3

Will the various KMS client versions (Windows, Office) handle CNAMEs as expected (i.e. resolve the referenced destination RRs) when resolving the _vlmcs._tcp.<localdomain> KMS machine name from DNS?

The rationale here: we have an environment with a sh!tload of subdomains, our Windows clients and servers (not necessarily domain-joined) are scattered among all of them. Our DNS management for these domains is rather inflexible (we can handle changes once in a while, but it is onerous) whereas we have some domains delegated to AD DNS servers where changes are easily implemented. We would have _vlmcs._tcp.<localdomain>. IN CNAME _vlmcs._tcp.addns.domain. RRs created all over to ease up KMS server addidion and replacement.

I am able to test the basic functionality (Win7 + Server 2008 R2 / Server 2012 R2 clients, Office 2013) without major effort. Yet, I do not have a sufficiently large sample size of different OS versions, Office installations, service packs and possibly KMS-client-related hotfixes to tell if it would work in all common configurations.

chicks
  • 3,915
  • 10
  • 29
  • 37
the-wabbit
  • 41,352

1 Answers1

1

I doubt anyone will be able to say for certain in 100% of the cases that a CNAME would work. But were I in your shoes, I'd validate it works for the subset of systems I can test and then just go for it. Worst case, you monitor your client counts before and after so you notice if they start going down as if clients are connecting anymore. Both Windows and Office don't seem to do much other than nag when you're out of compliance. So users might be mildly annoyed, but not broken.

Alternatively, skip the _vlmcs records entirely and just set the KMS server manually on all your clients. There's a group policy for it on domain joined machines and you can use your config mgmt system to do the rest. You've got a config mgmt system, right?

Ryan Bolger
  • 17,010