vlmcsd/man/vlmcsd.ini.5.dos.txt

487 lines
24 KiB
Plaintext

VLMCSD.INI(5) KMS Activation Manual VLMCSD.INI(5)
NAME
vlmcsd.ini - vlmcsd KMS emulator configuration file
SYNOPSIS
vlmcsd.ini
DESCRIPTION
vlmcsd.ini (or simply called the "ini file") is a configuration file
for vlmcsd(8). By default vlmcsd does not use a configuration file. It
is completely optional and for advanced users only. You must use the -i
option on the vlmcsd command line to use an ini file. There is no
default name or default location for the ini file.
Everything, that can be configured in the ini file, may also be speci-
fied on the command line. Any configuration option specified on the
command line takes precedence over the respective configuration line in
the ini file.
Benefits of a configuration file
While you can use the configuration file to simply modify the default
behavior of vlmcsd, it can also be used to change the configuration of
vlmcsd after you sent a HUP signal(7). Whenever you send SIGHUP, the
configuration file will be re-read. Any changes you made to the ini
file will be reflected after vlmcsd received the hangup signal.
Differences between command line and configuration file
If you specify an illegal option or option argument on the command
line, vlmcsd displays help and exits. If you specify an incorrect key-
word or argument in the ini file, vlmcsd displays a warning with some
information, ignores the respective line and continues. This is inten-
tional and prevents vlmcsd from aborting after a SIGHUP if the configu-
ration was modified incorrectly.
SYNTAX
vlmcsd.ini is a UTF-8 encoded text file with each line being in the
format keyword = argument. The keyword is not case-sensitive. The argu-
ment is treated literally. It is neither required nor allowed to
enclose the argument in any form of quote characters except when quote
characters are part of the argument itself. Whitespace characters are
ignored only
- at the beginning of a line
- between the keyword and '='
- between '=' and the argument
Lines, that start with '#' or ';' are treated as comments. Empty lines
are ignored as well. If a keyword is repeated in another line, vlmcsd
will use the argument of the last occurence of the keyword. An excep-
tion to this is the Listen keyword which can be specified multiple
times and causes vlmcsd to listen on more than one IP address and/or
port.
Some arguments are binary arguments that need to be either TRUE or
FALSE. You can use "Yes", "On" or "1" as an alias for TRUE and "No",
"Off" or "0" as an alias for FALSE. Binary arguments are case-insensi-
tive.
KEYWORDS
The following keywords are defined (not all keywords may be available
depending on the operating system and the options used when vlmcsd(8)
was compiled):
Listen This defines on what combinations of IP addresses and ports vlm-
csd should listen. Listen can be specified more than once. The
argument has the form ipaddress[:port]. If you omit the port,
the default port of 1688 is used. If the ipaddress contains
colons and a port is used, you must enclose the ipaddress in
brackets. The default is to listen to 0.0.0.0:1688 and [::]:1688
which means listen to all IPv4 and all IPv6 addresses. See the
-L option in vlmcsd(8) for more info about the syntax. If you
use -L or -P on the command line, all Listen keywords in the ini
file will be ignored. The Listen keyword cannot be used if vlm-
csd has been compiled to use Microsoft RPC (Windows and Cygwin
only) or simple sockets.
Examples:
Listen = 192.168.1.123:1688
Listen = 0.0.0.0:1234
Listen = [fe80::1721:12ff:fe81:d36b%eth0]:1688
Port Can only be used if vlmcsd has been compiled to use simple sock-
ets or on Windows and Cygwin if vlmcsd(8) has been compiled to
use Microsoft RPC. Otherwise you must use Listen instead. Causes
vlmcsd to listen on that port instead of 1688.
FreeBind
Can be TRUE or FALSE. If TRUE, you can use the Listen keyword
with IP addresses that are currently not defined on your system.
vlmcsd(8) will start listening on these IP addresses as soon as
they become available. This keyword is only available under
Linux and FreeBSD because no other OS currently supports that
feature. FreeBSD supports this only for IPv4 and requires the
PRIV_NETINET_BINDANY privilege which is normally assigned to
proccesses of the root user.
PublicIPProtectionLevel
Set the level of protection against KMS activations from public
IP addresses.
0 = No protection (default)
1 = Listen on private IP addresses only (plus those specified by
one or more Listen statements)
2 = Disconnect clients with public IP addresses without activat-
ing
3 = Combines 1 and 2
For details on public IP protection levels see vlmcsd(8) command
line option -o.
VPN Has to be in the form vpn-adapter-name[=ipv4-address][/cidr-
mask][:dhcp-lease-duration].
Enables a compatible VPN adapter to create additional local IPv4
addresses (like 127.0.0.1) that appear as remote IPv4 addresses
to the system. This allows product activation using a local
instance of vlmcsd. This feature is only available in Windows
and Cygwin builds of vlmcsd since it is not of any use on other
operating systems. Compatible VPN adapters are Tap-windows ver-
sion 8.2 or higher (from OpenVPN) and the TeamViewer VPN
adapter. There is a special vpn-adapter-name. A single period
(.) instructs vlmcsd to use the first available compatible VPN
adapter. The vpn-adapter-name is not case-sensitive. If the vpn-
adapter-name contains spaces (e.g. Ethernet 3), do not enclose
it in quotes.
The default ipv4-address is 10.10.10.9 and the default cidr-mask
is 30. If you are using the default values, your VPN adapter
uses an IPv4 address of 10.10.10.9 and you can set your activa-
tion client to use the easy to remember address 10.10.10.10
(e.g. slmgr /skms 10.10.10.10 or cscript ospp.vbs
/sethst:10.10.10.10).
The dhcp-lease-duration is a number optionally followed by s, m,
h, d or w to indicate seconds, minutes, hours, days or weeks.
The default dhcp-lease-duration is 1d (one day). It is normally
not required to change this value.
It is advised not to manually configure your OpenVPN TAP or
TeamViewer VPN adapter in "Network Connections". If you set the
IPv4 configuration manually anyway, the IPv4 address and the
subnet mask must match the VPN= directive. It is safe leave the
IPv4 configuration to automatic (DHCP). vlmcsd will wait up to
four seconds for the DHCP configuration to complete before bind-
ing to and listenin on any interfaces.
You should be aware that only one program can use a VPN adapter
at a time. If you use the TeamViewer VPN adapter for example,
you will not be able to use the VPN feature of TeamViewer as
long as vlmcsd is running. The same applies to OpenVPN TAP
adapters that are in use by other programs (for example OpenVPN,
QEMU, Ratiborus VM, aiccu, etc.). The best way to avoid con-
flicts is to install Tap-Windows from OpenVPN, cd to C:\Program
Files\TAP-Windows\bin and run addtap.bat to install an addi-
tional TAP adapter. Go to "Network Connections" and rename the
new adapter to "vlmcsd" and specify VPN=vlmcsd to use it.
ExitLevel
Can be either 0 (the default) or 1. Controls under what circum-
stances vlmcsd will exit. Using the default of 0 vlmcsd stays
active as long as it can perform some useful operations. If vlm-
csd is run by any form of a watchdog, e.g. NT service manager
(Windows), systemd (Linux) or launchd (Mac OS / iOS), it may be
desirable to end vlmcsd and let the watchdog restart it. This is
especially true if some pre-requisites are not yet met but will
be some time later, e.g. network is not yet fully setup.
By using ExitLevel = 0 vlmcsd will
exit if none of the listening sockets specified with -L can
be used. It continues if at least one socket can be setup
for listening.
exit any TAP mirror thread (Windows version only) if there
is an error condition while reading or writing from or to
the VPN adapter but continue to work without utilizing a
VPN adapter.
By using ExitLevel = 1 vlmcsd will
exit if not all listening sockets specified with -L can be
used.
exit completely if there is a problem with a VPN adapter it
is using. This may happen for instance if the VPN adapter
has been disabled using "Control Panel - Network - Adapter
Settings" while vlmcsd is using it.
Please note that ExitLevel = 1 is kind of a workaround option.
While it may help under some circumstances, it is better to
solve the problem at its origin, e.g. properly implementing
dependencies in your startup script to ensure all network inter-
faces and the VPN adapter you will use are completely setup
before you start vlmcsd.
UseNDR64
Can be TRUE or FALSE. Specifies whether you want to use the
NDR64 transfer syntax. See options -n0 and -n1 in vlmcsd(8). The
default is TRUE.
UseBTFN
Can be TRUE or FALSE. Specifies whether you want to use bind
time feature negotiation in RPC. See options -b0 and -b1 in vlm-
csd(8). The default is TRUE.
RandomizationLevel
The argument must 0, 1 or 2. This specifies the ePID randomiza-
tion level. See options -r0, -r1 and -r2 in vlmcsd(8). The
default randomization level is 1. A RandomizationLevel of 2 is
not recommended and should be treated as a debugging level.
LCID Use a specific culture id (LCID) even if the ePID is randomized.
The argument must be a number between 1 and 32767. While any
number in that range is valid, you should use an offcial LCID. A
list of assigned LCIDs can be found at http://msdn.micro-
soft.com/en-us/goglobal/bb964664.aspx. On the command line you
control this setting with option -C.
HostBuild
Use a specific host build number in the ePID even if it is ran-
domized. The argument must be a number between 1 and 65535.
While you can use any number you should only use build numbers
that a released build numbers of Windows Servers, e.g. 17763 for
Windows Server 2019.
MaxWorkers
The argument specifies the maximum number of worker processes or
threads that will be used to serve activation requests concur-
rently. This is the same as specifying -m on the command line.
Minimum is 1. The maximum is platform specific and is at least
32767 but is likely to be greater on most systems. The default
is no limit.
ConnectionTimeout
Used to control when the vlmcsd disconnects idle TPC connec-
tions. The default is 30 seconds. This is the same setting as -t
on the command line.
DisconnectClientsImmediately
Set this to TRUE to disconnect a client after it got an activa-
tion response regardless whether a timeout has occured or not.
The default is FALSE. Setting this to TRUE is non-standard
behavior. Use only if you are experiencing DoS or DDoS attacks.
On the command line you control this behavior with options -d
and -k.
PidFile
Write a pid file. The argument is the full pathname of a pid
file. The pid file contains is single line containing the
process id of the vlmcsd process. It can be used to stop
(SIGTERM) or restart (SIGHUP) vlmcsd. This directive can be
overriden using -p on the command line.
LogFile
Write a log file. The argument is the full pathname of a log
file. On a unixoid OS and with Cygwin you can use the special
filename 'syslog' to log to the syslog facility. This is the
same as specifying -l on the command line.
KmsData
Use a KMS data file. The argument is the full pathname of a KMS
data file. By default vlmcsd only contains the minimum product
data that is required to perform all operations correctly. You
may use a more complete KMS data file that contains all detailed
product names. This is especially useful if you are logging KMS
requests. If you don't log, there is no need to load an external
KMS data file.
You may use KmsData = - to prevent the default KMS data file to
be loaded.
LogDateAndTime
Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log-
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
mechanism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), LogDate-
AndTime is ignored and date and time will never be included in
the output sent to syslog(3). Using the command line you control
this setting with options -T0 and -T1.
LogVerbose
Set this to either TRUE or FALSE. The default is FALSE. If set
to TRUE, more details of each activation will be logged. You use
-v and -q in the command line to control this setting. LogVer-
bose has an effect only if you specify a log file or redirect
logging to stdout(3).
WhitelistingLevel
Can be 0, 1, 2 or 3. The default is 0. Sets the whitelisting
level to determine which products vlmcsd activates or refuses.
0: activate all products with an unknown, retail or
beta/preview KMS ID.
1: activate products with a retail or beta/preview KMS ID
but refuse to activate products with an unknown KMS ID.
2: activate products with an unknown KMS ID but refuse
products with a retail or beta/preview KMS ID.
3: activate only products with a known volume license RTM
KMS ID and refuse all others.
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select 1 or 3, vlmcsd also checks the Application ID for cor-
rectness. If Microsoft introduces a new KMS ID for a new prod-
uct, you cannot activate it if you used 1 or 3 until a new ver-
sion of vlmcsd is available.
CheckClientTime
Can be TRUE or FALSE. The default is FALSE. If you set this to
TRUE vlmcsd(8) checks if the client time differs no more than
four hours from the system time. This is useful to prevent emu-
lator detection. A client that tries to detect an emulator could
simply send two subsequent request with two time stamps that
differ more than four hours from each other. If both requests
succeed, the server is an emulator. If you set this to TRUE on a
system with no reliable time source, activations will fail. It
is ok to set the correct system time after you started vlm-
csd(8).
MaintainClients
Can be TRUE or FALSE (the default). Disables (FALSE) or enables
(TRUE) maintaining a list of client machine IDs (CMIDs). TRUE is
useful to prevent emulator detection. By maintaing a CMID list,
vlmcsd(8) reports current active clients exactly like a genuine
KMS emulator. This includes bug compatibility to the extent that
you can permanently kill a genuine KMS emulator by sending an
"overcharge request" with a required client count of 376 or more
and then request activation for 671 clients. vlmcsd(8) can be
reset from this condition by restarting it. If FALSE is used,
vlmcsd(8) reports current active clients as good as possible. If
no client sends an "overcharge request", it is not possible to
detect vlmcsd(8) as an emulator with MaintainClients = FALSE.
Maintaining clients requires the allocation of a buffer that is
about 50 kB in size. On hardware with few memory resources use
it only if you really need it.
If you start vlmcsd(8) from an internet superserver, this set-
ting cannot be used. Since vlmcsd(8) exits after each activa-
tion, it cannot maintain any state in memory.
StartEmpty
This setting is ignored if you do not also specify Maintain-
Clients = TRUE. If you specify FALSE (the default), vlmcsd(8)
starts up as a fully "charged" KMS server. Clients activate
immediately. StartEmpty = TRUE lets you start up vlmcsd(8) with
an empty CMID list. Activation will start when the required min-
imum clients (25 for Windows Client OSses, 5 for Windows Server
OSses and Office) have registered with the KMS server. As long
as the minimum client count has not been reached, clients end up
in HRESULT 0xC004F038 "The count reported by your Key Management
Service (KMS) is insufficient. Please contact your system admin-
istrator". You may use vlmcs(1) or another KMS client emulator
to "charge" vlmcsd(8). Setting this parameter to TRUE does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
server.
ActivationInterval
This is the same as specifying -A on the command line. See vlm-
csd(8) for details. The default is 2 hours. Example: Activation-
Interval = 1h
RenewalInterval
This is the same as specifying -R on the command line. See vlm-
csd(8) for details. The default is 7 days. Example: RenewalIn-
terval = 3d. Please note that the KMS client decides itself when
to renew activation. Even though vlmcsd sends the renewal inter-
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
from a KMS server or emulator. Newer clients do not.
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
only user who has these privileges in the default configuration.
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
the fly by sending SIGHUP to vlmcsd.
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden-
tials (a password in most cases). On most unixoid OSses 'root'
is the only user who has these privileges in the default config-
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
changed on the fly by sending SIGHUP to vlmcsd.
<csvlk-name>
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for activations with <csvlk-name>. If specified, Randomiza-
tionLevel for the <csvlk-name> will be ignored. With the default
vlmcsd.kmd database you can use the following <csvlk-name>s:
Windows, Office2010, Office2013, Office2016, Office2019 and
WinChinaGov. While vlmcsd is compatible with older databases,
you must use at least database version 1.6 for this feature to
work.
VALID EPIDS
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "Ratiborus Virtual Machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
the wild.
Even if you can use "Activated by cool hacker guys" as an ePID, you may
wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
ePIDs.
If you use non-ASCII characters in your ePID (you shouldn't do anyway),
these must be in UTF-8 format. This is especially important when you
run vlmcsd on Windows or cygwin because UTF-8 is not the default encod-
ing for most editors.
If you are specifying an optional HWID it follows the same syntax as in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
quotes even if it contains spaces.
FILES
vlmcsd.ini(5)
AUTHOR
vlmcsd(8) was written by crony12, Hotbird64 and vityan666. With contri-
butions from DougQaid.
CREDITS
Thanks to abbodi1406, CODYQX4, deagles, eIcn, mikmik38, nosferati87,
qad, Ratiborus, ...
SEE ALSO
vlmcsd(8), vlmcsd(7), vlmcs(1), vlmcsdmulti(1)
Hotbird64 October 2018 VLMCSD.INI(5)