Some time ago, my colleague updated our Quality Assurance domain name from ‘QA’ to ‘TEST’. I was unaware of this change when it was happening and only found out a few weeks later when one of the QA people had me look at a VM that wasn’t connecting to the domain. Needless to say, I was a bit frustrated that the change hadn’t been communicated, but proceeded to work with everyone on the team to move their machines to the new domain. All has been working well until recently when I built a new vCloud template. Upon deployment, I found (amongst a few other problems) that it refused to activate. Running ‘slmgr /ato’ resulted in the following error:
Windows could not be activated. Key management services (KMS) host could not be located in domain name system (DNS), please have your system adminstrator verify that a KMS is published correctly in DNS. Error: 0x8007232b Description: DNS name does not exist.
Ok great. KMS must be broken. Or maybe DNS. Starting with the easy steps, I looked to see if the domain DNS server was reachable; it was. I checked to see if the KMS server was reachable (which is on another domain/forest) and it was, or at least I could ping it. I then went to another VM that was on the same domain as the KMS server to see if it would properly activate and it did. Ran slmgr /dlv which said it had 174 days left in activation. Followed that by slmgr /ato which succeeded and again ran slmgr /dlv which reported 180 days remaining in activation. Event logs on both the VM and the KMS host also looked correct. Okay, so it isn’t KMS. I did a bit more digging around on the affected machine to try to find out what was wrong. DNS wasn’t properly resolving according to the error so I checked the NIC with ipconfig /all. Oh would you look at that, the DNS Suffix Lookup was still set to the old domain. Ok but why? Since it was only happening on newly deployed machines, I checked vCloud and found that it was hardcoded into the vDC network. Unfortunately, it is a direct network so the only way to update this is to remove and re-add the network. Of course, doing this would destroy the NICs on any machines (which is all of them in the ORG) so I decided against this. I tried vCloud CLI which failed for the same reason as the GUI failed (direct network). Ok, so how do I get this working? Well, how about a GPO? Seems reasonable so I created a new GPO at the root with an appropriate title and set the following setting: Computer Configuration > Policies > Administrative Templates > Network > DNS Client > DNS Suffix Search List. Set this to ‘enabled’ and add the appropriate suffix. Then I ran repadmin /syncall to force synchronization of the GPOs. After this I forced policy update on the affected machine (gpupdate /force) and then attempted Windows Activation again (repadmin /ado). Success!