The Consolidated B&EC "Quick Question" Thread.

Discussion in 'Business & Enterprise Computing' started by looktall, Jun 6, 2015.

  1. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    12,758
    Location:
    Brisbane
    Either I haven't drunk enough morning coffee or some useful information is missing here :confused:
     
  2. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,681
    Location:
    Canberra
    There isn't much to it.

    Why it my website not functioning right?

    "You're still using 8.8.8.8"

    Yeah can you fix it, its fairly standard these days?

    "no its blocked at a hardware level"
    "to many attacks from it"

    The fact that this forum hasn't imploded with "guys google is hacking mah gibson" kinda lends me to believe that google's public dns is just fine and said hosting provider is an idiot.
     
  3. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    12,758
    Location:
    Brisbane
    Ah that makes sense. Yeah why would google DNS be attacking people? Lmao. It's a DNS server not a fucking proxy.
     
  4. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,681
    Location:
    Canberra
  5. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,448
  6. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    12,758
    Location:
    Brisbane
  7. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,681
    Location:
    Canberra
    resolution counts...

    how often are you logging? every second?

    I wouldn't imagine you'd lose GB's a day.
     
  8. KDog

    KDog Member

    Joined:
    Jan 9, 2002
    Messages:
    255
    Location:
    ACT
    Does anyone have a good HP networking sales rep for business?

    I need some switches and when I call the normal phone numbers I get put on hold for silly times.
     
  9. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,183
    Location:
    Brisbane
  10. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,448
    Nope, you put your KMS key into your KMS host, and it activates with MIcrosoft.

    Then you put the KMS client keys (http://www.bonusbits.com/wiki/Reference:KMS_Client_Keys) into your clients, and they activate against your KMS host (which they find via dns, configured while you were setting up your KMS host). nothing is sent to Microsoft.

    Machines activating against a KMS host will not be activated until a minimum number of machines have hit that KMS host (25 Win7, 5 Server/Office). But IME, there is no maximum.
     
  11. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,183
    Location:
    Brisbane
    So what happens to devices 1 - 24? They just keep checking every 2 hours and continue on their merry way?
     
  12. OP
    OP
    looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    24,720
    activation will fail until the required number of devices hits the KMS server.

    it's a real fucking annoyance IMO and one of the reasons we use MAK instead.
     
  13. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,448
    Devices 1-24 will remain in their grace period. I don't know how often they check while un-activated. Once activated, they can go for 180 days without seeing a KMS server. Once they have gone over that 180 days, they will fall back to grace period.


    It's an annoyance for smaller environments, but it's not really designed for them. In any reasonably sized environment, getting 25 computers or 5 servers online in the 30 day grace period should be a non issue. You could probably build something to spin up 25 Win 7 VM's to run the activation count up if it matters that much to you. (I've done similar when doing POC and testing for new office versions)
     
  14. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,183
    Location:
    Brisbane
    So if your environment has 30+ workstations that are on everyday then a KMS would work? If you have a few hundred even better?

    If you have 26 workstations on all the time, does workstation 25 and 26 activate or once teh 25 limit is reached all 25 workstations activate? I seems only the 25th does, not all of them. This means you will always have workstations sitting in a grace period?

    What happens when you hit the activation limit of a MAK licence?
     
  15. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,448
    Once Workstations 25 activates, workstations 1-24 will activate next time they call in.

    Once you hit the activation limits of a MAK license, I think you can call Microsoft to reset it. I try to avoid them where possible, because KMS is so much easier. (Especially for automated deployment)

    Just to clarify:
    KMS Is Activation ONLY. It is not licensing, it is not compliance, it is purely activation.

    Machine 1 connects to KMS Server and the KMS Server says "Yo, you're the first guy I've seen, so you can't activate yet" (Activation Count = 1)
    Machine 2 connects to KMS Server and the KMS Server says "Hey guy number 2, you can't activate either" (Activation Count = 2)
    Machines 3-20 also get told they can't activate. (Activation Count = 3-20)
    If Machine 1 connects to the KMS server, it says "I know you, you're Machine 1, My I've seen 20 other guys, so you still can't activate, and because I already know about you, I'm not increasing my count to 21"(Activation Count = 20)
    Machines 21-24 connect to the KMS server and it says "Still no love guys"(Activation Count = 21-25)
    Machine 25 connects to the KMS server and it says "Yo, 25 of you guys, lets get activating" (Activation Count = 25)
    Machine 1 then reconnects and the KMS server says "Oh, Hi Machine 1, I've seen 24 of your buddies, and you can activate now" (Activation Count = 25)

    Machines 25-50 then connect and get activated, 50 is the Maximum amount of machines KMS knows about, and it keeps this table First-In, First-Out. (This isn't a table of "activations" but rather the "Activation Count"). (Activation Count = 50)

    Machine 1 dies, and doesn't call into the server for 30 days, so it is removed from the table (Activation Count = 49)
    Machine 51 calls in, and gets activated (Activation Count = 50)
    Machine 51 calls in and gets activated (Activation Count still = 50. The oldest entry was purged and replaced with Machine 51)

    As long as Activation Count stays above 5, Servers will activate, as long as it stays above 25, clients will activate.
     
    Last edited: Jul 21, 2015
  16. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    12,758
    Location:
    Brisbane
    Is anyone aware of a way to block local administrators from spawning systems shells through psexec? I've had a quick google but got nowhere, usually people want to spawn them :) Obviously you can block psexec from running but that doesn't really address the issue.

    I'm very much aware of the various ways to accomplish this outside of using psexec but thought it worth asking :)
     
  17. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,183
    Location:
    Brisbane

    Thanks for that, when you say oldest entry gets purged, once it's activated it never communicates with the KMS server again correct? If so why remember 50 records?
     
  18. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,448
    Once activated, it communicates with the KMS server every 7 days to 'refresh' its activation. It has 180 days of No-KMS communication before it deactivates.

    The KMS server never communicates with Microsoft after it has been actiivated

    50 records gives you 25 machines worth of leeway before it stops being able to activate thing. Machines drop off this list after not being seen for 30 days. So if you go 30 days without any machines checking in with the KMS server, then the "Activation Count" will drop to Zero, and you'll need to get 25 machines online again before new machines will activate (old machines will remain activated for their 180 days).
     
  19. mr626

    mr626 Member

    Joined:
    Jul 17, 2011
    Messages:
    2,745
    A SCCM / Endpoint Protection question for you all:

    I'm having trouble installing the SCEP clients on endpoints. Communication between the server and clients is fine, and I can even see all the relevant install files have been copied to the client (in c:\windows\ccmsetup). I can manually run SCEPInstall.exe from the ccmsetup folder on the client and it installs fine.

    Haven't been able to see anything obvious in any of the logs in ccmsetup\Logs on the client.

    Any thoughts as to why the client isn't installing automatically? Are there any other logs I should be looking at?

    Thanks
     
  20. exodushunter

    exodushunter Member

    Joined:
    Sep 22, 2005
    Messages:
    134
    Location:
    Vic
    Client is enabled in Client settings being pushed to device?
     

Share This Page

Advertisement: