This may sound obvious, but it actually happened to my friend. He was running a PyKMS server that was Internet-facing, but on a different port (not 1688). He would manually set the KMS host on his machines to his home IP address and port so he could keep activated. Only a week or so ago, he got a C&D letter from someone at Microsoft, forwarded to him by his ISP. It said that Microsoft had "become aware" of a KMS server running on his IP address, including the random port he chose, which "could be used to illegally activate Windows". The letter was quite ominous and actually said he was "required" to contact a specific person at Microsoft, with contact information, to "discuss the situation." Naturally, he closed down Internet-facing access to the KMS server and decided instead to investigate VPN solutions for activation. Nobody ever did follow up, so perhaps Microsoft was just having someone available just in case someone actually needed help understanding how and why to secure KMS. However, this got me a little nervous so I did some digging, and in fact it's true: Windows 10 systems report the IP address and port of the KMS server they are activating against to Microsoft. It's called "KMS Client AVS Validation". Microsoft calls it part of their "telemetry" services, but obviously they're doing quite a bit more with this data than "using it in a non-personally-identifiable way to improve services." Obviously, don't open your KMS server to the Internet and use a VPN is the best solution. However, and I make NO GUARANTEES about this, but there is another possible way - there's a Group Policy setting under Computer->Policies->Admin Templates->Software Protection Platform->Turn off KMS Client AVS Validation. Setting this to True indicates that the computer "will not report activation state" to Microsoft. Interestingly Microsoft is pretty determined to keep this quiet, as I can't find any actual examples online of C&D letters for KMS servers, nor is there any real discussion of the AVS Validation option anywhere. I'm guessing the GP option exists for policy compliance, e.g. if a business or organization is not allowed to send information about its network to any outside entity? My assumption is that Microsoft simply "tests" any non-private IP addresses that are being reported as KMS servers, and if they find one is responding affirmatively to the Internet, they go through the appropriate channels to contact the owner. Of course though, even though anyone who's using a KMS hack is probably using either a localhost-based hack or a hacked server on the LAN, Microsoft is likely still aware that it's happening, and they'd have your source IP address from the telemetry report. In either case, if you are choosing to use KMS hacks, be very, very cautious. Microsoft may be watching.
I call BS, Microsoft would never request someone running an illegal KMS server to contact them regarding the matter lol
I agree with MrMagic regarding MS requesting contact! Also FYI, there has been discussion of the Group Policy setting several times, if memory serves me correctly I think it was abbodi who first noted its existence and posted advising us all of it. Over time I too have posted about it a few times. Disable KMS Telemetry: Group Policy Editor (gpedit.msc) Code: Computer Configuration > Administrative Templates > All Settings > Turn off KMS Client Online AVS Validation > Enabled Edit: abbodi - 01-Aug-15
makes you wonder what w10(or 7 and 8/8.1) are telling mother about doesnt it. if it has come to him via his isp, its gotta be kosher. it makes a strong argument to keep w10 offline(if you are using kms tools) and use linux for internet.
Could this "fix" be acheived with a registry file, bat file or cmd file so it could be added directly to an iso or the setup? Thanks Nucleus, i followed the link
I know. I was just pointing out abbodi's took care of the NoGenTicket thingy since version 4. Going to edit my previous post for anyone who could mistakenly download this outdated version.
I don't think they were accusing the KMS server itself of being illegal. What they were saying was "there's a KMS server, it's facing the Internet and accepts and validates unsolicited requests for activation, therefore the server could be used, even if it's legal, to illegally activate Windows for people who haven't paid for it." So the C&D letter was clearly written in a way to say "If you don't fix this, bad things can happen...but maybe you just have a misconfigured network, so call us and we'll explain to you what to do." I wish I had saved the actual text of the message, but I can't seem to find it in my history. If I come across it I'll post a redacted version.
You are probably fine if you are using a KMS localhost-based activation hack. However, the fact that you used the hack could still be leaked to Microsoft (they'd get telemetry data showing that someone activated Windows using KMS with the KMS server being at 127.0.0.1), and you can bet that they are able to link that information to your IP address. My guess is that (at least for now) the system is automated, and issues a C&D letter after it discovers a public facing KMS server accepting unsolicited activation requests. However, this means it would be more than possible for MS to start looking at the IPs of people who are activating against 127.0.0.1 (because in practice, there should be very few if any KMS activations against a local client machine in a production environment). Best solution is to make sure you set the GPO to disable reporting to Microsoft in the first place, though. We obviously don't know for sure if that actually fully blocks it, but we can at least assume it does.
I'm running a genuine KMS Server and it was available on a public IP to activate my clients and it is true Microsoft contacted me through my ISP and requested me to bring it down or they will take legal actions. I had no idea how Microsoft can get the public IP but I think what you said sounds logical that KMS Server dials Microsoft at a certain point People running none KMS Activators like KMS Pico etc.. the one who created the app knows best but I don't think he programmed it to call Microsoft because it defetes the objective Thanks for clearing that or me
By this, I assume Microsoft can't actually tell if the KMS sever is legit or not; they're only concerned with the fact that the KMS server is accepting unsolicited activation requests from the Internet. It's too bad that their letter has to sound so ominous (but maybe that's the only way to get the ISPs to actually forward it to their customers...?) The reporting behavior also appears to be new in Windows 10 (it might be being backported through those horrid telemetry additions though). My guess is this came about because there were already tons of places online to find lists of public-facing KMS servers. Microsoft basically wanted to close the loophole of anyone who can use Google and paste something into cmd.exe being able to activate Windows for free. Not to mention it is a legit statement that having servers which should be inside a private LAN exposed and responding to Internet requests is a security hazard.