VLMCSD.INI(5)                KMS Activation Manual               VLMCSD.INI(5)



NAME
       vlmcsd.ini - vlmcsd KMS emulator configuration file


SYNOPSIS
       vlmcsd.ini


DESCRIPTION
       vlmcsd.ini  (or  simply  called the "ini file") is a configuration file
       for vlmcsd(8). By default vlmcsd does not use a configuration file.  It
       is completely optional and for advanced users only. You must use the -i
       option on the vlmcsd command line to use  an  ini  file.  There  is  no
       default name or default location for the ini file.

       Everything,  that can be configured in the ini file, may also be speci‐
       fied on the command line. Any configuration  option  specified  on  the
       command line takes precedence over the respective configuration line in
       the ini file.

       Benefits of a configuration file

       While you can use the configuration file to simply modify  the  default
       behavior  of vlmcsd, it can also be used to change the configuration of
       vlmcsd after you sent a HUP signal(7). Whenever you  send  SIGHUP,  the
       configuration  file  will  be  re-read. Any changes you made to the ini
       file will be reflected after vlmcsd received the hangup signal.

       Differences between command line and configuration file

       If you specify an illegal option or  option  argument  on  the  command
       line,  vlmcsd displays help and exits. If you specify an incorrect key‐
       word or argument in the ini file, vlmcsd displays a warning  with  some
       information,  ignores the respective line and continues. This is inten‐
       tional and prevents vlmcsd from aborting after a SIGHUP if the configu‐
       ration was modified incorrectly.


SYNTAX
       vlmcsd.ini  is  a  UTF-8  encoded text file with each line being in the
       format keyword = argument. The keyword is not case-sensitive. The argu‐
       ment  is  treated  literally.  It  is  neither  required nor allowed to
       enclose the argument in any form of quote characters except when  quote
       characters  are  part of the argument itself. Whitespace characters are
       ignored only

       - at the beginning of a line
       - between the keyword and '='
       - between '=' and the argument

       Lines, that start with '#' or ';' are treated as comments. Empty  lines
       are  ignored  as well. If a keyword is repeated in another line, vlmcsd
       will use the argument of the last occurence of the keyword.  An  excep‐
       tion  to  this  is  the  Listen keyword which can be specified multiple
       times and causes vlmcsd to listen on more than one  IP  address  and/or
       port.

       Some  arguments  are  binary  arguments  that need to be either TRUE or
       FALSE. You can use "Yes", "On" or "1" as an alias for  TRUE  and  "No",
       "Off"  or "0" as an alias for FALSE. Binary arguments are case-insensi‐
       tive.


KEYWORDS
       The following keywords are defined (not all keywords may  be  available
       depending  on  the operating system and the options used when vlmcsd(8)
       was compiled):


       Listen This defines on what combinations of IP addresses and ports vlm‐
              csd  should  listen. Listen can be specified more than once. The
              argument has the form ipaddress[:port]. If you  omit  the  port,
              the  default  port  of  1688  is used. If the ipaddress contains
              colons and a port is used, you must  enclose  the  ipaddress  in
              brackets. The default is to listen to 0.0.0.0:1688 and [::]:1688
              which means listen to all IPv4 and all IPv6 addresses.  See  the
              -L  option  in  vlmcsd(8) for more info about the syntax. If you
              use -L or -P on the command line, all Listen keywords in the ini
              file  will be ignored. The Listen keyword cannot be used if vlm‐
              csd has been compiled to use Microsoft RPC (Windows  and  Cygwin
              only) or simple sockets.

              Examples:

              Listen = 192.168.1.123:1688
              Listen = 0.0.0.0:1234
              Listen = [fe80::1721:12ff:fe81:d36b%eth0]:1688


       Port   Can only be used if vlmcsd has been compiled to use simple sock‐
              ets or on Windows and Cygwin if vlmcsd(8) has been  compiled  to
              use Microsoft RPC. Otherwise you must use Listen instead. Causes
              vlmcsd to listen on that port instead of 1688.


       FreeBind
              Can be TRUE or FALSE. If TRUE, you can use  the  Listen  keyword
              with IP addresses that are currently not defined on your system.
              vlmcsd(8) will start listening on these IP addresses as soon  as
              they  become  available.  This  keyword  is only available under
              Linux and FreeBSD because no other OS  currently  supports  that
              feature.  FreeBSD  supports  this only for IPv4 and requires the
              PRIV_NETINET_BINDANY privilege which  is  normally  assigned  to
              proccesses of the root user.


       PublicIPProtectionLevel
              Set  the level of protection against KMS activations from public
              IP addresses.

              0 = No protection (default)
              1 = Listen on private IP addresses only (plus those specified by
              one or more Listen statements)
              2 = Disconnect clients with public IP addresses without activat‐
              ing
              3 = Combines 1 and 2

              For details on public IP protection levels see vlmcsd(8) command
              line option -o.


       VPN    Has  to  be  in  the form vpn-adapter-name[=ipv4-address][/cidr-
              mask][:dhcp-lease-duration].

              Enables a compatible VPN adapter to create additional local IPv4
              addresses  (like 127.0.0.1) that appear as remote IPv4 addresses
              to the system. This allows  product  activation  using  a  local
              instance  of  vlmcsd.  This feature is only available in Windows
              and Cygwin builds of vlmcsd since it is not of any use on  other
              operating  systems. Compatible VPN adapters are Tap-windows ver‐
              sion 8.2  or  higher  (from  OpenVPN)  and  the  TeamViewer  VPN
              adapter.  There  is  a special vpn-adapter-name. A single period
              (.) instructs vlmcsd to use the first available  compatible  VPN
              adapter. The vpn-adapter-name is not case-sensitive. If the vpn-
              adapter-name contains spaces (e.g. Ethernet 3), do  not  enclose
              it in quotes.

              The default ipv4-address is 10.10.10.9 and the default cidr-mask
              is 30. If you are using the default  values,  your  VPN  adapter
              uses  an IPv4 address of 10.10.10.9 and you can set your activa‐
              tion client to use the  easy  to  remember  address  10.10.10.10
              (e.g.    slmgr    /skms    10.10.10.10   or   cscript   ospp.vbs
              /sethst:10.10.10.10).

              The dhcp-lease-duration is a number optionally followed by s, m,
              h,  d  or  w to indicate seconds, minutes, hours, days or weeks.
              The default dhcp-lease-duration is 1d (one day). It is  normally
              not required to change this value.

              It  is  advised  not  to  manually configure your OpenVPN TAP or
              TeamViewer VPN adapter in "Network Connections". If you set  the
              IPv4  configuration  manually  anyway,  the IPv4 address and the
              subnet mask must match the VPN= directive. It is safe leave  the
              IPv4  configuration  to automatic (DHCP). vlmcsd will wait up to
              four seconds for the DHCP configuration to complete before bind‐
              ing to and listenin on any interfaces.

              You  should be aware that only one program can use a VPN adapter
              at a time. If you use the TeamViewer VPN  adapter  for  example,
              you  will  not  be  able to use the VPN feature of TeamViewer as
              long as vlmcsd is running.  The  same  applies  to  OpenVPN  TAP
              adapters that are in use by other programs (for example OpenVPN,
              QEMU, Ratiborus VM, aiccu, etc.). The best  way  to  avoid  con‐
              flicts  is to install Tap-Windows from OpenVPN, cd to C:\Program
              Files\TAP-Windows\bin and run addtap.bat  to  install  an  addi‐
              tional  TAP  adapter. Go to "Network Connections" and rename the
              new adapter to "vlmcsd" and specify VPN=vlmcsd to use it.


       UseNDR64
              Can be TRUE or FALSE. Specifies whether  you  want  to  use  the
              NDR64 transfer syntax. See options -n0 and -n1 in vlmcsd(8). The
              default is TRUE.


       UseBTFN
              Can be TRUE or FALSE. Specifies whether you  want  to  use  bind
              time feature negotiation in RPC. See options -b0 and -b1 in vlm‐
              csd(8). The default is TRUE.


       RandomizationLevel
              The argument must 0, 1 or 2. This specifies the ePID  randomiza‐
              tion  level.  See  options  -r0,  -r1  and -r2 in vlmcsd(8). The
              default randomization level is 1. A RandomizationLevel of  2  is
              not recommended and should be treated as a debugging level.


       LCID   Use a specific culture id (LCID) even if the ePID is randomized.
              The argument must be a number between 1  and  32767.  While  any
              number in that range is valid, you should use an offcial LCID. A
              list of  assigned  LCIDs  can  be  found  at  http://msdn.micro‐
              soft.com/en-us/goglobal/bb964664.aspx.  On  the command line you
              control this setting with option -C.


       MaxWorkers
              The argument specifies the maximum number of worker processes or
              threads  that  will be used to serve activation requests concur‐
              rently. This is the same as specifying -m on the  command  line.
              Minimum  is  1. The maximum is platform specific and is at least
              32767 but is likely to be greater on most systems.  The  default
              is no limit.


       ConnectionTimeout
              Used  to  control  when  the vlmcsd disconnects idle TPC connec‐
              tions. The default is 30 seconds. This is the same setting as -t
              on the command line.


       DisconnectClientsImmediately
              Set  this to TRUE to disconnect a client after it got an activa‐
              tion response regardless whether a timeout has occured  or  not.
              The  default  is  FALSE.  Setting  this  to TRUE is non-standard
              behavior. Use only if you are experiencing DoS or DDoS  attacks.
              On  the  command  line you control this behavior with options -d
              and -k.


       PidFile
              Write a pid file. The argument is the full  pathname  of  a  pid
              file.  The  pid  file  contains  is  single  line containing the
              process id of the  vlmcsd  process.  It  can  be  used  to  stop
              (SIGTERM)  or  restart  (SIGHUP)  vlmcsd.  This directive can be
              overriden using -p on the command line.


       LogFile
              Write a log file. The argument is the full  pathname  of  a  log
              file.  On  a  unixoid OS and with Cygwin you can use the special
              filename 'syslog' to log to the syslog  facility.  This  is  the
              same as specifying -l on the command line.


       KmsData
              Use  a KMS data file. The argument is the full pathname of a KMS
              data file. By default vlmcsd only contains the  minimum  product
              data  that  is required to perform all operations correctly. You
              may use a more complete KMS data file that contains all detailed
              product  names. This is especially useful if you are logging KMS
              requests. If you don't log, there is no need to load an external
              KMS data file.

              You  may use KmsData = - to prevent the default KMS data file to
              be loaded.


       LogDateAndTime
              Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log‐
              ging  output  does  not include date and time. This is useful if
              you log to stdout(3) which  is  redirected  to  another  logging
              mechanism that already includes date and time in its output, for
              instance systemd-journald(8). If you log to syslog(3),  LogDate‐
              AndTime  is  ignored and date and time will never be included in
              the output sent to syslog(3). Using the command line you control
              this setting with options -T0 and -T1.


       LogVerbose
              Set  this  to either TRUE or FALSE. The default is FALSE. If set
              to TRUE, more details of each activation will be logged. You use
              -v  and  -q in the command line to control this setting. LogVer‐
              bose has an effect only if you specify a log  file  or  redirect
              logging to stdout(3).


       WhitelistingLevel
              Can  be  0,  1,  2 or 3. The default is 0. Sets the whitelisting
              level to determine which products vlmcsd activates or refuses.

                   0:  activate  all  products  with  an  unknown,  retail  or
                   beta/preview KMS ID.
                   1:  activate  products with a retail or beta/preview KMS ID
                   but refuse to activate products with an unknown KMS ID.
                   2: activate products with an  unknown  KMS  ID  but  refuse
                   products with a retail or beta/preview KMS ID.
                   3:  activate  only products with a known volume license RTM
                   KMS ID and refuse all others.


              The SKU ID is not checked. Like  a  genuine  KMS  server  vlmcsd
              activates  a product that has a random or unknown SKU ID. If you
              select 1 or 3, vlmcsd also checks the Application  ID  for  cor‐
              rectness.  If  Microsoft introduces a new KMS ID for a new prod‐
              uct, you cannot activate it if you used 1 or 3 until a new  ver‐
              sion of vlmcsd is available.


       CheckClientTime
              Can  be  TRUE or FALSE. The default is FALSE. If you set this to
              TRUE vlmcsd(8) checks if the client time differs  no  more  than
              four  hours from the system time. This is useful to prevent emu‐
              lator detection. A client that tries to detect an emulator could
              simply  send  two  subsequent  request with two time stamps that
              differ more than four hours from each other.  If  both  requests
              succeed, the server is an emulator. If you set this to TRUE on a
              system with no reliable time source, activations will  fail.  It
              is  ok  to  set  the  correct system time after you started vlm‐
              csd(8).


       MaintainClients
              Can be TRUE or FALSE (the default). Disables (FALSE) or  enables
              (TRUE) maintaining a list of client machine IDs (CMIDs). TRUE is
              useful to prevent emulator detection. By maintaing a CMID  list,
              vlmcsd(8)  reports current active clients exactly like a genuine
              KMS emulator. This includes bug compatibility to the extent that
              you  can  permanently  kill a genuine KMS emulator by sending an
              "overcharge request" with a required client count of 376 or more
              and  then  request  activation for 671 clients. vlmcsd(8) can be
              reset from this condition by restarting it. If  FALSE  is  used,
              vlmcsd(8) reports current active clients as good as possible. If
              no client sends an "overcharge request", it is not  possible  to
              detect  vlmcsd(8)  as  an emulator with MaintainClients = FALSE.
              Maintaining clients requires the allocation of a buffer that  is
              about  50  kB in size. On hardware with few memory resources use
              it only if you really need it.

              If you start vlmcsd(8) from an internet superserver,  this  set‐
              ting  cannot  be  used. Since vlmcsd(8) exits after each activa‐
              tion, it cannot maintain any state in memory.


       StartEmpty
              This setting is ignored if you do  not  also  specify  Maintain‐
              Clients  =  TRUE.  If you specify FALSE (the default), vlmcsd(8)
              starts up as a fully  "charged"  KMS  server.  Clients  activate
              immediately.  StartEmpty = TRUE lets you start up vlmcsd(8) with
              an empty CMID list. Activation will start when the required min‐
              imum  clients (25 for Windows Client OSses, 5 for Windows Server
              OSses and Office) have registered with the KMS server.  As  long
              as the minimum client count has not been reached, clients end up
              in HRESULT 0xC004F038 "The count reported by your Key Management
              Service (KMS) is insufficient. Please contact your system admin‐
              istrator". You may use vlmcs(1) or another KMS  client  emulator
              to  "charge"  vlmcsd(8). Setting this parameter to TRUE does not
              improve emulator detection prevention. It's primary  purpose  is
              to  help  developers  of  KMS  clients  to test "charging" a KMS
              server.


       ActivationInterval
              This is the same as specifying -A on the command line. See  vlm‐
              csd(8) for details. The default is 2 hours. Example: Activation‐
              Interval = 1h


       RenewalInterval
              This is the same as specifying -R on the command line. See  vlm‐
              csd(8)  for  details. The default is 7 days. Example: RenewalIn‐
              terval = 3d. Please note that the KMS client decides itself when
              to renew activation. Even though vlmcsd sends the renewal inter‐
              val you specify, it is no more than some kind of  recommendation
              to  the  client. Older KMS clients did follow the recommendation
              from a KMS server or emulator. Newer clients do not.


       User   Run vlmcsd as another, preferrably less  privileged,  user.  The
              argument  can be a user name or a numeric user id. You must have
              the required privileges (capabilities on Linux)  to  change  the
              security  context of a process without providing any credentials
              (a password in most cases). On most unixoid OSses 'root' is  the
              only user who has these privileges in the default configuration.
              This setting is not available in the native Windows  version  of
              vlmcsd.  See  -u in vlmcsd(8). This setting cannot be changed on
              the fly by sending SIGHUP to vlmcsd.


       Group  Run vlmcsd as another, preferrably less privileged,  group.  The
              argument  can  be  a  group name or a numeric group id. You must
              have the required privileges (capabilities on Linux)  to  change
              the  security context of a process without providing any creden‐
              tials (a password in most cases). On most unixoid  OSses  'root'
              is the only user who has these privileges in the default config‐
              uration. This setting is not available  in  the  native  Windows
              version  of  vlmcsd. See -g in vlmcsd(8). This setting cannot be
              changed on the fly by sending SIGHUP to vlmcsd.


       Windows
              The argument has the form ePID [ / HwId ]. Always use  ePID  and
              HwId  for  Windows activations. If specified, RandomizationLevel
              for Windows activitations will be ignored.


       Office2010
              The argument has the form ePID [ / HwId ]. Always use  ePID  and
              HwId  for  Office 2010 activations. If specified, Randomization‐
              Level for Office 2010 activitations will be ignored.


       Office2013
              The argument has the form ePID [ / HwId ]. Always use  ePID  and
              HwId  for  Office 2013 activations. If specified, Randomization‐
              Level for Office 2013 activitations will be ignored.


       Office2016
              The argument has the form ePID [ / HwId ]. Always use  ePID  and
              HwId  for  Office 2016 activations. If specified, Randomization‐
              Level for Office 2016 activitations will be ignored.


VALID EPIDS
       The ePID is currently a comment only. You can specify any string up  to
       63  bytes.  In  Windows  7 Microsoft has blacklisted few ( < 10 ) ePIDs
       that were used in KMSv5 versions of the  "Ratiborus  Virtual  Machine".
       Microsoft  has  given up on blacklisting when KMS emulators appeared in
       the wild.

       Even if you can use "Activated by cool hacker guys" as an ePID, you may
       wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
       know how these "valid" ePIDs look like exactly, do  not  use  GUIDS  in
       vlmcsd.ini.  vlmcsd  provides  internal  mechanisms  to  generate valid
       ePIDs.

       If you use non-ASCII characters in your ePID (you shouldn't do anyway),
       these  must  be  in UTF-8 format. This is especially important when you
       run vlmcsd on Windows or cygwin because UTF-8 is not the default encod‐
       ing for most editors.

       If you are specifying an optional HWID it follows the same syntax as in
       the -H option in vlmcsd(8) ecxept that you must not enclose a  HWID  in
       quotes even if it contains spaces.


FILES
       vlmcsd.ini(5)


AUTHOR
       vlmcsd(8) was written by crony12, Hotbird64 and vityan666. With contri‐
       butions from DougQaid.


CREDITS
       Thanks to CODYQX4, deagles, eIcn,  mikmik38,  nosferati87,  qad,  Rati‐
       borus, ...


SEE ALSO
       vlmcsd(8), vlmcsd(7), vlmcs(1), vlmcsdmulti(1)



Hotbird64                        December 2016                   VLMCSD.INI(5)
