958 lines
34 KiB
HTML
958 lines
34 KiB
HTML
<!-- Creator : groff version 1.22.3 -->
|
|
<!-- CreationDate: Thu Aug 11 16:07:08 2016 -->
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
|
|
"http://www.w3.org/TR/html4/loose.dtd">
|
|
<html>
|
|
<head>
|
|
<meta name="generator" content="groff -Thtml, see www.gnu.org">
|
|
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
|
|
<meta name="Content-Style" content="text/css">
|
|
<style type="text/css">
|
|
p { margin-top: 0; margin-bottom: 0; vertical-align: top }
|
|
pre { margin-top: 0; margin-bottom: 0; vertical-align: top }
|
|
table { margin-top: 0; margin-bottom: 0; vertical-align: top }
|
|
h1 { text-align: center }
|
|
</style>
|
|
<title>VLMCSD</title>
|
|
|
|
</head>
|
|
<body>
|
|
|
|
<h1 align="center">VLMCSD</h1>
|
|
|
|
<a href="#NAME">NAME</a><br>
|
|
<a href="#SYNOPSIS">SYNOPSIS</a><br>
|
|
<a href="#DESCRIPTION">DESCRIPTION</a><br>
|
|
<a href="#OPTIONS">OPTIONS</a><br>
|
|
<a href="#SIGNALS">SIGNALS</a><br>
|
|
<a href="#SUPPORTED OPERATING SYSTEMS">SUPPORTED OPERATING SYSTEMS</a><br>
|
|
<a href="#SUPPORTED PRODUCTS">SUPPORTED PRODUCTS</a><br>
|
|
<a href="#FILES">FILES</a><br>
|
|
<a href="#EXAMPLES">EXAMPLES</a><br>
|
|
<a href="#BUGS">BUGS</a><br>
|
|
<a href="#INTENTIONAL BUGS">INTENTIONAL BUGS</a><br>
|
|
<a href="#AUTHOR">AUTHOR</a><br>
|
|
<a href="#CREDITS">CREDITS</a><br>
|
|
<a href="#SEE ALSO">SEE ALSO</a><br>
|
|
|
|
<hr>
|
|
|
|
|
|
<h2>NAME
|
|
<a name="NAME"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">vlmcsd −
|
|
a fully Microsoft compatible KMS server</p>
|
|
|
|
<h2>SYNOPSIS
|
|
<a name="SYNOPSIS"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b> [
|
|
<i>options</i> ]</p>
|
|
|
|
<h2>DESCRIPTION
|
|
<a name="DESCRIPTION"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
|
|
is a fully Microsoft compatible KMS server that provides
|
|
product activation services to clients. It is meant as a
|
|
drop-in replacement for a Microsoft KMS server (Windows
|
|
computer with KMS key entered). It currently supports KMS
|
|
protocol versions 4, 5 and 6.</p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
|
|
is designed to run on POSIX compatible operating systens. It
|
|
only requires a basic C library with a BSD-style sockets API
|
|
and either <b>fork</b>(2) or <b>pthreads</b>(7). That allows
|
|
it to run on most embedded systems like routers, NASes,
|
|
mobile phones, tablets, TVs, settop boxes, etc. Some efforts
|
|
have been made that it also runs on Windows.</p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Although
|
|
<b>vlmcsd</b> does neither require an activation key nor a
|
|
payment to anyone, it is not meant to run illegal copies of
|
|
Windows. Its purpose is to ensure that owners of legal
|
|
copies can use their software without restrictions, e.g. if
|
|
you buy a new computer or motherboard and your key will be
|
|
refused activation from Microsoft servers due to hardware
|
|
changes.</p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
|
|
may be started via an internet superserver like
|
|
<b>inetd</b>(8) or <b>xinetd</b>(8) as well as an advanced
|
|
init system like <b>systemd</b>(8) or <b>launchd</b>(8)
|
|
using socket based activation. If <b>vlmcsd</b> detects that
|
|
<b>stdin</b>(3) is a socket, it assumes that there is
|
|
already a connected client on stdin that wants to be
|
|
activated. All options that control setting up listening
|
|
sockets will be ignored when in inetd mode.</p>
|
|
|
|
<h2>OPTIONS
|
|
<a name="OPTIONS"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Since vlmcsd
|
|
can be configured at compile time, some options may not be
|
|
available on your system.</p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">All options
|
|
that do no require an argument may be combined with a single
|
|
dash, for instance "vlmcsd -D -e" is identical to
|
|
"vlmcsd -De". For all options that require an
|
|
argument a space between the option and the option argument
|
|
is optional. Thus "vlmcsd -r 2" and "vlmcsd
|
|
-r2" are identical too. <b><br>
|
|
-h</b> or <b>-?</b></p>
|
|
|
|
<p style="margin-left:22%;">Displays help.</p>
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="3%">
|
|
|
|
|
|
<p><b>-V</b></p></td>
|
|
<td width="8%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p>Displays extended version information. This includes the
|
|
compiler used to build vlmcsd, the intended platform and
|
|
flags (compile time options) to build vlmcsd. If you have
|
|
the source code of vlmcsd, you can type <b>make help</b> (or
|
|
<b>gmake help</b> on systems that do not use the GNU version
|
|
of <b>make</b>(1) by default) to see the meaning of those
|
|
flags.</p> </td></tr>
|
|
</table>
|
|
|
|
<p style="margin-left:11%;"><b>-L</b>
|
|
<i>ipaddress</i>[:<i>port</i>]</p>
|
|
|
|
<p style="margin-left:22%;">Instructs vlmcsd to listen on
|
|
<i>ipaddress</i> with optional <i>port</i> (default 1688).
|
|
You can use this option more than once. If you do not
|
|
specify <b>-L</b> at least once, IP addresses 0.0.0.0 (IPv4)
|
|
and :: (IPv6) are used. If the IP address contains colons
|
|
(IPv6) you must enclose the IP address in brackets if you
|
|
specify the optional port, e.g.
|
|
[2001:db8::dead:beef]:1688.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If no port is
|
|
specified, vlmcsd uses the default port according to a
|
|
preceding <b>-P</b> option. If you specify a port, it can be
|
|
a number (1-65535) or a name (usually found in /etc/services
|
|
if not provided via LDAP, NIS+ or another name service).</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you specify
|
|
a link local IPv6 address (fe80::/10, usually starting with
|
|
fe80::), it must be followed by a percent sign (%) and a
|
|
scope id (=network interface name or number) on most unixoid
|
|
OSses including Linux, Android, MacOS X and iOS, e.g.
|
|
fe80::1234:56ff:fe78:9abc<b>%eth0</b> or
|
|
[fe80::1234:56ff:fe78:9abc<b>%2</b>]:1688. Windows
|
|
(including cygwin) does not require a scope id unless the
|
|
same link local address is used on more than one network
|
|
interface. Windows does not accept a name and the scope id
|
|
must be a number.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-o</b> <i>level</i></p>
|
|
|
|
<p style="margin-left:22%;">Sets the <i>level</i> of
|
|
protection against activations from public IP addresses. The
|
|
default is <b>-o0</b> for no protection.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-o1</b>
|
|
causes vlmcsd not to listen on all IP addresses but on
|
|
private IP addresses only. IPv4 addresses in the
|
|
100.64.0.0/10 range (see RFC6598) are not treated as private
|
|
since they can be reached from other users of your ISP.
|
|
Private IPv4 addresses are 10.0.0.0/8, 172.16.0.0/12,
|
|
192.168.0.0/16, 169.254.0.0/16 and 127.0.0.0/8. vlmcsd
|
|
treats all IPv6 addresses not within 2000::/3 as private
|
|
addresses.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If <b>-o1</b>
|
|
is combined with <b>-L</b>, it will listen on all private IP
|
|
addresses plus the ones specified by one or more <b>-L</b>
|
|
statements. If <b>-o1</b> is combined with <b>-P</b>, only
|
|
the last <b>-P</b> statement will be used.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Using
|
|
<b>-o1</b> does not protect you if you enable NAT port
|
|
forwarding on your router to your vlmcsd machine. It is
|
|
identical to using multiple -L statements with all of your
|
|
private IP addresses. What <b>-o1</b> does for you, is
|
|
automatically enumerating your private IP addresses.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-o2</b> does
|
|
not affect the interfaces, vlmcsd is listening on. When a
|
|
clients connects, vlmcsd immediately drops the connection if
|
|
the client has a public IP address. Unlike <b>-o1</b>
|
|
clients will be able to establish a TCP connection but it
|
|
will be closed without a single byte sent over the
|
|
connection. This protects against clients with public IP
|
|
addresses even if NAT port forwarding is used. While
|
|
<b>-o2</b> offers a higher level of protection than
|
|
<b>-o1</b>, the client sees that the KMS TCP port (1688 by
|
|
default) is actually accepting connections.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If vlmcsd is
|
|
compiled to use MS RPC, <b>-o2</b> can only offer very poor
|
|
protection. Control is passed from MS RPC to vlmcsd after
|
|
the KMS protocol has already been negotiated. Thus a client
|
|
can always verify that the KMS protocol is available even
|
|
though it receives an RPC_S_ACCESS_DENIED error message.
|
|
vlmcsd will issue a warning if <b>-o2</b> is used with MS
|
|
RPC. <b>For adaequate protection do not use a MS RPC build
|
|
of vlmcsd with -o2</b>.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-o3</b>
|
|
combines <b>-o1</b> and <b>-o2</b>. vlmcsd listens on
|
|
private interfaces only and if a public client manages to
|
|
connect anyway due to NAT port forwarding, it will be
|
|
immediately dropped.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you use any
|
|
form of TCP level port forwarding (e.g. <b>nc</b>(1),
|
|
<b>netcat</b>(1), <b>ssh</b>(1) port forwarding or similar)
|
|
to redirect KMS requests to vlmcsd, there will be no
|
|
protection even if you use <b>-o2</b> or <b>-o3</b>. This is
|
|
due to the simple fact that vlmcsd sees the IP address of
|
|
the redirector and not the IP address of the client.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-o1</b> (and
|
|
thus <b>-o3</b>) is not (yet) available in some
|
|
scenarios:</p>
|
|
|
|
<p style="margin-left:29%; margin-top: 1em">FreeBSD: There
|
|
is a longtime unfixed
|
|
<a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881">bug</a>
|
|
in the 32-bit ABI of the 64-bit kernel. If you have a 64-bit
|
|
FreeBSD kernel, you must run the 64-bit version of vlmcsd if
|
|
you use <b>-o1</b> or <b>-o3</b>. The 32-bit version causes
|
|
undefined behavior up to crashing vlmcsd. Other BSDs
|
|
(NetBSD, OpenBSD, Dragonfly and Mac OS X) work
|
|
correctly.</p>
|
|
|
|
<p style="margin-left:29%; margin-top: 1em">If vlmcsd was
|
|
started by an internet superserver or was compiled to use
|
|
Microsoft RPC (Windows only) or simple sockets, <b>-o1</b>
|
|
and <b>-o3</b> are not available by design.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-P</b> <i>port</i></p>
|
|
|
|
<p style="margin-left:22%;">Use TCP <i>port</i> for all
|
|
subsequent <b>-L</b> statements that do not include an
|
|
optional port. If you use <b>-P</b> and <b>-L</b>, <b>-P</b>
|
|
must be specified before <b>-L</b>.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-F0</b> and <b>-F1</b></p>
|
|
|
|
<p style="margin-left:22%;">Allow (<b>-F1</b>) or disallow
|
|
(<b>-F0</b>) binding to IP addresses that are currently not
|
|
configured on your system. The default is <b>-F0</b>.
|
|
<b>-F1</b> allows you to bind to an IP address that may be
|
|
configured after you started <b>vlmcsd</b>. <b>vlmcsd</b>
|
|
will listen on that address as soon as it becomes available.
|
|
This feature is only available under Linux (IPv4 and IPv6)
|
|
and FreeBSD (IPv4 only). FreeBSD allows this feature only
|
|
for the root user (more correctly: processes that have the
|
|
PRIV_NETINET_BINDANY privilege). Linux does not require a
|
|
capability for this.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-t</b> <i>seconds</i></p>
|
|
|
|
<p style="margin-left:22%;">Timeout the TCP connection with
|
|
the client after <i>seconds</i> seconds. After sending an
|
|
activation request. RPC keeps the TCP connection for a
|
|
while. The default is 30 seconds. You may specify a shorter
|
|
period to free ressources on your device faster. This is
|
|
useful for devices with limited main memory or if you used
|
|
<b>-m</b> to limit the concurrent clients that may request
|
|
activation. Microsoft RPC clients disconnect after 30
|
|
seconds by default. Setting <i>seconds</i> to a greater
|
|
value does not make much sense.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-m</b>
|
|
<i>concurrent-clients</i></p>
|
|
|
|
<p style="margin-left:22%;">Limit the number of clients
|
|
that will be handled concurrently. This is useful for
|
|
devices with limited ressources or if you are experiencing
|
|
DoS attacks that spawn thousands of threads or forked
|
|
processes. If additional clients connect to vlmcsd, they
|
|
need to wait until another client disconnects. If you set
|
|
<i>concurrent-clients</i> to a small value ( <10 ), you
|
|
should also select a reasonable timeout of 2 or 3 seconds
|
|
with <b>-t</b>. The default is no limit.</p>
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="3%">
|
|
|
|
|
|
<p><b>-d</b></p></td>
|
|
<td width="8%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p>Disconnect each client after processing one activation
|
|
request. This is a direct violation of DCE RPC but may help
|
|
if you receive malicous fake RPC requests that block your
|
|
threads or forked processes. Some other KMS emulators (e.g.
|
|
py-kms) behave this way.</p></td></tr>
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="3%">
|
|
|
|
|
|
<p><b>-k</b></p></td>
|
|
<td width="8%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p>Do not disconnect clients after processing an activation
|
|
request. This selects the default behavior. <b>-k</b> is
|
|
useful only if you used an ini file (see
|
|
<b>vlmcsd.ini</b>(5) and <b>-i</b>). If the ini file
|
|
contains the line "DisconnectClientsImmediately =
|
|
true", you can use this switch to restore the default
|
|
behavior.</p> </td></tr>
|
|
</table>
|
|
|
|
<p style="margin-left:11%;"><b>-N0</b> and <b>-N1</b></p>
|
|
|
|
<p style="margin-left:22%;">Disables (<b>-N0</b>) or
|
|
enables (<b>-N1</b>) the use of the NDR64 transfer syntax in
|
|
the RPC protocol. Unlike Microsoft vlmcsd supports NDR64 on
|
|
32-bit operating systems. Microsoft introduced NDR64 in
|
|
Windows Vista but their KMS servers started using it with
|
|
Windows 8. Thus if you choose random ePIDs, vlmcsd will
|
|
select ePIDs with build numbers 9200 and 9600 if you enable
|
|
NDR64 and build numbers 6002 and 7601 if you disable NDR64.
|
|
The default is to enable NDR64.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-B0</b> and <b>-B1</b></p>
|
|
|
|
<p style="margin-left:22%;">Disables (<b>-B0</b>) or
|
|
enables (<b>-B1</b>) bind time feature negotiation (BTFN) in
|
|
the RPC protocol. All Windows operating systems starting
|
|
with Vista support BTFN and try to negotiate it when
|
|
initiating an RPC connection. Thus consider turning it off
|
|
as a debug / troubleshooting feature only. Some older
|
|
firewalls that selectively block or redirect RPC traffic may
|
|
get confused when they detect NDR64 or BTFN.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-l</b> <i>filename</i></p>
|
|
|
|
<p style="margin-left:22%;">Use <i>filename</i> as a log
|
|
file. The log file records all activations with IP address,
|
|
Windows workstation name (no reverse DNS lookup), activated
|
|
product, KMS protocol, time and date. If you do not specify
|
|
a log file, no log is created. For a live view of the log
|
|
file type tail -f <i>file</i>.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you use the
|
|
special <i>filename</i> "syslog", vlmcsd uses
|
|
<b>syslog</b>(3) for logging. If your system has no syslog
|
|
service (/dev/log) installed, logging output will go to
|
|
/dev/console. Syslog logging is not available in the native
|
|
Windows version. The Cygwin version does support syslog
|
|
logging.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-T0</b> and <b>-T1</b></p>
|
|
|
|
<p style="margin-left:22%;">Disable (<b>-T0</b>) or enable
|
|
(<b>-T1</b>) the inclusion of date and time in each line of
|
|
the log. The default is <b>-T1</b>. <b>-T0</b> is useful if
|
|
you log to <b>stdout</b>(3) which is redirected to another
|
|
logging mechanism that already includes date and time in its
|
|
output, for instance <b>systemd-journald</b>(8). If you log
|
|
to <b>syslog</b>(3), <b>-T1</b> is ignored and date and time
|
|
will never be included in the output sent to
|
|
<b>syslog</b>(3).</p>
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="3%">
|
|
|
|
|
|
<p><b>-D</b></p></td>
|
|
<td width="8%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p>Normally vlmcsd daemonizes and runs in background
|
|
(except the native Windows version). If <b>-D</b> is
|
|
specified, vlmcsd does not daemonize and runs in foreground.
|
|
This is useful for testing and allows you to simply press
|
|
<Ctrl-C> to exit vlmcsd.</p></td></tr>
|
|
</table>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">The native
|
|
Windows version never daemonizes and always behaves as if
|
|
<b>-D</b> had been specified. You may want to install vlmcsd
|
|
as a service instead. See <b>-s</b>.</p>
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="3%">
|
|
|
|
|
|
<p style="margin-top: 1em"><b>-e</b></p></td>
|
|
<td width="8%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p style="margin-top: 1em">If specified, vlmcsd ignores
|
|
<b>-l</b> and writes all logging output to <b>stdout</b>(3).
|
|
This is mainly useful for testing and debugging and often
|
|
combined with <b>-D</b>.</p></td></tr>
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="3%">
|
|
|
|
|
|
<p><b>-v</b></p></td>
|
|
<td width="8%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p>Use verbose logging. Logs every parameter of the base
|
|
request and the base response. It also logs the HWID of the
|
|
KMS server if KMS protocol version 6 is used. This option is
|
|
mainly for debugging purposes. It only has an effect if some
|
|
form of logging is used. Thus <b>-v</b> does not make sense
|
|
if not used with <b>-l</b>, <b>-e</b> or <b>-f</b>.</p></td></tr>
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="3%">
|
|
|
|
|
|
<p><b>-q</b></p></td>
|
|
<td width="8%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p>Do not use verbose logging. This is actually the default
|
|
behavior. It only makes sense if you use vlmcsd with an ini
|
|
file (see <b>-i</b> and <b>vlmcsd.ini</b>(5)). If the ini
|
|
file contains the line "LogVerbose = true" you can
|
|
use <b>-q</b> to restore the default behavior.</p></td></tr>
|
|
</table>
|
|
|
|
<p style="margin-left:11%;"><b>-p</b> <i>filename</i></p>
|
|
|
|
<p style="margin-left:22%;">Create pid file
|
|
<i>filename</i>. This has nothing to do with KMS ePIDs. A
|
|
pid file is a file where vlmcsd writes its own process id.
|
|
This is used by standard init scripts (typically found in
|
|
/etc/init.d). The default is not to write a pid file.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-u</b> <i>user</i> and
|
|
<b>-g</b> <i>group</i></p>
|
|
|
|
<p style="margin-left:22%;">Causes vlmcsd to run in the
|
|
specified <i>user</i> and <i>group</i> security context. The
|
|
main purpose for this is to drop root privileges after it
|
|
has been started from the root account. To use this feature
|
|
from cygwin you must run cyglsa-config and the account from
|
|
which vlmcsd is started must have the rights "Act as
|
|
part of the operating system" and "Replace a
|
|
process level token". The native Windows version does
|
|
not support these options.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">The actual
|
|
security context switch is performed after the TCP sockets
|
|
have been created. This allows you to use privileged ports
|
|
(< 1024) when you start vlmcsd from the root account.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">However if you
|
|
use an ini, pid or log file, you must ensure that the
|
|
unprivileged user has access to these files. You can always
|
|
log to <b>syslog</b>(3) from an unprivileged account on most
|
|
platforms (see <b>-l</b>).</p>
|
|
|
|
<p style="margin-left:11%;"><b>-w</b> <i>ePID</i></p>
|
|
|
|
<p style="margin-left:22%;">Use <i>ePID</i> as Windows
|
|
ePID. If specified, <b>-r</b> is disregarded for
|
|
Windows.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-0</b> <i>ePID</i></p>
|
|
|
|
<p style="margin-left:22%;">Use <i>ePID</i> as Office 2010
|
|
ePID (including Project and Visio). If specified, <b>-r</b>
|
|
is disregarded for Office 2010.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-3</b> <i>ePID</i></p>
|
|
|
|
<p style="margin-left:22%;">Use <i>ePID</i> as Office
|
|
2013/2016 ePID (including Project and Visio). If specified,
|
|
<b>-r</b> is disregarded for Office 2013/2016.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-H</b> <i>HwId</i></p>
|
|
|
|
<p style="margin-left:22%;">Use <i>HwId</i> for all
|
|
products. All HWIDs in the ini file (see <b>-i</b>) will not
|
|
be used. In an ini file you can specify a seperate HWID for
|
|
each <i>application-guid</i>. This is not possible when
|
|
entering a HWID from the command line.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><i>HwId</i>
|
|
must be specified as 16 hex digits that are interpreted as a
|
|
series of 8 bytes (big endian). Any character that is not a
|
|
hex digit will be ignored. This is for better readability.
|
|
The following commands are identical:</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">vlmcsd -H
|
|
0123456789ABCDEF <br>
|
|
vlmcsd -H 01:23:45:67:89:ab:cd:ef <br>
|
|
vlmcsd -H "01 23 45 67 89 AB CD EF"</p>
|
|
|
|
<p style="margin-left:11%;"><b>-i</b> <i>filename</i></p>
|
|
|
|
<p style="margin-left:22%;">Use configuration file (aka ini
|
|
file) <i>filename</i>. Most configuration parameters can be
|
|
set either via the command line or an ini file. The command
|
|
line always has precedence over configuration items in the
|
|
ini file. See <b>vlmcsd.ini</b>(5) for the format of the
|
|
configuration file.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If vlmcsd has
|
|
been compiled to use a default configuration file (often
|
|
/etc/vlmcsd.ini), you may use <b>-i-</b> to ignore the
|
|
default configuration file.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-r0</b>, <b>-r1</b>
|
|
(default) and <b>-r2</b></p>
|
|
|
|
<p style="margin-left:22%;">These options determine how
|
|
ePIDs are generated if</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">- you did not
|
|
sprecify an ePID in the command line and <br>
|
|
- you haven’t used <b>-i</b> or <br>
|
|
- the file specified by <b>-i</b> cannot be opened or <br>
|
|
- the file specified by <b>-i</b> does not contain the
|
|
<i>application-guid</i> for the KMS request</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-r0</b>
|
|
means there are no random ePIDs. vlmcsd simply issues
|
|
default ePIDs that are built into the binary at compile
|
|
time. <b>Pro:</b> behaves like real KMS server that also
|
|
always issues the same ePID. <b>Con</b>: Microsoft may start
|
|
blacklisting again and the default ePID may not work any
|
|
longer.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-r1</b>
|
|
instructs vlmcsd to generate random ePIDs when the program
|
|
starts or receives a SIGHUP signal and uses these ePIDs
|
|
until it is stopped or receives another SIGHUP. Most other
|
|
KMS emulators generate a new ePID on every KMS request. This
|
|
is easily detectable. Microsoft could just modify sppsvc.exe
|
|
in a way that it always sends two identical KMS requests in
|
|
two RPC requests but over the same TCP connection. If both
|
|
KMS responses contain the different ePIDs, the KMS server is
|
|
not genuine. <b>-r1</b> is the default mode. <b>-r1</b> also
|
|
ensures that all three ePIDs (Windows, Office 2010 and
|
|
Office 2013) use the same OS build number and LCID (language
|
|
id).</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If vlmcsd has
|
|
been started by an internet superserver, <b>-r1</b> works
|
|
identically to <b>-r2</b>. This is simply due to the fact
|
|
that vlmcsd is started upon a connection request and does
|
|
not stay in memory after servicing a KMS request.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-r2</b>
|
|
behaves like most other KMS server emulators with random
|
|
support and generates a new random ePID on every request.
|
|
Use this mode with "care". However since Microsoft
|
|
currently does not seem to do any verification of the ePID,
|
|
you currently don’t need to pay attention to ePIDs at
|
|
all.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-C</b> <i>LCID</i></p>
|
|
|
|
<p style="margin-left:22%;">Do not randomize the locale id
|
|
part of the ePID and use <i>LCID</i> instead. The
|
|
<i>LCID</i> must be specified as a decimal number, e.g. 1049
|
|
for "Russian - Russia". This option has no effect
|
|
if the ePID is not randomized at all, e.g. if it is selected
|
|
from the command line or an ini file.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">By default
|
|
vlmcsd generates a valid locale id that is recognized by
|
|
.NET Framework 4.0. This may lead to a locale id which is
|
|
unlikely to occur in your country, for instance 2155 for
|
|
"Quecha - Ecuador". You may want to select the
|
|
locale id of your country instead. See
|
|
<a href="http://msdn.microsoft.com/en-us/goglobal/bb964664.aspx">MSDN</a>
|
|
for a list of valid <i>LCID</i>s. Please note that some of
|
|
them are not recognized by .NET Framework 4.0.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Most other KMS
|
|
emulators use a fixed <i>LCID</i> of 1033 (English - US). To
|
|
achive the same behavior in vlmcsd use <b>-C 1033</b>.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-R</b>
|
|
<i>renewal-interval</i></p>
|
|
|
|
<p style="margin-left:22%;">Instructs clients to renew
|
|
activation every <i>renewal-interval</i>. The
|
|
<i>renewal-interval</i> is a number optionally immediately
|
|
followed by a letter indicating the unit. Valid unit letters
|
|
are s (seconds), m (minutes), h (hours), d (days) and w
|
|
(weeks). If you do not specify a letter, minutes is
|
|
assumed.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em"><b>-R3d</b> for
|
|
instance instructs clients to renew activation every 3 days.
|
|
The default <i>renewal-interval</i> is 10080 (identical to
|
|
7d and 1w).</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Due to poor
|
|
implementation of Microsofts KMS Client it cannot be
|
|
guaranteed that activation is renewed on time as specfied by
|
|
the -R option. Don’t care about that. Renewal will
|
|
happen well before your activation expires (usually 180
|
|
days).</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Even though you
|
|
can specify seconds, the granularity of this option is 1
|
|
minute. Seconds are rounded down to the next multiple of
|
|
60.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-A</b>
|
|
<i>activation-interval</i></p>
|
|
|
|
<p style="margin-left:22%;">Instructs clients to retry
|
|
activation every <i>activation-interval</i> if it was
|
|
unsuccessful, e.g. because it could not reach the server.
|
|
The default is 120 (identical to 2h).
|
|
<i>activation-interval</i> follows the same syntax as
|
|
<i>renewal-interval</i> in the <b>-R</b> option.</p>
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="3%">
|
|
|
|
|
|
<p><b>-s</b></p></td>
|
|
<td width="8%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p>Installs vlmcsd as a Windows service. This option only
|
|
works with the native Windows version and Cygwin. Combine
|
|
<b>-s</b> with other command line options. These will be in
|
|
effect when you start the service. The service automatically
|
|
starts when you reboot your machine. To start it manually,
|
|
type "net start vlmcsd".</p></td></tr>
|
|
</table>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you use
|
|
Cygwin, you must include your Cygwin system DLL directory
|
|
(usually C:\Cygwin\bin or C:\Cygwin64\bin) into the PATH
|
|
environment variable or the service will not start.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">You can
|
|
reinstall the service anytime using vlmcsd -s again, e.g.
|
|
with a different command line. If the service is running, it
|
|
will be restarted with the new command line.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">When using
|
|
<b>-s</b> the command line is checked for basic syntax
|
|
errors only. For example "vlmcsd -s -L 1.2.3.4"
|
|
reports no error but the service will not start if 1.2.3.4
|
|
is not an IP address on your system.</p>
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="3%">
|
|
|
|
|
|
<p style="margin-top: 1em"><b>-S</b></p></td>
|
|
<td width="8%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p style="margin-top: 1em">Uninstalls the vlmcsd service.
|
|
Works only with the native Windows version and Cygwin. All
|
|
other options will be ignored if you include -S in the
|
|
command line.</p></td></tr>
|
|
</table>
|
|
|
|
<p style="margin-left:11%;"><b>-U</b>
|
|
[<i>domain</i>\]<i>username</i></p>
|
|
|
|
<p style="margin-left:22%;">Can only be used together with
|
|
<b>-s</b>. Starts the service as a different user than the
|
|
local SYSTEM account. This is used to run the service under
|
|
an account with low privileges. If you omit the domain, an
|
|
account from the local computer will be used.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">You may use
|
|
"NT AUTHORITY\NetworkService". This is a pseudo
|
|
user with low privileges. You may also use "NT
|
|
AUTHORITY\LocalService" which has more privileges but
|
|
these are of no use for running vlmcsd.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">Make sure that
|
|
the user you specify has at least execute permission for
|
|
your executable. "NT AUTHORITY\NetworkService"
|
|
normally has no permission to run binaries from your home
|
|
directory.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">For your
|
|
convenience you can use the special username "/l"
|
|
as a shortcut for "NT AUTHORITY\LocalService" and
|
|
"/n" for "NT AUTHORITY\NetworkService".
|
|
"vlmcsd −s −U /n"
|
|
installs the service to run as "NT
|
|
AUTHORITY\NetworkService".</p>
|
|
|
|
<p style="margin-left:11%;"><b>-W</b> <i>password</i></p>
|
|
|
|
<p style="margin-left:22%;">Can only be used together with
|
|
<b>-s</b>. Specifies a <i>password</i> for the corresponding
|
|
username you use with -U. SYSTEM, "NT
|
|
AUTHORITY\NetworkService", "NT
|
|
AUTHORITY\LocalService" do not require a password.</p>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">If you specify
|
|
a user with even lower privileges than "NT
|
|
AUTHORITY\NetworkService", you must specify its
|
|
password. You also have to grant the "Log on as a
|
|
service" right to that user.</p>
|
|
|
|
<h2>SIGNALS
|
|
<a name="SIGNALS"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">The following
|
|
signals differ from the default behavior: <b><br>
|
|
SIGTERM</b>, <b>SIGINT</b></p>
|
|
|
|
<p style="margin-left:22%;">These signals cause vlmcsd to
|
|
exit gracefully. All global semaphores and shared memory
|
|
pages will be released, the pid file will be unlinked
|
|
(deleted) and a shutdown message will be logged.</p>
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="9%">
|
|
|
|
|
|
<p><b>SIGHUP</b></p></td>
|
|
<td width="2%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p>Causes vlmcsd to be restarted completely. This is useful
|
|
if you started vlmcsd with an ini file. You can modify the
|
|
ini file while vlmcsd is running and then sending
|
|
<b>SIGHUP</b>, e.g. by typing "killall -SIGHUP
|
|
vlmcsd" or "kill -SIGHUP ’cat
|
|
/var/run/vlmcsd.pid’".</p> </td></tr>
|
|
</table>
|
|
|
|
<p style="margin-left:22%; margin-top: 1em">The SIGHUP
|
|
handler has been implemented relatively simple. It is
|
|
virtually the same as stopping vlmcsd and starting it again
|
|
immediately with the following exceptions:</p>
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="22%"></td>
|
|
<td width="1%">
|
|
|
|
|
|
<p style="margin-top: 1em">—</p></td>
|
|
<td width="3%"></td>
|
|
<td width="74%">
|
|
|
|
|
|
<p style="margin-top: 1em">The new process does not get a
|
|
new process id.</p></td></tr>
|
|
<tr valign="top" align="left">
|
|
<td width="22%"></td>
|
|
<td width="1%">
|
|
|
|
|
|
<p>—</p></td>
|
|
<td width="3%"></td>
|
|
<td width="74%">
|
|
|
|
|
|
<p>If you used a pid file, it is not deleted and recreated
|
|
because the process id stays the same.</p></td></tr>
|
|
<tr valign="top" align="left">
|
|
<td width="22%"></td>
|
|
<td width="1%">
|
|
|
|
|
|
<p>—</p></td>
|
|
<td width="3%"></td>
|
|
<td width="74%">
|
|
|
|
|
|
<p>If you used the ’user’ and/or
|
|
’group’ directive in an ini file these are
|
|
ignored. This is because once you switched to lower
|
|
privileged users and groups, there is no way back. Anything
|
|
else would be a severe security flaw in the OS.</p></td></tr>
|
|
</table>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Signaling is
|
|
not available in the native Windows version and in the
|
|
Cygwin version when it runs as Windows service.</p>
|
|
|
|
<h2>SUPPORTED OPERATING SYSTEMS
|
|
<a name="SUPPORTED OPERATING SYSTEMS"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
|
|
compiles and runs on Linux, Windows (no Cygwin required but
|
|
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD,
|
|
Dragonfly BSD, Minix, Solaris, OpenIndiana, Android and iOS.
|
|
Other POSIX or unixoid OSses may work with unmodified
|
|
sources or may require minor porting efforts.</p>
|
|
|
|
<h2>SUPPORTED PRODUCTS
|
|
<a name="SUPPORTED PRODUCTS"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
|
|
can answer activation requests for the following products:
|
|
Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
|
(up to 1607), Windows Server 2008, Windows Server 2008 R2,
|
|
Windows Server 2012, Windows Server 2012 R2, Windows Server
|
|
2016, Office 2010, Project 2010, Visio 2010, Office 2013,
|
|
Project 2013, Visio 2013, Office 2016, Project 2016, Visio
|
|
2016. Newer version may work as long as the KMS protocol
|
|
does not change. A complete list of fully supported products
|
|
can be obtained using the <b>-x</b> option of
|
|
<b>vlmcs</b>(1).</p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Office, Project
|
|
and Visio must be volume license versions.</p>
|
|
|
|
<h2>FILES
|
|
<a name="FILES"></a>
|
|
</h2>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd.ini</b>(5)</p>
|
|
|
|
<h2>EXAMPLES
|
|
<a name="EXAMPLES"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd
|
|
-De</b></p>
|
|
|
|
<p style="margin-left:22%;">Starts <b>vlmcsd</b> in
|
|
foreground. Useful if you use it for the first time and want
|
|
to see what’s happening when a client requests
|
|
activation.</p>
|
|
|
|
<p style="margin-left:11%;"><b>vlmcsd -l
|
|
/var/log/vlmcsd.log</b></p>
|
|
|
|
<p style="margin-left:22%;">Starts <b>vlmcsd</b> as a
|
|
daemon and logs everything to /var/log/vlmcsd.log.</p>
|
|
|
|
<p style="margin-left:11%;"><b>vlmcsd -L
|
|
192.168.1.17</b></p>
|
|
|
|
<p style="margin-left:22%;">Starts <b>vlmcsd</b> as a
|
|
daemon and listens on IP address 192.168.1.17 only. This is
|
|
useful for routers that have a public and a private IP
|
|
address to prevent your KMS server from becoming public.</p>
|
|
|
|
<p style="margin-left:11%;"><b>vlmcsd -s -U /n -l
|
|
C:\logs\vlmcsd.log</b></p>
|
|
|
|
<p style="margin-left:22%;">Installs <b>vlmcsd</b> as a
|
|
Windows service with low privileges and logs everything to
|
|
C:\logs\vlmcsd.log when the service is started with
|
|
"net start vlmcsd".</p>
|
|
|
|
<h2>BUGS
|
|
<a name="BUGS"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">An ePID
|
|
specified in an ini file must not contain spaces.</p>
|
|
|
|
<h2>INTENTIONAL BUGS
|
|
<a name="INTENTIONAL BUGS"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">vlmcsd
|
|
activates non-VL (retail) and beta/preview versions of
|
|
Windows. <br>
|
|
vlmcsd always reports enough active clients to satisfy the N
|
|
count policy of the request.</p>
|
|
|
|
<h2>AUTHOR
|
|
<a name="AUTHOR"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Written by
|
|
crony12, Hotbird64 and vityan666. With contributions from
|
|
DougQaid.</p>
|
|
|
|
<h2>CREDITS
|
|
<a name="CREDITS"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Thanks to
|
|
CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad,
|
|
Ratiborus, ...</p>
|
|
|
|
<h2>SEE ALSO
|
|
<a name="SEE ALSO"></a>
|
|
</h2>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd.ini</b>(5),
|
|
<b>vlmcsd</b>(7), <b>vlmcs</b>(1), <b>vlmcsdmulti</b>(1)</p>
|
|
<hr>
|
|
</body>
|
|
</html>
|