I am getting the following error.
Event id 12293

Publishing the Key Management Service (KMS) to DNS in the 'domain
name' domain failed.
Info:
hr=0x800705B4

Can anyone tell me how go correct this error.

Thanks in advance

Lee Jefferies

Hello Lee,

Maybe this helps:

Steps for Configuring KMS Publishing to DNS

- If you are using only one KMS host, you may not need to configure any permission,
because the default behavior is to allow a computer to create an SRV record
and then update it. However, if you have more than one KMS hosts (the usual
case), the others will be unable to update the SRV record unless SRV default
permissions are changed.This procedure is an example that has been implemented
in the Microsoft environment. It is not the only way to achieve the desired
result.Detailed steps for each of the tasks are not provided, because they
may differ from one organization to another.
- If you are a domain administrator and want to delegate the ability to carry
out the following steps to others in your organization, optionally create
a security group in Active Directory and add the delegates, for example,
create a group called Key Management Service Administrators, and then delegate
permissions to manage the DNS SRV privileges to this security group. The
remainder of this procedure assumes that either a domain administrator or
delegate is performing the steps.
- Create a global security group in Active Directory that will be used for
your KMS hosts, for example, Key Management Service Group.
- Add each of your KMS hosts to this group. They must all be joined to the
same domain.
Once the first KMS host is created, it should create the SRV record. Add
each KMS host to this security group.
- If the first computer is unable to create the SRV record, it may be because
your organization has changed the default permissions. In this case, you
will need to create the SRV record manually with the name _VLMCS._TCP (service
name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes).
- Set the permissions for the SRV group to allow updates by members of the
global security group.
To automatically publish KMS in additional DNS domains
On the KMS host, create the following registry key, using regedit.exe.
Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name:
DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain
that KMS should publish to on separate lines.
Restart the Software Licensing Service and the records should be created
immediately.The application event log will contain a 12294 event for each
successfully published domain and a 12293 event for each unsuccessful domain
publishing attempt.
For the 12293 event, the failure code can be diagnosed by running the following:slui.exe
0x2a 0x



Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

12293

Meinholf _ boy you are quick...
I just too new at the server software so I have some follow up
questions. Thanks for your big big response. My questions are
imbedded in your response. I hate to be so dumb in this policy
stuff. I am trying to learn. Thanks for your patience.

Lee
On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote:

Quote:

Hello Lee, Maybe this helps: Steps for Configuring KMS Publishing to DNS - If you are using only one KMS host, you may not need to configure any permission,

I don't know who is my KMS host. I have a test environment with one
domain and a vista workstation as a remote desktop.

Quote:

because the default behavior is to allow a computer to create an SRV record and then update it. However, if you have more than one KMS hosts (the usual case), the others will be unable to update the SRV record unless SRV default permissions are changed.This procedure is an example that has been implemented in the Microsoft environment. It is not the only way to achieve the desired result.Detailed steps for each of the tasks are not provided, because they may differ from one organization to another. - If you are a domain administrator and want to delegate the ability to carry out the following steps to others in your organization, optionally create a security group in Active Directory and add the delegates, for example, create a group called Key Management Service Administrators, and then delegate permissions to manage the DNS SRV privileges to this security group. The remainder of this procedure assumes that either a domain administrator or delegate is performing the steps. - Create a global security group in Active Directory that will be used for your KMS hosts, for example, Key Management Service Group.

Where does this group fit. I tried to put in under domain >
Computers, so I could join the hosts.
When I added a host I could not see any records

Quote:

- Add each of your KMS hosts to this group. They must all be joined to the same domain. Once the first KMS host is created, it should create the SRV record. Add each KMS host to this security group. - If the first computer is unable to create the SRV record, it may be because your organization has changed the default permissions. In this case, you Nothing has been changed. We are just starting... will need to create the SRV record manually with the name _VLMCS._TCP (service name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes). - Set the permissions for the SRV group to allow updates by members of the global security group. To automatically publish KMS in additional DNS domains On the KMS host, create the following registry key, using regedit.exe. Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name: DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain that KMS should publish to on separate lines. Restart the Software Licensing Service and the records should be created immediately.The application event log will contain a 12294 event for each successfully published domain and a 12293 event for each unsuccessful domain publishing attempt. For the 12293 event, the failure code can be diagnosed by running the following:slui.exe 0x2a 0x Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 12293

Hello Lee,

The KMS host is the machine where you installed KMS. So i assume the Domain
controller. By default it should create the records itself in a single domain.
What kind of Dynamic updates are configured in your DNS zone properties?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

Meinholf _ boy you are quick... I just too new at the server software so I have some follow up questions. Thanks for your big big response. My questions are imbedded in your response. I hate to be so dumb in this policy stuff. I am trying to learn. Thanks for your patience. Lee On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote: Hello Lee, Maybe this helps: Steps for Configuring KMS Publishing to DNS - If you are using only one KMS host, you may not need to configure any permission, I don't know who is my KMS host. I have a test environment with one domain and a vista workstation as a remote desktop. because the default behavior is to allow a computer to create an SRV record and then update it. However, if you have more than one KMS hosts (the usual case), the others will be unable to update the SRV record unless SRV default permissions are changed.This procedure is an example that has been implemented in the Microsoft environment. It is not the only way to achieve the desired result.Detailed steps for each of the tasks are not provided, because they may differ from one organization to another. - If you are a domain administrator and want to delegate the ability to carry out the following steps to others in your organization, optionally create a security group in Active Directory and add the delegates, for example, create a group called Key Management Service Administrators, and then delegate permissions to manage the DNS SRV privileges to this security group. The remainder of this procedure assumes that either a domain administrator or delegate is performing the steps. - Create a global security group in Active Directory that will be used for your KMS hosts, for example, Key Management Service Group. Where does this group fit. I tried to put in under domain Computers, so I could join the hosts. When I added a host I could not see any records - Add each of your KMS hosts to this group. They must all be joined to the same domain. Once the first KMS host is created, it should create the SRV record. Add each KMS host to this security group. - If the first computer is unable to create the SRV record, it may be because your organization has changed the default permissions. In this case, you Nothing has been changed. We are just starting... will need to create the SRV record manually with the name _VLMCS._TCP (service name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes). - Set the permissions for the SRV group to allow updates by members of the global security group. To automatically publish KMS in additional DNS domains On the KMS host, create the following registry key, using regedit.exe. Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name: DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain that KMS should publish to on separate lines. Restart the Software Licensing Service and the records should be created immediately.The application event log will contain a 12294 event for each successfully published domain and a 12293 event for each unsuccessful domain publishing attempt. For the 12293 event, the failure code can be diagnosed by running the following:slui.exe 0x2a 0x Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 12293

Hi Meinolf,
I think I blew it. I was looking at the SOA tab of my domain
properties in DNS and I noticed that the responsible person was
'hostmaster'. I looked at my users list and that user was not
defined. I really don't remember deleting the record, but I must
have. I have tried everything all in vain. I have no idea how to
create a default user or if I can. It's beginning to look like a OS
reload. To answer your question, the Dynamic Updates were set to
'Secure'. I tried changing them to 'Secure and Unsecure' and also
'none'. Nothing helped.

If I remove the domain and recreate it shouldn't the system correct my
error?

Lee

There is a _VLMCS SVC record under the domain. I have learned a lot
going through this exercise. Thanks for your help. If you have any
further suggestions, I would certainly appreciate them.

On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber
<meiweb(nospam)@gmx.de> wrote:

Quote:

Hello Lee, The KMS host is the machine where you installed KMS. So i assume the Domain controller. By default it should create the records itself in a single domain. What kind of Dynamic updates are configured in your DNS zone properties? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Meinholf _ boy you are quick... I just too new at the server software so I have some follow up questions. Thanks for your big big response. My questions are imbedded in your response. I hate to be so dumb in this policy stuff. I am trying to learn. Thanks for your patience. Lee On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote: Hello Lee, Maybe this helps: Steps for Configuring KMS Publishing to DNS - If you are using only one KMS host, you may not need to configure any permission, I don't know who is my KMS host. I have a test environment with one domain and a vista workstation as a remote desktop. because the default behavior is to allow a computer to create an SRV record and then update it. However, if you have more than one KMS hosts (the usual case), the others will be unable to update the SRV record unless SRV default permissions are changed.This procedure is an example that has been implemented in the Microsoft environment. It is not the only way to achieve the desired result.Detailed steps for each of the tasks are not provided, because they may differ from one organization to another. - If you are a domain administrator and want to delegate the ability to carry out the following steps to others in your organization, optionally create a security group in Active Directory and add the delegates, for example, create a group called Key Management Service Administrators, and then delegate permissions to manage the DNS SRV privileges to this security group. The remainder of this procedure assumes that either a domain administrator or delegate is performing the steps. - Create a global security group in Active Directory that will be used for your KMS hosts, for example, Key Management Service Group. Where does this group fit. I tried to put in under domain Computers, so I could join the hosts. When I added a host I could not see any records - Add each of your KMS hosts to this group. They must all be joined to the same domain. Once the first KMS host is created, it should create the SRV record. Add each KMS host to this security group. - If the first computer is unable to create the SRV record, it may be because your organization has changed the default permissions. In this case, you Nothing has been changed. We are just starting... will need to create the SRV record manually with the name _VLMCS._TCP (service name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes). - Set the permissions for the SRV group to allow updates by members of the global security group. To automatically publish KMS in additional DNS domains On the KMS host, create the following registry key, using regedit.exe. Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name: DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain that KMS should publish to on separate lines. Restart the Software Licensing Service and the records should be created immediately.The application event log will contain a 12294 event for each successfully published domain and a 12293 event for each unsuccessful domain publishing attempt. For the 12293 event, the failure code can be diagnosed by running the following:slui.exe 0x2a 0x Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 12293

Hello Lee,

See here for creating the KMS record by hand, scroll down to "To manually
create a KMS SRV record in a Microsoft DNS server":
http://technet.microsoft.com/en-us/library/cc303280.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

Hi Meinolf, I think I blew it. I was looking at the SOA tab of my domain properties in DNS and I noticed that the responsible person was 'hostmaster'. I looked at my users list and that user was not defined. I really don't remember deleting the record, but I must have. I have tried everything all in vain. I have no idea how to create a default user or if I can. It's beginning to look like a OS reload. To answer your question, the Dynamic Updates were set to 'Secure'. I tried changing them to 'Secure and Unsecure' and also 'none'. Nothing helped. If I remove the domain and recreate it shouldn't the system correct my error? Lee There is a _VLMCS SVC record under the domain. I have learned a lot going through this exercise. Thanks for your help. If you have any further suggestions, I would certainly appreciate them. On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber meiweb(nospam)@gmx.de> wrote: Hello Lee, The KMS host is the machine where you installed KMS. So i assume the Domain controller. By default it should create the records itself in a single domain. What kind of Dynamic updates are configured in your DNS zone properties? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Meinholf _ boy you are quick... I just too new at the server software so I have some follow up questions. Thanks for your big big response. My questions are imbedded in your response. I hate to be so dumb in this policy stuff. I am trying to learn. Thanks for your patience. Lee On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote: Hello Lee, Maybe this helps: Steps for Configuring KMS Publishing to DNS - If you are using only one KMS host, you may not need to configure any permission, I don't know who is my KMS host. I have a test environment with one domain and a vista workstation as a remote desktop. because the default behavior is to allow a computer to create an SRV record and then update it. However, if you have more than one KMS hosts (the usual case), the others will be unable to update the SRV record unless SRV default permissions are changed.This procedure is an example that has been implemented in the Microsoft environment. It is not the only way to achieve the desired result.Detailed steps for each of the tasks are not provided, because they may differ from one organization to another. - If you are a domain administrator and want to delegate the ability to carry out the following steps to others in your organization, optionally create a security group in Active Directory and add the delegates, for example, create a group called Key Management Service Administrators, and then delegate permissions to manage the DNS SRV privileges to this security group. The remainder of this procedure assumes that either a domain administrator or delegate is performing the steps. - Create a global security group in Active Directory that will be used for your KMS hosts, for example, Key Management Service Group. Where does this group fit. I tried to put in under domain Computers, so I could join the hosts. When I added a host I could not see any records - Add each of your KMS hosts to this group. They must all be joined to the same domain. Once the first KMS host is created, it should create the SRV record. Add each KMS host to this security group. - If the first computer is unable to create the SRV record, it may be because your organization has changed the default permissions. In this case, you Nothing has been changed. We are just starting... will need to create the SRV record manually with the name _VLMCS._TCP (service name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes). - Set the permissions for the SRV group to allow updates by members of the global security group. To automatically publish KMS in additional DNS domains On the KMS host, create the following registry key, using regedit.exe. Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name: DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain that KMS should publish to on separate lines. Restart the Software Licensing Service and the records should be created immediately.The application event log will contain a 12294 event for each successfully published domain and a 12293 event for each unsuccessful domain publishing attempt. For the 12293 event, the failure code can be diagnosed by running the following:slui.exe 0x2a 0x Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 12293

Hi Meinolf,
Thanks for the post. The KMS SRV record exists. As far as I could
tell it is correct. I finally had to go in and disable publishing the
KMS SRV record to DNS. That stopped the error I was getting, however
there is still a long delay in logging on the remote desktop. The
Event tracker shows that the winlogon process took 96 seconds. Hope
that does not translate to normal operations.

Thanks for your help.

Lee
leejefferies@yahoo.com
On Wed, 30 Jul 2008 06:21:44 +0000 (UTC), Meinolf Weber
<meiweb(nospam)@gmx.de> wrote:

Quote:

Hello Lee, See here for creating the KMS record by hand, scroll down to "To manually create a KMS SRV record in a Microsoft DNS server": http://technet.microsoft.com/en-us/library/cc303280.aspx Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Hi Meinolf, I think I blew it. I was looking at the SOA tab of my domain properties in DNS and I noticed that the responsible person was 'hostmaster'. I looked at my users list and that user was not defined. I really don't remember deleting the record, but I must have. I have tried everything all in vain. I have no idea how to create a default user or if I can. It's beginning to look like a OS reload. To answer your question, the Dynamic Updates were set to 'Secure'. I tried changing them to 'Secure and Unsecure' and also 'none'. Nothing helped. If I remove the domain and recreate it shouldn't the system correct my error? Lee There is a _VLMCS SVC record under the domain. I have learned a lot going through this exercise. Thanks for your help. If you have any further suggestions, I would certainly appreciate them. On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber meiweb(nospam)@gmx.de> wrote: Hello Lee, The KMS host is the machine where you installed KMS. So i assume the Domain controller. By default it should create the records itself in a single domain. What kind of Dynamic updates are configured in your DNS zone properties? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Meinholf _ boy you are quick... I just too new at the server software so I have some follow up questions. Thanks for your big big response. My questions are imbedded in your response. I hate to be so dumb in this policy stuff. I am trying to learn. Thanks for your patience. Lee On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote: Hello Lee, Maybe this helps: Steps for Configuring KMS Publishing to DNS - If you are using only one KMS host, you may not need to configure any permission, I don't know who is my KMS host. I have a test environment with one domain and a vista workstation as a remote desktop. because the default behavior is to allow a computer to create an SRV record and then update it. However, if you have more than one KMS hosts (the usual case), the others will be unable to update the SRV record unless SRV default permissions are changed.This procedure is an example that has been implemented in the Microsoft environment. It is not the only way to achieve the desired result.Detailed steps for each of the tasks are not provided, because they may differ from one organization to another. - If you are a domain administrator and want to delegate the ability to carry out the following steps to others in your organization, optionally create a security group in Active Directory and add the delegates, for example, create a group called Key Management Service Administrators, and then delegate permissions to manage the DNS SRV privileges to this security group. The remainder of this procedure assumes that either a domain administrator or delegate is performing the steps. - Create a global security group in Active Directory that will be used for your KMS hosts, for example, Key Management Service Group. Where does this group fit. I tried to put in under domain Computers, so I could join the hosts. When I added a host I could not see any records - Add each of your KMS hosts to this group. They must all be joined to the same domain. Once the first KMS host is created, it should create the SRV record. Add each KMS host to this security group. - If the first computer is unable to create the SRV record, it may be because your organization has changed the default permissions. In this case, you Nothing has been changed. We are just starting... will need to create the SRV record manually with the name _VLMCS._TCP (service name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes). - Set the permissions for the SRV group to allow updates by members of the global security group. To automatically publish KMS in additional DNS domains On the KMS host, create the following registry key, using regedit.exe. Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name: DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain that KMS should publish to on separate lines. Restart the Software Licensing Service and the records should be created immediately.The application event log will contain a 12294 event for each successfully published domain and a 12293 event for each unsuccessful domain publishing attempt. For the 12293 event, the failure code can be diagnosed by running the following:slui.exe 0x2a 0x Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 12293

Hi Meinolf,
I think we have solved my error condition and I want to express my
thanks. You responded quickly and helped me a lot. Again thanks.
The Logon delay is simply the system getting to the point it can
respond properly.

Lee
On Wed, 30 Jul 2008 10:44:01 +0000 (UTC), Meinolf Weber
<meiweb(nospam)@gmx.de> wrote:

Quote:

Hello Lee, Can not complete follow your Remote desktop login. You mean from the Vista to the server? Also i can not see what login problems has to do with the KMS problem. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Hi Meinolf, Thanks for the post. The KMS SRV record exists. As far as I could tell it is correct. I finally had to go in and disable publishing the KMS SRV record to DNS. That stopped the error I was getting, however there is still a long delay in logging on the remote desktop. The Event tracker shows that the winlogon process took 96 seconds. Hope that does not translate to normal operations. Thanks for your help. Lee leejefferies@yahoo.com On Wed, 30 Jul 2008 06:21:44 +0000 (UTC), Meinolf Weber meiweb(nospam)@gmx.de> wrote: Hello Lee, See here for creating the KMS record by hand, scroll down to "To manually create a KMS SRV record in a Microsoft DNS server": http://technet.microsoft.com/en-us/library/cc303280.aspx Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Hi Meinolf, I think I blew it. I was looking at the SOA tab of my domain properties in DNS and I noticed that the responsible person was 'hostmaster'. I looked at my users list and that user was not defined. I really don't remember deleting the record, but I must have. I have tried everything all in vain. I have no idea how to create a default user or if I can. It's beginning to look like a OS reload. To answer your question, the Dynamic Updates were set to 'Secure'. I tried changing them to 'Secure and Unsecure' and also 'none'. Nothing helped. If I remove the domain and recreate it shouldn't the system correct my error? Lee There is a _VLMCS SVC record under the domain. I have learned a lot going through this exercise. Thanks for your help. If you have any further suggestions, I would certainly appreciate them. On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber meiweb(nospam)@gmx.de> wrote: Hello Lee, The KMS host is the machine where you installed KMS. So i assume the Domain controller. By default it should create the records itself in a single domain. What kind of Dynamic updates are configured in your DNS zone properties? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Meinholf _ boy you are quick... I just too new at the server software so I have some follow up questions. Thanks for your big big response. My questions are imbedded in your response. I hate to be so dumb in this policy stuff. I am trying to learn. Thanks for your patience. Lee On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote: Hello Lee, Maybe this helps: Steps for Configuring KMS Publishing to DNS - If you are using only one KMS host, you may not need to configure any permission, I don't know who is my KMS host. I have a test environment with one domain and a vista workstation as a remote desktop. because the default behavior is to allow a computer to create an SRV record and then update it. However, if you have more than one KMS hosts (the usual case), the others will be unable to update the SRV record unless SRV default permissions are changed.This procedure is an example that has been implemented in the Microsoft environment. It is not the only way to achieve the desired result.Detailed steps for each of the tasks are not provided, because they may differ from one organization to another. - If you are a domain administrator and want to delegate the ability to carry out the following steps to others in your organization, optionally create a security group in Active Directory and add the delegates, for example, create a group called Key Management Service Administrators, and then delegate permissions to manage the DNS SRV privileges to this security group. The remainder of this procedure assumes that either a domain administrator or delegate is performing the steps. - Create a global security group in Active Directory that will be used for your KMS hosts, for example, Key Management Service Group. Where does this group fit. I tried to put in under domain Computers, so I could join the hosts. When I added a host I could not see any records - Add each of your KMS hosts to this group. They must all be joined to the same domain. Once the first KMS host is created, it should create the SRV record. Add each KMS host to this security group. - If the first computer is unable to create the SRV record, it may be because your organization has changed the default permissions. In this case, you Nothing has been changed. We are just starting... will need to create the SRV record manually with the name _VLMCS._TCP (service name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes). - Set the permissions for the SRV group to allow updates by members of the global security group. To automatically publish KMS in additional DNS domains On the KMS host, create the following registry key, using regedit.exe. Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name: DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain that KMS should publish to on separate lines. Restart the Software Licensing Service and the records should be created immediately.The application event log will contain a 12294 event for each successfully published domain and a 12293 event for each unsuccessful domain publishing attempt. For the 12293 event, the failure code can be diagnosed by running the following:slui.exe 0x2a 0x Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 12293

Hello Lee,

Can not complete follow your Remote desktop login. You mean from the Vista
to the server? Also i can not see what login problems has to do with the
KMS problem.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

Hi Meinolf, Thanks for the post. The KMS SRV record exists. As far as I could tell it is correct. I finally had to go in and disable publishing the KMS SRV record to DNS. That stopped the error I was getting, however there is still a long delay in logging on the remote desktop. The Event tracker shows that the winlogon process took 96 seconds. Hope that does not translate to normal operations. Thanks for your help. Lee leejefferies@yahoo.com On Wed, 30 Jul 2008 06:21:44 +0000 (UTC), Meinolf Weber meiweb(nospam)@gmx.de> wrote: Hello Lee, See here for creating the KMS record by hand, scroll down to "To manually create a KMS SRV record in a Microsoft DNS server": http://technet.microsoft.com/en-us/library/cc303280.aspx Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Hi Meinolf, I think I blew it. I was looking at the SOA tab of my domain properties in DNS and I noticed that the responsible person was 'hostmaster'. I looked at my users list and that user was not defined. I really don't remember deleting the record, but I must have. I have tried everything all in vain. I have no idea how to create a default user or if I can. It's beginning to look like a OS reload. To answer your question, the Dynamic Updates were set to 'Secure'. I tried changing them to 'Secure and Unsecure' and also 'none'. Nothing helped. If I remove the domain and recreate it shouldn't the system correct my error? Lee There is a _VLMCS SVC record under the domain. I have learned a lot going through this exercise. Thanks for your help. If you have any further suggestions, I would certainly appreciate them. On Tue, 29 Jul 2008 17:19:27 +0000 (UTC), Meinolf Weber meiweb(nospam)@gmx.de> wrote: Hello Lee, The KMS host is the machine where you installed KMS. So i assume the Domain controller. By default it should create the records itself in a single domain. What kind of Dynamic updates are configured in your DNS zone properties? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Meinholf _ boy you are quick... I just too new at the server software so I have some follow up questions. Thanks for your big big response. My questions are imbedded in your response. I hate to be so dumb in this policy stuff. I am trying to learn. Thanks for your patience. Lee On Tue, 29 Jul 2008 10:54:41 +0000 (UTC), Meinolf Weber wrote: Hello Lee, Maybe this helps: Steps for Configuring KMS Publishing to DNS - If you are using only one KMS host, you may not need to configure any permission, I don't know who is my KMS host. I have a test environment with one domain and a vista workstation as a remote desktop. because the default behavior is to allow a computer to create an SRV record and then update it. However, if you have more than one KMS hosts (the usual case), the others will be unable to update the SRV record unless SRV default permissions are changed.This procedure is an example that has been implemented in the Microsoft environment. It is not the only way to achieve the desired result.Detailed steps for each of the tasks are not provided, because they may differ from one organization to another. - If you are a domain administrator and want to delegate the ability to carry out the following steps to others in your organization, optionally create a security group in Active Directory and add the delegates, for example, create a group called Key Management Service Administrators, and then delegate permissions to manage the DNS SRV privileges to this security group. The remainder of this procedure assumes that either a domain administrator or delegate is performing the steps. - Create a global security group in Active Directory that will be used for your KMS hosts, for example, Key Management Service Group. Where does this group fit. I tried to put in under domain Computers, so I could join the hosts. When I added a host I could not see any records - Add each of your KMS hosts to this group. They must all be joined to the same domain. Once the first KMS host is created, it should create the SRV record. Add each KMS host to this security group. - If the first computer is unable to create the SRV record, it may be because your organization has changed the default permissions. In this case, you Nothing has been changed. We are just starting... will need to create the SRV record manually with the name _VLMCS._TCP (service name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes). - Set the permissions for the SRV group to allow updates by members of the global security group. To automatically publish KMS in additional DNS domains On the KMS host, create the following registry key, using regedit.exe. Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name: DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain that KMS should publish to on separate lines. Restart the Software Licensing Service and the records should be created immediately.The application event log will contain a 12294 event for each successfully published domain and a 12293 event for each unsuccessful domain publishing attempt. For the 12293 event, the failure code can be diagnosed by running the following:slui.exe 0x2a 0x Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 12293