Key Management Service for Product Activation

Key Management Service
This is a Microsoft Service hosted on a Windows Server. This service is used to activate Microsoft products like Operating Systems, MS Office Suites, Sharepoint suites etc.
This service can be hosted on your Datacenter Infrastructure without the need to contact Microsoft over Internet. Clients can connect to KMS using DNS dynamic or static entries and communicates over RPC port 135

KMS Activation Thresholds
There is a minimum threshold of clients requesting for activation only after which the KMS server starts activating the clients. For Windows Server Operating Systems, the threshold is 5 systems and for Windows Desktop Operating, the threshold is 25 systems. Until this threshold is met, the systems are not activated however the client machines contact KMS server every 2 hours to see if they have exceeded the threshold count.
There are no restrictions whether it is Physical or Virtual Server or Desktops. 
The KMS Server provides each host with Client Machine Identification [CMID] and saves it in a CMID Table. 

KMS Activation Renewal
KMS Activations are valid for 180 days. By default, KMS Clients attempt to renew their activation every 7 days. If activation fails, the client will retry every 2 hours. Once the computer is activated, the validity begins again.

KMS Service Publication
KMS Service uses DNS SRV records to store and communicate the location of KMS hosts. The KMS Service can also be published manually to the client computers. Steps to manually publish KMS host is given later in this article. 
If there are more than 1 KMS Server in the environment, the Clients randomly selects a KMS server unless the DnsDomainPublishList has specific Priority and Weight configured in the registry to prioritize a KMS server for client requests.

Important Port and Communication
KMS uses 1688 TCP ports [unidirectional - from client as source and KMS server as destination] to communicate with the client machines. The client send a packet of 250 bytes for activation requests to which KMS Host responds with the Activation Count. If the Count is equal or above threshold value, the client is activated and the session is closed.

Note: KMS Host does not require a dedicated Host.

Activating KMS Host
KMS Keys are provided by Microsoft to activate the KMS host. Once the Key is configured on KMS Host, It needs to be activated with Microsoft either via Telephone or Online. No further communication with Microsoft is required. The same KMS Key can be used in activating a maximum of 6 KMS Hosts in your environment.
Now the 6 KMS hosts can be re-activated with the same key for 9 more times. If you need more than 6 keys, Contact Microsoft Activation Call Center

As far as the KMS Server is operational with valid KMS keys and dynamic DNS update is completed to create a KMS SRV record in the current domain DNS, the client machines should be able to discover the KMS server and activate itself.

Important Commands to Publish KMS Hosts manually and activate Client Machines
slmgr -ckms -> To clear current KMS Host configured on client machine
slmgr -skms <kmshostname>:1688 -> To set KMS Host on client machine
slmgr -ipk <product key of OS> -> To set the Product key of OS. Refer to this for current Product Keys presented by Microsoft [https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys]
slmgr -ato -> Activate the client machine against the set KMS server
slmgr TargetComputer [username] [password] /parameter [options] -> To perform slmgr commands remotely on the Target Computer
nslookup -type=all _vlmcs._tcp -> This command should show you all the KMS Hosts in your environment having valid SRV records

Related Posts

• The other way to activate Microsoft Operating Systems are through MAK [Multiple Activation Keys] Activation. I will write a different post for MAK activations.- I will share the links shortly

• How to use KMS Service in a Domain to activate Workgroup clients and other domain clients - I will share the links shortly

Reference Documents
https://docs.microsoft.com/en-us/previous-versions/tn-archive/dd979804(v%3dtechnet.10)