Thursday, February 15, 2018

KMS Activation Error 0xc004f074

I recently had issues deploying a new KMS server to activate Windows 10 LTSB 2016 at a customer.  We deployed LTSB to remove all the bloatware from the Windows Store, Edge and other unwanted items like candy crush saga which Microsoft believes enterprise organisations should have in an enterprise version of Windows!

After setting up the KMS server, the following error were experienced on the endpoints:

We can't activate Windows on this device because we can't connect to your organisation's server. Make sure that you're connected to your organisation's network and try again. If you continue having problems with activation, contact your organisation's support person. Error code: 0xC004F074.


Activating Windows(R), EnterpriseS edition
Error: 0xC004F074 The Software Licensing Server reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.


License Activation (slui.exe) failed with the following error code:
hr=0C004F074

Event ID: 8198
Source: Security-SPP


The KMS Server we deployed was running "Windows Server 2012 R2 Datacentre edition".

The key we used from our Microsoft VLSC portal was "Windows Srv 2012R2 DataCtr/Std KMS for Windows 10" - the key recommended for Activating Windows 10.

After liaising with Microsoft with regards to the error, Microsoft advised me that the KMS Key "Windows Srv 2012R2 DataCtr/Std KMS for Windows 10" can only be used for "Windows 10 LTSB 2015".

In order to activate Windows 10 LTSB 2016, you need to use the "Windows Svr 2016 DataCtr/Std KMS" Key.  This will also activate all other builds of Windows 10, Windows 8.1 and Windows 7.  This is what it should look like in your Microsoft VLSC Portal.


In order to install this Server 2016 KMS Key on Windows Server 2012 R2, you must first install the KB3172614 patch.  This can be downloaded from the following URL:


Once this patch is installed, perform the following:

1. Uninstall any current KMS keys on the KMS server with the following command:

slmgr.vbs /upk

2. Install the new "Windows Svr 2016 DataCtr/Std KMS" Key from the your VLSC Portal.

slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

3. Activate the KMS Server

slmgr.vbs /ato

4. Check the key was installed correctly

slmgr/vbs /dlv



Next on your workstation's install the correct KMS Client Key which can be viewed here:


To install use the same command on the server, just using the KMS Client Key instead:

slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

Then activate it against the KMS Server:

slmgr.vbs /ato

I hope this post has been helpful.

Tuesday, February 13, 2018

Outlook 2016 Connects First Time, Prompts for Password Every Other Time

A customer of mine recently deployed Outlook 2016.  The customer had an issue where they could create a new Outlook 2016 Profile, but after the Outlook Profile was created and Outlook was closed, the second time they open Outlook they would be prompted for password in an infinite loop.

Disabling Cached Exchange Mode on the Outlook Profile would fix the issue but we needed Cached Exchange mode to be enabled!

The protocol we were using is MAPI over HTTPs.

Outlook 2010 and 2013 connected fine with MAPI over HTTPs, only Outlook 2016 had this issue.

The issue turned out that the customer had disabled oAUTH on the MAPI over HTTPS virtual directory.

Below is the authentication settings setup on the customers Exchange 2016 server:


This is what the default authentication settings look like:


To fix the issue we needed to set the settings back to default with the following command:

Get-MapiVirtualDirectory | Set-MapiVirtualDireectory -IISAuthenticationMethods NTLM,OAuth,Negotiate -InternalAuthenticationMethods NTLM,OAuth,Negotiate -ExternalAuthenticationMethods NTLM,OAuth,Negotiate

Make sure you reset the correct IIS App Pool or do an iisreset so the change takes effect immediately.

Monday, January 29, 2018

Finding a Device in SCCM for Unknown Computer TS Deployment

1. Currently I have a task sequence deployed to the "All Unknown x86/ x64 Computers" device collection. SCCM will only PXE boot machines it has never seen before in its database.



2. I PXE boot the new client PC and it downloads the policy and completes imaging successfully.

3. At this point SCCM knows about this computer via MAC address but lets say I need to reimage the client computer later on in life or right now as a test.

4. When trying to reimage I get the error that fails on "looking for policy" and then it aborts.


5. The reason why you cannot reimage it is because SCCM can tell that it was already imaged with the same exact MAC address and task sequence name. This is by design.

6.  What do to do reimage it?  You have two options.

a. You could add known device collections to the task sequence.

b. Alternatively you can remove the device from SCCM so it is treated again as an unknown device.

How do you find the device though if you don't know the previous hostname?

Look at the SMSPXE.log file on the SCCM Distribution Point.  Find the "Client boot action reply" entry in the log file and get the ItemKey number.


Now search for the ItemKey in SCCM "Assets and Compliance" --> Devices.


Deleting the device asset from SCCM will then once again treat the resource as an unknown computer.

Hope this post has been helpful.