Windows Activation failure
Problem description
Windows activation fails when all the Internet traffic goes through Acreto.
This article describes how to resolve the KMS activation problem you might experience when you force all the traffic to go through Acreto.
Symptom
You enable forced tunneling on Azure virtual network subnets to direct all Internet-bound traffic back to your on-premises network. In this scenario, the Azure virtual machines (VMs) that run Windows fail to activate Windows.
Cause
The Azure Windows VMs need to connect to the Azure KMS server for Windows activation. The activation requires that the activation request come from an Azure public IP address. The activation fails in the forced tunneling scenario because the activation request comes from Acreto instead of from an Azure public IP address.
Solution
Use the Azure custom route to route activation traffic to the Azure KMS server to resolve this problem.
The IP address of the KMS server for the Azure Global cloud is 23.102.135.246. Its DNS name is kms.core.windows.net. If you use other Azure platforms such as Azure Germany, you must use the IP address of the corresponding KMS server. For more information, see the following table:
| Platform | KMS DNS | IP |
|---|---|---|
| Azure Global | kms.core.windows.net | 23.102.135.246 |
| Azure Germany | kms.core.cloudapi.de | 51.4.143.248 |
| Azure US Government | kms.core.usgovcloudapi.net | 23.97.0.13 |
| Azure China 21Vianet | kms.core.chinacloudapi.cn | 42.159.7.249 |
How to
Update the route table of the Subnet where Windows VM was created :
-
Login to Azure portal
-
Goto you Virtual network whose subnet’s route table needs to be modified.
-
In the virtual network menu bar, choose Subnets.
-
Select the subnet for which the route table needs to be updated.
-
In the Route table, add the following route :
- Route name - kms.core.windows.net
- Address prefix - 23.102.135.246/32
- Next Hop - Internet
-
Select Save.
Verify
With the custom route, the Window activation traffic goes directly to the Azure KMS server, and the process will be successfully completed.
