Azure Windows Virtual Machine Activation: new KMS DNS & new KMS IP addresses in Azure China Cloud
This blog contains important information about KMS IP addresses changes that may impact Windows Virtual machine activations for Azure China Cloud customers who configured custom routes or firewall rules to allow KMS IP addresses.
Who will be affected?
On September 19, 2022, we announced a new KMS DNS, azkms.core.chinacloudapi.cn and two new KMS IP addresses, 159.27.28.100 and 163.228.64.161, in Azure China Cloud via Azure Update - Generally available: New KMS DNS in Azure China Cloud. We expect that most Azure Windows Virtual Machine customers in Azure China Cloud will not be impacted. However, Azure China Cloud customers who have followed trouble-shooting guides, like the ones listed below, to configure custom routes or firewall rules that allow Windows VMs to reach KMS DNS and IP addresses in the past, must take actions to include the new DNS azkms.core.chinacloudapi.cn and the new KMS IP addresses, 159.27.28.100 and 163.228.64.161. Otherwise, after December 15th, 2022, your Windows Virtual Machines will report warnings of failing to reach Windows Licensing Servers for activation.
- https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/custom-routes-enable-kms-activation
- https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/troubleshoot-activation-problems
- https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop
How will customers be affected?
As explained in Generally available: New KMS DNS in Azure China Cloud, after December 15th, 2022, most Windows Virtual Machines in Azure China Cloud will rely on new azkms.core.chinacloudapi.cn for Windows Activation. azkms.core.chinacloudapi.cn will point to two new IP addresses 159.27.28.100 and 163.228.64.161.
For Azure China Cloud customers who follow https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/custom-routes-enable-kms-activation, without taking the actions to include these two new IP addresses 159.27.28.100 and 163.228.64.161 in custom routes, your Windows Virtual Machines will not be able to connect to new KMS server for Windows Activation.
For Azure China Cloud customers who follow https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop, without taking the actions to include these two new IP addresses 159.27.28.100 and 163.228.64.161 in firewall rules, your Windows Virtual Machines will not be able to connect to new KMS server for Windows Activation.
When failing to connect to KMS server for activation, Azure Windows Virtual Machines report warnings like the following -
“We can't activate Windows on this device as we can't connect to your organization's activation server. Make sure you're connected to your organization's network and try again. If you continue having problems with activation, contact your organization's support person. Error code: 0xC004F074.”
As explained in Key Management Services (KMS) activation planning, “KMS activations are valid for 180 days, a period known as the activation validity interval. KMS clients must renew their activation by connecting to the KMS host at least once every 180 days to stay activated. By default, KMS client computers attempt to renew their activation every seven days. After a client's activation is renewed, the activation validity interval begins again”. Within the 180-day KMS activate validity interval, customers can still access the full functionality of the Windows virtual machine. Customers should fix activation issues during the 180-day KMS activation validity interval.
Action required
To Azure China Cloud customers who follow https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/custom-routes-enable-kms-activation, include these two new IP addresses 159.27.28.100 and 163.228.64.161 in custom routes before December 15th, 2022.
To Azure China Cloud customers who follow https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop, include these two new IP addresses 159.27.28.100 and 163.228.64.161 in firewall rules before December 15th, 2022.
How to check
You can remote login to your Windows Virtual Machines and complete the following:
- Open PowerShell.
- Run the following command to confirm the connectivity to new KMS IP addresses:
test-netconnection azkms.core.chinacloudapi.cn -port 1688
test-netconnection 159.27.28.100 -port 1688
test-netconnection 163.228.64.161 -port 1688
- If the connections are successful, no more action is needed.
- If the connection(s) fails, you need to go to the “Action required” section.
Important timeline
- After December 15th, 2022, 2022, most Azure Windows Virtual Machines will rely on two new KMS IP addresses 159.27.28.100 and 163.228.64.161 for Windows Activation, when new DNS azkms.core.chinacloudapi.cn is rolled out in Azure China Cloud.
- After March 1st, 2023, all Azure Windows Virtual Machines will rely on two new KMS IP addresses 159.27.28.100 and 163.228.64.161 for Windows Activation, when kms.core.chinacloudapi.cn points to 159.27.28.100 and 163.228.64.161 in Azure China Cloud.
Published on:
Learn moreRelated posts
Azure VMware Solution - Using Log Analytics With NSX-T Firewall Logs
Azure VMware Solution How To Series: Monitoring Azure VMware Solution Overview Requirements Lab Environment Tagging & Groups Kusto ...
Troubleshoot your apps faster with App Service using Microsoft Copilot for Azure | Azure Friday
This video provides you with a comprehensive overview of how to troubleshoot your apps faster with App Service utilizing Microsoft Copilot for...
Looking to optimize and manage your cloud resources? Join our Azure optimization skills challenge!
If you're looking for an effective way to optimize and manage your cloud resources, then join the Azure Optimization Cloud Skills Challenge or...
Have a safe coffee chat with your documentation using Azure AI Services | JavaScript Day 2024
In the Azure Developers JavaScript Day 2024, Maya Shavin a Senior Software Engineer at Microsoft, presented a session c...
Azure Cosmos DB Keyboard Shortcuts for Faster Workflows | Data Explorer
Azure Cosmos DB Data Explorer just got a whole lot easier to work with thanks to its new keyboard shortcuts. This update was designed to make ...
How to Use Azure Virtual Network Manager's UDR Management Feature
What will you learn in this blog? What is Azure Virtual Network Manager’s UDR management feature? How UDR management simplifies route setting...
Secure & Reliable Canonical Workloads on Azure | GA Availability
With Azure's partnership with Canonical, the industry standard for patching Linux distributions on the cloud is elevated. The collaboration hi...
Azure VMware Solution now available in Italy North, Switzerland North and UAE North
Azure VMware Solution continues to expand its reach, as it is now accessible in Italy North, Switzerland North, and UAE North. With this expan...
Connecting Azure to Mainframes with Low Latency
Many organizations are running their mission critical workloads on the mainframe and would greatly benefit by incorporating the mainframe in t...