mirror of
				https://github.com/Wind4/vlmcsd
				synced 2025-10-22 17:41:39 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			958 lines
		
	
	
		
			34 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
			
		
		
	
	
			958 lines
		
	
	
		
			34 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
| <!-- Creator     : groff version 1.22.3 -->
 | |
| <!-- CreationDate: Thu Aug 11 16:07:08 2016 -->
 | |
| <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 | |
| "http://www.w3.org/TR/html4/loose.dtd">
 | |
| <html>
 | |
| <head>
 | |
| <meta name="generator" content="groff -Thtml, see www.gnu.org">
 | |
| <meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
 | |
| <meta name="Content-Style" content="text/css">
 | |
| <style type="text/css">
 | |
|        p       { margin-top: 0; margin-bottom: 0; vertical-align: top }
 | |
|        pre     { margin-top: 0; margin-bottom: 0; vertical-align: top }
 | |
|        table   { margin-top: 0; margin-bottom: 0; vertical-align: top }
 | |
|        h1      { text-align: center }
 | |
| </style>
 | |
| <title>VLMCSD</title>
 | |
| 
 | |
| </head>
 | |
| <body>
 | |
| 
 | |
| <h1 align="center">VLMCSD</h1>
 | |
| 
 | |
| <a href="#NAME">NAME</a><br>
 | |
| <a href="#SYNOPSIS">SYNOPSIS</a><br>
 | |
| <a href="#DESCRIPTION">DESCRIPTION</a><br>
 | |
| <a href="#OPTIONS">OPTIONS</a><br>
 | |
| <a href="#SIGNALS">SIGNALS</a><br>
 | |
| <a href="#SUPPORTED OPERATING SYSTEMS">SUPPORTED OPERATING SYSTEMS</a><br>
 | |
| <a href="#SUPPORTED PRODUCTS">SUPPORTED PRODUCTS</a><br>
 | |
| <a href="#FILES">FILES</a><br>
 | |
| <a href="#EXAMPLES">EXAMPLES</a><br>
 | |
| <a href="#BUGS">BUGS</a><br>
 | |
| <a href="#INTENTIONAL BUGS">INTENTIONAL BUGS</a><br>
 | |
| <a href="#AUTHOR">AUTHOR</a><br>
 | |
| <a href="#CREDITS">CREDITS</a><br>
 | |
| <a href="#SEE ALSO">SEE ALSO</a><br>
 | |
| 
 | |
| <hr>
 | |
| 
 | |
| 
 | |
| <h2>NAME
 | |
| <a name="NAME"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">vlmcsd −
 | |
| a fully Microsoft compatible KMS server</p>
 | |
| 
 | |
| <h2>SYNOPSIS
 | |
| <a name="SYNOPSIS"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b> [
 | |
| <i>options</i> ]</p>
 | |
| 
 | |
| <h2>DESCRIPTION
 | |
| <a name="DESCRIPTION"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
 | |
| is a fully Microsoft compatible KMS server that provides
 | |
| product activation services to clients. It is meant as a
 | |
| drop-in replacement for a Microsoft KMS server (Windows
 | |
| computer with KMS key entered). It currently supports KMS
 | |
| protocol versions 4, 5 and 6.</p>
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
 | |
| is designed to run on POSIX compatible operating systens. It
 | |
| only requires a basic C library with a BSD-style sockets API
 | |
| and either <b>fork</b>(2) or <b>pthreads</b>(7). That allows
 | |
| it to run on most embedded systems like routers, NASes,
 | |
| mobile phones, tablets, TVs, settop boxes, etc. Some efforts
 | |
| have been made that it also runs on Windows.</p>
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">Although
 | |
| <b>vlmcsd</b> does neither require an activation key nor a
 | |
| payment to anyone, it is not meant to run illegal copies of
 | |
| Windows. Its purpose is to ensure that owners of legal
 | |
| copies can use their software without restrictions, e.g. if
 | |
| you buy a new computer or motherboard and your key will be
 | |
| refused activation from Microsoft servers due to hardware
 | |
| changes.</p>
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
 | |
| may be started via an internet superserver like
 | |
| <b>inetd</b>(8) or <b>xinetd</b>(8) as well as an advanced
 | |
| init system like <b>systemd</b>(8) or <b>launchd</b>(8)
 | |
| using socket based activation. If <b>vlmcsd</b> detects that
 | |
| <b>stdin</b>(3) is a socket, it assumes that there is
 | |
| already a connected client on stdin that wants to be
 | |
| activated. All options that control setting up listening
 | |
| sockets will be ignored when in inetd mode.</p>
 | |
| 
 | |
| <h2>OPTIONS
 | |
| <a name="OPTIONS"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">Since vlmcsd
 | |
| can be configured at compile time, some options may not be
 | |
| available on your system.</p>
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">All options
 | |
| that do no require an argument may be combined with a single
 | |
| dash, for instance "vlmcsd -D -e" is identical to
 | |
| "vlmcsd -De". For all options that require an
 | |
| argument a space between the option and the option argument
 | |
| is optional. Thus "vlmcsd -r 2" and "vlmcsd
 | |
| -r2" are identical too. <b><br>
 | |
| -h</b> or <b>-?</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Displays help.</p>
 | |
| 
 | |
| <table width="100%" border="0" rules="none" frame="void"
 | |
|        cellspacing="0" cellpadding="0">
 | |
| <tr valign="top" align="left">
 | |
| <td width="11%"></td>
 | |
| <td width="3%">
 | |
| 
 | |
| 
 | |
| <p><b>-V</b></p></td>
 | |
| <td width="8%"></td>
 | |
| <td width="78%">
 | |
| 
 | |
| 
 | |
| <p>Displays extended version information. This includes the
 | |
| compiler used to build vlmcsd, the intended platform and
 | |
| flags (compile time options) to build vlmcsd. If you have
 | |
| the source code of vlmcsd, you can type <b>make help</b> (or
 | |
| <b>gmake help</b> on systems that do not use the GNU version
 | |
| of <b>make</b>(1) by default) to see the meaning of those
 | |
| flags.</p> </td></tr>
 | |
| </table>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-L</b>
 | |
| <i>ipaddress</i>[:<i>port</i>]</p>
 | |
| 
 | |
| <p style="margin-left:22%;">Instructs vlmcsd to listen on
 | |
| <i>ipaddress</i> with optional <i>port</i> (default 1688).
 | |
| You can use this option more than once. If you do not
 | |
| specify <b>-L</b> at least once, IP addresses 0.0.0.0 (IPv4)
 | |
| and :: (IPv6) are used. If the IP address contains colons
 | |
| (IPv6) you must enclose the IP address in brackets if you
 | |
| specify the optional port, e.g.
 | |
| [2001:db8::dead:beef]:1688.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">If no port is
 | |
| specified, vlmcsd uses the default port according to a
 | |
| preceding <b>-P</b> option. If you specify a port, it can be
 | |
| a number (1-65535) or a name (usually found in /etc/services
 | |
| if not provided via LDAP, NIS+ or another name service).</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">If you specify
 | |
| a link local IPv6 address (fe80::/10, usually starting with
 | |
| fe80::), it must be followed by a percent sign (%) and a
 | |
| scope id (=network interface name or number) on most unixoid
 | |
| OSses including Linux, Android, MacOS X and iOS, e.g.
 | |
| fe80::1234:56ff:fe78:9abc<b>%eth0</b> or
 | |
| [fe80::1234:56ff:fe78:9abc<b>%2</b>]:1688. Windows
 | |
| (including cygwin) does not require a scope id unless the
 | |
| same link local address is used on more than one network
 | |
| interface. Windows does not accept a name and the scope id
 | |
| must be a number.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-o</b> <i>level</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Sets the <i>level</i> of
 | |
| protection against activations from public IP addresses. The
 | |
| default is <b>-o0</b> for no protection.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em"><b>-o1</b>
 | |
| causes vlmcsd not to listen on all IP addresses but on
 | |
| private IP addresses only. IPv4 addresses in the
 | |
| 100.64.0.0/10 range (see RFC6598) are not treated as private
 | |
| since they can be reached from other users of your ISP.
 | |
| Private IPv4 addresses are 10.0.0.0/8, 172.16.0.0/12,
 | |
| 192.168.0.0/16, 169.254.0.0/16 and 127.0.0.0/8. vlmcsd
 | |
| treats all IPv6 addresses not within 2000::/3 as private
 | |
| addresses.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">If <b>-o1</b>
 | |
| is combined with <b>-L</b>, it will listen on all private IP
 | |
| addresses plus the ones specified by one or more <b>-L</b>
 | |
| statements. If <b>-o1</b> is combined with <b>-P</b>, only
 | |
| the last <b>-P</b> statement will be used.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">Using
 | |
| <b>-o1</b> does not protect you if you enable NAT port
 | |
| forwarding on your router to your vlmcsd machine. It is
 | |
| identical to using multiple -L statements with all of your
 | |
| private IP addresses. What <b>-o1</b> does for you, is
 | |
| automatically enumerating your private IP addresses.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em"><b>-o2</b> does
 | |
| not affect the interfaces, vlmcsd is listening on. When a
 | |
| clients connects, vlmcsd immediately drops the connection if
 | |
| the client has a public IP address. Unlike <b>-o1</b>
 | |
| clients will be able to establish a TCP connection but it
 | |
| will be closed without a single byte sent over the
 | |
| connection. This protects against clients with public IP
 | |
| addresses even if NAT port forwarding is used. While
 | |
| <b>-o2</b> offers a higher level of protection than
 | |
| <b>-o1</b>, the client sees that the KMS TCP port (1688 by
 | |
| default) is actually accepting connections.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">If vlmcsd is
 | |
| compiled to use MS RPC, <b>-o2</b> can only offer very poor
 | |
| protection. Control is passed from MS RPC to vlmcsd after
 | |
| the KMS protocol has already been negotiated. Thus a client
 | |
| can always verify that the KMS protocol is available even
 | |
| though it receives an RPC_S_ACCESS_DENIED error message.
 | |
| vlmcsd will issue a warning if <b>-o2</b> is used with MS
 | |
| RPC. <b>For adaequate protection do not use a MS RPC build
 | |
| of vlmcsd with -o2</b>.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em"><b>-o3</b>
 | |
| combines <b>-o1</b> and <b>-o2</b>. vlmcsd listens on
 | |
| private interfaces only and if a public client manages to
 | |
| connect anyway due to NAT port forwarding, it will be
 | |
| immediately dropped.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">If you use any
 | |
| form of TCP level port forwarding (e.g. <b>nc</b>(1),
 | |
| <b>netcat</b>(1), <b>ssh</b>(1) port forwarding or similar)
 | |
| to redirect KMS requests to vlmcsd, there will be no
 | |
| protection even if you use <b>-o2</b> or <b>-o3</b>. This is
 | |
| due to the simple fact that vlmcsd sees the IP address of
 | |
| the redirector and not the IP address of the client.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em"><b>-o1</b> (and
 | |
| thus <b>-o3</b>) is not (yet) available in some
 | |
| scenarios:</p>
 | |
| 
 | |
| <p style="margin-left:29%; margin-top: 1em">FreeBSD: There
 | |
| is a longtime unfixed
 | |
| <a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881">bug</a>
 | |
| in the 32-bit ABI of the 64-bit kernel. If you have a 64-bit
 | |
| FreeBSD kernel, you must run the 64-bit version of vlmcsd if
 | |
| you use <b>-o1</b> or <b>-o3</b>. The 32-bit version causes
 | |
| undefined behavior up to crashing vlmcsd. Other BSDs
 | |
| (NetBSD, OpenBSD, Dragonfly and Mac OS X) work
 | |
| correctly.</p>
 | |
| 
 | |
| <p style="margin-left:29%; margin-top: 1em">If vlmcsd was
 | |
| started by an internet superserver or was compiled to use
 | |
| Microsoft RPC (Windows only) or simple sockets, <b>-o1</b>
 | |
| and <b>-o3</b> are not available by design.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-P</b> <i>port</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Use TCP <i>port</i> for all
 | |
| subsequent <b>-L</b> statements that do not include an
 | |
| optional port. If you use <b>-P</b> and <b>-L</b>, <b>-P</b>
 | |
| must be specified before <b>-L</b>.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-F0</b> and <b>-F1</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Allow (<b>-F1</b>) or disallow
 | |
| (<b>-F0</b>) binding to IP addresses that are currently not
 | |
| configured on your system. The default is <b>-F0</b>.
 | |
| <b>-F1</b> allows you to bind to an IP address that may be
 | |
| configured after you started <b>vlmcsd</b>. <b>vlmcsd</b>
 | |
| will listen on that address as soon as it becomes available.
 | |
| This feature is only available under Linux (IPv4 and IPv6)
 | |
| and FreeBSD (IPv4 only). FreeBSD allows this feature only
 | |
| for the root user (more correctly: processes that have the
 | |
| PRIV_NETINET_BINDANY privilege). Linux does not require a
 | |
| capability for this.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-t</b> <i>seconds</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Timeout the TCP connection with
 | |
| the client after <i>seconds</i> seconds. After sending an
 | |
| activation request. RPC keeps the TCP connection for a
 | |
| while. The default is 30 seconds. You may specify a shorter
 | |
| period to free ressources on your device faster. This is
 | |
| useful for devices with limited main memory or if you used
 | |
| <b>-m</b> to limit the concurrent clients that may request
 | |
| activation. Microsoft RPC clients disconnect after 30
 | |
| seconds by default. Setting <i>seconds</i> to a greater
 | |
| value does not make much sense.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-m</b>
 | |
| <i>concurrent-clients</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Limit the number of clients
 | |
| that will be handled concurrently. This is useful for
 | |
| devices with limited ressources or if you are experiencing
 | |
| DoS attacks that spawn thousands of threads or forked
 | |
| processes. If additional clients connect to vlmcsd, they
 | |
| need to wait until another client disconnects. If you set
 | |
| <i>concurrent-clients</i> to a small value ( <10 ), you
 | |
| should also select a reasonable timeout of 2 or 3 seconds
 | |
| with <b>-t</b>. The default is no limit.</p>
 | |
| 
 | |
| <table width="100%" border="0" rules="none" frame="void"
 | |
|        cellspacing="0" cellpadding="0">
 | |
| <tr valign="top" align="left">
 | |
| <td width="11%"></td>
 | |
| <td width="3%">
 | |
| 
 | |
| 
 | |
| <p><b>-d</b></p></td>
 | |
| <td width="8%"></td>
 | |
| <td width="78%">
 | |
| 
 | |
| 
 | |
| <p>Disconnect each client after processing one activation
 | |
| request. This is a direct violation of DCE RPC but may help
 | |
| if you receive malicous fake RPC requests that block your
 | |
| threads or forked processes. Some other KMS emulators (e.g.
 | |
| py-kms) behave this way.</p></td></tr>
 | |
| <tr valign="top" align="left">
 | |
| <td width="11%"></td>
 | |
| <td width="3%">
 | |
| 
 | |
| 
 | |
| <p><b>-k</b></p></td>
 | |
| <td width="8%"></td>
 | |
| <td width="78%">
 | |
| 
 | |
| 
 | |
| <p>Do not disconnect clients after processing an activation
 | |
| request. This selects the default behavior. <b>-k</b> is
 | |
| useful only if you used an ini file (see
 | |
| <b>vlmcsd.ini</b>(5) and <b>-i</b>). If the ini file
 | |
| contains the line "DisconnectClientsImmediately =
 | |
| true", you can use this switch to restore the default
 | |
| behavior.</p> </td></tr>
 | |
| </table>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-N0</b> and <b>-N1</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Disables (<b>-N0</b>) or
 | |
| enables (<b>-N1</b>) the use of the NDR64 transfer syntax in
 | |
| the RPC protocol. Unlike Microsoft vlmcsd supports NDR64 on
 | |
| 32-bit operating systems. Microsoft introduced NDR64 in
 | |
| Windows Vista but their KMS servers started using it with
 | |
| Windows 8. Thus if you choose random ePIDs, vlmcsd will
 | |
| select ePIDs with build numbers 9200 and 9600 if you enable
 | |
| NDR64 and build numbers 6002 and 7601 if you disable NDR64.
 | |
| The default is to enable NDR64.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-B0</b> and <b>-B1</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Disables (<b>-B0</b>) or
 | |
| enables (<b>-B1</b>) bind time feature negotiation (BTFN) in
 | |
| the RPC protocol. All Windows operating systems starting
 | |
| with Vista support BTFN and try to negotiate it when
 | |
| initiating an RPC connection. Thus consider turning it off
 | |
| as a debug / troubleshooting feature only. Some older
 | |
| firewalls that selectively block or redirect RPC traffic may
 | |
| get confused when they detect NDR64 or BTFN.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-l</b> <i>filename</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Use <i>filename</i> as a log
 | |
| file. The log file records all activations with IP address,
 | |
| Windows workstation name (no reverse DNS lookup), activated
 | |
| product, KMS protocol, time and date. If you do not specify
 | |
| a log file, no log is created. For a live view of the log
 | |
| file type tail -f <i>file</i>.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">If you use the
 | |
| special <i>filename</i> "syslog", vlmcsd uses
 | |
| <b>syslog</b>(3) for logging. If your system has no syslog
 | |
| service (/dev/log) installed, logging output will go to
 | |
| /dev/console. Syslog logging is not available in the native
 | |
| Windows version. The Cygwin version does support syslog
 | |
| logging.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-T0</b> and <b>-T1</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Disable (<b>-T0</b>) or enable
 | |
| (<b>-T1</b>) the inclusion of date and time in each line of
 | |
| the log. The default is <b>-T1</b>. <b>-T0</b> is useful if
 | |
| you log to <b>stdout</b>(3) which is redirected to another
 | |
| logging mechanism that already includes date and time in its
 | |
| output, for instance <b>systemd-journald</b>(8). If you log
 | |
| to <b>syslog</b>(3), <b>-T1</b> is ignored and date and time
 | |
| will never be included in the output sent to
 | |
| <b>syslog</b>(3).</p>
 | |
| 
 | |
| <table width="100%" border="0" rules="none" frame="void"
 | |
|        cellspacing="0" cellpadding="0">
 | |
| <tr valign="top" align="left">
 | |
| <td width="11%"></td>
 | |
| <td width="3%">
 | |
| 
 | |
| 
 | |
| <p><b>-D</b></p></td>
 | |
| <td width="8%"></td>
 | |
| <td width="78%">
 | |
| 
 | |
| 
 | |
| <p>Normally vlmcsd daemonizes and runs in background
 | |
| (except the native Windows version). If <b>-D</b> is
 | |
| specified, vlmcsd does not daemonize and runs in foreground.
 | |
| This is useful for testing and allows you to simply press
 | |
| <Ctrl-C> to exit vlmcsd.</p></td></tr>
 | |
| </table>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">The native
 | |
| Windows version never daemonizes and always behaves as if
 | |
| <b>-D</b> had been specified. You may want to install vlmcsd
 | |
| as a service instead. See <b>-s</b>.</p>
 | |
| 
 | |
| <table width="100%" border="0" rules="none" frame="void"
 | |
|        cellspacing="0" cellpadding="0">
 | |
| <tr valign="top" align="left">
 | |
| <td width="11%"></td>
 | |
| <td width="3%">
 | |
| 
 | |
| 
 | |
| <p style="margin-top: 1em"><b>-e</b></p></td>
 | |
| <td width="8%"></td>
 | |
| <td width="78%">
 | |
| 
 | |
| 
 | |
| <p style="margin-top: 1em">If specified, vlmcsd ignores
 | |
| <b>-l</b> and writes all logging output to <b>stdout</b>(3).
 | |
| This is mainly useful for testing and debugging and often
 | |
| combined with <b>-D</b>.</p></td></tr>
 | |
| <tr valign="top" align="left">
 | |
| <td width="11%"></td>
 | |
| <td width="3%">
 | |
| 
 | |
| 
 | |
| <p><b>-v</b></p></td>
 | |
| <td width="8%"></td>
 | |
| <td width="78%">
 | |
| 
 | |
| 
 | |
| <p>Use verbose logging. Logs every parameter of the base
 | |
| request and the base response. It also logs the HWID of the
 | |
| KMS server if KMS protocol version 6 is used. This option is
 | |
| mainly for debugging purposes. It only has an effect if some
 | |
| form of logging is used. Thus <b>-v</b> does not make sense
 | |
| if not used with <b>-l</b>, <b>-e</b> or <b>-f</b>.</p></td></tr>
 | |
| <tr valign="top" align="left">
 | |
| <td width="11%"></td>
 | |
| <td width="3%">
 | |
| 
 | |
| 
 | |
| <p><b>-q</b></p></td>
 | |
| <td width="8%"></td>
 | |
| <td width="78%">
 | |
| 
 | |
| 
 | |
| <p>Do not use verbose logging. This is actually the default
 | |
| behavior. It only makes sense if you use vlmcsd with an ini
 | |
| file (see <b>-i</b> and <b>vlmcsd.ini</b>(5)). If the ini
 | |
| file contains the line "LogVerbose = true" you can
 | |
| use <b>-q</b> to restore the default behavior.</p></td></tr>
 | |
| </table>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-p</b> <i>filename</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Create pid file
 | |
| <i>filename</i>. This has nothing to do with KMS ePIDs. A
 | |
| pid file is a file where vlmcsd writes its own process id.
 | |
| This is used by standard init scripts (typically found in
 | |
| /etc/init.d). The default is not to write a pid file.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-u</b> <i>user</i> and
 | |
| <b>-g</b> <i>group</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Causes vlmcsd to run in the
 | |
| specified <i>user</i> and <i>group</i> security context. The
 | |
| main purpose for this is to drop root privileges after it
 | |
| has been started from the root account. To use this feature
 | |
| from cygwin you must run cyglsa-config and the account from
 | |
| which vlmcsd is started must have the rights "Act as
 | |
| part of the operating system" and "Replace a
 | |
| process level token". The native Windows version does
 | |
| not support these options.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">The actual
 | |
| security context switch is performed after the TCP sockets
 | |
| have been created. This allows you to use privileged ports
 | |
| (< 1024) when you start vlmcsd from the root account.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">However if you
 | |
| use an ini, pid or log file, you must ensure that the
 | |
| unprivileged user has access to these files. You can always
 | |
| log to <b>syslog</b>(3) from an unprivileged account on most
 | |
| platforms (see <b>-l</b>).</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-w</b> <i>ePID</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Use <i>ePID</i> as Windows
 | |
| ePID. If specified, <b>-r</b> is disregarded for
 | |
| Windows.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-0</b> <i>ePID</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Use <i>ePID</i> as Office 2010
 | |
| ePID (including Project and Visio). If specified, <b>-r</b>
 | |
| is disregarded for Office 2010.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-3</b> <i>ePID</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Use <i>ePID</i> as Office
 | |
| 2013/2016 ePID (including Project and Visio). If specified,
 | |
| <b>-r</b> is disregarded for Office 2013/2016.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-H</b> <i>HwId</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Use <i>HwId</i> for all
 | |
| products. All HWIDs in the ini file (see <b>-i</b>) will not
 | |
| be used. In an ini file you can specify a seperate HWID for
 | |
| each <i>application-guid</i>. This is not possible when
 | |
| entering a HWID from the command line.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em"><i>HwId</i>
 | |
| must be specified as 16 hex digits that are interpreted as a
 | |
| series of 8 bytes (big endian). Any character that is not a
 | |
| hex digit will be ignored. This is for better readability.
 | |
| The following commands are identical:</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">vlmcsd -H
 | |
| 0123456789ABCDEF <br>
 | |
| vlmcsd -H 01:23:45:67:89:ab:cd:ef <br>
 | |
| vlmcsd -H "01 23 45 67 89 AB CD EF"</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-i</b> <i>filename</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Use configuration file (aka ini
 | |
| file) <i>filename</i>. Most configuration parameters can be
 | |
| set either via the command line or an ini file. The command
 | |
| line always has precedence over configuration items in the
 | |
| ini file. See <b>vlmcsd.ini</b>(5) for the format of the
 | |
| configuration file.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">If vlmcsd has
 | |
| been compiled to use a default configuration file (often
 | |
| /etc/vlmcsd.ini), you may use <b>-i-</b> to ignore the
 | |
| default configuration file.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-r0</b>, <b>-r1</b>
 | |
| (default) and <b>-r2</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">These options determine how
 | |
| ePIDs are generated if</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">- you did not
 | |
| sprecify an ePID in the command line and <br>
 | |
| - you haven’t used <b>-i</b> or <br>
 | |
| - the file specified by <b>-i</b> cannot be opened or <br>
 | |
| - the file specified by <b>-i</b> does not contain the
 | |
| <i>application-guid</i> for the KMS request</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em"><b>-r0</b>
 | |
| means there are no random ePIDs. vlmcsd simply issues
 | |
| default ePIDs that are built into the binary at compile
 | |
| time. <b>Pro:</b> behaves like real KMS server that also
 | |
| always issues the same ePID. <b>Con</b>: Microsoft may start
 | |
| blacklisting again and the default ePID may not work any
 | |
| longer.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em"><b>-r1</b>
 | |
| instructs vlmcsd to generate random ePIDs when the program
 | |
| starts or receives a SIGHUP signal and uses these ePIDs
 | |
| until it is stopped or receives another SIGHUP. Most other
 | |
| KMS emulators generate a new ePID on every KMS request. This
 | |
| is easily detectable. Microsoft could just modify sppsvc.exe
 | |
| in a way that it always sends two identical KMS requests in
 | |
| two RPC requests but over the same TCP connection. If both
 | |
| KMS responses contain the different ePIDs, the KMS server is
 | |
| not genuine. <b>-r1</b> is the default mode. <b>-r1</b> also
 | |
| ensures that all three ePIDs (Windows, Office 2010 and
 | |
| Office 2013) use the same OS build number and LCID (language
 | |
| id).</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">If vlmcsd has
 | |
| been started by an internet superserver, <b>-r1</b> works
 | |
| identically to <b>-r2</b>. This is simply due to the fact
 | |
| that vlmcsd is started upon a connection request and does
 | |
| not stay in memory after servicing a KMS request.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em"><b>-r2</b>
 | |
| behaves like most other KMS server emulators with random
 | |
| support and generates a new random ePID on every request.
 | |
| Use this mode with "care". However since Microsoft
 | |
| currently does not seem to do any verification of the ePID,
 | |
| you currently don’t need to pay attention to ePIDs at
 | |
| all.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-C</b> <i>LCID</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Do not randomize the locale id
 | |
| part of the ePID and use <i>LCID</i> instead. The
 | |
| <i>LCID</i> must be specified as a decimal number, e.g. 1049
 | |
| for "Russian - Russia". This option has no effect
 | |
| if the ePID is not randomized at all, e.g. if it is selected
 | |
| from the command line or an ini file.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">By default
 | |
| vlmcsd generates a valid locale id that is recognized by
 | |
| .NET Framework 4.0. This may lead to a locale id which is
 | |
| unlikely to occur in your country, for instance 2155 for
 | |
| "Quecha - Ecuador". You may want to select the
 | |
| locale id of your country instead. See
 | |
| <a href="http://msdn.microsoft.com/en-us/goglobal/bb964664.aspx">MSDN</a>
 | |
| for a list of valid <i>LCID</i>s. Please note that some of
 | |
| them are not recognized by .NET Framework 4.0.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">Most other KMS
 | |
| emulators use a fixed <i>LCID</i> of 1033 (English - US). To
 | |
| achive the same behavior in vlmcsd use <b>-C 1033</b>.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-R</b>
 | |
| <i>renewal-interval</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Instructs clients to renew
 | |
| activation every <i>renewal-interval</i>. The
 | |
| <i>renewal-interval</i> is a number optionally immediately
 | |
| followed by a letter indicating the unit. Valid unit letters
 | |
| are s (seconds), m (minutes), h (hours), d (days) and w
 | |
| (weeks). If you do not specify a letter, minutes is
 | |
| assumed.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em"><b>-R3d</b> for
 | |
| instance instructs clients to renew activation every 3 days.
 | |
| The default <i>renewal-interval</i> is 10080 (identical to
 | |
| 7d and 1w).</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">Due to poor
 | |
| implementation of Microsofts KMS Client it cannot be
 | |
| guaranteed that activation is renewed on time as specfied by
 | |
| the -R option. Don’t care about that. Renewal will
 | |
| happen well before your activation expires (usually 180
 | |
| days).</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">Even though you
 | |
| can specify seconds, the granularity of this option is 1
 | |
| minute. Seconds are rounded down to the next multiple of
 | |
| 60.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-A</b>
 | |
| <i>activation-interval</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Instructs clients to retry
 | |
| activation every <i>activation-interval</i> if it was
 | |
| unsuccessful, e.g. because it could not reach the server.
 | |
| The default is 120 (identical to 2h).
 | |
| <i>activation-interval</i> follows the same syntax as
 | |
| <i>renewal-interval</i> in the <b>-R</b> option.</p>
 | |
| 
 | |
| <table width="100%" border="0" rules="none" frame="void"
 | |
|        cellspacing="0" cellpadding="0">
 | |
| <tr valign="top" align="left">
 | |
| <td width="11%"></td>
 | |
| <td width="3%">
 | |
| 
 | |
| 
 | |
| <p><b>-s</b></p></td>
 | |
| <td width="8%"></td>
 | |
| <td width="78%">
 | |
| 
 | |
| 
 | |
| <p>Installs vlmcsd as a Windows service. This option only
 | |
| works with the native Windows version and Cygwin. Combine
 | |
| <b>-s</b> with other command line options. These will be in
 | |
| effect when you start the service. The service automatically
 | |
| starts when you reboot your machine. To start it manually,
 | |
| type "net start vlmcsd".</p></td></tr>
 | |
| </table>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">If you use
 | |
| Cygwin, you must include your Cygwin system DLL directory
 | |
| (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the PATH
 | |
| environment variable or the service will not start.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">You can
 | |
| reinstall the service anytime using vlmcsd -s again, e.g.
 | |
| with a different command line. If the service is running, it
 | |
| will be restarted with the new command line.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">When using
 | |
| <b>-s</b> the command line is checked for basic syntax
 | |
| errors only. For example "vlmcsd -s -L 1.2.3.4"
 | |
| reports no error but the service will not start if 1.2.3.4
 | |
| is not an IP address on your system.</p>
 | |
| 
 | |
| <table width="100%" border="0" rules="none" frame="void"
 | |
|        cellspacing="0" cellpadding="0">
 | |
| <tr valign="top" align="left">
 | |
| <td width="11%"></td>
 | |
| <td width="3%">
 | |
| 
 | |
| 
 | |
| <p style="margin-top: 1em"><b>-S</b></p></td>
 | |
| <td width="8%"></td>
 | |
| <td width="78%">
 | |
| 
 | |
| 
 | |
| <p style="margin-top: 1em">Uninstalls the vlmcsd service.
 | |
| Works only with the native Windows version and Cygwin. All
 | |
| other options will be ignored if you include -S in the
 | |
| command line.</p></td></tr>
 | |
| </table>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-U</b>
 | |
| [<i>domain</i>\]<i>username</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Can only be used together with
 | |
| <b>-s</b>. Starts the service as a different user than the
 | |
| local SYSTEM account. This is used to run the service under
 | |
| an account with low privileges. If you omit the domain, an
 | |
| account from the local computer will be used.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">You may use
 | |
| "NT AUTHORITY\NetworkService". This is a pseudo
 | |
| user with low privileges. You may also use "NT
 | |
| AUTHORITY\LocalService" which has more privileges but
 | |
| these are of no use for running vlmcsd.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">Make sure that
 | |
| the user you specify has at least execute permission for
 | |
| your executable. "NT AUTHORITY\NetworkService"
 | |
| normally has no permission to run binaries from your home
 | |
| directory.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">For your
 | |
| convenience you can use the special username "/l"
 | |
| as a shortcut for "NT AUTHORITY\LocalService" and
 | |
| "/n" for "NT AUTHORITY\NetworkService".
 | |
| "vlmcsd −s −U /n"
 | |
| installs the service to run as "NT
 | |
| AUTHORITY\NetworkService".</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>-W</b> <i>password</i></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Can only be used together with
 | |
| <b>-s</b>. Specifies a <i>password</i> for the corresponding
 | |
| username you use with -U. SYSTEM, "NT
 | |
| AUTHORITY\NetworkService", "NT
 | |
| AUTHORITY\LocalService" do not require a password.</p>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">If you specify
 | |
| a user with even lower privileges than "NT
 | |
| AUTHORITY\NetworkService", you must specify its
 | |
| password. You also have to grant the "Log on as a
 | |
| service" right to that user.</p>
 | |
| 
 | |
| <h2>SIGNALS
 | |
| <a name="SIGNALS"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">The following
 | |
| signals differ from the default behavior: <b><br>
 | |
| SIGTERM</b>, <b>SIGINT</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">These signals cause vlmcsd to
 | |
| exit gracefully. All global semaphores and shared memory
 | |
| pages will be released, the pid file will be unlinked
 | |
| (deleted) and a shutdown message will be logged.</p>
 | |
| 
 | |
| <table width="100%" border="0" rules="none" frame="void"
 | |
|        cellspacing="0" cellpadding="0">
 | |
| <tr valign="top" align="left">
 | |
| <td width="11%"></td>
 | |
| <td width="9%">
 | |
| 
 | |
| 
 | |
| <p><b>SIGHUP</b></p></td>
 | |
| <td width="2%"></td>
 | |
| <td width="78%">
 | |
| 
 | |
| 
 | |
| <p>Causes vlmcsd to be restarted completely. This is useful
 | |
| if you started vlmcsd with an ini file. You can modify the
 | |
| ini file while vlmcsd is running and then sending
 | |
| <b>SIGHUP</b>, e.g. by typing "killall -SIGHUP
 | |
| vlmcsd" or "kill -SIGHUP ’cat
 | |
| /var/run/vlmcsd.pid’".</p> </td></tr>
 | |
| </table>
 | |
| 
 | |
| <p style="margin-left:22%; margin-top: 1em">The SIGHUP
 | |
| handler has been implemented relatively simple. It is
 | |
| virtually the same as stopping vlmcsd and starting it again
 | |
| immediately with the following exceptions:</p>
 | |
| 
 | |
| <table width="100%" border="0" rules="none" frame="void"
 | |
|        cellspacing="0" cellpadding="0">
 | |
| <tr valign="top" align="left">
 | |
| <td width="22%"></td>
 | |
| <td width="1%">
 | |
| 
 | |
| 
 | |
| <p style="margin-top: 1em">—</p></td>
 | |
| <td width="3%"></td>
 | |
| <td width="74%">
 | |
| 
 | |
| 
 | |
| <p style="margin-top: 1em">The new process does not get a
 | |
| new process id.</p></td></tr>
 | |
| <tr valign="top" align="left">
 | |
| <td width="22%"></td>
 | |
| <td width="1%">
 | |
| 
 | |
| 
 | |
| <p>—</p></td>
 | |
| <td width="3%"></td>
 | |
| <td width="74%">
 | |
| 
 | |
| 
 | |
| <p>If you used a pid file, it is not deleted and recreated
 | |
| because the process id stays the same.</p></td></tr>
 | |
| <tr valign="top" align="left">
 | |
| <td width="22%"></td>
 | |
| <td width="1%">
 | |
| 
 | |
| 
 | |
| <p>—</p></td>
 | |
| <td width="3%"></td>
 | |
| <td width="74%">
 | |
| 
 | |
| 
 | |
| <p>If you used the ’user’ and/or
 | |
| ’group’ directive in an ini file these are
 | |
| ignored. This is because once you switched to lower
 | |
| privileged users and groups, there is no way back. Anything
 | |
| else would be a severe security flaw in the OS.</p></td></tr>
 | |
| </table>
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">Signaling is
 | |
| not available in the native Windows version and in the
 | |
| Cygwin version when it runs as Windows service.</p>
 | |
| 
 | |
| <h2>SUPPORTED OPERATING SYSTEMS
 | |
| <a name="SUPPORTED OPERATING SYSTEMS"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
 | |
| compiles and runs on Linux, Windows (no Cygwin required but
 | |
| explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD,
 | |
| Dragonfly BSD, Minix, Solaris, OpenIndiana, Android and iOS.
 | |
| Other POSIX or unixoid OSses may work with unmodified
 | |
| sources or may require minor porting efforts.</p>
 | |
| 
 | |
| <h2>SUPPORTED PRODUCTS
 | |
| <a name="SUPPORTED PRODUCTS"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
 | |
| can answer activation requests for the following products:
 | |
| Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10
 | |
| (up to 1607), Windows Server 2008, Windows Server 2008 R2,
 | |
| Windows Server 2012, Windows Server 2012 R2, Windows Server
 | |
| 2016, Office 2010, Project 2010, Visio 2010, Office 2013,
 | |
| Project 2013, Visio 2013, Office 2016, Project 2016, Visio
 | |
| 2016. Newer version may work as long as the KMS protocol
 | |
| does not change. A complete list of fully supported products
 | |
| can be obtained using the <b>-x</b> option of
 | |
| <b>vlmcs</b>(1).</p>
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">Office, Project
 | |
| and Visio must be volume license versions.</p>
 | |
| 
 | |
| <h2>FILES
 | |
| <a name="FILES"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em"><b>vlmcsd.ini</b>(5)</p>
 | |
| 
 | |
| <h2>EXAMPLES
 | |
| <a name="EXAMPLES"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em"><b>vlmcsd
 | |
| -De</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Starts <b>vlmcsd</b> in
 | |
| foreground. Useful if you use it for the first time and want
 | |
| to see what’s happening when a client requests
 | |
| activation.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>vlmcsd -l
 | |
| /var/log/vlmcsd.log</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Starts <b>vlmcsd</b> as a
 | |
| daemon and logs everything to /var/log/vlmcsd.log.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>vlmcsd -L
 | |
| 192.168.1.17</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Starts <b>vlmcsd</b> as a
 | |
| daemon and listens on IP address 192.168.1.17 only. This is
 | |
| useful for routers that have a public and a private IP
 | |
| address to prevent your KMS server from becoming public.</p>
 | |
| 
 | |
| <p style="margin-left:11%;"><b>vlmcsd -s -U /n -l
 | |
| C:\logs\vlmcsd.log</b></p>
 | |
| 
 | |
| <p style="margin-left:22%;">Installs <b>vlmcsd</b> as a
 | |
| Windows service with low privileges and logs everything to
 | |
| C:\logs\vlmcsd.log when the service is started with
 | |
| "net start vlmcsd".</p>
 | |
| 
 | |
| <h2>BUGS
 | |
| <a name="BUGS"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">An ePID
 | |
| specified in an ini file must not contain spaces.</p>
 | |
| 
 | |
| <h2>INTENTIONAL BUGS
 | |
| <a name="INTENTIONAL BUGS"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">vlmcsd
 | |
| activates non-VL (retail) and beta/preview versions of
 | |
| Windows. <br>
 | |
| vlmcsd always reports enough active clients to satisfy the N
 | |
| count policy of the request.</p>
 | |
| 
 | |
| <h2>AUTHOR
 | |
| <a name="AUTHOR"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">Written by
 | |
| crony12, Hotbird64 and vityan666. With contributions from
 | |
| DougQaid.</p>
 | |
| 
 | |
| <h2>CREDITS
 | |
| <a name="CREDITS"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em">Thanks to
 | |
| CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad,
 | |
| Ratiborus, ...</p>
 | |
| 
 | |
| <h2>SEE ALSO
 | |
| <a name="SEE ALSO"></a>
 | |
| </h2>
 | |
| 
 | |
| 
 | |
| 
 | |
| <p style="margin-left:11%; margin-top: 1em"><b>vlmcsd.ini</b>(5),
 | |
| <b>vlmcsd</b>(7), <b>vlmcs</b>(1), <b>vlmcsdmulti</b>(1)</p>
 | |
| <hr>
 | |
| </body>
 | |
| </html>
 | 
