Forum Discussion

DakotaTSmith's avatar
DakotaTSmith
Copper Contributor
Jul 17, 2023

AAD Hybrid Joined Devices - Windows 10 Activation

Hey Everyone!

 

I am new to the community and excited to dive in with my first post. Apologies if my post ended up on the incorrect forum and if you think my question would be better served on a different Microsoft Community board please do let me know!

 

Anyway, I am running into Windows 10 Enterprise Activation for Hybrid joined devices. We have a handful of machines that were configured via SCCM and forced into a hybrid join state via AD Connect configuration (Note: These machines were licensed via on premise KMS before we migrated to licensing via Intune configuration). We have since deprecated our SCCM environment and use Autopilot/Intune to enroll our Windows 10 endpoint devices. We have an Windows 10 configuration profile setup to switch the OS over to enterprise and then activate the Windows 10 OS licensing which is applied to all windows 10 endpoint devices all of which are reporting successful application of this configuration profile.

 

The issue we are facing is it seems new devices enrolled via Autopilot inconsistently pull Windows 10 enteprise activation licenses and the machines that were setup via SCCM and previously licensed via KMS are now stating their windows needs re-activation. I have tried to set the KMS server to kms.core.windows.net:1688 via slmgr /skms command and then running slmgr /ato to pull a license from a public MS KMS endpoint but it seems to fail each time. 

 

We spun down the KMS host we had on our internal network and then removed the service record from our internal DNS to prevent those request getting directed to a location that does not exist anymore. 

 

I shall end my rant here and happy to provide any additional information! Also, attached is a screenshot of the consistent error on devices that have not pulled a Windows 10 activation license.

 

 

 

Cheers!!

 

Dakota

  • DakotaTSmith's avatar
    DakotaTSmith
    Copper Contributor

    DakotaTSmith 

     

    I understand there are some gaps in information here, but did not want to put a novel out here. If you have any contextual questions about the situation please do ask, happy to provide whatever information. Thanks in advance for any help, very interesting issue here!

    • MathieuVandenHautte's avatar
      MathieuVandenHautte
      Steel Contributor

      Hi DakotaTSmith,

      Just to be sure:
      - Can you first clear the local DNS cache or reboot the machine?

      - Also check the keys in the registry: 
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform
      - Can you try to update the licence when you are outside of the company network or connected over 4/5G, so DNS queries are resolved by public DNS resolvers only?

       

Resources