Update 3.14.2023: We have added a new table with ESU SKU IDs for Windows Server 2008/2008 R2. Update 1.31.2023: For organizations that need additional time to upgrade and modernize their Windows Server 2008 and 2008 R2 environments on Azure, we will now offer one additional year of Extended Security Updates (ESU) for Azure environments only. These ESU will be available beginning on February 14, 2023 and ending on January 9, 2024. This also applies to Azure Stack HCI, Azure Stack Hub, and other Azure products. For more details, see Procedure to continue receiving security updates after extended support ends on January 10, 2023. Update 11.5.2021: For more information, see Update: Extended Security Updates for Windows 7 and Windows Server 2008. Update 1.12.2021: For more information, see Year two: Extended Security Updates for Windows 7 and Windows Server 2008. Update 3.10.2020: Before installing and activating ESU keys, please ensure that you have installed all of the prerequisites outlined under Installation prerequisites below. Installing the latest servicing stack updates (SSUs) helps ensures that security updates will continue to land on the devices in your environment. The Installation prerequisites section of this post has been updated to include the current required SSUs, and will continue to be updated as needed. |
We understand that everyone is at a different point in the process of deploying and servicing Windows. If your organization was unable to complete the transition from Windows 7 Pro or Enterprise to Windows 10—or from Windows Server 2008 and 2008 R2 Datacenter, Enterprise, or Standard to the latest version of Windows Server—prior to the end of support on January 14, 2020, myself and my fellow members on the ESU team want to help you keep these devices protected while you complete your Windows and Windows Server upgrade projects.
Windows Server 2008 and 2008 R2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azure's commitment to security and compliance and have moved to Azure to protect their 2008 and R2 workloads with free Extended Security Updates.
For those customers who need additional time to upgrade and modernize their Windows Server 2008 and 2008 R2 on Azure, we will now provide one additional year of Extended Security Updates only on Azure available beginning on February 14, 2023, ending on January 9, 2024. This also applies to Azure Stack HCI, Azure Stack Hub, and other Azure products.
Note: Eligible customers with active Software Assurance or Windows Server Subscriptions can use the Azure Hybrid Benefit to obtain discounts on Azure virtual machine licenses or Azure SQL Database managed instances. Extended Security Updates for select Windows Embedded products are available via your embedded device manufacturer. |
Now, let's walk through where to purchase Windows Server 2008 SP2 and Windows Server 2008 R2, and how to find the appropriate key on the Volume Licensing Service Center.
Extended Security Updates are available through specific Microsoft Volume Licensing programs. Coverage is available in three consecutive 12-month increments beginning January 14, 2020. Extended Security updates are available for purchase in 12-month increments only. You cannot buy partial periods (e.g. 6 months of updates).
Note: The prerequisites listed in this section will be updated as needed. |
The following steps must be completed before installing and activating ESU keys:
Note: Once a servicing stack update is installed, it cannot be removed or uninstalled from the machine. For more information, see Servicing stack updates. |
Note: Classified as a Security-only package, the ESU licensing preparation package is available via Windows Server Update Services (WSUS) or the Microsoft Update Catalog. The ESU licensing preparation package is not currently available via Windows Update. |
Once you have installed the prerequisites listed above, you're ready to install and activate the ESU license key.
Note: Installing the ESU product key will not replace the existing Windows OS product key on the device. |
First, install the ESU product key using the Windows Software Licensing Management Tool (slmgr). Then:
Note: If you see the Error:0xC004F050 while trying to install the product key on Windows Server 2008 SP2, your device may require an additional reboot. |
Next, find the ESU Activation ID:
Once the ESU key is activated, continue to use your current update and servicing strategy to deploy ESUs through Windows Update, WSUS, the Microsoft Update Catalog, or whichever patch management solution you prefer. Extended Security Updates will have the Security-only update classification.
Note: Windows Update offline scan files (WSUSScn2.cab) will continue to be available for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. If you have devices running one of these operating systems, but don't have ESUs, those devices will show up as non-compliant in your patch management and compliance toolsets. |
If you are using a proxy firewall, you may need to allow list the activation endpoints for ESU key activation to succeed.
For online activation (i.e. local key deployment), you will need to allow list all the following URLs:
Windows 7 SP1 and Windows Server 2008 R2 SP1 |
https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx |
https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx |
Windows Server 2008 SP2 |
https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx |
https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx |
For proxy activation using the Volume Activation Management Tool (VAMT), allow list the following URLs:
Once you have completed your allow lists, you are ready to activate the ESU product key:
You should now see a message stating that you have activated the key successfully:
The following tables outlines possible values for <ESU Activation Id>. The activation IDs are the same across all eligible Windows ESU editions and all devices enrolled for that program.
ESU program |
ESU SKU (or Activation) ID |
Windows 7 SP1 (Client) |
|
Year 1 |
77db037b-95c3-48d7-a3ab-a9c6d41093e0 |
Year 2 |
0e00c25d-8795-4fb7-9572-3803d91b6880 |
Year 3 |
4220f546-f522-46df-8202-4d07afd26454 |
ESU program |
ESU SKU (or Activation) ID |
Windows Server 2008/2008 R2 |
|
Year 1 |
553673ed-6ddf-419c-a153-b760283472fd |
Year 2 |
04fa0286-fa74-401e-bbe9-fbfbb158010d |
Year 3 |
16c08c85-0c8b-400909b2b-f1f7319e45f9 |
Year 4 |
32163ff8-e96d-40b1-973c-44b9bf096d83 |
Important: Activation via Control Panel > System and Security > System > Activate Windows cannot be used to activate ESU keys. It activates the Windows operating system only. |
Once you have activated the ESU product key, you can verify the status at any time by following these steps:
Windows 7 SP1 and Windows Server 2008 R2 SP1:
Windows Server 2008 SP2:
The License Status will show as Licensed for the corresponding ESU program, as shown below:
Note: We recommend using a management tool, such as System Center Configuration Manager, to send the slmgr scripts to your enterprise devices. |
To install and activate ESU for devices that are not connected to the Internet, you can use the VAMT or phone activation.
You can use the VAMT for online and/or proxy activation. To install and activate ESU keys using the VAMT, follow these steps:
Note: For systems that cannot connect to the Internet for activation, you can use the VAMT to perform proxy activation. |
For additional guidance on how to install and activate Windows 7 ESU keys on multiple devices using a multiple activation key (MAK), see this post.
To activate ESU keys via phone, use the slmgr command options - /dti and /atp. To activate ESU keys via phone, follow these steps:
You do not need to deploy an additional ESU key for Azure virtual machines (VMs), Azure Stack HCI version 21H2 and later.
For other Azure products such as Azure VMWare, Azure Nutanix solution Azure Stack (Hub, Edge), or for bring-your-own images on Azure for Windows Server 2008 SP2, and Windows Server 2008 R2 SP1 you do need to deploy the ESU key. The steps to install, activate, and deploy ESUs are the same for fourth year of ESU coverage
Like on-premises devices, you will need to install the appropriate SSUs as outlined in the article Obtaining Extended Security Updates for eligible Windows devices - Microsoft Community Hub Installation prerequisites section. After installing the SSUs noted above, VMs will be enabled to download the ESU updates.
A pre-patched Windows Server 2008 R2 SP1 image are available from the Azure Marketplace.
For answers to commonly asked questions about ESU for Windows Server 2008 and 2008 R2 SP1, see Extended Security Updates frequently asked questions.
To learn more about ESU, please watch our Microsoft Ignite 2019 session on How to manage Windows 7 Extended Security Updates (ESU) for on-premises and cloud environments
If your organization still has devices running Windows Server 2008, or Windows Server 2008 R2 SP1, we recommend that you take the steps outlined above today and take advantage of Extended Security Updates to help ensure that your devices continue to receive necessary security updates
If you are interested in learning more about Extended Security Updates, please see the following resources:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.