Windows activation fails when all the Internet traffic goes through Acreto.
This article describes how to resolve the KMS activation problem you might experience when you force all the traffic to go through Acreto.
You enable forced tunneling on Azure virtual network subnets to direct all Internet-bound traffic back to your on-premises network. In this scenario, the Azure virtual machines (VMs) that run Windows fail to activate Windows.
The Azure Windows VMs need to connect to the Azure KMS server for Windows activation. The activation requires that the activation request come from an Azure public IP address. The activation fails in the forced tunneling scenario because the activation request comes from Acreto instead of from an Azure public IP address.
Use the Azure custom route to route activation traffic to the Azure KMS server to resolve this problem.
The IP address of the KMS server for the Azure Global cloud is 22.214.171.124. Its DNS name is kms.core.windows.net. If you use other Azure platforms such as Azure Germany, you must use the IP address of the corresponding KMS server. For more information, see the following table:
|Azure US Government||kms.core.usgovcloudapi.net||126.96.36.199|
|Azure China 21Vianet||kms.core.chinacloudapi.cn||188.8.131.52|
Update the route table of the Subnet where Windows VM was created :
Login to Azure portal
Goto you Virtual network whose subnet’s route table needs to be modified.
In the virtual network menu bar, choose Subnets.
Select the subnet for which the route table needs to be updated.
In the Route table, add the following route :
With the custom route, the Window activation traffic goes directly to the Azure KMS server, and the process will be successfully completed.