managing Activation Using VAMT

FAQ About Volume License Keys

Licensing Windows for VDI Environments

Environment

This software application is provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that: (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the software application be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the software application.

Issue/Introduction

This article contains information about VDI-in-a-Box best practices for Windows activation.
Powered by Wolken Software