VLMCSD.INI(5)                KMS Activation Manual               VLMCSD.INI(5)



NAME
       vlmcsd.ini - vlmcsd KMS emulator configuration file


SYNOPSIS
       vlmcsd.ini


DESCRIPTION
       vlmcsd.ini  (or  simply  called the "ini file") is a configuration file
       for vlmcsd(8). By default vlmcsd does not use a configuration file.  It
       is completely optional and for advanced users only. You must use the -i
       option on the vlmcsd command line to use  an  ini  file.  There  is  no
       default name or default location for the ini file.

       Everything,  that can be configured in the ini file, may also be speci‐
       fied on the command line. Any configuration  option  specified  on  the
       command line takes precedence over the respective configuration line in
       the ini file.

       Benefits of a configuration file

       While you can use the configuration file to simply modify  the  default
       behavior  of vlmcsd, it can also be used to change the configuration of
       vlmcsd after you sent a HUP signal(7). Whenever you  send  SIGHUP,  the
       configuration  file  will  be  re-read. Any changes you made to the ini
       file will be reflected after vlmcsd received the hangup signal.

       Differences between command line and configuration file

       If you specify an illegal option or  option  argument  on  the  command
       line,  vlmcsd displays help and exits. If you specify an incorrect key‐
       word or argument in the ini file, vlmcsd displays a warning  with  some
       information,  ignores the respective line and continues. This is inten‐
       tional and prevents vlmcsd from aborting after a SIGHUP if the configu‐
       ration was modified incorrectly.


SYNTAX
       vlmcsd.ini  is  a  UTF-8  encoded text file with each line being in the
       format keyword = argument. The keyword is not case-sensitive. The argu‐
       ment  is  treated  literally.  It  is  neither  required nor allowed to
       enclose the argument in any form of quote characters except when  quote
       characters  are  part of the argument itself. Whitespace characters are
       ignored only

       - at the beginning of a line
       - between the keyword and '='
       - between '=' and the argument

       Lines, that start with '#' or ';' are treated as comments. Empty  lines
       are  ignored  as well. If a keyword is repeated in another line, vlmcsd
       will use the argument of the last occurence of the keyword.  An  excep‐
       tion  to  this  is  the  Listen keyword which can be specified multiple
       times and causes vlmcsd to listen on more than one  IP  address  and/or
       port.

       Some  arguments  are  binary  arguments  that need to be either TRUE or
       FALSE. You can use "Yes", "On" or "1" as an alias for  TRUE  and  "No",
       "Off"  or "0" as an alias for FALSE. Binary arguments are case-insensi‐
       tive.


KEYWORDS
       The following keywords are defined (not all keywords may  be  available
       depending  on  the operating system and the options used when vlmcsd(8)
       was compiled):


       Listen This defines on what combinations of IP addresses and ports vlm‐
              csd  should  listen. Listen can be specified more than once. The
              argument has the form ipaddress[:port]. If you  omit  the  port,
              the  default  port  of  1688  is used. If the ipaddress contains
              colons and a port is used, you must  enclose  the  ipaddress  in
              brackets. The default is to listen to 0.0.0.0:1688 and [::]:1688
              which means listen to all IPv4 and all IPv6 addresses.  See  the
              -L  option  in  vlmcsd(8) for more info about the syntax. If you
              use -L or -P on the command line, all Listen keywords in the ini
              file  will be ignored. The Listen keyword cannot be used if vlm‐
              csd has been compiled to use Microsoft RPC (Windows  and  Cygwin
              only) or simple sockets.

              Examples:

              Listen = 192.168.1.123:1688
              Listen = 0.0.0.0:1234
              Listen = [fe80::1721:12ff:fe81:d36b%eth0]:1688


       Port   Can only be used if vlmcsd has been compiled to use simple sock‐
              ets or on Windows and Cygwin if vlmcsd(8) has been  compiled  to
              use Microsoft RPC. Otherwise you must use Listen instead. Causes
              vlmcsd to listen on that port instead of 1688.


       FreeBind
              Can be TRUE or FALSE. If TRUE, you can use  the  Listen  keyword
              with IP addresses that are currently not defined on your system.
              vlmcsd(8) will start listening on these IP addresses as soon  as
              they  become  available.  This  keyword  is only available under
              Linux and FreeBSD because no other OS  currently  supports  that
              feature.  FreeBSD  supports  this only for IPv4 and requires the
              PRIV_NETINET_BINDANY privilege which  is  normally  assigned  to
              proccesses of the root user.


       PublicIPProtectionLevel
              Set  the level of protection against KMS activations from public
              IP addresses.

              0 = No protection (default)
              1 = Listen on private IP addresses only (plus those specified by
              one or more Listen statements)
              2 = Disconnect clients with public IP addresses without activat‐
              ing
              3 = Combines 1 and 2

              For details on public IP protection levels see vlmcsd(8) command
              line option -o.


       VPN    Has  to  be  in  the form vpn-adapter-name[=ipv4-address][/cidr-
              mask][:dhcp-lease-duration].

              Enables a compatible VPN adapter to create additional local IPv4
              addresses  (like 127.0.0.1) that appear as remote IPv4 addresses
              to the system. This allows  product  activation  using  a  local
              instance  of  vlmcsd.  This feature is only available in Windows
              and Cygwin builds of vlmcsd since it is not of any use on  other
              operating  systems. Compatible VPN adapters are Tap-windows ver‐
              sion 8.2  or  higher  (from  OpenVPN)  and  the  TeamViewer  VPN
              adapter.  There  is  a special vpn-adapter-name. A single period
              (.) instructs vlmcsd to use the first available  compatible  VPN
              adapter. The vpn-adapter-name is not case-sensitive. If the vpn-
              adapter-name contains spaces (e.g. Ethernet 3), do  not  enclose
              it in quotes.

              The default ipv4-address is 10.10.10.9 and the default cidr-mask
              is 30. If you are using the default  values,  your  VPN  adapter
              uses  an IPv4 address of 10.10.10.9 and you can set your activa‐
              tion client to use the  easy  to  remember  address  10.10.10.10
              (e.g.    slmgr    /skms    10.10.10.10   or   cscript   ospp.vbs
              /sethst:10.10.10.10).

              The dhcp-lease-duration is a number optionally followed by s, m,
              h,  d  or  w to indicate seconds, minutes, hours, days or weeks.
              The default dhcp-lease-duration is 1d (one day). It is  normally
              not required to change this value.

              It  is  advised  not  to  manually configure your OpenVPN TAP or
              TeamViewer VPN adapter in "Network Connections". If you set  the
              IPv4  configuration  manually  anyway,  the IPv4 address and the
              subnet mask must match the VPN= directive. It is safe leave  the
              IPv4  configuration  to automatic (DHCP). vlmcsd will wait up to
              four seconds for the DHCP configuration to complete before bind‐
              ing to and listenin on any interfaces.

              You  should be aware that only one program can use a VPN adapter
              at a time. If you use the TeamViewer VPN  adapter  for  example,
              you  will  not  be  able to use the VPN feature of TeamViewer as
              long as vlmcsd is running.  The  same  applies  to  OpenVPN  TAP
              adapters that are in use by other programs (for example OpenVPN,
              QEMU, Ratiborus VM, aiccu, etc.). The best  way  to  avoid  con‐
              flicts  is to install Tap-Windows from OpenVPN, cd to C:\Program
              Files\TAP-Windows\bin and run addtap.bat  to  install  an  addi‐
              tional  TAP  adapter. Go to "Network Connections" and rename the
              new adapter to "vlmcsd" and specify VPN=vlmcsd to use it.


       ExitLevel
              Can be either 0 (the default) or 1. Controls under what  circum‐
              stances  vlmcsd  will  exit. Using the default of 0 vlmcsd stays
              active as long as it can perform some useful operations. If vlm‐
              csd  is  run  by any form of a watchdog, e.g. NT service manager
              (Windows), systemd (Linux) or launchd (Mac OS / iOS), it may  be
              desirable to end vlmcsd and let the watchdog restart it. This is
              especially true if some pre-requisites are not yet met but  will
              be some time later, e.g. network is not yet fully setup.

              By using ExitLevel = 0 vlmcsd will

                   exit if none of the listening sockets specified with -L can
                   be used. It continues if at least one socket can  be  setup
                   for listening.

                   exit  any TAP mirror thread (Windows version only) if there
                   is an error condition while reading or writing from  or  to
                   the  VPN  adapter  but continue to work without utilizing a
                   VPN adapter.

              By using ExitLevel = 1 vlmcsd will

                   exit if not all listening sockets specified with -L can  be
                   used.

                   exit completely if there is a problem with a VPN adapter it
                   is using. This may happen for instance if the  VPN  adapter
                   has  been disabled using "Control Panel - Network - Adapter
                   Settings" while vlmcsd is using it.


              Please note that ExitLevel = 1 is kind of a  workaround  option.
              While  it  may  help  under  some circumstances, it is better to
              solve the problem at  its  origin,  e.g.  properly  implementing
              dependencies in your startup script to ensure all network inter‐
              faces and the VPN adapter you  will  use  are  completely  setup
              before you start vlmcsd.


       UseNDR64
              Can  be  TRUE  or  FALSE.  Specifies whether you want to use the
              NDR64 transfer syntax. See options -n0 and -n1 in vlmcsd(8). The
              default is TRUE.


       UseBTFN
              Can  be  TRUE  or  FALSE. Specifies whether you want to use bind
              time feature negotiation in RPC. See options -b0 and -b1 in vlm‐
              csd(8). The default is TRUE.


       RandomizationLevel
              The  argument must 0, 1 or 2. This specifies the ePID randomiza‐
              tion level. See options -r0,  -r1  and  -r2  in  vlmcsd(8).  The
              default  randomization  level is 1. A RandomizationLevel of 2 is
              not recommended and should be treated as a debugging level.


       LCID   Use a specific culture id (LCID) even if the ePID is randomized.
              The  argument  must  be  a number between 1 and 32767. While any
              number in that range is valid, you should use an offcial LCID. A
              list  of  assigned  LCIDs  can  be  found  at http://msdn.micro‐
              soft.com/en-us/goglobal/bb964664.aspx. On the command  line  you
              control this setting with option -C.


       MaxWorkers
              The argument specifies the maximum number of worker processes or
              threads that will be used to serve activation  requests  concur‐
              rently.  This  is the same as specifying -m on the command line.
              Minimum is 1. The maximum is platform specific and is  at  least
              32767  but  is likely to be greater on most systems. The default
              is no limit.


       ConnectionTimeout
              Used to control when the vlmcsd  disconnects  idle  TPC  connec‐
              tions. The default is 30 seconds. This is the same setting as -t
              on the command line.


       DisconnectClientsImmediately
              Set this to TRUE to disconnect a client after it got an  activa‐
              tion  response  regardless whether a timeout has occured or not.
              The default is FALSE.  Setting  this  to  TRUE  is  non-standard
              behavior.  Use only if you are experiencing DoS or DDoS attacks.
              On the command line you control this behavior  with  options  -d
              and -k.


       PidFile
              Write  a  pid  file.  The argument is the full pathname of a pid
              file. The pid  file  contains  is  single  line  containing  the
              process  id  of  the  vlmcsd  process.  It  can  be used to stop
              (SIGTERM) or restart (SIGHUP)  vlmcsd.  This  directive  can  be
              overriden using -p on the command line.


       LogFile
              Write  a  log  file.  The argument is the full pathname of a log
              file. On a unixoid OS and with Cygwin you can  use  the  special
              filename  'syslog'  to  log  to the syslog facility. This is the
              same as specifying -l on the command line.


       KmsData
              Use a KMS data file. The argument is the full pathname of a  KMS
              data  file.  By default vlmcsd only contains the minimum product
              data that is required to perform all operations  correctly.  You
              may use a more complete KMS data file that contains all detailed
              product names. This is especially useful if you are logging  KMS
              requests. If you don't log, there is no need to load an external
              KMS data file.

              You may use KmsData = - to prevent the default KMS data file  to
              be loaded.


       LogDateAndTime
              Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log‐
              ging output does not include date and time. This  is  useful  if
              you  log  to  stdout(3)  which  is redirected to another logging
              mechanism that already includes date and time in its output, for
              instance  systemd-journald(8). If you log to syslog(3), LogDate‐
              AndTime is ignored and date and time will never be  included  in
              the output sent to syslog(3). Using the command line you control
              this setting with options -T0 and -T1.


       LogVerbose
              Set this to either TRUE or FALSE. The default is FALSE.  If  set
              to TRUE, more details of each activation will be logged. You use
              -v and -q in the command line to control this  setting.  LogVer‐
              bose  has  an  effect only if you specify a log file or redirect
              logging to stdout(3).


       WhitelistingLevel
              Can be 0, 1, 2 or 3. The default is  0.  Sets  the  whitelisting
              level to determine which products vlmcsd activates or refuses.

                   0:  activate  all  products  with  an  unknown,  retail  or
                   beta/preview KMS ID.
                   1: activate products with a retail or beta/preview  KMS  ID
                   but refuse to activate products with an unknown KMS ID.
                   2:  activate  products  with  an  unknown KMS ID but refuse
                   products with a retail or beta/preview KMS ID.
                   3: activate only products with a known volume  license  RTM
                   KMS ID and refuse all others.


              The  SKU  ID  is  not  checked. Like a genuine KMS server vlmcsd
              activates a product that has a random or unknown SKU ID. If  you
              select  1  or  3, vlmcsd also checks the Application ID for cor‐
              rectness. If Microsoft introduces a new KMS ID for a  new  prod‐
              uct,  you cannot activate it if you used 1 or 3 until a new ver‐
              sion of vlmcsd is available.


       CheckClientTime
              Can be TRUE or FALSE. The default is FALSE. If you set  this  to
              TRUE  vlmcsd(8)  checks  if the client time differs no more than
              four hours from the system time. This is useful to prevent  emu‐
              lator detection. A client that tries to detect an emulator could
              simply send two subsequent request with  two  time  stamps  that
              differ  more  than  four hours from each other. If both requests
              succeed, the server is an emulator. If you set this to TRUE on a
              system  with  no reliable time source, activations will fail. It
              is ok to set the correct system  time  after  you  started  vlm‐
              csd(8).


       MaintainClients
              Can  be TRUE or FALSE (the default). Disables (FALSE) or enables
              (TRUE) maintaining a list of client machine IDs (CMIDs). TRUE is
              useful  to prevent emulator detection. By maintaing a CMID list,
              vlmcsd(8) reports current active clients exactly like a  genuine
              KMS emulator. This includes bug compatibility to the extent that
              you can permanently kill a genuine KMS emulator  by  sending  an
              "overcharge request" with a required client count of 376 or more
              and then request activation for 671 clients.  vlmcsd(8)  can  be
              reset  from  this  condition by restarting it. If FALSE is used,
              vlmcsd(8) reports current active clients as good as possible. If
              no  client  sends an "overcharge request", it is not possible to
              detect vlmcsd(8) as an emulator with  MaintainClients  =  FALSE.
              Maintaining  clients requires the allocation of a buffer that is
              about 50 kB in size. On hardware with few memory  resources  use
              it only if you really need it.

              If  you  start vlmcsd(8) from an internet superserver, this set‐
              ting cannot be used. Since vlmcsd(8) exits  after  each  activa‐
              tion, it cannot maintain any state in memory.


       StartEmpty
              This  setting  is  ignored  if you do not also specify Maintain‐
              Clients = TRUE. If you specify FALSE  (the  default),  vlmcsd(8)
              starts  up  as  a  fully  "charged" KMS server. Clients activate
              immediately. StartEmpty = TRUE lets you start up vlmcsd(8)  with
              an empty CMID list. Activation will start when the required min‐
              imum clients (25 for Windows Client OSses, 5 for Windows  Server
              OSses  and  Office) have registered with the KMS server. As long
              as the minimum client count has not been reached, clients end up
              in HRESULT 0xC004F038 "The count reported by your Key Management
              Service (KMS) is insufficient. Please contact your system admin‐
              istrator".  You  may use vlmcs(1) or another KMS client emulator
              to "charge" vlmcsd(8). Setting this parameter to TRUE  does  not
              improve  emulator  detection prevention. It's primary purpose is
              to help developers of KMS  clients  to  test  "charging"  a  KMS
              server.


       ActivationInterval
              This  is the same as specifying -A on the command line. See vlm‐
              csd(8) for details. The default is 2 hours. Example: Activation‐
              Interval = 1h


       RenewalInterval
              This  is the same as specifying -R on the command line. See vlm‐
              csd(8) for details. The default is 7 days.  Example:  RenewalIn‐
              terval = 3d. Please note that the KMS client decides itself when
              to renew activation. Even though vlmcsd sends the renewal inter‐
              val  you specify, it is no more than some kind of recommendation
              to the client. Older KMS clients did follow  the  recommendation
              from a KMS server or emulator. Newer clients do not.


       User   Run  vlmcsd  as  another, preferrably less privileged, user. The
              argument can be a user name or a numeric user id. You must  have
              the  required  privileges  (capabilities on Linux) to change the
              security context of a process without providing any  credentials
              (a  password in most cases). On most unixoid OSses 'root' is the
              only user who has these privileges in the default configuration.
              This  setting  is not available in the native Windows version of
              vlmcsd. See -u in vlmcsd(8). This setting cannot be  changed  on
              the fly by sending SIGHUP to vlmcsd.


       Group  Run  vlmcsd  as another, preferrably less privileged, group. The
              argument can be a group name or a numeric  group  id.  You  must
              have  the  required privileges (capabilities on Linux) to change
              the security context of a process without providing any  creden‐
              tials  (a  password in most cases). On most unixoid OSses 'root'
              is the only user who has these privileges in the default config‐
              uration.  This  setting  is  not available in the native Windows
              version of vlmcsd. See -g in vlmcsd(8). This setting  cannot  be
              changed on the fly by sending SIGHUP to vlmcsd.


       Windows
              The  argument  has the form ePID [ / HwId ]. Always use ePID and
              HwId for Windows activations. If  specified,  RandomizationLevel
              for Windows activitations will be ignored.


       Office2010
              The  argument  has the form ePID [ / HwId ]. Always use ePID and
              HwId for Office 2010 activations. If  specified,  Randomization‐
              Level for Office 2010 activitations will be ignored.


       Office2013
              The  argument  has the form ePID [ / HwId ]. Always use ePID and
              HwId for Office 2013 activations. If  specified,  Randomization‐
              Level for Office 2013 activitations will be ignored.


       Office2016
              The  argument  has the form ePID [ / HwId ]. Always use ePID and
              HwId for Office 2016 activations. If  specified,  Randomization‐
              Level for Office 2016 activitations will be ignored.


VALID EPIDS
       The  ePID is currently a comment only. You can specify any string up to
       63 bytes. In Windows 7 Microsoft has blacklisted few (  <  10  )  ePIDs
       that  were  used  in KMSv5 versions of the "Ratiborus Virtual Machine".
       Microsoft has given up on blacklisting when KMS emulators  appeared  in
       the wild.

       Even if you can use "Activated by cool hacker guys" as an ePID, you may
       wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
       know  how  these  "valid"  ePIDs look like exactly, do not use GUIDS in
       vlmcsd.ini. vlmcsd  provides  internal  mechanisms  to  generate  valid
       ePIDs.

       If you use non-ASCII characters in your ePID (you shouldn't do anyway),
       these must be in UTF-8 format. This is especially  important  when  you
       run vlmcsd on Windows or cygwin because UTF-8 is not the default encod‐
       ing for most editors.

       If you are specifying an optional HWID it follows the same syntax as in
       the  -H  option in vlmcsd(8) ecxept that you must not enclose a HWID in
       quotes even if it contains spaces.


FILES
       vlmcsd.ini(5)


AUTHOR
       vlmcsd(8) was written by crony12, Hotbird64 and vityan666. With contri‐
       butions from DougQaid.


CREDITS
       Thanks  to  CODYQX4,  deagles,  eIcn, mikmik38, nosferati87, qad, Rati‐
       borus, ...


SEE ALSO
       vlmcsd(8), vlmcsd(7), vlmcs(1), vlmcsdmulti(1)



Hotbird64                        January 2017                    VLMCSD.INI(5)
