|
|
|
<!-- Creator : groff version 1.22.3 -->
|
|
|
|
<!-- CreationDate: Sat Oct 20 09:49:39 2018 -->
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
|
|
|
|
"http://www.w3.org/TR/html4/loose.dtd">
|
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<meta name="generator" content="groff -Thtml, see www.gnu.org">
|
|
|
|
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
|
|
|
|
<meta name="Content-Style" content="text/css">
|
|
|
|
<style type="text/css">
|
|
|
|
p { margin-top: 0; margin-bottom: 0; vertical-align: top }
|
|
|
|
pre { margin-top: 0; margin-bottom: 0; vertical-align: top }
|
|
|
|
table { margin-top: 0; margin-bottom: 0; vertical-align: top }
|
|
|
|
h1 { text-align: center }
|
|
|
|
</style>
|
|
|
|
<title>VLMCSD</title>
|
|
|
|
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
|
|
|
|
<h1 align="center">VLMCSD</h1>
|
|
|
|
|
|
|
|
<a href="#NAME">NAME</a><br>
|
|
|
|
<a href="#SYNOPSIS">SYNOPSIS</a><br>
|
|
|
|
<a href="#DESCRIPTION">DESCRIPTION</a><br>
|
|
|
|
<a href="#OPTIONS">OPTIONS</a><br>
|
|
|
|
<a href="#SIGNALS">SIGNALS</a><br>
|
|
|
|
<a href="#SUPPORTED OPERATING SYSTEMS">SUPPORTED OPERATING SYSTEMS</a><br>
|
|
|
|
<a href="#SUPPORTED PRODUCTS">SUPPORTED PRODUCTS</a><br>
|
|
|
|
<a href="#FILES">FILES</a><br>
|
|
|
|
<a href="#EXAMPLES">EXAMPLES</a><br>
|
|
|
|
<a href="#BUGS">BUGS</a><br>
|
|
|
|
<a href="#AUTHOR">AUTHOR</a><br>
|
|
|
|
<a href="#CREDITS">CREDITS</a><br>
|
|
|
|
<a href="#SEE ALSO">SEE ALSO</a><br>
|
|
|
|
|
|
|
|
<hr>
|
|
|
|
|
|
|
|
|
|
|
|
<h2>NAME
|
|
|
|
<a name="NAME"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">vlmcsd - a
|
|
|
|
fully Microsoft compatible KMS server</p>
|
|
|
|
|
|
|
|
<h2>SYNOPSIS
|
|
|
|
<a name="SYNOPSIS"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b> [
|
|
|
|
<i>options</i> ]</p>
|
|
|
|
|
|
|
|
<h2>DESCRIPTION
|
|
|
|
<a name="DESCRIPTION"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
|
|
|
|
is a fully Microsoft compatible KMS server that provides
|
|
|
|
product activation services to clients. It is meant as a
|
|
|
|
drop-in replacement for a Microsoft KMS server (Windows
|
|
|
|
computer with KMS key entered). It currently supports KMS
|
|
|
|
protocol versions 4, 5 and 6.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
|
|
|
|
is designed to run on POSIX compatible operating systens. It
|
|
|
|
only requires a basic C library with a BSD-style sockets API
|
|
|
|
and either <b>fork</b>(2) or <b>pthreads</b>(7). That allows
|
|
|
|
it to run on most embedded systems like routers, NASes,
|
|
|
|
mobile phones, tablets, TVs, settop boxes, etc. Some efforts
|
|
|
|
have been made that it also runs on Windows.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Although
|
|
|
|
<b>vlmcsd</b> does neither require an activation key nor a
|
|
|
|
payment to anyone, it is not meant to run illegal copies of
|
|
|
|
Windows. Its purpose is to ensure that owners of legal
|
|
|
|
copies can use their software without restrictions, e.g. if
|
|
|
|
you buy a new computer or motherboard and your key will be
|
|
|
|
refused activation from Microsoft servers due to hardware
|
|
|
|
changes.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
|
|
|
|
may be started via an internet superserver like
|
|
|
|
<b>inetd</b>(8) or <b>xinetd</b>(8) as well as an advanced
|
|
|
|
init system like <b>systemd</b>(8) or <b>launchd</b>(8)
|
|
|
|
using socket based activation. If <b>vlmcsd</b> detects that
|
|
|
|
<b>stdin</b>(3) is a socket, it assumes that there is
|
|
|
|
already a connected client on stdin that wants to be
|
|
|
|
activated.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">All options
|
|
|
|
that control setting up listening sockets will be ignored
|
|
|
|
when in inetd mode. The sockets will be set up by your
|
|
|
|
internet superserver. You also cannot limit the number of
|
|
|
|
simultanous clients (option <b>-m</b>). You need to
|
|
|
|
configure the limit in your internet superserver.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">The followong
|
|
|
|
features that require that vlmcsd is permanently loaded will
|
|
|
|
not work if started from an internet superserver:</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">You cannot
|
|
|
|
maintain a client list (option <b>-M1</b>)</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">EPID
|
|
|
|
Randomization Level 1 (option <b>-r1</b>) works like Level 2
|
|
|
|
(<b>-r2</b>). You may want to use Level 0 (<b>-r0</b>) or
|
|
|
|
custom EPIDs (options <b>-w</b>, <b>-G</b>, <b>-0</b>,
|
|
|
|
<b>-3</b> and <b>-6</b>) instead.</p>
|
|
|
|
|
|
|
|
<h2>OPTIONS
|
|
|
|
<a name="OPTIONS"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Since vlmcsd
|
|
|
|
can be configured at compile time, some options may not be
|
|
|
|
available on your system.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">All options
|
|
|
|
that do no require an argument may be combined with a single
|
|
|
|
dash, for instance "vlmcsd -D -e" is identical to
|
|
|
|
"vlmcsd -De". For all options that require an
|
|
|
|
argument a space between the option and the option argument
|
|
|
|
is optional. Thus "vlmcsd -r 2" and "vlmcsd
|
|
|
|
-r2" are identical too. <b><br>
|
|
|
|
-h</b> or <b>-?</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Displays help.</p>
|
|
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
|
|
cellspacing="0" cellpadding="0">
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="11%"></td>
|
|
|
|
<td width="3%">
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>-V</b></p></td>
|
|
|
|
<td width="8%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>Displays extended version information. This includes the
|
|
|
|
compiler used to build vlmcsd, the intended platform and
|
|
|
|
flags (compile time options) to build vlmcsd. If you have
|
|
|
|
the source code of vlmcsd, you can type <b>make help</b> (or
|
|
|
|
<b>gmake help</b> on systems that do not use the GNU version
|
|
|
|
of <b>make</b>(1) by default) to see the meaning of those
|
|
|
|
flags.</p> </td></tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-L</b>
|
|
|
|
<i>ipaddress</i>[:<i>port</i>]</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Instructs vlmcsd to listen on
|
|
|
|
<i>ipaddress</i> with optional <i>port</i> (default 1688).
|
|
|
|
You can use this option more than once. If you do not
|
|
|
|
specify <b>-L</b> at least once, IP addresses 0.0.0.0 (IPv4)
|
|
|
|
and :: (IPv6) are used. If the IP address contains colons
|
|
|
|
(IPv6) you must enclose the IP address in brackets if you
|
|
|
|
specify the optional port, e.g.
|
|
|
|
[2001:db8::dead:beef]:1688.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If no port is
|
|
|
|
specified, vlmcsd uses the default port according to a
|
|
|
|
preceding <b>-P</b> option. If you specify a port, it can be
|
|
|
|
a number (1-65535) or a name (usually found in /etc/services
|
|
|
|
if not provided via LDAP, NIS+ or another name service).</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you specify
|
|
|
|
a link local IPv6 address (fe80::/10, usually starting with
|
|
|
|
fe80::), it must be followed by a percent sign (%) and a
|
|
|
|
scope id (=network interface name or number) on most unixoid
|
|
|
|
OSses including Linux, Android, MacOS X and iOS, e.g.
|
|
|
|
fe80::1234:56ff:fe78:9abc<b>%eth0</b> or
|
|
|
|
[fe80::1234:56ff:fe78:9abc<b>%2</b>]:1688. Windows
|
|
|
|
(including cygwin) does not require a scope id unless the
|
|
|
|
same link local address is used on more than one network
|
|
|
|
interface. Windows does not accept a name and the scope id
|
|
|
|
must be a number.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-o</b> <i>level</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Sets the <i>level</i> of
|
|
|
|
protection against activations from public IP addresses. The
|
|
|
|
default is <b>-o0</b> for no protection.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-o1</b>
|
|
|
|
causes vlmcsd not to listen on all IP addresses but on
|
|
|
|
private IP addresses only. IPv4 addresses in the
|
|
|
|
100.64.0.0/10 range (see RFC6598) are not treated as private
|
|
|
|
since they can be reached from other users of your ISP.
|
|
|
|
Private IPv4 addresses are 10.0.0.0/8, 172.16.0.0/12,
|
|
|
|
192.168.0.0/16, 169.254.0.0/16 and 127.0.0.0/8. vlmcsd
|
|
|
|
treats all IPv6 addresses not within 2000::/3 as private
|
|
|
|
addresses.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If <b>-o1</b>
|
|
|
|
is combined with <b>-L</b>, it will listen on all private IP
|
|
|
|
addresses plus the ones specified by one or more <b>-L</b>
|
|
|
|
statements. If <b>-o1</b> is combined with <b>-P</b>, only
|
|
|
|
the last <b>-P</b> statement will be used.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Using
|
|
|
|
<b>-o1</b> does not protect you if you enable NAT port
|
|
|
|
forwarding on your router to your vlmcsd machine. It is
|
|
|
|
identical to using multiple -L statements with all of your
|
|
|
|
private IP addresses. What <b>-o1</b> does for you, is
|
|
|
|
automatically enumerating your private IP addresses.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-o2</b> does
|
|
|
|
not affect the interfaces, vlmcsd is listening on. When a
|
|
|
|
clients connects, vlmcsd immediately drops the connection if
|
|
|
|
the client has a public IP address. Unlike <b>-o1</b>
|
|
|
|
clients will be able to establish a TCP connection but it
|
|
|
|
will be closed without a single byte sent over the
|
|
|
|
connection. This protects against clients with public IP
|
|
|
|
addresses even if NAT port forwarding is used. While
|
|
|
|
<b>-o2</b> offers a higher level of protection than
|
|
|
|
<b>-o1</b>, the client sees that the KMS TCP port (1688 by
|
|
|
|
default) is actually accepting connections.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If vlmcsd is
|
|
|
|
compiled to use MS RPC, <b>-o2</b> can only offer very poor
|
|
|
|
protection. Control is passed from MS RPC to vlmcsd after
|
|
|
|
the KMS protocol has already been negotiated. Thus a client
|
|
|
|
can always verify that the KMS protocol is available even
|
|
|
|
though it receives an RPC_S_ACCESS_DENIED error message.
|
|
|
|
vlmcsd will issue a warning if <b>-o2</b> is used with MS
|
|
|
|
RPC. <b>For adaequate protection do not use a MS RPC build
|
|
|
|
of vlmcsd with -o2</b>.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-o3</b>
|
|
|
|
combines <b>-o1</b> and <b>-o2</b>. vlmcsd listens on
|
|
|
|
private interfaces only and if a public client manages to
|
|
|
|
connect anyway due to NAT port forwarding, it will be
|
|
|
|
immediately dropped.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you use any
|
|
|
|
form of TCP level port forwarding (e.g. <b>nc</b>(1),
|
|
|
|
<b>netcat</b>(1), <b>ssh</b>(1) port forwarding or similar)
|
|
|
|
to redirect KMS requests to vlmcsd, there will be no
|
|
|
|
protection even if you use <b>-o2</b> or <b>-o3</b>. This is
|
|
|
|
due to the simple fact that vlmcsd sees the IP address of
|
|
|
|
the redirector and not the IP address of the client.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-o1</b> (and
|
|
|
|
thus <b>-o3</b>) is not (yet) available in some
|
|
|
|
scenarios:</p>
|
|
|
|
|
|
|
|
<p style="margin-left:29%; margin-top: 1em">FreeBSD: There
|
|
|
|
is a longtime unfixed
|
|
|
|
<a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881">bug</a>
|
|
|
|
in the 32-bit ABI of the 64-bit kernel. If you have a 64-bit
|
|
|
|
FreeBSD kernel, you must run the 64-bit version of vlmcsd if
|
|
|
|
you use <b>-o1</b> or <b>-o3</b>. The 32-bit version causes
|
|
|
|
undefined behavior up to crashing vlmcsd. Other BSDs
|
|
|
|
(NetBSD, OpenBSD, Dragonfly and Mac OS X) work
|
|
|
|
correctly.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:29%; margin-top: 1em">If vlmcsd was
|
|
|
|
started by an internet superserver or was compiled to use
|
|
|
|
Microsoft RPC (Windows only) or simple sockets, <b>-o1</b>
|
|
|
|
and <b>-o3</b> are not available by design.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-P</b> <i>port</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Use TCP <i>port</i> for all
|
|
|
|
subsequent <b>-L</b> statements that do not include an
|
|
|
|
optional port. If you use <b>-P</b> and <b>-L</b>, <b>-P</b>
|
|
|
|
must be specified before <b>-L</b>.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-O</b>
|
|
|
|
<i>vpn-adapter-name</i>[=<i>ipv4-address</i>][/<i>cidr-mask</i>][:<i>dhcp-lease-duration</i>]</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Enables a compatible VPN
|
|
|
|
adapter to create additional local IPv4 addresses (like
|
|
|
|
127.0.0.1) that appear as remote IPv4 addresses to the
|
|
|
|
system. This allows product activation using a local
|
|
|
|
instance of vlmcsd. This feature is only available in
|
|
|
|
Windows and Cygwin builds of vlmcsd since it is not of any
|
|
|
|
use on other operating systems. Compatible VPN adapters are
|
|
|
|
Tap-windows version 8.2 or higher (from OpenVPN) and the
|
|
|
|
TeamViewer VPN adapter. There are two special
|
|
|
|
<i>vpn-adapter-name</i>s. A single period (.) instructs
|
|
|
|
vlmcsd to use the first available compatible VPN adapter. A
|
|
|
|
single dash (-) disables the use of a VPN adapter if one has
|
|
|
|
been configured in <b>vlmcsd.ini</b>(5). The
|
|
|
|
<i>vpn-adapter-name</i> is <b>not</b> case-sensitive. If the
|
|
|
|
<i>vpn-adapter-name</i> contains spaces (e.g. Ethernet 3),
|
|
|
|
you must enclose it in quotes.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">The default
|
|
|
|
<i>ipv4-address</i> is 10.10.10.9 and the default
|
|
|
|
<i>cidr-mask</i> is 30. If you are using the default values,
|
|
|
|
your VPN adapter uses an IPv4 address of 10.10.10.9 and you
|
|
|
|
can set your activation client to use the easy to remember
|
|
|
|
address 10.10.10.10 (e.g. slmgr /skms 10.10.10.10 or cscript
|
|
|
|
ospp.vbs /sethst:10.10.10.10).</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">The
|
|
|
|
<i>dhcp-lease-duration</i> is a number optionally followed
|
|
|
|
by s, m, h, d or w to indicate seconds, minutes, hours, days
|
|
|
|
or weeks. The default <i>dhcp-lease-duration</i> is 1d (one
|
|
|
|
day). It is normally not required to change this value.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">It is advised
|
|
|
|
not to manually configure your OpenVPN TAP or TeamViewer VPN
|
|
|
|
adapter in "Network Connections". If you set the
|
|
|
|
IPv4 configuration manually anyway, the IPv4 address and the
|
|
|
|
subnet mask must match the <b>-O</b> parameter. It is safe
|
|
|
|
leave the IPv4 configuration to automatic (DHCP). vlmcsd
|
|
|
|
will wait up to four seconds for the DHCP configuration to
|
|
|
|
complete before binding to and listenin on any
|
|
|
|
interfaces.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">You should be
|
|
|
|
aware that only one program can use a VPN adapter at a time.
|
|
|
|
If you use the TeamViewer VPN adapter for example, you will
|
|
|
|
not be able to use the VPN feature of TeamViewer as long as
|
|
|
|
vlmcsd is running. The same applies to OpenVPN TAP adapters
|
|
|
|
that are in use by other programs (for example OpenVPN,
|
|
|
|
QEMU, Ratiborus VM, aiccu, etc.). The best way to avoid
|
|
|
|
conflicts is to install Tap-Windows from OpenVPN, cd to
|
|
|
|
C:\Program Files\TAP-Windows\bin and run addtap.bat to
|
|
|
|
install an additional TAP adapter. Go to "Network
|
|
|
|
Connections" and rename the new adapter to
|
|
|
|
"vlmcsd" and specify <b>-O vlmcsd</b> to use
|
|
|
|
it.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Example: <b>-O
|
|
|
|
"Ethernet 7"=192.168.123.1/24</b> (uses VPN
|
|
|
|
adapter Ethernet 7 with IPv4 address 192.168.123.1 and have
|
|
|
|
192.168.123.2 to 192.168.123.254 as additional local (but
|
|
|
|
apparently remote) IPv4 addresses.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-x0</b> and <b>-x1</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Controls under what
|
|
|
|
circumstances vlmcsd will exit. Using the default of
|
|
|
|
<b>-x0</b> vlmcsd stays active as long as it can perform
|
|
|
|
some useful operations. If vlmcsd is run by any form of a
|
|
|
|
watchdog, e.g. NT service manager (Windows), systemd (Linux)
|
|
|
|
or launchd (Mac OS / iOS), it may be desirable to end vlmcsd
|
|
|
|
and let the watchdog restart it. This is especially true if
|
|
|
|
some pre-requisites are not yet met but will be some time
|
|
|
|
later, e.g. network is not yet fully setup.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">By using
|
|
|
|
<b>-x0</b> vlmcsd will</p>
|
|
|
|
|
|
|
|
<p style="margin-left:29%; margin-top: 1em">exit if none of
|
|
|
|
the listening sockets specified with <b>-L</b> can be used.
|
|
|
|
It continues if at least one socket can be setup for
|
|
|
|
listening.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:29%; margin-top: 1em">exit any TAP
|
|
|
|
mirror thread (Windows version only) if there is an error
|
|
|
|
condition while reading or writing from or to the VPN
|
|
|
|
adapter but continue to work without utilizing a VPN
|
|
|
|
adapter.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">By using
|
|
|
|
<b>-x1</b> vlmcsd will</p>
|
|
|
|
|
|
|
|
<p style="margin-left:29%; margin-top: 1em">exit if not all
|
|
|
|
listening sockets specified with <b>-L</b> can be used.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:29%; margin-top: 1em">exit completely
|
|
|
|
if there is a problem with a VPN adapter it is using. This
|
|
|
|
can happen for instance if the VPN adapter has been disabled
|
|
|
|
using "Control Panel - Network - Adapter Settings"
|
|
|
|
while vlmcsd is using it.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Please note
|
|
|
|
that <b>-x1</b> is kind of a workaround option. While it may
|
|
|
|
help under some circumstances, it is better to solve the
|
|
|
|
problem at its origin, e.g. properly implementing
|
|
|
|
dependencies in your startup script to ensure all network
|
|
|
|
interfaces and the VPN adapter you will use are completely
|
|
|
|
setup before you start vlmcsd.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-F0</b> and <b>-F1</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Allow (<b>-F1</b>) or disallow
|
|
|
|
(<b>-F0</b>) binding to IP addresses that are currently not
|
|
|
|
configured on your system. The default is <b>-F0</b>.
|
|
|
|
<b>-F1</b> allows you to bind to an IP address that may be
|
|
|
|
configured after you started <b>vlmcsd</b>. <b>vlmcsd</b>
|
|
|
|
will listen on that address as soon as it becomes available.
|
|
|
|
This feature is only available under Linux (IPv4 and IPv6)
|
|
|
|
and FreeBSD (IPv4 only). FreeBSD allows this feature only
|
|
|
|
for the root user (more correctly: processes that have the
|
|
|
|
PRIV_NETINET_BINDANY privilege). Linux does not require a
|
|
|
|
capability for this.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-t</b> <i>seconds</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Timeout the TCP connection with
|
|
|
|
the client after <i>seconds</i> seconds. After sending an
|
|
|
|
activation request. RPC keeps the TCP connection for a
|
|
|
|
while. The default is 30 seconds. You may specify a shorter
|
|
|
|
period to free ressources on your device faster. This is
|
|
|
|
useful for devices with limited main memory or if you used
|
|
|
|
<b>-m</b> to limit the concurrent clients that may request
|
|
|
|
activation. Microsoft RPC clients disconnect after 30
|
|
|
|
seconds by default. Setting <i>seconds</i> to a greater
|
|
|
|
value does not make much sense.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-m</b>
|
|
|
|
<i>concurrent-clients</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Limit the number of clients
|
|
|
|
that will be handled concurrently. This is useful for
|
|
|
|
devices with limited ressources or if you are experiencing
|
|
|
|
DoS attacks that spawn thousands of threads or forked
|
|
|
|
processes. If additional clients connect to vlmcsd, they
|
|
|
|
need to wait until another client disconnects. If you set
|
|
|
|
<i>concurrent-clients</i> to a small value ( <10 ), you
|
|
|
|
should also select a reasonable timeout of 2 or 3 seconds
|
|
|
|
with <b>-t</b>. The default is no limit.</p>
|
|
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
|
|
cellspacing="0" cellpadding="0">
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="11%"></td>
|
|
|
|
<td width="3%">
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>-d</b></p></td>
|
|
|
|
<td width="8%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>Disconnect each client after processing one activation
|
|
|
|
request. This is a direct violation of DCE RPC but may help
|
|
|
|
if you receive malicous fake RPC requests that block your
|
|
|
|
threads or forked processes. Some other KMS emulators (e.g.
|
|
|
|
py-kms) behave this way.</p></td></tr>
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="11%"></td>
|
|
|
|
<td width="3%">
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>-k</b></p></td>
|
|
|
|
<td width="8%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>Do not disconnect clients after processing an activation
|
|
|
|
request. This selects the default behavior. <b>-k</b> is
|
|
|
|
useful only if you used an ini file (see
|
|
|
|
<b>vlmcsd.ini</b>(5) and <b>-i</b>). If the ini file
|
|
|
|
contains the line "DisconnectClientsImmediately =
|
|
|
|
true", you can use this switch to restore the default
|
|
|
|
behavior.</p> </td></tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-N0</b> and <b>-N1</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Disables (<b>-N0</b>) or
|
|
|
|
enables (<b>-N1</b>) the use of the NDR64 transfer syntax in
|
|
|
|
the RPC protocol. Unlike Microsoft vlmcsd supports NDR64 on
|
|
|
|
32-bit operating systems. Microsoft introduced NDR64 in
|
|
|
|
Windows Vista but their KMS servers started using it with
|
|
|
|
Windows 8. Thus if you choose random ePIDs, vlmcsd will
|
|
|
|
select ePIDs with build numbers 9200 and 9600 if you enable
|
|
|
|
NDR64 and build numbers 6002 and 7601 if you disable NDR64.
|
|
|
|
The default is to enable NDR64.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-B0</b> and <b>-B1</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Disables (<b>-B0</b>) or
|
|
|
|
enables (<b>-B1</b>) bind time feature negotiation (BTFN) in
|
|
|
|
the RPC protocol. All Windows operating systems starting
|
|
|
|
with Vista support BTFN and try to negotiate it when
|
|
|
|
initiating an RPC connection. Thus consider turning it off
|
|
|
|
as a debug / troubleshooting feature only. Some older
|
|
|
|
firewalls that selectively block or redirect RPC traffic may
|
|
|
|
get confused when they detect NDR64 or BTFN.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-l</b> <i>filename</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Use <i>filename</i> as a log
|
|
|
|
file. The log file records all activations with IP address,
|
|
|
|
Windows workstation name (no reverse DNS lookup), activated
|
|
|
|
product, KMS protocol, time and date. If you do not specify
|
|
|
|
a log file, no log is created. For a live view of the log
|
|
|
|
file type tail -f <i>file</i>.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you use the
|
|
|
|
special <i>filename</i> "syslog", vlmcsd uses
|
|
|
|
<b>syslog</b>(3) for logging. If your system has no syslog
|
|
|
|
service (/dev/log) installed, logging output will go to
|
|
|
|
/dev/console. Syslog logging is not available in the native
|
|
|
|
Windows version. The Cygwin version does support syslog
|
|
|
|
logging.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-T0</b> and <b>-T1</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Disable (<b>-T0</b>) or enable
|
|
|
|
(<b>-T1</b>) the inclusion of date and time in each line of
|
|
|
|
the log. The default is <b>-T1</b>. <b>-T0</b> is useful if
|
|
|
|
you log to <b>stdout</b>(3) which is redirected to another
|
|
|
|
logging mechanism that already includes date and time in its
|
|
|
|
output, for instance <b>systemd-journald</b>(8). If you log
|
|
|
|
to <b>syslog</b>(3), <b>-T1</b> is ignored and date and time
|
|
|
|
will never be included in the output sent to
|
|
|
|
<b>syslog</b>(3).</p>
|
|
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
|
|
cellspacing="0" cellpadding="0">
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="11%"></td>
|
|
|
|
<td width="3%">
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>-D</b></p></td>
|
|
|
|
<td width="8%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>Normally vlmcsd daemonizes and runs in background
|
|
|
|
(except the native Windows version). If <b>-D</b> is
|
|
|
|
specified, vlmcsd does not daemonize and runs in foreground.
|
|
|
|
This is useful for testing and allows you to simply press
|
|
|
|
<Ctrl-C> to exit vlmcsd.</p></td></tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">The native
|
|
|
|
Windows version never daemonizes and always behaves as if
|
|
|
|
<b>-D</b> had been specified. You may want to install vlmcsd
|
|
|
|
as a service instead. See <b>-s</b>.</p>
|
|
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
|
|
cellspacing="0" cellpadding="0">
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="11%"></td>
|
|
|
|
<td width="3%">
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-top: 1em"><b>-e</b></p></td>
|
|
|
|
<td width="8%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-top: 1em">If specified, vlmcsd ignores
|
|
|
|
<b>-l</b> and writes all logging output to <b>stdout</b>(3).
|
|
|
|
This is mainly useful for testing and debugging and often
|
|
|
|
combined with <b>-D</b>.</p></td></tr>
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="11%"></td>
|
|
|
|
<td width="3%">
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>-v</b></p></td>
|
|
|
|
<td width="8%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>Use verbose logging. Logs every parameter of the base
|
|
|
|
request and the base response. It also logs the HWID of the
|
|
|
|
KMS server if KMS protocol version 6 is used. This option is
|
|
|
|
mainly for debugging purposes. It only has an effect if some
|
|
|
|
form of logging is used. Thus <b>-v</b> does not make sense
|
|
|
|
if not used with <b>-l</b>, <b>-e</b> or <b>-f</b>.</p></td></tr>
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="11%"></td>
|
|
|
|
<td width="3%">
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>-q</b></p></td>
|
|
|
|
<td width="8%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>Do not use verbose logging. This is actually the default
|
|
|
|
behavior. It only makes sense if you use vlmcsd with an ini
|
|
|
|
file (see <b>-i</b> and <b>vlmcsd.ini</b>(5)). If the ini
|
|
|
|
file contains the line "LogVerbose = true" you can
|
|
|
|
use <b>-q</b> to restore the default behavior.</p></td></tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-p</b> <i>filename</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Create pid file
|
|
|
|
<i>filename</i>. This has nothing to do with KMS ePIDs. A
|
|
|
|
pid file is a file where vlmcsd writes its own process id.
|
|
|
|
This is used by standard init scripts (typically found in
|
|
|
|
/etc/init.d). The default is not to write a pid file.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-u</b> <i>user</i> and
|
|
|
|
<b>-g</b> <i>group</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Causes vlmcsd to run in the
|
|
|
|
specified <i>user</i> and <i>group</i> security context. The
|
|
|
|
main purpose for this is to drop root privileges after it
|
|
|
|
has been started from the root account. To use this feature
|
|
|
|
from cygwin you must run cyglsa-config and the account from
|
|
|
|
which vlmcsd is started must have the rights "Act as
|
|
|
|
part of the operating system" and "Replace a
|
|
|
|
process level token". The native Windows version does
|
|
|
|
not support these options.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">The actual
|
|
|
|
security context switch is performed after the TCP sockets
|
|
|
|
have been created. This allows you to use privileged ports
|
|
|
|
(< 1024) when you start vlmcsd from the root account.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">However if you
|
|
|
|
use an ini, pid or log file, you must ensure that the
|
|
|
|
unprivileged user has access to these files. You can always
|
|
|
|
log to <b>syslog</b>(3) from an unprivileged account on most
|
|
|
|
platforms (see <b>-l</b>).</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-a</b> <i>CSVLK</i> =
|
|
|
|
<i>ePID</i> [ / <i>HwId</i> ]</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Use <i>ePID</i> and <i>HwId</i>
|
|
|
|
for a specific <i>CSVLK</i>. When you use it, <b>-r</b> is
|
|
|
|
disregarded for this <i>CSVLK</i>. If vlmcsd uses the
|
|
|
|
default vlmcsd.kmd database, you can use the following
|
|
|
|
<i>CSVLK</i>s: Windows, WinChinaGov, Office2010, Office2013,
|
|
|
|
Office2016 and Office2019. The <b>-a</b> option requires
|
|
|
|
that database version 1.6 or later is used.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><i>HwId</i>
|
|
|
|
must be specified as 16 hex digits that are interpreted as a
|
|
|
|
series of 8 bytes (big endian). Any character that is not a
|
|
|
|
hex digit will be ignored. This is for better
|
|
|
|
readability.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-i</b> <i>filename</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Use configuration file (aka ini
|
|
|
|
file) <i>filename</i>. Most configuration parameters can be
|
|
|
|
set either via the command line or an ini file. The command
|
|
|
|
line always has precedence over configuration items in the
|
|
|
|
ini file. See <b>vlmcsd.ini</b>(5) for the format of the
|
|
|
|
configuration file.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If vlmcsd has
|
|
|
|
been compiled to use a default configuration file (often
|
|
|
|
/etc/vlmcsd.ini), you may use <b>-i-</b> to ignore the
|
|
|
|
default configuration file.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-j</b> <i>filename</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Use KMS data file
|
|
|
|
<i>filename</i>. By default vlmcsd only contains the minimum
|
|
|
|
product data that is required to perform all operations
|
|
|
|
correctly. You may use a more complete KMS data file that
|
|
|
|
contains all detailed product names. This is especially
|
|
|
|
useful if you are logging KMS requests. If you don’t
|
|
|
|
log, there is no need to load an external KMS data file.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If vlmcsd has
|
|
|
|
been compiled to use a default KMS data file, you may use
|
|
|
|
<b>-j-</b> to ignore the default configuration file.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-r0</b>, <b>-r1</b>
|
|
|
|
(default) and <b>-r2</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">These options determine how
|
|
|
|
ePIDs are generated if</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">- you did not
|
|
|
|
sprecify an ePID in the command line and <br>
|
|
|
|
- you haven’t used <b>-i</b> or <br>
|
|
|
|
- the file specified by <b>-i</b> cannot be opened or <br>
|
|
|
|
- the file specified by <b>-i</b> does not contain an ePID
|
|
|
|
for the KMS request</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-r0</b>
|
|
|
|
means there are no random ePIDs. vlmcsd simply issues
|
|
|
|
default ePIDs that are built into the binary at compile
|
|
|
|
time. <b>Pro:</b> behaves like real KMS server that also
|
|
|
|
always issues the same ePID. <b>Con:</b> Microsoft may start
|
|
|
|
blacklisting again and the default ePID may not work any
|
|
|
|
longer.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-r1</b>
|
|
|
|
instructs vlmcsd to generate random ePIDs when the program
|
|
|
|
starts or receives a SIGHUP signal and uses these ePIDs
|
|
|
|
until it is stopped or receives another SIGHUP. Most other
|
|
|
|
KMS emulators generate a new ePID on every KMS request. This
|
|
|
|
is easily detectable. Microsoft could just modify sppsvc.exe
|
|
|
|
in a way that it always sends two identical KMS requests in
|
|
|
|
two RPC requests but over the same TCP connection. If both
|
|
|
|
KMS responses contain the different ePIDs, the KMS server is
|
|
|
|
not genuine. <b>-r1</b> is the default mode. <b>-r1</b> also
|
|
|
|
ensures that all three ePIDs (Windows, Office 2010 and
|
|
|
|
Office 2013) use the same OS build number and LCID (language
|
|
|
|
id).</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If vlmcsd has
|
|
|
|
been started by an internet superserver, <b>-r1</b> works
|
|
|
|
almost identically to <b>-r2</b>. The only exception occurs
|
|
|
|
if you send more than one activation request over the same
|
|
|
|
TCP connection. This is simply due to the fact that vlmcsd
|
|
|
|
is started upon a connection request and does not stay in
|
|
|
|
memory after servicing a KMS request. Consider using
|
|
|
|
<b>-r0</b> or <b>-w</b>, <b>-G</b>, <b>-0</b>, <b>-3</b> and
|
|
|
|
<b>-6</b> when starting vlmcsd by an internet
|
|
|
|
superserver.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-r2</b>
|
|
|
|
behaves like most other KMS server emulators with random
|
|
|
|
support and generates a new random ePID on every request.
|
|
|
|
<b>-r2</b> should be treated as debugging option only
|
|
|
|
because it allows very easy emulator detection.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-C</b> <i>LCID</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Do not randomize the locale id
|
|
|
|
part of the ePID and use <i>LCID</i> instead. The
|
|
|
|
<i>LCID</i> must be specified as a decimal number, e.g. 1049
|
|
|
|
for "Russian - Russia". This option has no effect
|
|
|
|
if the ePID is not randomized at all, e.g. if it is selected
|
|
|
|
from the command line or an ini file.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">By default
|
|
|
|
vlmcsd generates a valid locale id that is recognized by
|
|
|
|
.NET Framework 4.0. This may lead to a locale id which is
|
|
|
|
unlikely to occur in your country, for instance 2155 for
|
|
|
|
"Quecha - Ecuador". You may want to select the
|
|
|
|
locale id of your country instead. See
|
|
|
|
<a href="http://msdn.microsoft.com/en-us/goglobal/bb964664.aspx">MSDN</a>
|
|
|
|
for a list of valid <i>LCID</i>s. Please note that some of
|
|
|
|
them are not recognized by .NET Framework 4.0.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Most other KMS
|
|
|
|
emulators use a fixed <i>LCID</i> of 1033 (English - US). To
|
|
|
|
achive the same behavior in vlmcsd use <b>-C 1033</b>.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-H</b> <i>HostBuild</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Do not randomize the host build
|
|
|
|
number in the ePID and use <i>HostBuild</i> instead, for
|
|
|
|
instance 17763 for Windows Server 2019 / Windows 10
|
|
|
|
1809.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-K0</b>, <b>-K1</b>,
|
|
|
|
<b>-K2</b> and <b>-K3</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Sets the whitelisting level to
|
|
|
|
determine which products vlmcsd activates or refuses. The
|
|
|
|
default is <b>-K0</b>.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:29%; margin-top: 1em"><b>-K0</b>:
|
|
|
|
activate all products with an unknown, retail or
|
|
|
|
beta/preview KMS ID. <b><br>
|
|
|
|
-K1</b>: activate products with a retail or beta/preview KMS
|
|
|
|
ID but refuse to activate products with an unknown KMS ID.
|
|
|
|
<b><br>
|
|
|
|
-K2</b>: activate products with an unknown KMS ID but refuse
|
|
|
|
products with a retail or beta/preview KMS ID. <b><br>
|
|
|
|
-K3</b>: activate only products with a known volume license
|
|
|
|
RTM KMS ID and refuse all others.</p>
|
|
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
|
|
cellspacing="0" cellpadding="0">
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="22%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>The SKU ID is not checked. Like a genuine KMS server
|
|
|
|
vlmcsd activates a product that has a random or unknown SKU
|
|
|
|
ID. If you select <b>-K1</b> or <b>-K3</b>, vlmcsd also
|
|
|
|
checks the Application ID for correctness. If Microsoft
|
|
|
|
introduces a new KMS ID for a new product, you cannot
|
|
|
|
activate it if you used <b>-K1</b> or <b>-K3</b> until a new
|
|
|
|
version of vlmcsd is available.</p></td></tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-c0</b> and <b>-c1</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;"><b>-c1</b> causes vlmcsd to
|
|
|
|
check if the client time differs no more than four hours
|
|
|
|
from the system time. <b>-c0</b> (the default) disables this
|
|
|
|
check. <b>-c1</b> is useful to prevent emulator detection. A
|
|
|
|
client that tries to detect an emulator could simply send
|
|
|
|
two subsequent request with two time stamps that differ more
|
|
|
|
than four hours from each other. If both requests succeed,
|
|
|
|
the server is an emulator. If you specify <b>-c1</b> on a
|
|
|
|
system with no reliable time source, activations will fail.
|
|
|
|
It is ok to set the correct system time after you started
|
|
|
|
vlmcsd.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-M0</b> and <b>-M1</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Disables (<b>-M0</b>) or
|
|
|
|
enables (<b>-M1</b>) maintaining a list of client machine
|
|
|
|
IDs (CMIDs). The default is <b>-M0</b>. <b>-M1</b> is useful
|
|
|
|
to prevent emulator detection. By maintaing a CMID list,
|
|
|
|
vlmcsd reports current active clients exactly like a genuine
|
|
|
|
KMS emulator. This includes bug compatibility to the extent
|
|
|
|
that you can permanently kill a genuine KMS emulator by
|
|
|
|
sending an "overcharge request" with a required
|
|
|
|
client count of 376 or more and then request activation for
|
|
|
|
671 clients. vlmcsd can be reset from this condition by
|
|
|
|
restarting it. If <b>-M0</b> is used, vlmcsd reports current
|
|
|
|
active clients as good as possible. If no client sends an
|
|
|
|
"overcharge request", it is not possible to detect
|
|
|
|
vlmcsd as an emulator with <b>-M0</b>. <b>-M1</b> requires
|
|
|
|
the allocation of a buffer that is about 50 kB in size. On
|
|
|
|
hardware with few memory resources use it only if you really
|
|
|
|
need it.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you start
|
|
|
|
vlmcsd from an internet superserver, <b>-M1</b> cannot be
|
|
|
|
used. Since vlmcsd exits after each activation, it cannot
|
|
|
|
maintain any state in memory.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-E0</b> and <b>-E1</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">These options are ignored if
|
|
|
|
you do not also specify <b>-M1</b>. If you use <b>-E0</b>
|
|
|
|
(the default), vlmcsd starts up as a fully
|
|
|
|
"charged" KMS server. Clients activate
|
|
|
|
immediately. <b>-E1</b> lets you start up vlmcsd with an
|
|
|
|
empty CMID list. Activation will start when the required
|
|
|
|
minimum clients (25 for Windows Client OSses, 5 for Windows
|
|
|
|
Server OSses and Office) have registered with the KMS
|
|
|
|
server. As long as the minimum client count has not been
|
|
|
|
reached, clients end up in HRESULT 0xC004F038 "The
|
|
|
|
count reported by your Key Management Service (KMS) is
|
|
|
|
insufficient. Please contact your system
|
|
|
|
administrator". You may use <b>vlmcs</b>(1) or another
|
|
|
|
KMS client emulator to "charge" vlmcsd. <b>-E1</b>
|
|
|
|
does not improve emulator detection prevention. It’s
|
|
|
|
primary purpose is to help developers of KMS clients to test
|
|
|
|
"charging" a KMS server.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-R</b>
|
|
|
|
<i>renewal-interval</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Instructs clients to renew
|
|
|
|
activation every <i>renewal-interval</i>. The
|
|
|
|
<i>renewal-interval</i> is a number optionally immediately
|
|
|
|
followed by a letter indicating the unit. Valid unit letters
|
|
|
|
are s (seconds), m (minutes), h (hours), d (days) and w
|
|
|
|
(weeks). If you do not specify a letter, minutes is
|
|
|
|
assumed.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-R3d</b> for
|
|
|
|
instance instructs clients to renew activation every 3 days.
|
|
|
|
The default <i>renewal-interval</i> is 10080 (identical to
|
|
|
|
7d and 1w).</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Due to poor
|
|
|
|
implementation of Microsofts KMS Client it cannot be
|
|
|
|
guaranteed that activation is renewed on time as specfied by
|
|
|
|
the -R option. Don’t care about that. Renewal will
|
|
|
|
happen well before your activation expires (usually 180
|
|
|
|
days).</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Even though you
|
|
|
|
can specify seconds, the granularity of this option is 1
|
|
|
|
minute. Seconds are rounded down to the next multiple of
|
|
|
|
60.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-A</b>
|
|
|
|
<i>activation-interval</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Instructs clients to retry
|
|
|
|
activation every <i>activation-interval</i> if it was
|
|
|
|
unsuccessful, e.g. because it could not reach the server.
|
|
|
|
The default is 120 (identical to 2h).
|
|
|
|
<i>activation-interval</i> follows the same syntax as
|
|
|
|
<i>renewal-interval</i> in the <b>-R</b> option.</p>
|
|
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
|
|
cellspacing="0" cellpadding="0">
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="11%"></td>
|
|
|
|
<td width="3%">
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>-s</b></p></td>
|
|
|
|
<td width="8%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>Installs vlmcsd as a Windows service. This option only
|
|
|
|
works with the native Windows version and Cygwin. Combine
|
|
|
|
<b>-s</b> with other command line options. These will be in
|
|
|
|
effect when you start the service. The service automatically
|
|
|
|
starts when you reboot your machine. To start it manually,
|
|
|
|
type "net start vlmcsd".</p></td></tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you use
|
|
|
|
Cygwin, you must include your Cygwin system DLL directory
|
|
|
|
(usually C:\Cygwin\bin or C:\Cygwin64\bin) into the PATH
|
|
|
|
environment variable or the service will not start.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">You can
|
|
|
|
reinstall the service anytime using vlmcsd -s again, e.g.
|
|
|
|
with a different command line. If the service is running, it
|
|
|
|
will be restarted with the new command line.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">When using
|
|
|
|
<b>-s</b> the command line is checked for basic syntax
|
|
|
|
errors only. For example "vlmcsd -s -L 1.2.3.4"
|
|
|
|
reports no error but the service will not start if 1.2.3.4
|
|
|
|
is not an IP address on your system.</p>
|
|
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
|
|
cellspacing="0" cellpadding="0">
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="11%"></td>
|
|
|
|
<td width="3%">
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-top: 1em"><b>-S</b></p></td>
|
|
|
|
<td width="8%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-top: 1em">Uninstalls the vlmcsd service.
|
|
|
|
Works only with the native Windows version and Cygwin. All
|
|
|
|
other options will be ignored if you include -S in the
|
|
|
|
command line.</p></td></tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-U</b>
|
|
|
|
[<i>domain</i>\]<i>username</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Can only be used together with
|
|
|
|
<b>-s</b>. Starts the service as a different user than the
|
|
|
|
local SYSTEM account. This is used to run the service under
|
|
|
|
an account with low privileges. If you omit the domain, an
|
|
|
|
account from the local computer will be used.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">You may use
|
|
|
|
"NT AUTHORITY\NetworkService". This is a pseudo
|
|
|
|
user with low privileges. You may also use "NT
|
|
|
|
AUTHORITY\LocalService" which has more privileges but
|
|
|
|
these are of no use for running vlmcsd.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Make sure that
|
|
|
|
the user you specify has at least execute permission for
|
|
|
|
your executable. "NT AUTHORITY\NetworkService"
|
|
|
|
normally has no permission to run binaries from your home
|
|
|
|
directory.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">For your
|
|
|
|
convenience you can use the special username "/l"
|
|
|
|
as a shortcut for "NT AUTHORITY\LocalService" and
|
|
|
|
"/n" for "NT AUTHORITY\NetworkService".
|
|
|
|
"vlmcsd -s -U /n" installs the
|
|
|
|
service to run as "NT
|
|
|
|
AUTHORITY\NetworkService".</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>-W</b> <i>password</i></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Can only be used together with
|
|
|
|
<b>-s</b>. Specifies a <i>password</i> for the corresponding
|
|
|
|
username you use with -U. SYSTEM, "NT
|
|
|
|
AUTHORITY\NetworkService", "NT
|
|
|
|
AUTHORITY\LocalService" do not require a password.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you specify
|
|
|
|
a user with even lower privileges than "NT
|
|
|
|
AUTHORITY\NetworkService", you must specify its
|
|
|
|
password. You also have to grant the "Log on as a
|
|
|
|
service" right to that user.</p>
|
|
|
|
|
|
|
|
<h2>SIGNALS
|
|
|
|
<a name="SIGNALS"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">The following
|
|
|
|
signals differ from the default behavior: <b><br>
|
|
|
|
SIGTERM</b>, <b>SIGINT</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">These signals cause vlmcsd to
|
|
|
|
exit gracefully. All global semaphores and shared memory
|
|
|
|
pages will be released, the pid file will be unlinked
|
|
|
|
(deleted) and a shutdown message will be logged.</p>
|
|
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
|
|
cellspacing="0" cellpadding="0">
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="11%"></td>
|
|
|
|
<td width="9%">
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>SIGHUP</b></p></td>
|
|
|
|
<td width="2%"></td>
|
|
|
|
<td width="78%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>Causes vlmcsd to be restarted completely. This is useful
|
|
|
|
if you started vlmcsd with an ini file. You can modify the
|
|
|
|
ini file while vlmcsd is running and then sending
|
|
|
|
<b>SIGHUP</b>, e.g. by typing "killall -SIGHUP
|
|
|
|
vlmcsd" or "kill -SIGHUP ’cat
|
|
|
|
/var/run/vlmcsd.pid’".</p> </td></tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">The SIGHUP
|
|
|
|
handler has been implemented relatively simple. It is
|
|
|
|
virtually the same as stopping vlmcsd and starting it again
|
|
|
|
immediately with the following exceptions:</p>
|
|
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
|
|
cellspacing="0" cellpadding="0">
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="22%"></td>
|
|
|
|
<td width="1%">
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-top: 1em">—</p></td>
|
|
|
|
<td width="3%"></td>
|
|
|
|
<td width="74%">
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-top: 1em">The new process does not get a
|
|
|
|
new process id.</p></td></tr>
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="22%"></td>
|
|
|
|
<td width="1%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>—</p></td>
|
|
|
|
<td width="3%"></td>
|
|
|
|
<td width="74%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>If you used a pid file, it is not deleted and recreated
|
|
|
|
because the process id stays the same.</p></td></tr>
|
|
|
|
<tr valign="top" align="left">
|
|
|
|
<td width="22%"></td>
|
|
|
|
<td width="1%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>—</p></td>
|
|
|
|
<td width="3%"></td>
|
|
|
|
<td width="74%">
|
|
|
|
|
|
|
|
|
|
|
|
<p>If you used the ’user’ and/or
|
|
|
|
’group’ directive in an ini file these are
|
|
|
|
ignored. This is because once you switched to lower
|
|
|
|
privileged users and groups, there is no way back. Anything
|
|
|
|
else would be a severe security flaw in the OS.</p></td></tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Signaling is
|
|
|
|
not available in the native Windows version and in the
|
|
|
|
Cygwin version when vlmcsd runs as a Windows service.</p>
|
|
|
|
|
|
|
|
<h2>SUPPORTED OPERATING SYSTEMS
|
|
|
|
<a name="SUPPORTED OPERATING SYSTEMS"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
|
|
|
|
compiles and runs on Linux, Windows (no Cygwin required but
|
|
|
|
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD,
|
|
|
|
Dragonfly BSD, Minix, Solaris, OpenIndiana, Android and iOS.
|
|
|
|
Other POSIX or unixoid OSses may work with unmodified
|
|
|
|
sources or may require minor porting efforts.</p>
|
|
|
|
|
|
|
|
<h2>SUPPORTED PRODUCTS
|
|
|
|
<a name="SUPPORTED PRODUCTS"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
|
|
|
|
can answer activation requests for the following products:
|
|
|
|
Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
|
|
|
(up to 1703), Windows Server 2008, Windows Server 2008 R2,
|
|
|
|
Windows Server 2012, Windows Server 2012 R2, Windows Server
|
|
|
|
2016, Office 2010, Project 2010, Visio 2010, Office 2013,
|
|
|
|
Project 2013, Visio 2013, Office 2016, Project 2016, Visio
|
|
|
|
2016. Newer products may work as long as the KMS protocol
|
|
|
|
does not change. A complete list of fully supported products
|
|
|
|
can be obtained using the <b>-x</b> option of
|
|
|
|
<b>vlmcs</b>(1).</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Office, Project
|
|
|
|
and Visio must be volume license versions.</p>
|
|
|
|
|
|
|
|
<h2>FILES
|
|
|
|
<a name="FILES"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd.ini</b>(5)</p>
|
|
|
|
|
|
|
|
<h2>EXAMPLES
|
|
|
|
<a name="EXAMPLES"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd
|
|
|
|
-De</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Starts <b>vlmcsd</b> in
|
|
|
|
foreground. Useful if you use it for the first time and want
|
|
|
|
to see what’s happening when a client requests
|
|
|
|
activation.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>vlmcsd -l
|
|
|
|
/var/log/vlmcsd.log</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Starts <b>vlmcsd</b> as a
|
|
|
|
daemon and logs everything to /var/log/vlmcsd.log.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>vlmcsd -L
|
|
|
|
192.168.1.17</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Starts <b>vlmcsd</b> as a
|
|
|
|
daemon and listens on IP address 192.168.1.17 only. This is
|
|
|
|
useful for routers that have a public and a private IP
|
|
|
|
address to prevent your KMS server from becoming public.</p>
|
|
|
|
|
|
|
|
<p style="margin-left:11%;"><b>vlmcsd -s -U /n -l
|
|
|
|
C:\logs\vlmcsd.log</b></p>
|
|
|
|
|
|
|
|
<p style="margin-left:22%;">Installs <b>vlmcsd</b> as a
|
|
|
|
Windows service with low privileges and logs everything to
|
|
|
|
C:\logs\vlmcsd.log when the service is started with
|
|
|
|
"net start vlmcsd".</p>
|
|
|
|
|
|
|
|
<h2>BUGS
|
|
|
|
<a name="BUGS"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">An ePID
|
|
|
|
specified in an ini file must not contain spaces.</p>
|
|
|
|
|
|
|
|
<h2>AUTHOR
|
|
|
|
<a name="AUTHOR"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Written by
|
|
|
|
crony12, Hotbird64 and vityan666. With contributions from
|
|
|
|
DougQaid.</p>
|
|
|
|
|
|
|
|
<h2>CREDITS
|
|
|
|
<a name="CREDITS"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Thanks to
|
|
|
|
abbodi1406, CODYQX4, deagles, eIcn, mikmik38, nosferati87,
|
|
|
|
qad, Ratiborus, ...</p>
|
|
|
|
|
|
|
|
<h2>SEE ALSO
|
|
|
|
<a name="SEE ALSO"></a>
|
|
|
|
</h2>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd.ini</b>(5),
|
|
|
|
<b>vlmcsd</b>(7), <b>vlmcs</b>(1), <b>vlmcsdmulti</b>(1)</p>
|
|
|
|
<hr>
|
|
|
|
</body>
|
|
|
|
</html>
|