Activating Windows Server 2016

Activating Windows Server 2016

So it’s time to make sure we start thinking about activating Windows Server 2016 in our environments.

If you manage on premises environments with one or more AD domains or even forests you might be in a situation where Active Directory Based Activation (ADBA) is the easiest solution. If you set this up you’ll enjoy automatic activation of the OS after joining domain configured with ADBA.  This is what I use for the Office and Windows editions that support it. It’s fast and easy to set up.


Now when you’re hosting IAAS services this might not be your best approach as that means it will need to be set up in the AD of your tenants. Something your most often don’t manage or control if an AD is even present. You also need the right versions of both AD and client software and operating systems to use this. That can also be an issue on premises. But don’t worry. Both Key Management Service (KMS) and Automatic Virtual Machine Activation (AVMA) will work for IAAS and for on premises in these situations.

I actually support 2 on premises environments where ADBA is being used for the recent OS  and Office versions while KMS is still around for the older OS versions. That way as the old OS versions are phased out the KMS infrastructure can be retired as well.

KMS Server  activation

You can use a Windows Server 2012 R2 or 2016  server as a KMS server. I just made sure my KMS server was fully patched before I attempted to install and activate the Windows Server 2016KMS key. That means that on Windows Server 2012 R2 you want KB3172614 installed as this enable support for Windows Server 2012 R2 as a KMS server host to activate Windows Server 2016. See For Windows Server 2016 this means don’t do anything unless you have all the zero day patches installed.

First we take a look at the current situation by running slmgr.vbs /dlv

Uninstall the current KMS key using slmgr.vbs /upk, please use an elevated command prompt Winking smile


Now you can install the new Windows 2016 KMS key on your KMS server. If you run in to any issues here, restarting the KMS Service can help ((“net stop sppsvc” and “net start sppsvc“) . Try that first.



The key listed here is for all you wannabe pirates out there, sorry, this is the navy. If you’re, looking for illegal keys, cracks, keygens, activators or dodgy KMS virtual machine for Windows activations and such this is not the place Winking smile.

If you now run slmgr.vbs /dlv you’ll see that the license status is “notification” as the server hasn’t been activated yet.


You now need to activate your server with the KMS key first by running slmgr.vbs /ato


We can now look at what’s installed now by running slmgr.vbs /dlv again. As you can see we’re in business to activate all our Windows Server 2016 and any OS version below that if t supports KMS activation.


Now in Windows 2012 R2 and later we also have the Volume Activation Tools feature you can install and use to do this, just like you use this for the ADBA setup.



Activate guest VMs on Hyper-V hosts

Configure Guest VMs activation with AVMA

If you’d like to leverage AVMA, which is especially handy as a IAAS hoster, you’ll need to use Windows Server 2016 or 2012 R2 Datacenter on your Hyper-V hosts and activate them by your chosen method (MAK, KMS, ADBA). You also need to use Windows Server 2016 or 2012 R2 Standard/Datacenter in the guest VMs. As long as your Hyper-V hosts is activated, every new guest deployed on them will be activated automatically. That’s it. There’s no need for a KMS or ADBA configuration for the guest (tenant VMs) or even an internet connection. The later is great for more secured environments. Easy peasy.

The only thing you need to do is use the AVMA client key in the slmgr /ipk. These are public ones actually just like the KMS clients keys.


There are two things to note: The first,a s you can read in the link to the AVMA documenation above:

“AVMA requires a Microsoft Virtualization Server running Windows Server 2012 R2 Datacenter or Windows Server 2016 Datacenter. A Windows Server 2016 AVMA host can activate guests that run the Datacenter, Standard or Essentials editions of Windows Server 2016 and Windows Server 2012 R2. A Windows Server 2012 R2 AVMA host can activate guests that run the Datacenter, Standard or Essentials editions of Windows Server 2012 R2.”

This means a Windows Server 2012 R2 Host cannot activate Windows server 2016 VMs. You can upgrade “cheaply” that way, let’s put it like that.

Secondly make sure the VM has Data Exchange turned ON in Integration Services. That’s the mechanism leveraged to make AVMA work. You should have that on anyway, really, I mean it 🙂

Configure Guest VMs activation with KMS

The public client KMS keys for VLK media can be found here: Appendix A: KMS Client Setup Keys I’ve only included a screnshot of the Windows Server KMS client keys here. More info is in the TechNet page.


To make sure a Windows Server 2016 Datacenter VM can activate via a KMS serer install use the below commands to replace a MAK key for example:

slmgr.vbs /ipk CB7KF-BWN84-R7R2Y-793K2-8XDDG
slmgr.vbs /ato

NOTE: all these keys can be used within a template or via unattented installation config files.

DELL Compellent Storage Center 7.1 Certified for Windows Server 2016

When it comes to selecting storage, especially when it comes to a “traditional” SAN, you all know that price performance wise I’ve been using the DELL Compellent series with great success for many years now. It’s a very capable solution that also has some other benefits when it comes to Windows Server and Hyper-V. It has one of the better hardware VSS providers, way better than average support for ODX  and UNMAP etc. but it’s also very good at delivering fast support for new versions of Windows Server. This has allowed us to move from Windows Server 2008 R2 to 2012 and from there to Windows Server 2012 R2 very fast.

In that regards I’m very happy to see that Storage Center 7.1 is already in the catalog as certified for Windows Server 2016.


Customers that have up to date hardware and want to move fast to benefit from and leverage the new and improved capabilities in Windows Server 2016 Hyper-V, Clustering, Networking, …are ready to do so. Nice Smile.

SQL Server 2016 Is Generally Available

I have always had a sweet spot for SQL Server as I used to work more with it than I do to day. However I keep a keen eye on it and especially it’s capabilities for I’m also doing SQL Server virtualization on Hyper-V with great results.

So today is a good day. SQL Server 2016 is generally available.


This means you can grab the evaluations bits here, the production bits from Microsoft Volume License Center.


I’m downloading as we speak and my DBA’s are extra enthusiastic and ready to roll/

For those who hadn’t yet hear the good news. The SQL Server Developer Edition is now FREE. So have a ball, everyone can test & develop against the latest and the greatest SQL Server version and all its features!

Client Access & Windows Server 2016 Site Aware Stretched Clusters


There’s more to business continuity than having multiple locations. When it comes to high availability, or perhaps more accurately disaster recovery and business continuity people tend to focus on the good news. Some managers don’t want to be bothered by the details of our incompetency (i.e. reality and laws of physics) and vendors only like to focus on what they can sell with the biggest profit margin. Anything raining on that party falls under annoying details. When such a manager and such a sales man find each other it’s a match made in heaven. You’re the one who’s bringing the rain. It comes under the form of a simple question. How are we going to expose the failed over services internally and externally to the users and customers? What you mean that million-dollar investment in multiple SANs, clusters and consultants isn’t sufficient? Nope!


One piece of very good news is that in Windows Server 2016 Failover Clustering we can now leverage a cloud witness as well, next to a file share witness. This has the benefits we do not need a 3rd site for the file share witness. Which was not always feasible, sometimes a bit convoluted to achieve in the cloud via IAAS or depended on a rather less dependable server or PC somewhere in a branch office.

What’s the problem?

The problem is that failing over the workload with the services (VMs, SQL, File Servers, …) in a healthy, consistent state is only part of the challenge. The other part is to make sure that your clients (human or machines) can actually access those failed over services. If required or possible without noticing or with the smallest possible interruption possible. Even when you can achieve failover with only seconds of service interruption, some applications just can handle this gracefully or not at all.

The thing is when you have multiple sites that often means distinct separate subnets / networks. So when that VM with IP address of on default untagged VLAN 100 fails over to the other site how will the clients in the various branch offices or on the internet access it services? DNS point to under normal conditions.

Well when the IP address can be updated for the DNS record thanks to “Multi-Subnet Resource Configuration” (SQL Server, File Share) thing will work again, eventually, given enough time.


Multi-Subnet Resource Configuration works as follows. We have a single network name resource which we make dependent on multiple IP Address resources. In cluster terms that’s a “OR” decency when looking at the validation report. The secret sauce is that only one of the IP address resources of the network name resource is online at any given time. This gets registered in DNS and that’s what the clients use to access the service.

This works but the DNS record need to be upgraded, DNS replication needs to happen, client their DNS cache needs to expire and update etc. You can be looking at half an hour of down time actually.

But what if Multi-Subnet Resource Configuration isn’t an option or we’re in a hurry? What are options and how well and fast do these work? That’s the point at which the storage vendor is already counting the profits, the PM states the job’s done and the boss has already decided the project is a success and the network guys have some questions about YOUR problems. Let’s discuss some of options to deal with accessing services after a site activation.

Note: Hyper-V replica has the ability inject an alternate IP address on failover but we’re talking about a stretched cluster here, where replication happens at the storage level, not at the application level (Hyper-V) for the virtual machines.

Software Defined Networking Aka Network Virtualization.

Using Hyper-V Network Virtualization (HNV) abstract VMs logical subnet boundaries. This gives each virtual network the illusion it is running as a physical network. The typical example for this is multiple tenants that have the same IP space. The fact that it overlays physical network is also very handy when it comes to one and the same tenants in multi-site scenarios. Virtual networks allow VMs to move across different physical networks without re-configuring IP address in guest OS.


This totally abstracts the networks and it works great for virtual machines (Hyper-V). It doesn’t have to be limited to a single DC or site. Do note that there’s things to discuss around CSVs, Live Migration cluster wise and routing, gateways, DNS, geo load balancing access wise but you get the idea. When it comes to different subnets, different sites in regards to clustering things are not as easy as it seems. For this discussion we’re limiting ourselves to client connectivity to resources that move to another site and don’t dive into the details of network virtualization either.

Network Name Properties

There’s two cluster network name resource property setting you can configure to help reducing downtime after a failover.

RegisterAllProvidersIP cluster network name resource property

Remember our first story of “Multi-Subnet Resource Configuration” with the DNS updates and cache that has to expire? Well this can be enhanced as long as the applications can hand handle it. We can configure the DNS registration behavior via the RegisterAllProvidersIP property of a cluster networks name resource.

Get-ClusterResource MySQLServer |

Set-ClusterParameter RegisterAllProvidersIP 1

By setting this to TRUE all the IP address resources, on line and off line, are registered in DNS. If you have a “enlightened” application that can check for and handle multiple IP addresses and determine which one to use it allows for faster client reconnects. This works great with SQL Server.

HOstRecordTTL cluster network name resource property

This is great but has limited scope as the application has to have the logic to handle multiple registered IP addresses for the same resource and figure out when to use which one. SQL Server can do this, so can Exchange. What about a file server? RegisterAllProvidersIP won’t work but we can reduce the time to live of the DNS record for a cluster network resource IP address on the client from 20 minutes to 5 minutes or lower.

Get-ClusterResource MyFileShare |

Set-ClusterParameter HostRecordTTL 300

This is not an option for Hyper-V, there network virtualization works better or we use other options. Read on!

Stretch your VLANs

Here the VLAN(s) stretch across the sites. This means that the IP address of the service (VMs, SQL Servers, File Shares, …) never changes making it very easy to have the clients reconnect very fast.


Easy for the apps and the system administrators. Well sort of, chances are that the networks admins will chip in and put a kill contract out on you with some assassins. Just saying. In a perfect world this would be a good idea. In reality layer 2 and spanning tree are making sure you’ll sort of regret it or at least deal with the drawback and fall out. Choose wisely.

Abstract the network devices

This is a network vendors provided solution and I don’t see it very much in the wild. In this approach the network devices use a 3rd IP address that get registered in DNS for use by the clients. The fact that the workload switches between subnets when failing over between sites is irrelevant to the clients.


Cisco has this in a couple of solutions where NAT or a VIP is used to achieve this. As this is network appliance/ hardware based it works with any workload.

SLA your way out

Some people “mitigate” the prolonged down time by having a separate SLA for local failover versus site failover. Cool, but if I was cynical I could state that this is just lawyer behavior. You create fine print and “cover your ass” for that scenario. It’s not really solving anything but accepting longer down time and having all involved parties recognize and accept that fact. This is a valid approach.

Be creative & drive towards maximum portability

In an ideal world you can provision apps & services so fast you only need to protect and failover the persistent data. A world of micro services, containers where servers and virtual machines are cattle. But many of us will have to deal with servers being holey cows for now.

The above approaches are the most common options. There are more variations to these. One of those could be bases around the use of a dedicated management domain on both sites. It’s a concept I’ve used a couple of time where and when allowed.

It has some drawbacks or at least some complexities to deal with and one such example might be when configuring host based backups that need access to the guest VMs. This requires some extra firewall configuration. Nothing that would prevent you from doing so with good backup products like Veeam and it’s something you’re probably used to doing already for monitoring and backups across domains anyway.

But it also has serious benefits as the actual business domains are completely separate from the management domain and potentially 100% virtualized but that’s not a hard requirement as long as you keep the remaining physical servers in their own site dependent subnet which routes, these don’t move anyway, and they should have workloads that are distributed anyway like AD, Exchange DAGs, etc. The big benefits compared to a stretched cluster is that you can have the same subnet(s) on both sides of the stretched cluster for your virtual machines and you change the routing and endpoints for your public and private access to the services. Instead of making the changes to the cluster resources you do so higher up at the stack. It’s a bit like moving your data center to new location “as is” and directing the clients to the new location. This removes the need for stretched VLAN, or implementing network virtualization, at the cost of a bit more down time & work to “switch”. It’s worth considering.

It helps to leveraging DNS and geo load balancing technologies in this but the core infrastructure (the site ware stretched cluster) can run in a fully routed / Layer 3 fashion.

Sure you’ll still need to make sure the traffic from the offices goes to the correct data center now and it really rocks if you have your internet presence geo-load balanced in some way but let’s face it. But you needed to have that in order for any approach anyway.

Closing thoughts

There is a lot more detail and complexity to all of this than I covered in this short article. This is meant an eye opener, a point from where to start the discussion with the business demanding 24/7, 99.999% a zero cost and effort. Like Amazon or Azure but then better, cheaper and on premises. Ouch! As you might expect, this can’t be dealt with in just a few pages. Getting a solid, working disaster avoidance, recovery and business continuity plan & process is going to take some effort to create and maintain.

Fully failing over without any work or a second of downtime is a very expensive illusion and you might be better off with 15 to 20 minutes of down time for 90% of the workload and 30 to 60 minutes for the remaining 10% that trying to chase the ultimate perfection of 100% zero downtime ever for all services. Chances are you’ll go broke trying and pretending, which means failing. Remember that when your primary data center was just taken down or worse, burnt down, dealing with a couple of hours of down time to get you secondary site up and running 100 % isn’t actually as bad as it seems when discussing 2 or 3 hours of down time in a management meeting. Somehow it always seems a bigger deal when not faced with the alternative of the business being wiped out.

One final note, don’t forget to tell your bosses you’re going to have to practices this a couple of times per year. Doing it for real count’s a practice only if it’s the 3rd time you do it. Good luck!