vlmcsd-1108-2017-01-19-Hotbird64

pull/5/merge svn1108
Wind4 8 years ago
parent c5e1a0a591
commit 5a29226593

@ -116,6 +116,12 @@
# Command line: -R
;RenewalInterval = 7d
# Exit vlmcsd if warning of certain level has been reached
# Command line: -x
# 0 = Never
# 1 = Exit, if any listening socket could not be established or TAP error occurs
;ExitLevel = 0
# Run program as user vlmcsduser
# Command line: -u
;user = vlmcsduser

Binary file not shown.

@ -711,7 +711,7 @@ export PROGRAM_NAME=../binaries/Android/intel/bionic/vlmcsd-android23-x86
export MULTI_NAME=../binaries/Android/intel/static/vlmcsdmulti-android23-x86
export CC=/opt/toolchains/x86-android-9/bin/i686-linux-android-gcc
export CFLAGS="$SMALLCC"
export PLATFORMFLAGS="-flto=16 -fwhole-program -march=atom -m32"
export PLATFORMFLAGS="-flto=16 -fwhole-program -march=i386 -m32"
export THREADS=1
export LDFLAGS="$SMALLLD"
@ -745,7 +745,7 @@ export PROGRAM_NAME=../binaries/Android/intel/bionic/vlmcsd-android41-x86
export MULTI_NAME=../binaries/Android/intel/bionic/vlmcsdmulti-android41-x86
export CC=/opt/toolchains/x86-android-16/bin/i686-linux-android-gcc
export CFLAGS="$SMALLCC"
export PLATFORMFLAGS="-flto=16 -fwhole-program -march=atom -m32 -fPIE -pie"
export PLATFORMFLAGS="-flto=16 -fwhole-program -march=i386 -m32 -fPIE -pie"
export THREADS=1
export LDFLAGS="$SMALLLD"
@ -797,7 +797,7 @@ export PROGRAM_NAME=../binaries/Android/intel/bionic/vlmcsd-android50-x64
export MULTI_NAME=../binaries/Android/intel/bionic/vlmcsdmulti-android50-x64
export CC=/opt/toolchains/x86_64-android-21/bin/x86_64-linux-android-gcc
export CFLAGS="$SMALLCC"
export PLATFORMFLAGS="-flto=16 -fwhole-program -march=atom -m64 -fPIE -pie"
export PLATFORMFLAGS="-flto=16 -fwhole-program -m64 -fPIE -pie"
export THREADS=0
export LDFLAGS="$SMALLLD"
@ -819,7 +819,7 @@ export PROGRAM_NAME=../binaries/Android/intel/static/vlmcsd-android50-x64-static
export MULTI_NAME=../binaries/Android/intel/static/vlmcsdmulti-android50-x64-static
export CC=/opt/toolchains/x86_64-android-21/bin/x86_64-linux-android-gcc
export CFLAGS="$SMALLCC"
export PLATFORMFLAGS="-flto=16 -fwhole-program -march=nocona -m64"
export PLATFORMFLAGS="-flto=16 -fwhole-program -m64"
export THREADS=0
export LDFLAGS="$SMALLLD -static"

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Sun Dec 11 22:03:19 2016 -->
<!-- CreationDate: Thu Jan 19 21:29:26 2017 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

Binary file not shown.

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Sun Dec 11 22:03:20 2016 -->
<!-- CreationDate: Thu Jan 19 21:29:26 2017 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

Binary file not shown.

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Sun Dec 11 22:03:19 2016 -->
<!-- CreationDate: Thu Jan 19 21:29:26 2017 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

Binary file not shown.

@ -1,5 +1,5 @@
.mso www.tmac
.TH VLMCSD 8 "December 2016" "Hotbird64" "KMS Activation Manual"
.TH VLMCSD 8 "January 2017" "Hotbird64" "KMS Activation Manual"
.LO 8
.SH NAME
@ -92,6 +92,28 @@ You should be aware that only one program can use a VPN adapter at a time. If yo
Example: \fB-O "Ethernet 7"=192.168.123.1/24\fR (uses VPN adapter Ethernet 7 with IPv4 address 192.168.123.1 and have 192.168.123.2 to 192.168.123.254 as additional local (but apparently remote) IPv4 addresses.
.IP "\fB-x0\fR and \fB-x1\fR"
Controls under what circumstances vlmcsd will exit. Using the default of \fB-x0\fR vlmcsd stays active as long as it can perform some useful operations. If vlmcsd is run by any form of a watchdog, e.g. NT service manager (Windows), systemd (Linux) or launchd (Mac OS / iOS), it may be desirable to end vlmcsd and let the watchdog restart it. This is especially true if some pre-requisites are not yet met but will be some time later, e.g. network is not yet fully setup.
By using \fB-x0\fR vlmcsd will
.RS 12
exit if none of the listening sockets specified with \fB-L\fR can be used. It continues if at least one socket can be setup for listening.
exit any TAP mirror thread (Windows version only) if there is an error condition while reading or writing from or to the VPN adapter but continue to work without utilizing a VPN adapter.
.RE
.IP
By using \fB-x1\fR vlmcsd will
.RS 12
exit if not all listening sockets specified with \fB-L\fR can be used.
exit completely if there is a problem with a VPN adapter it is using. This can happen for instance if the VPN adapter has been disabled using "Control Panel - Network - Adapter Settings" while vlmcsd is using it.
.RE
.IP
Please note that \fB-x1\fR is kind of a workaround option. While it may help under some circumstances, it is better to solve the problem at its origin, e.g. properly implementing dependencies in your startup script to ensure all network interfaces and the VPN adapter you will use are completely setup before you start vlmcsd.
.IP "\fB-F0\fR and \fB-F1\fR"
Allow (\fB-F1\fR) or disallow (\fB-F0\fR) binding to IP addresses that are currently not configured on your system. The default is \fB-F0\fR. \fB-F1\fR allows you to bind to an IP address that may be configured after you started \fBvlmcsd\fR. \fBvlmcsd\fR will listen on that address as soon as it becomes available. This feature is only available under Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows this feature only for the root user (more correctly: processes that have the PRIV_NETINET_BINDANY privilege). Linux does not require a capability for this.

@ -224,49 +224,89 @@ OPTIONS
IPv4 addresses.
-x0 and -x1
Controls under what circumstances vlmcsd will exit. Using the
default of -x0 vlmcsd stays active as long as it can perform
some useful operations. If vlmcsd is run by any form of a watch
dog, e.g. NT service manager (Windows), systemd (Linux) or
launchd (Mac OS / iOS), it may be desirable to end vlmcsd and
let the watchdog restart it. This is especially true if some
pre-requisites are not yet met but will be some time later, e.g.
network is not yet fully setup.
By using -x0 vlmcsd will
exit if none of the listening sockets specified with -L can
be used. It continues if at least one socket can be setup
for listening.
exit any TAP mirror thread (Windows version only) if there
is an error condition while reading or writing from or to
the VPN adapter but continue to work without utilizing a
VPN adapter.
By using -x1 vlmcsd will
exit if not all listening sockets specified with -L can be
used.
exit completely if there is a problem with a VPN adapter it
is using. This can happen for instance if the VPN adapter
has been disabled using "Control Panel - Network - Adapter
Settings" while vlmcsd is using it.
Please note that -x1 is kind of a workaround option. While it
may help under some circumstances, it is better to solve the
problem at its origin, e.g. properly implementing dependencies
in your startup script to ensure all network interfaces and the
VPN adapter you will use are completely setup before you start
vlmcsd.
-F0 and -F1
Allow (-F1) or disallow (-F0) binding to IP addresses that are
Allow (-F1) or disallow (-F0) binding to IP addresses that are
currently not configured on your system. The default is -F0. -F1
allows you to bind to an IP address that may be configured after
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
require a capability for this.
-t seconds
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
connection for a while. The default is 30 seconds. You may spec
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
used -m to limit the concurrent clients that may request activa
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
sense.
-m concurrent-clients
Limit the number of clients that will be handled concurrently.
Limit the number of clients that will be handled concurrently.
This is useful for devices with limited ressources or if you are
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
current-clients to a small value ( <10 ), you should also select
a reasonable timeout of 2 or 3 seconds with -t. The default is
a reasonable timeout of 2 or 3 seconds with -t. The default is
no limit.
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
this way.
-k Do not disconnect clients after processing an activation
-k Do not disconnect clients after processing an activation
request. This selects the default behavior. -k is useful only if
you used an ini file (see vlmcsd.ini(5) and -i). If the ini file
contains the line "DisconnectClientsImmediately = true", you can
@ -274,135 +314,135 @@ OPTIONS
-N0 and -N1
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
NDR64 on 32-bit operating systems. Microsoft introduced NDR64 in
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
build numbers 6002 and 7601 if you disable NDR64. The default is
to enable NDR64.
-B0 and -B1
Disables (-B0) or enables (-B1) bind time feature negotiation
Disables (-B0) or enables (-B1) bind time feature negotiation
(BTFN) in the RPC protocol. All Windows operating systems start
ing with Vista support BTFN and try to negotiate it when initi
ing with Vista support BTFN and try to negotiate it when initi
ating an RPC connection. Thus consider turning it off as a debug
/ troubleshooting feature only. Some older firewalls that selec
tively block or redirect RPC traffic may get confused when they
tively block or redirect RPC traffic may get confused when they
detect NDR64 or BTFN.
-l filename
Use filename as a log file. The log file records all activations
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
do not specify a log file, no log is created. For a live view of
the log file type tail -f file.
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
version does support syslog logging.
-T0 and -T1
Disable (-T0) or enable (-T1) the inclusion of date and time in
each line of the log. The default is -T1. -T0 is useful if you
log to stdout(3) which is redirected to another logging mecha
nism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), -T1 is
ignored and date and time will never be included in the output
Disable (-T0) or enable (-T1) the inclusion of date and time in
each line of the log. The default is -T1. -T0 is useful if you
log to stdout(3) which is redirected to another logging mecha
nism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), -T1 is
ignored and date and time will never be included in the output
sent to syslog(3).
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
daemonize and runs in foreground. This is useful for testing and
allows you to simply press <Ctrl-C> to exit vlmcsd.
The native Windows version never daemonizes and always behaves
The native Windows version never daemonizes and always behaves
as if -D had been specified. You may want to install vlmcsd as a
service instead. See -s.
-e If specified, vlmcsd ignores -l and writes all logging output to
stdout(3). This is mainly useful for testing and debugging and
stdout(3). This is mainly useful for testing and debugging and
often combined with -D.
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-e or -f.
-q Do not use verbose logging. This is actually the default behav
-q Do not use verbose logging. This is actually the default behav
ior. It only makes sense if you use vlmcsd with an ini file (see
-i and vlmcsd.ini(5)). If the ini file contains the line
-i and vlmcsd.ini(5)). If the ini file contains the line
"LogVerbose = true" you can use -q to restore the default behav
ior.
-p filename
Create pid file filename. This has nothing to do with KMS ePIDs.
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
/etc/init.d). The default is not to write a pid file.
-u user and -g group
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
The native Windows version does not support these options.
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
ports (< 1024) when you start vlmcsd from the root account.
However if you use an ini, pid or log file, you must ensure that
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
(see -l).
-w ePID
Use ePID as Windows ePID. If specified, -r is disregarded for
Use ePID as Windows ePID. If specified, -r is disregarded for
Windows.
-0 ePID
Use ePID as Office 2010 ePID (including Project and Visio). If
Use ePID as Office 2010 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2010.
-3 ePID
Use ePID as Office 2013 ePID (including Project and Visio). If
Use ePID as Office 2013 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2013.
-6 ePID
Use ePID as Office 2016 ePID (including Project and Visio). If
Use ePID as Office 2016 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2016.
-H HwId
Use HwId for all products. All HWIDs in the ini file (see -i)
Use HwId for all products. All HWIDs in the ini file (see -i)
will not be used. In an ini file you can specify a seperate HWID
for each application-guid. This is not possible when entering a
for each application-guid. This is not possible when entering a
HWID from the command line.
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
following commands are identical:
vlmcsd -H 0123456789ABCDEF
@ -411,26 +451,26 @@ OPTIONS
-i filename
Use configuration file (aka ini file) filename. Most configura
Use configuration file (aka ini file) filename. Most configura
tion parameters can be set either via the command line or an ini
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
configuration file.
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
configuration file.
-j filename
Use KMS data file filename. By default vlmcsd only contains the
minimum product data that is required to perform all operations
correctly. You may use a more complete KMS data file that con
tains all detailed product names. This is especially useful if
Use KMS data file filename. By default vlmcsd only contains the
minimum product data that is required to perform all operations
correctly. You may use a more complete KMS data file that con
tains all detailed product names. This is especially useful if
you are logging KMS requests. If you don't log, there is no need
to load an external KMS data file.
If vlmcsd has been compiled to use a default KMS data file, you
If vlmcsd has been compiled to use a default KMS data file, you
may use -j- to ignore the default configuration file.
@ -440,112 +480,112 @@ OPTIONS
- you did not sprecify an ePID in the command line and
- you haven't used -i or
- the file specified by -i cannot be opened or
- the file specified by -i does not contain an ePID for the KMS
- the file specified by -i does not contain an ePID for the KMS
request
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
default ePID may not work any longer.
-r1 instructs vlmcsd to generate random ePIDs when the program
-r1 instructs vlmcsd to generate random ePIDs when the program
starts or receives a SIGHUP signal and uses these ePIDs until it
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
detectable. Microsoft could just modify sppsvc.exe in a way that
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
LCID (language id).
If vlmcsd has been started by an internet superserver, -r1 works
almost identically to -r2. The only exception occurs if you send
more than one activation request over the same TCP connection.
This is simply due to the fact that vlmcsd is started upon a
more than one activation request over the same TCP connection.
This is simply due to the fact that vlmcsd is started upon a
connection request and does not stay in memory after servicing a
KMS request. Consider using -r0 or -w, -0, -3 and -6 when start
ing vlmcsd by an internet superserver.
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. -r2
should be treated as debugging option only because it allows
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. -r2
should be treated as debugging option only because it allows
very easy emulator detection.
-C LCID
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
command line or an ini file.
By default vlmcsd generates a valid locale id that is recognized
by .NET Framework 4.0. This may lead to a locale id which is
by .NET Framework 4.0. This may lead to a locale id which is
unlikely to occur in your country, for instance 2155 for "Quecha
- Ecuador". You may want to select the locale id of your country
instead. See MSDN ⟨http://msdn.microsoft.com/en-us/goglobal/
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
of them are not recognized by .NET Framework 4.0.
Most other KMS emulators use a fixed LCID of 1033 (English -
Most other KMS emulators use a fixed LCID of 1033 (English -
US). To achive the same behavior in vlmcsd use -C 1033.
-K0, -K1, -K2 and -K3
Sets the whitelisting level to determine which products vlmcsd
Sets the whitelisting level to determine which products vlmcsd
activates or refuses. The default is -K0.
-K0: activate all products with an unknown, retail or
-K0: activate all products with an unknown, retail or
beta/preview KMS ID.
-K1: activate products with a retail or beta/preview KMS ID
but refuse to activate products with an unknown KMS ID.
-K2: activate products with an unknown KMS ID but refuse
-K2: activate products with an unknown KMS ID but refuse
products with a retail or beta/preview KMS ID.
-K3: activate only products with a known volume license RTM
KMS ID and refuse all others.
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select -K1 or -K3, vlmcsd also checks the Application ID for
correctness. If Microsoft introduces a new KMS ID for a new
product, you cannot activate it if you used -K1 or -K3 until a
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select -K1 or -K3, vlmcsd also checks the Application ID for
correctness. If Microsoft introduces a new KMS ID for a new
product, you cannot activate it if you used -K1 or -K3 until a
new version of vlmcsd is available.
-c0 and -c1
-c1 causes vlmcsd to check if the client time differs no more
-c1 causes vlmcsd to check if the client time differs no more
than four hours from the system time. -c0 (the default) disables
this check. -c1 is useful to prevent emulator detection. A
client that tries to detect an emulator could simply send two
subsequent request with two time stamps that differ more than
this check. -c1 is useful to prevent emulator detection. A
client that tries to detect an emulator could simply send two
subsequent request with two time stamps that differ more than
four hours from each other. If both requests succeed, the server
is an emulator. If you specify -c1 on a system with no reliable
time source, activations will fail. It is ok to set the correct
is an emulator. If you specify -c1 on a system with no reliable
time source, activations will fail. It is ok to set the correct
system time after you started vlmcsd.
-M0 and -M1
Disables (-M0) or enables (-M1) maintaining a list of client
machine IDs (CMIDs). The default is -M0. -M1 is useful to pre
vent emulator detection. By maintaing a CMID list, vlmcsd
Disables (-M0) or enables (-M1) maintaining a list of client
machine IDs (CMIDs). The default is -M0. -M1 is useful to pre
vent emulator detection. By maintaing a CMID list, vlmcsd
reports current active clients exactly like a genuine KMS emula
tor. This includes bug compatibility to the extent that you can
permanently kill a genuine KMS emulator by sending an "over
charge request" with a required client count of 376 or more and
then request activation for 671 clients. vlmcsd can be reset
from this condition by restarting it. If -M0 is used, vlmcsd
tor. This includes bug compatibility to the extent that you can
permanently kill a genuine KMS emulator by sending an "over
charge request" with a required client count of 376 or more and
then request activation for 671 clients. vlmcsd can be reset
from this condition by restarting it. If -M0 is used, vlmcsd
reports current active clients as good as possible. If no client
sends an "overcharge request", it is not possible to detect vlm
csd as an emulator with -M0. -M1 requires the allocation of a
buffer that is about 50 kB in size. On hardware with few memory
csd as an emulator with -M0. -M1 requires the allocation of a
buffer that is about 50 kB in size. On hardware with few memory
resources use it only if you really need it.
If you start vlmcsd from an internet superserver, -M1 cannot be
used. Since vlmcsd exits after each activation, it cannot main
If you start vlmcsd from an internet superserver, -M1 cannot be
used. Since vlmcsd exits after each activation, it cannot main
tain any state in memory.
@ -553,82 +593,82 @@ OPTIONS
These options are ignored if you do not also specify -M1. If you
use -E0 (the default), vlmcsd starts up as a fully "charged" KMS
server. Clients activate immediately. -E1 lets you start up vlm
csd with an empty CMID list. Activation will start when the
required minimum clients (25 for Windows Client OSses, 5 for
Windows Server OSses and Office) have registered with the KMS
server. As long as the minimum client count has not been
csd with an empty CMID list. Activation will start when the
required minimum clients (25 for Windows Client OSses, 5 for
Windows Server OSses and Office) have registered with the KMS
server. As long as the minimum client count has not been
reached, clients end up in HRESULT 0xC004F038 "The count
reported by your Key Management Service (KMS) is insufficient.
Please contact your system administrator". You may use vlmcs(1)
or another KMS client emulator to "charge" vlmcsd. -E1 does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
reported by your Key Management Service (KMS) is insufficient.
Please contact your system administrator". You may use vlmcs(1)
or another KMS client emulator to "charge" vlmcsd. -E1 does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
server.
-R renewal-interval
Instructs clients to renew activation every renewal-interval.
Instructs clients to renew activation every renewal-interval.
The renewal-interval is a number optionally immediately followed
by a letter indicating the unit. Valid unit letters are s (sec
by a letter indicating the unit. Valid unit letters are s (sec
onds), m (minutes), h (hours), d (days) and w (weeks). If you do
not specify a letter, minutes is assumed.
-R3d for instance instructs clients to renew activation every 3
-R3d for instance instructs clients to renew activation every 3
days. The default renewal-interval is 10080 (identical to 7d and
1w).
Due to poor implementation of Microsofts KMS Client it cannot be
guaranteed that activation is renewed on time as specfied by the
-R option. Don't care about that. Renewal will happen well
-R option. Don't care about that. Renewal will happen well
before your activation expires (usually 180 days).
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
ple of 60.
-A activation-interval
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
option.
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
csd".
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
PATH environment variable or the service will not start.
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
it will be restarted with the new command line.
When using -s the command line is checked for basic syntax
When using -s the command line is checked for basic syntax
errors only. For example "vlmcsd -s -L 1.2.3.4" reports no error
but the service will not start if 1.2.3.4 is not an IP address
but the service will not start if 1.2.3.4 is not an IP address
on your system.
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
you include -S in the command line.
-U [domain\]username
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
the domain, an account from the local computer will be used.
You may use "NT AUTHORITY\NetworkService". This is a pseudo user
with low privileges. You may also use "NT AUTHORITY\LocalSer
with low privileges. You may also use "NT AUTHORITY\LocalSer
vice" which has more privileges but these are of no use for run
ning vlmcsd.
@ -636,20 +676,20 @@ OPTIONS
sion for your executable. "NT AUTHORITY\NetworkService" normally
has no permission to run binaries from your home directory.
For your convenience you can use the special username "/l" as a
For your convenience you can use the special username "/l" as a
shortcut for "NT AUTHORITY\LocalService" and "/n" for "NT
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
vice to run as "NT AUTHORITY\NetworkService".
-W password
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
a password.
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
also have to grant the "Log on as a service" right to that user.
@ -658,53 +698,53 @@ SIGNALS
SIGTERM, SIGINT
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
logged.
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
csd.pid`".
The SIGHUP handler has been implemented relatively simple. It is
virtually the same as stopping vlmcsd and starting it again
virtually the same as stopping vlmcsd and starting it again
immediately with the following exceptions:
— The new process does not get a new process id.
— If you used a pid file, it is not deleted and recreated
— If you used a pid file, it is not deleted and recreated
because the process id stays the same.
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
lower privileged users and groups, there is no way back. Any
thing else would be a severe security flaw in the OS.
Signaling is not available in the native Windows version and in the
Signaling is not available in the native Windows version and in the
Cygwin version when it runs as Windows service.
SUPPORTED OPERATING SYSTEMS
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
porting efforts.
SUPPORTED PRODUCTS
vlmcsd can answer activation requests for the following products: Win
vlmcsd can answer activation requests for the following products: Win
dows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10 (up to 1607),
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Win
dows Server 2012 R2, Windows Server 2016, Office 2010, Project 2010,
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Win
dows Server 2012 R2, Windows Server 2016, Office 2010, Project 2010,
Visio 2010, Office 2013, Project 2013, Visio 2013, Office 2016, Project
2016, Visio 2016. Newer version may work as long as the KMS protocol
does not change. A complete list of fully supported products can be
2016, Visio 2016. Newer version may work as long as the KMS protocol
does not change. A complete list of fully supported products can be
obtained using the -x option of vlmcs(1).
Office, Project and Visio must be volume license versions.
@ -716,24 +756,24 @@ FILES
EXAMPLES
vlmcsd -De
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
activation.
vlmcsd -l /var/log/vlmcsd.log
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
csd.log.
vlmcsd -L 192.168.1.17
Starts vlmcsd as a daemon and listens on IP address 192.168.1.17
only. This is useful for routers that have a public and a pri
only. This is useful for routers that have a public and a pri
vate IP address to prevent your KMS server from becoming public.
vlmcsd -s -U /n -l C:\logs\vlmcsd.log
Installs vlmcsd as a Windows service with low privileges and
Installs vlmcsd as a Windows service with low privileges and
logs everything to C:\logs\vlmcsd.log when the service is
started with "net start vlmcsd".
@ -743,12 +783,12 @@ BUGS
AUTHOR
Written by crony12, Hotbird64 and vityan666. With contributions from
Written by crony12, Hotbird64 and vityan666. With contributions from
DougQaid.
CREDITS
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
borus, ...
@ -757,4 +797,4 @@ SEE ALSO
Hotbird64 December 2016 VLMCSD(8)
Hotbird64 January 2017 VLMCSD(8)

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Sun Dec 11 22:03:20 2016 -->
<!-- CreationDate: Thu Jan 19 21:29:26 2017 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
@ -337,6 +337,52 @@ adapter Ethernet 7 with IPv4 address 192.168.123.1 and have
192.168.123.2 to 192.168.123.254 as additional local (but
apparently remote) IPv4 addresses.</p>
<p style="margin-left:11%;"><b>-x0</b> and <b>-x1</b></p>
<p style="margin-left:22%;">Controls under what
circumstances vlmcsd will exit. Using the default of
<b>-x0</b> vlmcsd stays active as long as it can perform
some useful operations. If vlmcsd is run by any form of a
watchdog, e.g. NT service manager (Windows), systemd (Linux)
or launchd (Mac OS / iOS), it may be desirable to end vlmcsd
and let the watchdog restart it. This is especially true if
some pre-requisites are not yet met but will be some time
later, e.g. network is not yet fully setup.</p>
<p style="margin-left:22%; margin-top: 1em">By using
<b>-x0</b> vlmcsd will</p>
<p style="margin-left:29%; margin-top: 1em">exit if none of
the listening sockets specified with <b>-L</b> can be used.
It continues if at least one socket can be setup for
listening.</p>
<p style="margin-left:29%; margin-top: 1em">exit any TAP
mirror thread (Windows version only) if there is an error
condition while reading or writing from or to the VPN
adapter but continue to work without utilizing a VPN
adapter.</p>
<p style="margin-left:22%; margin-top: 1em">By using
<b>-x1</b> vlmcsd will</p>
<p style="margin-left:29%; margin-top: 1em">exit if not all
listening sockets specified with <b>-L</b> can be used.</p>
<p style="margin-left:29%; margin-top: 1em">exit completely
if there is a problem with a VPN adapter it is using. This
can happen for instance if the VPN adapter has been disabled
using &quot;Control Panel - Network - Adapter Settings&quot;
while vlmcsd is using it.</p>
<p style="margin-left:22%; margin-top: 1em">Please note
that <b>-x1</b> is kind of a workaround option. While it may
help under some circumstances, it is better to solve the
problem at its origin, e.g. properly implementing
dependencies in your startup script to ensure all network
interfaces and the VPN adapter you will use are completely
setup before you start vlmcsd.</p>
<p style="margin-left:11%;"><b>-F0</b> and <b>-F1</b></p>
<p style="margin-left:22%;">Allow (<b>-F1</b>) or disallow

Binary file not shown.

@ -224,49 +224,89 @@ OPTIONS
IPv4 addresses.
-x0 and -x1
Controls under what circumstances vlmcsd will exit. Using the
default of -x0 vlmcsd stays active as long as it can perform
some useful operations. If vlmcsd is run by any form of a watch
dog, e.g. NT service manager (Windows), systemd (Linux) or
launchd (Mac OS / iOS), it may be desirable to end vlmcsd and
let the watchdog restart it. This is especially true if some
pre-requisites are not yet met but will be some time later, e.g.
network is not yet fully setup.
By using -x0 vlmcsd will
exit if none of the listening sockets specified with -L can
be used. It continues if at least one socket can be setup
for listening.
exit any TAP mirror thread (Windows version only) if there
is an error condition while reading or writing from or to
the VPN adapter but continue to work without utilizing a
VPN adapter.
By using -x1 vlmcsd will
exit if not all listening sockets specified with -L can be
used.
exit completely if there is a problem with a VPN adapter it
is using. This can happen for instance if the VPN adapter
has been disabled using "Control Panel - Network - Adapter
Settings" while vlmcsd is using it.
Please note that -x1 is kind of a workaround option. While it
may help under some circumstances, it is better to solve the
problem at its origin, e.g. properly implementing dependencies
in your startup script to ensure all network interfaces and the
VPN adapter you will use are completely setup before you start
vlmcsd.
-F0 and -F1
Allow (-F1) or disallow (-F0) binding to IP addresses that are
Allow (-F1) or disallow (-F0) binding to IP addresses that are
currently not configured on your system. The default is -F0. -F1
allows you to bind to an IP address that may be configured after
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
require a capability for this.
-t seconds
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
connection for a while. The default is 30 seconds. You may spec
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
used -m to limit the concurrent clients that may request activa
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
sense.
-m concurrent-clients
Limit the number of clients that will be handled concurrently.
Limit the number of clients that will be handled concurrently.
This is useful for devices with limited ressources or if you are
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
current-clients to a small value ( <10 ), you should also select
a reasonable timeout of 2 or 3 seconds with -t. The default is
a reasonable timeout of 2 or 3 seconds with -t. The default is
no limit.
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
this way.
-k Do not disconnect clients after processing an activation
-k Do not disconnect clients after processing an activation
request. This selects the default behavior. -k is useful only if
you used an ini file (see vlmcsd.ini(5) and -i). If the ini file
contains the line "DisconnectClientsImmediately = true", you can
@ -274,135 +314,135 @@ OPTIONS
-N0 and -N1
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
NDR64 on 32-bit operating systems. Microsoft introduced NDR64 in
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
build numbers 6002 and 7601 if you disable NDR64. The default is
to enable NDR64.
-B0 and -B1
Disables (-B0) or enables (-B1) bind time feature negotiation
Disables (-B0) or enables (-B1) bind time feature negotiation
(BTFN) in the RPC protocol. All Windows operating systems start
ing with Vista support BTFN and try to negotiate it when initi
ing with Vista support BTFN and try to negotiate it when initi
ating an RPC connection. Thus consider turning it off as a debug
/ troubleshooting feature only. Some older firewalls that selec
tively block or redirect RPC traffic may get confused when they
tively block or redirect RPC traffic may get confused when they
detect NDR64 or BTFN.
-l filename
Use filename as a log file. The log file records all activations
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
do not specify a log file, no log is created. For a live view of
the log file type tail -f file.
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
version does support syslog logging.
-T0 and -T1
Disable (-T0) or enable (-T1) the inclusion of date and time in
each line of the log. The default is -T1. -T0 is useful if you
log to stdout(3) which is redirected to another logging mecha
nism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), -T1 is
ignored and date and time will never be included in the output
Disable (-T0) or enable (-T1) the inclusion of date and time in
each line of the log. The default is -T1. -T0 is useful if you
log to stdout(3) which is redirected to another logging mecha
nism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), -T1 is
ignored and date and time will never be included in the output
sent to syslog(3).
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
daemonize and runs in foreground. This is useful for testing and
allows you to simply press <Ctrl-C> to exit vlmcsd.
The native Windows version never daemonizes and always behaves
The native Windows version never daemonizes and always behaves
as if -D had been specified. You may want to install vlmcsd as a
service instead. See -s.
-e If specified, vlmcsd ignores -l and writes all logging output to
stdout(3). This is mainly useful for testing and debugging and
stdout(3). This is mainly useful for testing and debugging and
often combined with -D.
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-e or -f.
-q Do not use verbose logging. This is actually the default behav
-q Do not use verbose logging. This is actually the default behav
ior. It only makes sense if you use vlmcsd with an ini file (see
-i and vlmcsd.ini(5)). If the ini file contains the line
-i and vlmcsd.ini(5)). If the ini file contains the line
"LogVerbose = true" you can use -q to restore the default behav
ior.
-p filename
Create pid file filename. This has nothing to do with KMS ePIDs.
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
/etc/init.d). The default is not to write a pid file.
-u user and -g group
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
The native Windows version does not support these options.
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
ports (< 1024) when you start vlmcsd from the root account.
However if you use an ini, pid or log file, you must ensure that
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
(see -l).
-w ePID
Use ePID as Windows ePID. If specified, -r is disregarded for
Use ePID as Windows ePID. If specified, -r is disregarded for
Windows.
-0 ePID
Use ePID as Office 2010 ePID (including Project and Visio). If
Use ePID as Office 2010 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2010.
-3 ePID
Use ePID as Office 2013 ePID (including Project and Visio). If
Use ePID as Office 2013 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2013.
-6 ePID
Use ePID as Office 2016 ePID (including Project and Visio). If
Use ePID as Office 2016 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2016.
-H HwId
Use HwId for all products. All HWIDs in the ini file (see -i)
Use HwId for all products. All HWIDs in the ini file (see -i)
will not be used. In an ini file you can specify a seperate HWID
for each application-guid. This is not possible when entering a
for each application-guid. This is not possible when entering a
HWID from the command line.
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
following commands are identical:
vlmcsd -H 0123456789ABCDEF
@ -411,26 +451,26 @@ OPTIONS
-i filename
Use configuration file (aka ini file) filename. Most configura
Use configuration file (aka ini file) filename. Most configura
tion parameters can be set either via the command line or an ini
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
configuration file.
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
configuration file.
-j filename
Use KMS data file filename. By default vlmcsd only contains the
minimum product data that is required to perform all operations
correctly. You may use a more complete KMS data file that con
tains all detailed product names. This is especially useful if
Use KMS data file filename. By default vlmcsd only contains the
minimum product data that is required to perform all operations
correctly. You may use a more complete KMS data file that con
tains all detailed product names. This is especially useful if
you are logging KMS requests. If you don't log, there is no need
to load an external KMS data file.
If vlmcsd has been compiled to use a default KMS data file, you
If vlmcsd has been compiled to use a default KMS data file, you
may use -j- to ignore the default configuration file.
@ -440,112 +480,112 @@ OPTIONS
- you did not sprecify an ePID in the command line and
- you haven't used -i or
- the file specified by -i cannot be opened or
- the file specified by -i does not contain an ePID for the KMS
- the file specified by -i does not contain an ePID for the KMS
request
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
default ePID may not work any longer.
-r1 instructs vlmcsd to generate random ePIDs when the program
-r1 instructs vlmcsd to generate random ePIDs when the program
starts or receives a SIGHUP signal and uses these ePIDs until it
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
detectable. Microsoft could just modify sppsvc.exe in a way that
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
LCID (language id).
If vlmcsd has been started by an internet superserver, -r1 works
almost identically to -r2. The only exception occurs if you send
more than one activation request over the same TCP connection.
This is simply due to the fact that vlmcsd is started upon a
more than one activation request over the same TCP connection.
This is simply due to the fact that vlmcsd is started upon a
connection request and does not stay in memory after servicing a
KMS request. Consider using -r0 or -w, -0, -3 and -6 when start
ing vlmcsd by an internet superserver.
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. -r2
should be treated as debugging option only because it allows
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. -r2
should be treated as debugging option only because it allows
very easy emulator detection.
-C LCID
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
command line or an ini file.
By default vlmcsd generates a valid locale id that is recognized
by .NET Framework 4.0. This may lead to a locale id which is
by .NET Framework 4.0. This may lead to a locale id which is
unlikely to occur in your country, for instance 2155 for "Quecha
- Ecuador". You may want to select the locale id of your country
instead. See MSDN ⟨http://msdn.microsoft.com/en-us/goglobal/
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
of them are not recognized by .NET Framework 4.0.
Most other KMS emulators use a fixed LCID of 1033 (English -
Most other KMS emulators use a fixed LCID of 1033 (English -
US). To achive the same behavior in vlmcsd use -C 1033.
-K0, -K1, -K2 and -K3
Sets the whitelisting level to determine which products vlmcsd
Sets the whitelisting level to determine which products vlmcsd
activates or refuses. The default is -K0.
-K0: activate all products with an unknown, retail or
-K0: activate all products with an unknown, retail or
beta/preview KMS ID.
-K1: activate products with a retail or beta/preview KMS ID
but refuse to activate products with an unknown KMS ID.
-K2: activate products with an unknown KMS ID but refuse
-K2: activate products with an unknown KMS ID but refuse
products with a retail or beta/preview KMS ID.
-K3: activate only products with a known volume license RTM
KMS ID and refuse all others.
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select -K1 or -K3, vlmcsd also checks the Application ID for
correctness. If Microsoft introduces a new KMS ID for a new
product, you cannot activate it if you used -K1 or -K3 until a
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select -K1 or -K3, vlmcsd also checks the Application ID for
correctness. If Microsoft introduces a new KMS ID for a new
product, you cannot activate it if you used -K1 or -K3 until a
new version of vlmcsd is available.
-c0 and -c1
-c1 causes vlmcsd to check if the client time differs no more
-c1 causes vlmcsd to check if the client time differs no more
than four hours from the system time. -c0 (the default) disables
this check. -c1 is useful to prevent emulator detection. A
client that tries to detect an emulator could simply send two
subsequent request with two time stamps that differ more than
this check. -c1 is useful to prevent emulator detection. A
client that tries to detect an emulator could simply send two
subsequent request with two time stamps that differ more than
four hours from each other. If both requests succeed, the server
is an emulator. If you specify -c1 on a system with no reliable
time source, activations will fail. It is ok to set the correct
is an emulator. If you specify -c1 on a system with no reliable
time source, activations will fail. It is ok to set the correct
system time after you started vlmcsd.
-M0 and -M1
Disables (-M0) or enables (-M1) maintaining a list of client
machine IDs (CMIDs). The default is -M0. -M1 is useful to pre
vent emulator detection. By maintaing a CMID list, vlmcsd
Disables (-M0) or enables (-M1) maintaining a list of client
machine IDs (CMIDs). The default is -M0. -M1 is useful to pre
vent emulator detection. By maintaing a CMID list, vlmcsd
reports current active clients exactly like a genuine KMS emula
tor. This includes bug compatibility to the extent that you can
permanently kill a genuine KMS emulator by sending an "over
charge request" with a required client count of 376 or more and
then request activation for 671 clients. vlmcsd can be reset
from this condition by restarting it. If -M0 is used, vlmcsd
tor. This includes bug compatibility to the extent that you can
permanently kill a genuine KMS emulator by sending an "over
charge request" with a required client count of 376 or more and
then request activation for 671 clients. vlmcsd can be reset
from this condition by restarting it. If -M0 is used, vlmcsd
reports current active clients as good as possible. If no client
sends an "overcharge request", it is not possible to detect vlm
csd as an emulator with -M0. -M1 requires the allocation of a
buffer that is about 50 kB in size. On hardware with few memory
csd as an emulator with -M0. -M1 requires the allocation of a
buffer that is about 50 kB in size. On hardware with few memory
resources use it only if you really need it.
If you start vlmcsd from an internet superserver, -M1 cannot be
used. Since vlmcsd exits after each activation, it cannot main
If you start vlmcsd from an internet superserver, -M1 cannot be
used. Since vlmcsd exits after each activation, it cannot main
tain any state in memory.
@ -553,82 +593,82 @@ OPTIONS
These options are ignored if you do not also specify -M1. If you
use -E0 (the default), vlmcsd starts up as a fully "charged" KMS
server. Clients activate immediately. -E1 lets you start up vlm
csd with an empty CMID list. Activation will start when the
required minimum clients (25 for Windows Client OSses, 5 for
Windows Server OSses and Office) have registered with the KMS
server. As long as the minimum client count has not been
csd with an empty CMID list. Activation will start when the
required minimum clients (25 for Windows Client OSses, 5 for
Windows Server OSses and Office) have registered with the KMS
server. As long as the minimum client count has not been
reached, clients end up in HRESULT 0xC004F038 "The count
reported by your Key Management Service (KMS) is insufficient.
Please contact your system administrator". You may use vlmcs(1)
or another KMS client emulator to "charge" vlmcsd. -E1 does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
reported by your Key Management Service (KMS) is insufficient.
Please contact your system administrator". You may use vlmcs(1)
or another KMS client emulator to "charge" vlmcsd. -E1 does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
server.
-R renewal-interval
Instructs clients to renew activation every renewal-interval.
Instructs clients to renew activation every renewal-interval.
The renewal-interval is a number optionally immediately followed
by a letter indicating the unit. Valid unit letters are s (sec
by a letter indicating the unit. Valid unit letters are s (sec
onds), m (minutes), h (hours), d (days) and w (weeks). If you do
not specify a letter, minutes is assumed.
-R3d for instance instructs clients to renew activation every 3
-R3d for instance instructs clients to renew activation every 3
days. The default renewal-interval is 10080 (identical to 7d and
1w).
Due to poor implementation of Microsofts KMS Client it cannot be
guaranteed that activation is renewed on time as specfied by the
-R option. Don't care about that. Renewal will happen well
-R option. Don't care about that. Renewal will happen well
before your activation expires (usually 180 days).
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
ple of 60.
-A activation-interval
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
option.
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
csd".
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
PATH environment variable or the service will not start.
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
it will be restarted with the new command line.
When using -s the command line is checked for basic syntax
When using -s the command line is checked for basic syntax
errors only. For example "vlmcsd -s -L 1.2.3.4" reports no error
but the service will not start if 1.2.3.4 is not an IP address
but the service will not start if 1.2.3.4 is not an IP address
on your system.
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
you include -S in the command line.
-U [domain\]username
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
the domain, an account from the local computer will be used.
You may use "NT AUTHORITY\NetworkService". This is a pseudo user
with low privileges. You may also use "NT AUTHORITY\LocalSer
with low privileges. You may also use "NT AUTHORITY\LocalSer
vice" which has more privileges but these are of no use for run
ning vlmcsd.
@ -636,20 +676,20 @@ OPTIONS
sion for your executable. "NT AUTHORITY\NetworkService" normally
has no permission to run binaries from your home directory.
For your convenience you can use the special username "/l" as a
For your convenience you can use the special username "/l" as a
shortcut for "NT AUTHORITY\LocalService" and "/n" for "NT
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
vice to run as "NT AUTHORITY\NetworkService".
-W password
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
a password.
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
also have to grant the "Log on as a service" right to that user.
@ -658,53 +698,53 @@ SIGNALS
SIGTERM, SIGINT
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
logged.
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
csd.pid`".
The SIGHUP handler has been implemented relatively simple. It is
virtually the same as stopping vlmcsd and starting it again
virtually the same as stopping vlmcsd and starting it again
immediately with the following exceptions:
— The new process does not get a new process id.
— If you used a pid file, it is not deleted and recreated
— If you used a pid file, it is not deleted and recreated
because the process id stays the same.
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
lower privileged users and groups, there is no way back. Any
thing else would be a severe security flaw in the OS.
Signaling is not available in the native Windows version and in the
Signaling is not available in the native Windows version and in the
Cygwin version when it runs as Windows service.
SUPPORTED OPERATING SYSTEMS
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
porting efforts.
SUPPORTED PRODUCTS
vlmcsd can answer activation requests for the following products: Win
vlmcsd can answer activation requests for the following products: Win
dows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10 (up to 1607),
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Win
dows Server 2012 R2, Windows Server 2016, Office 2010, Project 2010,
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Win
dows Server 2012 R2, Windows Server 2016, Office 2010, Project 2010,
Visio 2010, Office 2013, Project 2013, Visio 2013, Office 2016, Project
2016, Visio 2016. Newer version may work as long as the KMS protocol
does not change. A complete list of fully supported products can be
2016, Visio 2016. Newer version may work as long as the KMS protocol
does not change. A complete list of fully supported products can be
obtained using the -x option of vlmcs(1).
Office, Project and Visio must be volume license versions.
@ -716,24 +756,24 @@ FILES
EXAMPLES
vlmcsd -De
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
activation.
vlmcsd -l /var/log/vlmcsd.log
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
csd.log.
vlmcsd -L 192.168.1.17
Starts vlmcsd as a daemon and listens on IP address 192.168.1.17
only. This is useful for routers that have a public and a pri
only. This is useful for routers that have a public and a pri
vate IP address to prevent your KMS server from becoming public.
vlmcsd -s -U /n -l C:\logs\vlmcsd.log
Installs vlmcsd as a Windows service with low privileges and
Installs vlmcsd as a Windows service with low privileges and
logs everything to C:\logs\vlmcsd.log when the service is
started with "net start vlmcsd".
@ -743,12 +783,12 @@ BUGS
AUTHOR
Written by crony12, Hotbird64 and vityan666. With contributions from
Written by crony12, Hotbird64 and vityan666. With contributions from
DougQaid.
CREDITS
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
borus, ...
@ -757,4 +797,4 @@ SEE ALSO
Hotbird64 December 2016 VLMCSD(8)
Hotbird64 January 2017 VLMCSD(8)

@ -1,4 +1,4 @@
.TH VLMCSD.INI 5 "December 2016" "Hotbird64" "KMS Activation Manual"
.TH VLMCSD.INI 5 "January 2017" "Hotbird64" "KMS Activation Manual"
.LO 8
.SH NAME
@ -79,6 +79,28 @@ It is advised not to manually configure your OpenVPN TAP or TeamViewer VPN adapt
You should be aware that only one program can use a VPN adapter at a time. If you use the TeamViewer VPN adapter for example, you will not be able to use the VPN feature of TeamViewer as long as vlmcsd is running. The same applies to OpenVPN TAP adapters that are in use by other programs (for example OpenVPN, QEMU, Ratiborus VM, aiccu, etc.). The best way to avoid conflicts is to install Tap-Windows from OpenVPN, cd to C:\\Program Files\\TAP-Windows\\bin and run addtap.bat to install an additional TAP adapter. Go to "Network Connections" and rename the new adapter to "vlmcsd" and specify \fBVPN=vlmcsd\fR to use it.
.IP "\fBExitLevel"
Can be either 0 (the default) or 1. Controls under what circumstances vlmcsd will exit. Using the default of \fB0\fR vlmcsd stays active as long as it can perform some useful operations. If vlmcsd is run by any form of a watchdog, e.g. NT service manager (Windows), systemd (Linux) or launchd (Mac OS / iOS), it may be desirable to end vlmcsd and let the watchdog restart it. This is especially true if some pre-requisites are not yet met but will be some time later, e.g. network is not yet fully setup.
By using \fBExitLevel = 0\fR vlmcsd will
.RS 12
exit if none of the listening sockets specified with \fB-L\fR can be used. It continues if at least one socket can be setup for listening.
exit any TAP mirror thread (Windows version only) if there is an error condition while reading or writing from or to the VPN adapter but continue to work without utilizing a VPN adapter.
.RE
.IP
By using \fBExitLevel = 1\fR vlmcsd will
.RS 12
exit if not all listening sockets specified with \fB-L\fR can be used.
exit completely if there is a problem with a VPN adapter it is using. This may happen for instance if the VPN adapter has been disabled using "Control Panel - Network - Adapter Settings" while vlmcsd is using it.
.RE
.IP
Please note that \fBExitLevel = 1\fR is kind of a workaround option. While it may help under some circumstances, it is better to solve the problem at its origin, e.g. properly implementing dependencies in your startup script to ensure all network interfaces and the VPN adapter you will use are completely setup before you start vlmcsd.
.IP "\fBUseNDR64\fR"
Can be TRUE or FALSE. Specifies whether you want to use the NDR64 transfer syntax. See options \fB-n0\fR and \fB-n1\fR in \fBvlmcsd\fR(8). The default is TRUE.

@ -171,261 +171,301 @@ KEYWORDS
new adapter to "vlmcsd" and specify VPN=vlmcsd to use it.
ExitLevel
Can be either 0 (the default) or 1. Controls under what circum
stances vlmcsd will exit. Using the default of 0 vlmcsd stays
active as long as it can perform some useful operations. If vlm
csd is run by any form of a watchdog, e.g. NT service manager
(Windows), systemd (Linux) or launchd (Mac OS / iOS), it may be
desirable to end vlmcsd and let the watchdog restart it. This is
especially true if some pre-requisites are not yet met but will
be some time later, e.g. network is not yet fully setup.
By using ExitLevel = 0 vlmcsd will
exit if none of the listening sockets specified with -L can
be used. It continues if at least one socket can be setup
for listening.
exit any TAP mirror thread (Windows version only) if there
is an error condition while reading or writing from or to
the VPN adapter but continue to work without utilizing a
VPN adapter.
By using ExitLevel = 1 vlmcsd will
exit if not all listening sockets specified with -L can be
used.
exit completely if there is a problem with a VPN adapter it
is using. This may happen for instance if the VPN adapter
has been disabled using "Control Panel - Network - Adapter
Settings" while vlmcsd is using it.
Please note that ExitLevel = 1 is kind of a workaround option.
While it may help under some circumstances, it is better to
solve the problem at its origin, e.g. properly implementing
dependencies in your startup script to ensure all network inter
faces and the VPN adapter you will use are completely setup
before you start vlmcsd.
UseNDR64
Can be TRUE or FALSE. Specifies whether you want to use the
Can be TRUE or FALSE. Specifies whether you want to use the
NDR64 transfer syntax. See options -n0 and -n1 in vlmcsd(8). The
default is TRUE.
UseBTFN
Can be TRUE or FALSE. Specifies whether you want to use bind
Can be TRUE or FALSE. Specifies whether you want to use bind
time feature negotiation in RPC. See options -b0 and -b1 in vlm
csd(8). The default is TRUE.
RandomizationLevel
The argument must 0, 1 or 2. This specifies the ePID randomiza
tion level. See options -r0, -r1 and -r2 in vlmcsd(8). The
default randomization level is 1. A RandomizationLevel of 2 is
The argument must 0, 1 or 2. This specifies the ePID randomiza
tion level. See options -r0, -r1 and -r2 in vlmcsd(8). The
default randomization level is 1. A RandomizationLevel of 2 is
not recommended and should be treated as a debugging level.
LCID Use a specific culture id (LCID) even if the ePID is randomized.
The argument must be a number between 1 and 32767. While any
The argument must be a number between 1 and 32767. While any
number in that range is valid, you should use an offcial LCID. A
list of assigned LCIDs can be found at http://msdn.micro
soft.com/en-us/goglobal/bb964664.aspx. On the command line you
list of assigned LCIDs can be found at http://msdn.micro
soft.com/en-us/goglobal/bb964664.aspx. On the command line you
control this setting with option -C.
MaxWorkers
The argument specifies the maximum number of worker processes or
threads that will be used to serve activation requests concur
rently. This is the same as specifying -m on the command line.
Minimum is 1. The maximum is platform specific and is at least
32767 but is likely to be greater on most systems. The default
threads that will be used to serve activation requests concur
rently. This is the same as specifying -m on the command line.
Minimum is 1. The maximum is platform specific and is at least
32767 but is likely to be greater on most systems. The default
is no limit.
ConnectionTimeout
Used to control when the vlmcsd disconnects idle TPC connec
Used to control when the vlmcsd disconnects idle TPC connec
tions. The default is 30 seconds. This is the same setting as -t
on the command line.
DisconnectClientsImmediately
Set this to TRUE to disconnect a client after it got an activa
tion response regardless whether a timeout has occured or not.
The default is FALSE. Setting this to TRUE is non-standard
behavior. Use only if you are experiencing DoS or DDoS attacks.
On the command line you control this behavior with options -d
Set this to TRUE to disconnect a client after it got an activa
tion response regardless whether a timeout has occured or not.
The default is FALSE. Setting this to TRUE is non-standard
behavior. Use only if you are experiencing DoS or DDoS attacks.
On the command line you control this behavior with options -d
and -k.
PidFile
Write a pid file. The argument is the full pathname of a pid
file. The pid file contains is single line containing the
process id of the vlmcsd process. It can be used to stop
(SIGTERM) or restart (SIGHUP) vlmcsd. This directive can be
Write a pid file. The argument is the full pathname of a pid
file. The pid file contains is single line containing the
process id of the vlmcsd process. It can be used to stop
(SIGTERM) or restart (SIGHUP) vlmcsd. This directive can be
overriden using -p on the command line.
LogFile
Write a log file. The argument is the full pathname of a log
file. On a unixoid OS and with Cygwin you can use the special
filename 'syslog' to log to the syslog facility. This is the
Write a log file. The argument is the full pathname of a log
file. On a unixoid OS and with Cygwin you can use the special
filename 'syslog' to log to the syslog facility. This is the
same as specifying -l on the command line.
KmsData
Use a KMS data file. The argument is the full pathname of a KMS
data file. By default vlmcsd only contains the minimum product
data that is required to perform all operations correctly. You
Use a KMS data file. The argument is the full pathname of a KMS
data file. By default vlmcsd only contains the minimum product
data that is required to perform all operations correctly. You
may use a more complete KMS data file that contains all detailed
product names. This is especially useful if you are logging KMS
product names. This is especially useful if you are logging KMS
requests. If you don't log, there is no need to load an external
KMS data file.
You may use KmsData = - to prevent the default KMS data file to
You may use KmsData = - to prevent the default KMS data file to
be loaded.
LogDateAndTime
Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
mechanism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), LogDate
AndTime is ignored and date and time will never be included in
instance systemd-journald(8). If you log to syslog(3), LogDate
AndTime is ignored and date and time will never be included in
the output sent to syslog(3). Using the command line you control
this setting with options -T0 and -T1.
LogVerbose
Set this to either TRUE or FALSE. The default is FALSE. If set
Set this to either TRUE or FALSE. The default is FALSE. If set
to TRUE, more details of each activation will be logged. You use
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
logging to stdout(3).
WhitelistingLevel
Can be 0, 1, 2 or 3. The default is 0. Sets the whitelisting
Can be 0, 1, 2 or 3. The default is 0. Sets the whitelisting
level to determine which products vlmcsd activates or refuses.
0: activate all products with an unknown, retail or
beta/preview KMS ID.
1: activate products with a retail or beta/preview KMS ID
1: activate products with a retail or beta/preview KMS ID
but refuse to activate products with an unknown KMS ID.
2: activate products with an unknown KMS ID but refuse
2: activate products with an unknown KMS ID but refuse
products with a retail or beta/preview KMS ID.
3: activate only products with a known volume license RTM
3: activate only products with a known volume license RTM
KMS ID and refuse all others.
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select 1 or 3, vlmcsd also checks the Application ID for cor
rectness. If Microsoft introduces a new KMS ID for a new prod
uct, you cannot activate it if you used 1 or 3 until a new ver
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select 1 or 3, vlmcsd also checks the Application ID for cor
rectness. If Microsoft introduces a new KMS ID for a new prod
uct, you cannot activate it if you used 1 or 3 until a new ver
sion of vlmcsd is available.
CheckClientTime
Can be TRUE or FALSE. The default is FALSE. If you set this to
TRUE vlmcsd(8) checks if the client time differs no more than
four hours from the system time. This is useful to prevent emu
Can be TRUE or FALSE. The default is FALSE. If you set this to
TRUE vlmcsd(8) checks if the client time differs no more than
four hours from the system time. This is useful to prevent emu
lator detection. A client that tries to detect an emulator could
simply send two subsequent request with two time stamps that
differ more than four hours from each other. If both requests
simply send two subsequent request with two time stamps that
differ more than four hours from each other. If both requests
succeed, the server is an emulator. If you set this to TRUE on a
system with no reliable time source, activations will fail. It
is ok to set the correct system time after you started vlm
system with no reliable time source, activations will fail. It
is ok to set the correct system time after you started vlm
csd(8).
MaintainClients
Can be TRUE or FALSE (the default). Disables (FALSE) or enables
Can be TRUE or FALSE (the default). Disables (FALSE) or enables
(TRUE) maintaining a list of client machine IDs (CMIDs). TRUE is
useful to prevent emulator detection. By maintaing a CMID list,
vlmcsd(8) reports current active clients exactly like a genuine
useful to prevent emulator detection. By maintaing a CMID list,
vlmcsd(8) reports current active clients exactly like a genuine
KMS emulator. This includes bug compatibility to the extent that
you can permanently kill a genuine KMS emulator by sending an
you can permanently kill a genuine KMS emulator by sending an
"overcharge request" with a required client count of 376 or more
and then request activation for 671 clients. vlmcsd(8) can be
reset from this condition by restarting it. If FALSE is used,
and then request activation for 671 clients. vlmcsd(8) can be
reset from this condition by restarting it. If FALSE is used,
vlmcsd(8) reports current active clients as good as possible. If
no client sends an "overcharge request", it is not possible to
detect vlmcsd(8) as an emulator with MaintainClients = FALSE.
Maintaining clients requires the allocation of a buffer that is
about 50 kB in size. On hardware with few memory resources use
no client sends an "overcharge request", it is not possible to
detect vlmcsd(8) as an emulator with MaintainClients = FALSE.
Maintaining clients requires the allocation of a buffer that is
about 50 kB in size. On hardware with few memory resources use
it only if you really need it.
If you start vlmcsd(8) from an internet superserver, this set
ting cannot be used. Since vlmcsd(8) exits after each activa
If you start vlmcsd(8) from an internet superserver, this set
ting cannot be used. Since vlmcsd(8) exits after each activa
tion, it cannot maintain any state in memory.
StartEmpty
This setting is ignored if you do not also specify Maintain
Clients = TRUE. If you specify FALSE (the default), vlmcsd(8)
starts up as a fully "charged" KMS server. Clients activate
immediately. StartEmpty = TRUE lets you start up vlmcsd(8) with
This setting is ignored if you do not also specify Maintain
Clients = TRUE. If you specify FALSE (the default), vlmcsd(8)
starts up as a fully "charged" KMS server. Clients activate
immediately. StartEmpty = TRUE lets you start up vlmcsd(8) with
an empty CMID list. Activation will start when the required min
imum clients (25 for Windows Client OSses, 5 for Windows Server
OSses and Office) have registered with the KMS server. As long
imum clients (25 for Windows Client OSses, 5 for Windows Server
OSses and Office) have registered with the KMS server. As long
as the minimum client count has not been reached, clients end up
in HRESULT 0xC004F038 "The count reported by your Key Management
Service (KMS) is insufficient. Please contact your system admin
istrator". You may use vlmcs(1) or another KMS client emulator
to "charge" vlmcsd(8). Setting this parameter to TRUE does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
istrator". You may use vlmcs(1) or another KMS client emulator
to "charge" vlmcsd(8). Setting this parameter to TRUE does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
server.
ActivationInterval
This is the same as specifying -A on the command line. See vlm
This is the same as specifying -A on the command line. See vlm
csd(8) for details. The default is 2 hours. Example: Activation
Interval = 1h
RenewalInterval
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: RenewalIn
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: RenewalIn
terval = 3d. Please note that the KMS client decides itself when
to renew activation. Even though vlmcsd sends the renewal inter
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
from a KMS server or emulator. Newer clients do not.
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
only user who has these privileges in the default configuration.
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
the fly by sending SIGHUP to vlmcsd.
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
is the only user who has these privileges in the default config
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
changed on the fly by sending SIGHUP to vlmcsd.
Windows
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Windows activations. If specified, RandomizationLevel
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Windows activations. If specified, RandomizationLevel
for Windows activitations will be ignored.
Office2010
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2010 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2010 activations. If specified, Randomization
Level for Office 2010 activitations will be ignored.
Office2013
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2013 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2013 activations. If specified, Randomization
Level for Office 2013 activitations will be ignored.
Office2016
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2016 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2016 activations. If specified, Randomization
Level for Office 2016 activitations will be ignored.
VALID EPIDS
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "Ratiborus Virtual Machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "Ratiborus Virtual Machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
the wild.
Even if you can use "Activated by cool hacker guys" as an ePID, you may
wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
ePIDs.
If you use non-ASCII characters in your ePID (you shouldn't do anyway),
these must be in UTF-8 format. This is especially important when you
these must be in UTF-8 format. This is especially important when you
run vlmcsd on Windows or cygwin because UTF-8 is not the default encod
ing for most editors.
If you are specifying an optional HWID it follows the same syntax as in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
quotes even if it contains spaces.
@ -439,7 +479,7 @@ AUTHOR
CREDITS
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
borus, ...
@ -448,4 +488,4 @@ SEE ALSO
Hotbird64 December 2016 VLMCSD.INI(5)
Hotbird64 January 2017 VLMCSD.INI(5)

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Sun Dec 11 22:03:20 2016 -->
<!-- CreationDate: Thu Jan 19 21:29:26 2017 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
@ -296,6 +296,53 @@ Connections&quot; and rename the new adapter to
&quot;vlmcsd&quot; and specify <b>VPN=vlmcsd</b> to use
it.</p>
<p style="margin-left:11%;"><b>ExitLevel</b></p>
<p style="margin-left:22%;">Can be either 0 (the default)
or 1. Controls under what circumstances vlmcsd will exit.
Using the default of <b>0</b> vlmcsd stays active as long as
it can perform some useful operations. If vlmcsd is run by
any form of a watchdog, e.g. NT service manager (Windows),
systemd (Linux) or launchd (Mac OS / iOS), it may be
desirable to end vlmcsd and let the watchdog restart it.
This is especially true if some pre-requisites are not yet
met but will be some time later, e.g. network is not yet
fully setup.</p>
<p style="margin-left:22%; margin-top: 1em">By using
<b>ExitLevel = 0</b> vlmcsd will</p>
<p style="margin-left:29%; margin-top: 1em">exit if none of
the listening sockets specified with <b>-L</b> can be used.
It continues if at least one socket can be setup for
listening.</p>
<p style="margin-left:29%; margin-top: 1em">exit any TAP
mirror thread (Windows version only) if there is an error
condition while reading or writing from or to the VPN
adapter but continue to work without utilizing a VPN
adapter.</p>
<p style="margin-left:22%; margin-top: 1em">By using
<b>ExitLevel = 1</b> vlmcsd will</p>
<p style="margin-left:29%; margin-top: 1em">exit if not all
listening sockets specified with <b>-L</b> can be used.</p>
<p style="margin-left:29%; margin-top: 1em">exit completely
if there is a problem with a VPN adapter it is using. This
may happen for instance if the VPN adapter has been disabled
using &quot;Control Panel - Network - Adapter Settings&quot;
while vlmcsd is using it.</p>
<p style="margin-left:22%; margin-top: 1em">Please note
that <b>ExitLevel = 1</b> is kind of a workaround option.
While it may help under some circumstances, it is better to
solve the problem at its origin, e.g. properly implementing
dependencies in your startup script to ensure all network
interfaces and the VPN adapter you will use are completely
setup before you start vlmcsd.</p>
<p style="margin-left:11%;"><b>UseNDR64</b></p>
<p style="margin-left:22%;">Can be TRUE or FALSE. Specifies

Binary file not shown.

@ -171,261 +171,301 @@ KEYWORDS
new adapter to "vlmcsd" and specify VPN=vlmcsd to use it.
ExitLevel
Can be either 0 (the default) or 1. Controls under what circum
stances vlmcsd will exit. Using the default of 0 vlmcsd stays
active as long as it can perform some useful operations. If vlm
csd is run by any form of a watchdog, e.g. NT service manager
(Windows), systemd (Linux) or launchd (Mac OS / iOS), it may be
desirable to end vlmcsd and let the watchdog restart it. This is
especially true if some pre-requisites are not yet met but will
be some time later, e.g. network is not yet fully setup.
By using ExitLevel = 0 vlmcsd will
exit if none of the listening sockets specified with -L can
be used. It continues if at least one socket can be setup
for listening.
exit any TAP mirror thread (Windows version only) if there
is an error condition while reading or writing from or to
the VPN adapter but continue to work without utilizing a
VPN adapter.
By using ExitLevel = 1 vlmcsd will
exit if not all listening sockets specified with -L can be
used.
exit completely if there is a problem with a VPN adapter it
is using. This may happen for instance if the VPN adapter
has been disabled using "Control Panel - Network - Adapter
Settings" while vlmcsd is using it.
Please note that ExitLevel = 1 is kind of a workaround option.
While it may help under some circumstances, it is better to
solve the problem at its origin, e.g. properly implementing
dependencies in your startup script to ensure all network inter
faces and the VPN adapter you will use are completely setup
before you start vlmcsd.
UseNDR64
Can be TRUE or FALSE. Specifies whether you want to use the
Can be TRUE or FALSE. Specifies whether you want to use the
NDR64 transfer syntax. See options -n0 and -n1 in vlmcsd(8). The
default is TRUE.
UseBTFN
Can be TRUE or FALSE. Specifies whether you want to use bind
Can be TRUE or FALSE. Specifies whether you want to use bind
time feature negotiation in RPC. See options -b0 and -b1 in vlm
csd(8). The default is TRUE.
RandomizationLevel
The argument must 0, 1 or 2. This specifies the ePID randomiza
tion level. See options -r0, -r1 and -r2 in vlmcsd(8). The
default randomization level is 1. A RandomizationLevel of 2 is
The argument must 0, 1 or 2. This specifies the ePID randomiza
tion level. See options -r0, -r1 and -r2 in vlmcsd(8). The
default randomization level is 1. A RandomizationLevel of 2 is
not recommended and should be treated as a debugging level.
LCID Use a specific culture id (LCID) even if the ePID is randomized.
The argument must be a number between 1 and 32767. While any
The argument must be a number between 1 and 32767. While any
number in that range is valid, you should use an offcial LCID. A
list of assigned LCIDs can be found at http://msdn.micro
soft.com/en-us/goglobal/bb964664.aspx. On the command line you
list of assigned LCIDs can be found at http://msdn.micro
soft.com/en-us/goglobal/bb964664.aspx. On the command line you
control this setting with option -C.
MaxWorkers
The argument specifies the maximum number of worker processes or
threads that will be used to serve activation requests concur
rently. This is the same as specifying -m on the command line.
Minimum is 1. The maximum is platform specific and is at least
32767 but is likely to be greater on most systems. The default
threads that will be used to serve activation requests concur
rently. This is the same as specifying -m on the command line.
Minimum is 1. The maximum is platform specific and is at least
32767 but is likely to be greater on most systems. The default
is no limit.
ConnectionTimeout
Used to control when the vlmcsd disconnects idle TPC connec
Used to control when the vlmcsd disconnects idle TPC connec
tions. The default is 30 seconds. This is the same setting as -t
on the command line.
DisconnectClientsImmediately
Set this to TRUE to disconnect a client after it got an activa
tion response regardless whether a timeout has occured or not.
The default is FALSE. Setting this to TRUE is non-standard
behavior. Use only if you are experiencing DoS or DDoS attacks.
On the command line you control this behavior with options -d
Set this to TRUE to disconnect a client after it got an activa
tion response regardless whether a timeout has occured or not.
The default is FALSE. Setting this to TRUE is non-standard
behavior. Use only if you are experiencing DoS or DDoS attacks.
On the command line you control this behavior with options -d
and -k.
PidFile
Write a pid file. The argument is the full pathname of a pid
file. The pid file contains is single line containing the
process id of the vlmcsd process. It can be used to stop
(SIGTERM) or restart (SIGHUP) vlmcsd. This directive can be
Write a pid file. The argument is the full pathname of a pid
file. The pid file contains is single line containing the
process id of the vlmcsd process. It can be used to stop
(SIGTERM) or restart (SIGHUP) vlmcsd. This directive can be
overriden using -p on the command line.
LogFile
Write a log file. The argument is the full pathname of a log
file. On a unixoid OS and with Cygwin you can use the special
filename 'syslog' to log to the syslog facility. This is the
Write a log file. The argument is the full pathname of a log
file. On a unixoid OS and with Cygwin you can use the special
filename 'syslog' to log to the syslog facility. This is the
same as specifying -l on the command line.
KmsData
Use a KMS data file. The argument is the full pathname of a KMS
data file. By default vlmcsd only contains the minimum product
data that is required to perform all operations correctly. You
Use a KMS data file. The argument is the full pathname of a KMS
data file. By default vlmcsd only contains the minimum product
data that is required to perform all operations correctly. You
may use a more complete KMS data file that contains all detailed
product names. This is especially useful if you are logging KMS
product names. This is especially useful if you are logging KMS
requests. If you don't log, there is no need to load an external
KMS data file.
You may use KmsData = - to prevent the default KMS data file to
You may use KmsData = - to prevent the default KMS data file to
be loaded.
LogDateAndTime
Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
mechanism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), LogDate
AndTime is ignored and date and time will never be included in
instance systemd-journald(8). If you log to syslog(3), LogDate
AndTime is ignored and date and time will never be included in
the output sent to syslog(3). Using the command line you control
this setting with options -T0 and -T1.
LogVerbose
Set this to either TRUE or FALSE. The default is FALSE. If set
Set this to either TRUE or FALSE. The default is FALSE. If set
to TRUE, more details of each activation will be logged. You use
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
logging to stdout(3).
WhitelistingLevel
Can be 0, 1, 2 or 3. The default is 0. Sets the whitelisting
Can be 0, 1, 2 or 3. The default is 0. Sets the whitelisting
level to determine which products vlmcsd activates or refuses.
0: activate all products with an unknown, retail or
beta/preview KMS ID.
1: activate products with a retail or beta/preview KMS ID
1: activate products with a retail or beta/preview KMS ID
but refuse to activate products with an unknown KMS ID.
2: activate products with an unknown KMS ID but refuse
2: activate products with an unknown KMS ID but refuse
products with a retail or beta/preview KMS ID.
3: activate only products with a known volume license RTM
3: activate only products with a known volume license RTM
KMS ID and refuse all others.
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select 1 or 3, vlmcsd also checks the Application ID for cor
rectness. If Microsoft introduces a new KMS ID for a new prod
uct, you cannot activate it if you used 1 or 3 until a new ver
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select 1 or 3, vlmcsd also checks the Application ID for cor
rectness. If Microsoft introduces a new KMS ID for a new prod
uct, you cannot activate it if you used 1 or 3 until a new ver
sion of vlmcsd is available.
CheckClientTime
Can be TRUE or FALSE. The default is FALSE. If you set this to
TRUE vlmcsd(8) checks if the client time differs no more than
four hours from the system time. This is useful to prevent emu
Can be TRUE or FALSE. The default is FALSE. If you set this to
TRUE vlmcsd(8) checks if the client time differs no more than
four hours from the system time. This is useful to prevent emu
lator detection. A client that tries to detect an emulator could
simply send two subsequent request with two time stamps that
differ more than four hours from each other. If both requests
simply send two subsequent request with two time stamps that
differ more than four hours from each other. If both requests
succeed, the server is an emulator. If you set this to TRUE on a
system with no reliable time source, activations will fail. It
is ok to set the correct system time after you started vlm
system with no reliable time source, activations will fail. It
is ok to set the correct system time after you started vlm
csd(8).
MaintainClients
Can be TRUE or FALSE (the default). Disables (FALSE) or enables
Can be TRUE or FALSE (the default). Disables (FALSE) or enables
(TRUE) maintaining a list of client machine IDs (CMIDs). TRUE is
useful to prevent emulator detection. By maintaing a CMID list,
vlmcsd(8) reports current active clients exactly like a genuine
useful to prevent emulator detection. By maintaing a CMID list,
vlmcsd(8) reports current active clients exactly like a genuine
KMS emulator. This includes bug compatibility to the extent that
you can permanently kill a genuine KMS emulator by sending an
you can permanently kill a genuine KMS emulator by sending an
"overcharge request" with a required client count of 376 or more
and then request activation for 671 clients. vlmcsd(8) can be
reset from this condition by restarting it. If FALSE is used,
and then request activation for 671 clients. vlmcsd(8) can be
reset from this condition by restarting it. If FALSE is used,
vlmcsd(8) reports current active clients as good as possible. If
no client sends an "overcharge request", it is not possible to
detect vlmcsd(8) as an emulator with MaintainClients = FALSE.
Maintaining clients requires the allocation of a buffer that is
about 50 kB in size. On hardware with few memory resources use
no client sends an "overcharge request", it is not possible to
detect vlmcsd(8) as an emulator with MaintainClients = FALSE.
Maintaining clients requires the allocation of a buffer that is
about 50 kB in size. On hardware with few memory resources use
it only if you really need it.
If you start vlmcsd(8) from an internet superserver, this set
ting cannot be used. Since vlmcsd(8) exits after each activa
If you start vlmcsd(8) from an internet superserver, this set
ting cannot be used. Since vlmcsd(8) exits after each activa
tion, it cannot maintain any state in memory.
StartEmpty
This setting is ignored if you do not also specify Maintain
Clients = TRUE. If you specify FALSE (the default), vlmcsd(8)
starts up as a fully "charged" KMS server. Clients activate
immediately. StartEmpty = TRUE lets you start up vlmcsd(8) with
This setting is ignored if you do not also specify Maintain
Clients = TRUE. If you specify FALSE (the default), vlmcsd(8)
starts up as a fully "charged" KMS server. Clients activate
immediately. StartEmpty = TRUE lets you start up vlmcsd(8) with
an empty CMID list. Activation will start when the required min
imum clients (25 for Windows Client OSses, 5 for Windows Server
OSses and Office) have registered with the KMS server. As long
imum clients (25 for Windows Client OSses, 5 for Windows Server
OSses and Office) have registered with the KMS server. As long
as the minimum client count has not been reached, clients end up
in HRESULT 0xC004F038 "The count reported by your Key Management
Service (KMS) is insufficient. Please contact your system admin
istrator". You may use vlmcs(1) or another KMS client emulator
to "charge" vlmcsd(8). Setting this parameter to TRUE does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
istrator". You may use vlmcs(1) or another KMS client emulator
to "charge" vlmcsd(8). Setting this parameter to TRUE does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
server.
ActivationInterval
This is the same as specifying -A on the command line. See vlm
This is the same as specifying -A on the command line. See vlm
csd(8) for details. The default is 2 hours. Example: Activation
Interval = 1h
RenewalInterval
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: RenewalIn
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: RenewalIn
terval = 3d. Please note that the KMS client decides itself when
to renew activation. Even though vlmcsd sends the renewal inter
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
from a KMS server or emulator. Newer clients do not.
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
only user who has these privileges in the default configuration.
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
the fly by sending SIGHUP to vlmcsd.
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
is the only user who has these privileges in the default config
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
changed on the fly by sending SIGHUP to vlmcsd.
Windows
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Windows activations. If specified, RandomizationLevel
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Windows activations. If specified, RandomizationLevel
for Windows activitations will be ignored.
Office2010
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2010 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2010 activations. If specified, Randomization
Level for Office 2010 activitations will be ignored.
Office2013
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2013 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2013 activations. If specified, Randomization
Level for Office 2013 activitations will be ignored.
Office2016
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2016 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2016 activations. If specified, Randomization
Level for Office 2016 activitations will be ignored.
VALID EPIDS
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "Ratiborus Virtual Machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "Ratiborus Virtual Machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
the wild.
Even if you can use "Activated by cool hacker guys" as an ePID, you may
wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
ePIDs.
If you use non-ASCII characters in your ePID (you shouldn't do anyway),
these must be in UTF-8 format. This is especially important when you
these must be in UTF-8 format. This is especially important when you
run vlmcsd on Windows or cygwin because UTF-8 is not the default encod
ing for most editors.
If you are specifying an optional HWID it follows the same syntax as in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
quotes even if it contains spaces.
@ -439,7 +479,7 @@ AUTHOR
CREDITS
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
borus, ...
@ -448,4 +488,4 @@ SEE ALSO
Hotbird64 December 2016 VLMCSD.INI(5)
Hotbird64 January 2017 VLMCSD.INI(5)

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Sun Dec 11 22:03:19 2016 -->
<!-- CreationDate: Thu Jan 19 21:29:26 2017 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

Binary file not shown.

@ -674,7 +674,20 @@ void loadKmsData()
}
}
#ifndef NO_SOCKETS
void exitOnWarningLevel(const int_fast8_t level)
{
if (ExitLevel >= level)
{
printerrorf("Fatal: Exiting on warning level %i or greater\n", (int)ExitLevel);
exit(-1);
}
}
#endif // !NO_SOCKETS
#endif // IS_LIBRARY
#if __ANDROID__ && !defined(USE_THREADS) // Bionic does not wrap these syscalls (intentionally because Google fears, developers don't know how to use it)
#ifdef __NR_shmget

@ -40,6 +40,13 @@ void getExeName();
__pure BOOL getArgumentBool(int_fast8_t *result, const char *const argument);
char* vlmcsd_strdup(const char* src);
#if defined(NO_SOCKETS) || IS_LIBRARY
#define exitOnWarningLevel(x)
#else // !NO_SOCKETS
void exitOnWarningLevel(const int_fast8_t level);
#endif // !NO_SOCKETS
#if __ANDROID__ && !defined(USE_THREADS) // Bionic does not wrap these syscalls (intentionally because Google fears, developers don't know how to use it)
int shmget(key_t key, size_t size, int shmflg);
void *shmat(int shmid, const void *shmaddr, int shmflg);

@ -570,8 +570,12 @@ static int listenOnAddress(const struct addrinfo *const ai, SOCKET *s)
# if defined(_WIN32) || defined(__CYGWIN__)
// if (IsWindowsVistaOrGreater()) //Doesn't work with older version of MingW32-w64 toolchain
if ((GetVersion() & 0xff) > 5)
{
# endif // _WIN32
printerrorf("Warning: %s does not support socket option IPV6_V6ONLY: %s\n", ipstr, vlmcsd_strerror(socket_errno));
# if defined(_WIN32) || defined(__CYGWIN__)
}
# endif // _WIN32
# endif // _PEDANTIC
}
# endif
@ -661,6 +665,10 @@ BOOL addListeningSocket(const char *const addr)
numsockets++;
result = TRUE;
}
else
{
exitOnWarningLevel(1);
}
}
freeaddrinfo(aiList);

@ -75,6 +75,8 @@ int_fast8_t logverbose = 0;
#endif // NO_LOG
#ifndef NO_SOCKETS
int_fast8_t ExitLevel = 0;
#ifndef _WIN32
int_fast8_t nodaemon = 0;
#endif // _WIN32
@ -84,7 +86,7 @@ int_fast8_t InetdMode = 0;
int_fast8_t nodaemon = 1;
#endif // _WIN32
int_fast8_t InetdMode = 1;
#endif
#endif // NO_SOCKETS
PVlmcsdHeader_t KmsData = NULL;
#ifndef NO_EXTERNAL_DATA
@ -104,7 +106,7 @@ int_fast8_t RandomizationLevel = 1;
uint16_t Lcid = 0;
#endif
#ifndef NO_SOCKETS
#if !defined(NO_SOCKETS) && !defined(USE_MSRPC)
#ifdef SIMPLE_SOCKETS
SOCKET s_server;
#else
@ -120,7 +122,7 @@ HANDLE MaxTaskSemaphore;
#endif // _WIN32
#endif // !defined(NO_LIMIT) && !__minix__
#endif // NO_SOCKETS
#endif // !defined(NO_SOCKETS) && !defined(USE_MSRPC)
#ifdef _NTSERVICE
int_fast8_t IsNTService = TRUE;

@ -133,6 +133,7 @@ extern int_fast8_t UseClientRpcBTFN;
#endif // USE_MSRPC
#ifndef NO_SOCKETS
extern int_fast8_t ExitLevel;
extern char *defaultport;
#endif // NO_SOCKETS

@ -84,7 +84,7 @@
#include "wintap.h"
#endif
static const char* const optstring = "N:B:m:t:w:0:3:6:H:A:R:u:g:L:p:i:P:l:r:U:W:C:c:F:O:o:T:K:E:M:j:SseDdVvqkZ";
static const char* const optstring = "N:B:m:t:w:0:3:6:H:A:R:u:g:L:p:i:P:l:r:U:W:C:c:F:O:o:x:T:K:E:M:j:SseDdVvqkZ";
#if !defined(NO_SOCKETS) && !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
static uint_fast8_t maxsockets = 0;
@ -123,6 +123,9 @@ static IniFileParameter_t IniFileParameterList[] =
{ "Office2010", INI_PARAM_OFFICE2010 },
{ "Office2013", INI_PARAM_OFFICE2013 },
{ "Office2016", INI_PARAM_OFFICE2016 },
# ifndef NO_SOCKETS
{ "ExitLevel", INI_PARAM_EXIT_LEVEL },
# endif // NO_SOCKETS
# ifndef NO_TAP
{ "VPN", INI_PARAM_VPN },
# endif // NO_TAP
@ -296,6 +299,7 @@ static __noreturn void usage()
" -O <v>[=<a>][/<c>]\tuse VPN adapter <v> with IPv4 address <a> and CIDR <c>\n"
# endif
# ifndef NO_SOCKETS
" -x <level>\t\texit if warning <level> reached (default 0)\n"
# if !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
" -L <address>[:<port>]\tlisten on IP address <address> with optional <port>\n"
" -P <port>\t\tset TCP port <port> for subsequent -L statements (default 1688)\n"
@ -725,6 +729,15 @@ static BOOL setIniFileParameter(uint_fast8_t id, const char *const iniarg)
# endif // USE_MSRPC
# ifndef NO_SOCKETS
case INI_PARAM_EXIT_LEVEL:
success = getIniFileArgumentInt(&result, iniarg, 0, 1);
if (success) ExitLevel = (int_fast8_t)result;
break;
# endif // NO_SOCKETS
# if HAVE_FREEBIND
case INI_PARAM_FREEBIND:
@ -1131,6 +1144,11 @@ static void parseGeneralArguments() {
# ifndef NO_SOCKETS
case 'x':
ignoreIniFileParameter(INI_PARAM_EXIT_LEVEL);
ExitLevel = getOptionArgumentInt((char)o, 0, 1);
break;
case 'P':
ignoreIniFileParameter(INI_PARAM_PORT);
# if !defined(SIMPLE_SOCKETS) && !defined(USE_MSRPC)

@ -58,6 +58,7 @@ int server_main(int argc, CARGV argv);
#define INI_PARAM_START_EMPTY 27
#define INI_PARAM_DATA_FILE 28
#define INI_PARAM_VPN 29
#define INI_PARAM_EXIT_LEVEL 30
#define INI_FILE_PASS_1 1
#define INI_FILE_PASS_2 2

@ -297,6 +297,7 @@ static DWORD WINAPI TapMirror(LPVOID data)
free(ActiveTapName);
CloseHandle(TapHandle);
exitOnWarningLevel(1);
return error;
}

Loading…
Cancel
Save