vlmcsd/vlmcsd.8.html

<!-- Creator     : groff version 1.22.3 -->
<!-- CreationDate: Fri Sep 16 00:23:34 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta name="generator" content="groff -Thtml, see www.gnu.org">
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<meta name="Content-Style" content="text/css">
<style type="text/css">
       p       { margin-top: 0; margin-bottom: 0; vertical-align: top }
       pre     { margin-top: 0; margin-bottom: 0; vertical-align: top }
       table   { margin-top: 0; margin-bottom: 0; vertical-align: top }
       h1      { text-align: center }
</style>
<title>VLMCSD</title>

</head>
<body>

<h1 align="center">VLMCSD</h1>

<a href="#NAME">NAME</a><br>
<a href="#SYNOPSIS">SYNOPSIS</a><br>
<a href="#DESCRIPTION">DESCRIPTION</a><br>
<a href="#OPTIONS">OPTIONS</a><br>
<a href="#SIGNALS">SIGNALS</a><br>
<a href="#SUPPORTED OPERATING SYSTEMS">SUPPORTED OPERATING SYSTEMS</a><br>
<a href="#SUPPORTED PRODUCTS">SUPPORTED PRODUCTS</a><br>
<a href="#FILES">FILES</a><br>
<a href="#EXAMPLES">EXAMPLES</a><br>
<a href="#BUGS">BUGS</a><br>
<a href="#INTENTIONAL BUGS">INTENTIONAL BUGS</a><br>
<a href="#AUTHOR">AUTHOR</a><br>
<a href="#CREDITS">CREDITS</a><br>
<a href="#SEE ALSO">SEE ALSO</a><br>

<hr>


<h2>NAME
<a name="NAME"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">vlmcsd &minus;
a fully Microsoft compatible KMS server</p>

<h2>SYNOPSIS
<a name="SYNOPSIS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b> [
<i>options</i> ]</p>

<h2>DESCRIPTION
<a name="DESCRIPTION"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
is a fully Microsoft compatible KMS server that provides
product activation services to clients. It is meant as a
drop-in replacement for a Microsoft KMS server (Windows
computer with KMS key entered). It currently supports KMS
protocol versions 4, 5 and 6.</p>

<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
is designed to run on POSIX compatible operating systens. It
only requires a basic C library with a BSD-style sockets API
and either <b>fork</b>(2) or <b>pthreads</b>(7). That allows
it to run on most embedded systems like routers, NASes,
mobile phones, tablets, TVs, settop boxes, etc. Some efforts
have been made that it also runs on Windows.</p>

<p style="margin-left:11%; margin-top: 1em">Although
<b>vlmcsd</b> does neither require an activation key nor a
payment to anyone, it is not meant to run illegal copies of
Windows. Its purpose is to ensure that owners of legal
copies can use their software without restrictions, e.g. if
you buy a new computer or motherboard and your key will be
refused activation from Microsoft servers due to hardware
changes.</p>

<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
may be started via an internet superserver like
<b>inetd</b>(8) or <b>xinetd</b>(8) as well as an advanced
init system like <b>systemd</b>(8) or <b>launchd</b>(8)
using socket based activation. If <b>vlmcsd</b> detects that
<b>stdin</b>(3) is a socket, it assumes that there is
already a connected client on stdin that wants to be
activated. All options that control setting up listening
sockets will be ignored when in inetd mode.</p>

<h2>OPTIONS
<a name="OPTIONS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">Since vlmcsd
can be configured at compile time, some options may not be
available on your system.</p>

<p style="margin-left:11%; margin-top: 1em">All options
that do no require an argument may be combined with a single
dash, for instance &quot;vlmcsd -D -e&quot; is identical to
&quot;vlmcsd -De&quot;. For all options that require an
argument a space between the option and the option argument
is optional. Thus &quot;vlmcsd -r 2&quot; and &quot;vlmcsd
-r2&quot; are identical too. <b><br>
-h</b> or <b>-?</b></p>

<p style="margin-left:22%;">Displays help.</p>

<table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">


<p><b>-V</b></p></td>
<td width="8%"></td>
<td width="78%">


<p>Displays extended version information. This includes the
compiler used to build vlmcsd, the intended platform and
flags (compile time options) to build vlmcsd. If you have
the source code of vlmcsd, you can type <b>make help</b> (or
<b>gmake help</b> on systems that do not use the GNU version
of <b>make</b>(1) by default) to see the meaning of those
flags.</p> </td></tr>
</table>

<p style="margin-left:11%;"><b>-L</b>
<i>ipaddress</i>[:<i>port</i>]</p>

<p style="margin-left:22%;">Instructs vlmcsd to listen on
<i>ipaddress</i> with optional <i>port</i> (default 1688).
You can use this option more than once. If you do not
specify <b>-L</b> at least once, IP addresses 0.0.0.0 (IPv4)
and :: (IPv6) are used. If the IP address contains colons
(IPv6) you must enclose the IP address in brackets if you
specify the optional port, e.g.
[2001:db8::dead:beef]:1688.</p>

<p style="margin-left:22%; margin-top: 1em">If no port is
specified, vlmcsd uses the default port according to a
preceding <b>-P</b> option. If you specify a port, it can be
a number (1-65535) or a name (usually found in /etc/services
if not provided via LDAP, NIS+ or another name service).</p>

<p style="margin-left:22%; margin-top: 1em">If you specify
a link local IPv6 address (fe80::/10, usually starting with
fe80::), it must be followed by a percent sign (%) and a
scope id (=network interface name or number) on most unixoid
OSses including Linux, Android, MacOS X and iOS, e.g.
fe80::1234:56ff:fe78:9abc<b>%eth0</b> or
[fe80::1234:56ff:fe78:9abc<b>%2</b>]:1688. Windows
(including cygwin) does not require a scope id unless the
same link local address is used on more than one network
interface. Windows does not accept a name and the scope id
must be a number.</p>

<p style="margin-left:11%;"><b>-o</b> <i>level</i></p>

<p style="margin-left:22%;">Sets the <i>level</i> of
protection against activations from public IP addresses. The
default is <b>-o0</b> for no protection.</p>

<p style="margin-left:22%; margin-top: 1em"><b>-o1</b>
causes vlmcsd not to listen on all IP addresses but on
private IP addresses only. IPv4 addresses in the
100.64.0.0/10 range (see RFC6598) are not treated as private
since they can be reached from other users of your ISP.
Private IPv4 addresses are 10.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16, 169.254.0.0/16 and 127.0.0.0/8. vlmcsd
treats all IPv6 addresses not within 2000::/3 as private
addresses.</p>

<p style="margin-left:22%; margin-top: 1em">If <b>-o1</b>
is combined with <b>-L</b>, it will listen on all private IP
addresses plus the ones specified by one or more <b>-L</b>
statements. If <b>-o1</b> is combined with <b>-P</b>, only
the last <b>-P</b> statement will be used.</p>

<p style="margin-left:22%; margin-top: 1em">Using
<b>-o1</b> does not protect you if you enable NAT port
forwarding on your router to your vlmcsd machine. It is
identical to using multiple -L statements with all of your
private IP addresses. What <b>-o1</b> does for you, is
automatically enumerating your private IP addresses.</p>

<p style="margin-left:22%; margin-top: 1em"><b>-o2</b> does
not affect the interfaces, vlmcsd is listening on. When a
clients connects, vlmcsd immediately drops the connection if
the client has a public IP address. Unlike <b>-o1</b>
clients will be able to establish a TCP connection but it
will be closed without a single byte sent over the
connection. This protects against clients with public IP
addresses even if NAT port forwarding is used. While
<b>-o2</b> offers a higher level of protection than
<b>-o1</b>, the client sees that the KMS TCP port (1688 by
default) is actually accepting connections.</p>

<p style="margin-left:22%; margin-top: 1em">If vlmcsd is
compiled to use MS RPC, <b>-o2</b> can only offer very poor
protection. Control is passed from MS RPC to vlmcsd after
the KMS protocol has already been negotiated. Thus a client
can always verify that the KMS protocol is available even
though it receives an RPC_S_ACCESS_DENIED error message.
vlmcsd will issue a warning if <b>-o2</b> is used with MS
RPC. <b>For adaequate protection do not use a MS RPC build
of vlmcsd with -o2</b>.</p>

<p style="margin-left:22%; margin-top: 1em"><b>-o3</b>
combines <b>-o1</b> and <b>-o2</b>. vlmcsd listens on
private interfaces only and if a public client manages to
connect anyway due to NAT port forwarding, it will be
immediately dropped.</p>

<p style="margin-left:22%; margin-top: 1em">If you use any
form of TCP level port forwarding (e.g. <b>nc</b>(1),
<b>netcat</b>(1), <b>ssh</b>(1) port forwarding or similar)
to redirect KMS requests to vlmcsd, there will be no
protection even if you use <b>-o2</b> or <b>-o3</b>. This is
due to the simple fact that vlmcsd sees the IP address of
the redirector and not the IP address of the client.</p>

<p style="margin-left:22%; margin-top: 1em"><b>-o1</b> (and
thus <b>-o3</b>) is not (yet) available in some
scenarios:</p>

<p style="margin-left:29%; margin-top: 1em">FreeBSD: There
is a longtime unfixed
<a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881">bug</a>
in the 32-bit ABI of the 64-bit kernel. If you have a 64-bit
FreeBSD kernel, you must run the 64-bit version of vlmcsd if
you use <b>-o1</b> or <b>-o3</b>. The 32-bit version causes
undefined behavior up to crashing vlmcsd. Other BSDs
(NetBSD, OpenBSD, Dragonfly and Mac OS X) work
correctly.</p>

<p style="margin-left:29%; margin-top: 1em">If vlmcsd was
started by an internet superserver or was compiled to use
Microsoft RPC (Windows only) or simple sockets, <b>-o1</b>
and <b>-o3</b> are not available by design.</p>

<p style="margin-left:11%;"><b>-P</b> <i>port</i></p>

<p style="margin-left:22%;">Use TCP <i>port</i> for all
subsequent <b>-L</b> statements that do not include an
optional port. If you use <b>-P</b> and <b>-L</b>, <b>-P</b>
must be specified before <b>-L</b>.</p>

<p style="margin-left:11%;"><b>-F0</b> and <b>-F1</b></p>

<p style="margin-left:22%;">Allow (<b>-F1</b>) or disallow
(<b>-F0</b>) binding to IP addresses that are currently not
configured on your system. The default is <b>-F0</b>.
<b>-F1</b> allows you to bind to an IP address that may be
configured after you started <b>vlmcsd</b>. <b>vlmcsd</b>
will listen on that address as soon as it becomes available.
This feature is only available under Linux (IPv4 and IPv6)
and FreeBSD (IPv4 only). FreeBSD allows this feature only
for the root user (more correctly: processes that have the
PRIV_NETINET_BINDANY privilege). Linux does not require a
capability for this.</p>

<p style="margin-left:11%;"><b>-t</b> <i>seconds</i></p>

<p style="margin-left:22%;">Timeout the TCP connection with
the client after <i>seconds</i> seconds. After sending an
activation request. RPC keeps the TCP connection for a
while. The default is 30 seconds. You may specify a shorter
period to free ressources on your device faster. This is
useful for devices with limited main memory or if you used
<b>-m</b> to limit the concurrent clients that may request
activation. Microsoft RPC clients disconnect after 30
seconds by default. Setting <i>seconds</i> to a greater
value does not make much sense.</p>

<p style="margin-left:11%;"><b>-m</b>
<i>concurrent-clients</i></p>

<p style="margin-left:22%;">Limit the number of clients
that will be handled concurrently. This is useful for
devices with limited ressources or if you are experiencing
DoS attacks that spawn thousands of threads or forked
processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set
<i>concurrent-clients</i> to a small value ( &lt;10 ), you
should also select a reasonable timeout of 2 or 3 seconds
with <b>-t</b>. The default is no limit.</p>

<table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">


<p><b>-d</b></p></td>
<td width="8%"></td>
<td width="78%">


<p>Disconnect each client after processing one activation
request. This is a direct violation of DCE RPC but may help
if you receive malicous fake RPC requests that block your
threads or forked processes. Some other KMS emulators (e.g.
py-kms) behave this way.</p></td></tr>
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">


<p><b>-k</b></p></td>
<td width="8%"></td>
<td width="78%">


<p>Do not disconnect clients after processing an activation
request. This selects the default behavior. <b>-k</b> is
useful only if you used an ini file (see
<b>vlmcsd.ini</b>(5) and <b>-i</b>). If the ini file
contains the line &quot;DisconnectClientsImmediately =
true&quot;, you can use this switch to restore the default
behavior.</p> </td></tr>
</table>

<p style="margin-left:11%;"><b>-N0</b> and <b>-N1</b></p>

<p style="margin-left:22%;">Disables (<b>-N0</b>) or
enables (<b>-N1</b>) the use of the NDR64 transfer syntax in
the RPC protocol. Unlike Microsoft vlmcsd supports NDR64 on
32-bit operating systems. Microsoft introduced NDR64 in
Windows Vista but their KMS servers started using it with
Windows 8. Thus if you choose random ePIDs, vlmcsd will
select ePIDs with build numbers 9200 and 9600 if you enable
NDR64 and build numbers 6002 and 7601 if you disable NDR64.
The default is to enable NDR64.</p>

<p style="margin-left:11%;"><b>-B0</b> and <b>-B1</b></p>

<p style="margin-left:22%;">Disables (<b>-B0</b>) or
enables (<b>-B1</b>) bind time feature negotiation (BTFN) in
the RPC protocol. All Windows operating systems starting
with Vista support BTFN and try to negotiate it when
initiating an RPC connection. Thus consider turning it off
as a debug / troubleshooting feature only. Some older
firewalls that selectively block or redirect RPC traffic may
get confused when they detect NDR64 or BTFN.</p>

<p style="margin-left:11%;"><b>-l</b> <i>filename</i></p>

<p style="margin-left:22%;">Use <i>filename</i> as a log
file. The log file records all activations with IP address,
Windows workstation name (no reverse DNS lookup), activated
product, KMS protocol, time and date. If you do not specify
a log file, no log is created. For a live view of the log
file type tail -f <i>file</i>.</p>

<p style="margin-left:22%; margin-top: 1em">If you use the
special <i>filename</i> &quot;syslog&quot;, vlmcsd uses
<b>syslog</b>(3) for logging. If your system has no syslog
service (/dev/log) installed, logging output will go to
/dev/console. Syslog logging is not available in the native
Windows version. The Cygwin version does support syslog
logging.</p>

<p style="margin-left:11%;"><b>-T0</b> and <b>-T1</b></p>

<p style="margin-left:22%;">Disable (<b>-T0</b>) or enable
(<b>-T1</b>) the inclusion of date and time in each line of
the log. The default is <b>-T1</b>. <b>-T0</b> is useful if
you log to <b>stdout</b>(3) which is redirected to another
logging mechanism that already includes date and time in its
output, for instance <b>systemd-journald</b>(8). If you log
to <b>syslog</b>(3), <b>-T1</b> is ignored and date and time
will never be included in the output sent to
<b>syslog</b>(3).</p>

<table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">


<p><b>-D</b></p></td>
<td width="8%"></td>
<td width="78%">


<p>Normally vlmcsd daemonizes and runs in background
(except the native Windows version). If <b>-D</b> is
specified, vlmcsd does not daemonize and runs in foreground.
This is useful for testing and allows you to simply press
&lt;Ctrl-C&gt; to exit vlmcsd.</p></td></tr>
</table>

<p style="margin-left:22%; margin-top: 1em">The native
Windows version never daemonizes and always behaves as if
<b>-D</b> had been specified. You may want to install vlmcsd
as a service instead. See <b>-s</b>.</p>

<table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">


<p style="margin-top: 1em"><b>-e</b></p></td>
<td width="8%"></td>
<td width="78%">


<p style="margin-top: 1em">If specified, vlmcsd ignores
<b>-l</b> and writes all logging output to <b>stdout</b>(3).
This is mainly useful for testing and debugging and often
combined with <b>-D</b>.</p></td></tr>
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">


<p><b>-v</b></p></td>
<td width="8%"></td>
<td width="78%">


<p>Use verbose logging. Logs every parameter of the base
request and the base response. It also logs the HWID of the
KMS server if KMS protocol version 6 is used. This option is
mainly for debugging purposes. It only has an effect if some
form of logging is used. Thus <b>-v</b> does not make sense
if not used with <b>-l</b>, <b>-e</b> or <b>-f</b>.</p></td></tr>
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">


<p><b>-q</b></p></td>
<td width="8%"></td>
<td width="78%">


<p>Do not use verbose logging. This is actually the default
behavior. It only makes sense if you use vlmcsd with an ini
file (see <b>-i</b> and <b>vlmcsd.ini</b>(5)). If the ini
file contains the line &quot;LogVerbose = true&quot; you can
use <b>-q</b> to restore the default behavior.</p></td></tr>
</table>

<p style="margin-left:11%;"><b>-p</b> <i>filename</i></p>

<p style="margin-left:22%;">Create pid file
<i>filename</i>. This has nothing to do with KMS ePIDs. A
pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
/etc/init.d). The default is not to write a pid file.</p>

<p style="margin-left:11%;"><b>-u</b> <i>user</i> and
<b>-g</b> <i>group</i></p>

<p style="margin-left:22%;">Causes vlmcsd to run in the
specified <i>user</i> and <i>group</i> security context. The
main purpose for this is to drop root privileges after it
has been started from the root account. To use this feature
from cygwin you must run cyglsa-config and the account from
which vlmcsd is started must have the rights &quot;Act as
part of the operating system&quot; and &quot;Replace a
process level token&quot;. The native Windows version does
not support these options.</p>

<p style="margin-left:22%; margin-top: 1em">The actual
security context switch is performed after the TCP sockets
have been created. This allows you to use privileged ports
(&lt; 1024) when you start vlmcsd from the root account.</p>

<p style="margin-left:22%; margin-top: 1em">However if you
use an ini, pid or log file, you must ensure that the
unprivileged user has access to these files. You can always
log to <b>syslog</b>(3) from an unprivileged account on most
platforms (see <b>-l</b>).</p>

<p style="margin-left:11%;"><b>-w</b> <i>ePID</i></p>

<p style="margin-left:22%;">Use <i>ePID</i> as Windows
ePID. If specified, <b>-r</b> is disregarded for
Windows.</p>

<p style="margin-left:11%;"><b>-0</b> <i>ePID</i></p>

<p style="margin-left:22%;">Use <i>ePID</i> as Office 2010
ePID (including Project and Visio). If specified, <b>-r</b>
is disregarded for Office 2010.</p>

<p style="margin-left:11%;"><b>-3</b> <i>ePID</i></p>

<p style="margin-left:22%;">Use <i>ePID</i> as Office 2013
ePID (including Project and Visio). If specified, <b>-r</b>
is disregarded for Office 2013.</p>

<p style="margin-left:11%;"><b>-6</b> <i>ePID</i></p>

<p style="margin-left:22%;">Use <i>ePID</i> as Office 2016
ePID (including Project and Visio). If specified, <b>-r</b>
is disregarded for Office 2016.</p>

<p style="margin-left:11%;"><b>-H</b> <i>HwId</i></p>

<p style="margin-left:22%;">Use <i>HwId</i> for all
products. All HWIDs in the ini file (see <b>-i</b>) will not
be used. In an ini file you can specify a seperate HWID for
each <i>application-guid</i>. This is not possible when
entering a HWID from the command line.</p>

<p style="margin-left:22%; margin-top: 1em"><i>HwId</i>
must be specified as 16 hex digits that are interpreted as a
series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability.
The following commands are identical:</p>

<p style="margin-left:22%; margin-top: 1em">vlmcsd -H
0123456789ABCDEF <br>
vlmcsd -H 01:23:45:67:89:ab:cd:ef <br>
vlmcsd -H &quot;01 23 45 67 89 AB CD EF&quot;</p>

<p style="margin-left:11%;"><b>-i</b> <i>filename</i></p>

<p style="margin-left:22%;">Use configuration file (aka ini
file) <i>filename</i>. Most configuration parameters can be
set either via the command line or an ini file. The command
line always has precedence over configuration items in the
ini file. See <b>vlmcsd.ini</b>(5) for the format of the
configuration file.</p>

<p style="margin-left:22%; margin-top: 1em">If vlmcsd has
been compiled to use a default configuration file (often
/etc/vlmcsd.ini), you may use <b>-i-</b> to ignore the
default configuration file.</p>

<p style="margin-left:11%;"><b>-r0</b>, <b>-r1</b>
(default) and <b>-r2</b></p>

<p style="margin-left:22%;">These options determine how
ePIDs are generated if</p>

<p style="margin-left:22%; margin-top: 1em">- you did not
sprecify an ePID in the command line and <br>
- you haven&rsquo;t used <b>-i</b> or <br>
- the file specified by <b>-i</b> cannot be opened or <br>
- the file specified by <b>-i</b> does not contain an ePID
for the KMS request</p>

<p style="margin-left:22%; margin-top: 1em"><b>-r0</b>
means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile
time. <b>Pro:</b> behaves like real KMS server that also
always issues the same ePID. <b>Con:</b> Microsoft may start
blacklisting again and the default ePID may not work any
longer.</p>

<p style="margin-left:22%; margin-top: 1em"><b>-r1</b>
instructs vlmcsd to generate random ePIDs when the program
starts or receives a SIGHUP signal and uses these ePIDs
until it is stopped or receives another SIGHUP. Most other
KMS emulators generate a new ePID on every KMS request. This
is easily detectable. Microsoft could just modify sppsvc.exe
in a way that it always sends two identical KMS requests in
two RPC requests but over the same TCP connection. If both
KMS responses contain the different ePIDs, the KMS server is
not genuine. <b>-r1</b> is the default mode. <b>-r1</b> also
ensures that all three ePIDs (Windows, Office 2010 and
Office 2013) use the same OS build number and LCID (language
id).</p>

<p style="margin-left:22%; margin-top: 1em">If vlmcsd has
been started by an internet superserver, <b>-r1</b> works
almost identically to <b>-r2</b>. The only exception occurs
if you send more than one activation request over the same
TCP connection. This is simply due to the fact that vlmcsd
is started upon a connection request and does not stay in
memory after servicing a KMS request. Consider using
<b>-r0</b> or <b>-w</b>, <b>-0</b>, <b>-3</b> and <b>-6 when
starting vlmcsd by an internet superserver.</b></p>

<p style="margin-left:22%; margin-top: 1em"><b>-r2</b>
behaves like most other KMS server emulators with random
support and generates a new random ePID on every request.
<b>-r2</b> should be treated as debugging option only
because it allows very easy emulator detection.</p>

<p style="margin-left:11%;"><b>-C</b> <i>LCID</i></p>

<p style="margin-left:22%;">Do not randomize the locale id
part of the ePID and use <i>LCID</i> instead. The
<i>LCID</i> must be specified as a decimal number, e.g. 1049
for &quot;Russian - Russia&quot;. This option has no effect
if the ePID is not randomized at all, e.g. if it is selected
from the command line or an ini file.</p>

<p style="margin-left:22%; margin-top: 1em">By default
vlmcsd generates a valid locale id that is recognized by
.NET Framework 4.0. This may lead to a locale id which is
unlikely to occur in your country, for instance 2155 for
&quot;Quecha - Ecuador&quot;. You may want to select the
locale id of your country instead. See
<a href="http://msdn.microsoft.com/en-us/goglobal/bb964664.aspx">MSDN</a>
for a list of valid <i>LCID</i>s. Please note that some of
them are not recognized by .NET Framework 4.0.</p>

<p style="margin-left:22%; margin-top: 1em">Most other KMS
emulators use a fixed <i>LCID</i> of 1033 (English - US). To
achive the same behavior in vlmcsd use <b>-C 1033</b>.</p>

<p style="margin-left:11%;"><b>-R</b>
<i>renewal-interval</i></p>

<p style="margin-left:22%;">Instructs clients to renew
activation every <i>renewal-interval</i>. The
<i>renewal-interval</i> is a number optionally immediately
followed by a letter indicating the unit. Valid unit letters
are s (seconds), m (minutes), h (hours), d (days) and w
(weeks). If you do not specify a letter, minutes is
assumed.</p>

<p style="margin-left:22%; margin-top: 1em"><b>-R3d</b> for
instance instructs clients to renew activation every 3 days.
The default <i>renewal-interval</i> is 10080 (identical to
7d and 1w).</p>

<p style="margin-left:22%; margin-top: 1em">Due to poor
implementation of Microsofts KMS Client it cannot be
guaranteed that activation is renewed on time as specfied by
the -R option. Don&rsquo;t care about that. Renewal will
happen well before your activation expires (usually 180
days).</p>

<p style="margin-left:22%; margin-top: 1em">Even though you
can specify seconds, the granularity of this option is 1
minute. Seconds are rounded down to the next multiple of
60.</p>

<p style="margin-left:11%;"><b>-A</b>
<i>activation-interval</i></p>

<p style="margin-left:22%;">Instructs clients to retry
activation every <i>activation-interval</i> if it was
unsuccessful, e.g. because it could not reach the server.
The default is 120 (identical to 2h).
<i>activation-interval</i> follows the same syntax as
<i>renewal-interval</i> in the <b>-R</b> option.</p>

<table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">


<p><b>-s</b></p></td>
<td width="8%"></td>
<td width="78%">


<p>Installs vlmcsd as a Windows service. This option only
works with the native Windows version and Cygwin. Combine
<b>-s</b> with other command line options. These will be in
effect when you start the service. The service automatically
starts when you reboot your machine. To start it manually,
type &quot;net start vlmcsd&quot;.</p></td></tr>
</table>

<p style="margin-left:22%; margin-top: 1em">If you use
Cygwin, you must include your Cygwin system DLL directory
(usually C:\Cygwin\bin or C:\Cygwin64\bin) into the PATH
environment variable or the service will not start.</p>

<p style="margin-left:22%; margin-top: 1em">You can
reinstall the service anytime using vlmcsd -s again, e.g.
with a different command line. If the service is running, it
will be restarted with the new command line.</p>

<p style="margin-left:22%; margin-top: 1em">When using
<b>-s</b> the command line is checked for basic syntax
errors only. For example &quot;vlmcsd -s -L 1.2.3.4&quot;
reports no error but the service will not start if 1.2.3.4
is not an IP address on your system.</p>

<table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">


<p style="margin-top: 1em"><b>-S</b></p></td>
<td width="8%"></td>
<td width="78%">


<p style="margin-top: 1em">Uninstalls the vlmcsd service.
Works only with the native Windows version and Cygwin. All
other options will be ignored if you include -S in the
command line.</p></td></tr>
</table>

<p style="margin-left:11%;"><b>-U</b>
[<i>domain</i>\]<i>username</i></p>

<p style="margin-left:22%;">Can only be used together with
<b>-s</b>. Starts the service as a different user than the
local SYSTEM account. This is used to run the service under
an account with low privileges. If you omit the domain, an
account from the local computer will be used.</p>

<p style="margin-left:22%; margin-top: 1em">You may use
&quot;NT AUTHORITY\NetworkService&quot;. This is a pseudo
user with low privileges. You may also use &quot;NT
AUTHORITY\LocalService&quot; which has more privileges but
these are of no use for running vlmcsd.</p>

<p style="margin-left:22%; margin-top: 1em">Make sure that
the user you specify has at least execute permission for
your executable. &quot;NT AUTHORITY\NetworkService&quot;
normally has no permission to run binaries from your home
directory.</p>

<p style="margin-left:22%; margin-top: 1em">For your
convenience you can use the special username &quot;/l&quot;
as a shortcut for &quot;NT AUTHORITY\LocalService&quot; and
&quot;/n&quot; for &quot;NT AUTHORITY\NetworkService&quot;.
&quot;vlmcsd&nbsp;&minus;s&nbsp;&minus;U&nbsp;/n&quot;
installs the service to run as &quot;NT
AUTHORITY\NetworkService&quot;.</p>

<p style="margin-left:11%;"><b>-W</b> <i>password</i></p>

<p style="margin-left:22%;">Can only be used together with
<b>-s</b>. Specifies a <i>password</i> for the corresponding
username you use with -U. SYSTEM, &quot;NT
AUTHORITY\NetworkService&quot;, &quot;NT
AUTHORITY\LocalService&quot; do not require a password.</p>

<p style="margin-left:22%; margin-top: 1em">If you specify
a user with even lower privileges than &quot;NT
AUTHORITY\NetworkService&quot;, you must specify its
password. You also have to grant the &quot;Log on as a
service&quot; right to that user.</p>

<h2>SIGNALS
<a name="SIGNALS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">The following
signals differ from the default behavior: <b><br>
SIGTERM</b>, <b>SIGINT</b></p>

<p style="margin-left:22%;">These signals cause vlmcsd to
exit gracefully. All global semaphores and shared memory
pages will be released, the pid file will be unlinked
(deleted) and a shutdown message will be logged.</p>

<table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="9%">


<p><b>SIGHUP</b></p></td>
<td width="2%"></td>
<td width="78%">


<p>Causes vlmcsd to be restarted completely. This is useful
if you started vlmcsd with an ini file. You can modify the
ini file while vlmcsd is running and then sending
<b>SIGHUP</b>, e.g. by typing &quot;killall -SIGHUP
vlmcsd&quot; or &quot;kill -SIGHUP &rsquo;cat
/var/run/vlmcsd.pid&rsquo;&quot;.</p> </td></tr>
</table>

<p style="margin-left:22%; margin-top: 1em">The SIGHUP
handler has been implemented relatively simple. It is
virtually the same as stopping vlmcsd and starting it again
immediately with the following exceptions:</p>

<table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="22%"></td>
<td width="1%">


<p style="margin-top: 1em">&mdash;</p></td>
<td width="3%"></td>
<td width="74%">


<p style="margin-top: 1em">The new process does not get a
new process id.</p></td></tr>
<tr valign="top" align="left">
<td width="22%"></td>
<td width="1%">


<p>&mdash;</p></td>
<td width="3%"></td>
<td width="74%">


<p>If you used a pid file, it is not deleted and recreated
because the process id stays the same.</p></td></tr>
<tr valign="top" align="left">
<td width="22%"></td>
<td width="1%">


<p>&mdash;</p></td>
<td width="3%"></td>
<td width="74%">


<p>If you used the &rsquo;user&rsquo; and/or
&rsquo;group&rsquo; directive in an ini file these are
ignored. This is because once you switched to lower
privileged users and groups, there is no way back. Anything
else would be a severe security flaw in the OS.</p></td></tr>
</table>

<p style="margin-left:11%; margin-top: 1em">Signaling is
not available in the native Windows version and in the
Cygwin version when it runs as Windows service.</p>

<h2>SUPPORTED OPERATING SYSTEMS
<a name="SUPPORTED OPERATING SYSTEMS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD,
Dragonfly BSD, Minix, Solaris, OpenIndiana, Android and iOS.
Other POSIX or unixoid OSses may work with unmodified
sources or may require minor porting efforts.</p>

<h2>SUPPORTED PRODUCTS
<a name="SUPPORTED PRODUCTS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd</b>
can answer activation requests for the following products:
Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10
(up to 1607), Windows Server 2008, Windows Server 2008 R2,
Windows Server 2012, Windows Server 2012 R2, Windows Server
2016, Office 2010, Project 2010, Visio 2010, Office 2013,
Project 2013, Visio 2013, Office 2016, Project 2016, Visio
2016. Newer version may work as long as the KMS protocol
does not change. A complete list of fully supported products
can be obtained using the <b>-x</b> option of
<b>vlmcs</b>(1).</p>

<p style="margin-left:11%; margin-top: 1em">Office, Project
and Visio must be volume license versions.</p>

<h2>FILES
<a name="FILES"></a>
</h2>



<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd.ini</b>(5)</p>

<h2>EXAMPLES
<a name="EXAMPLES"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd
-De</b></p>

<p style="margin-left:22%;">Starts <b>vlmcsd</b> in
foreground. Useful if you use it for the first time and want
to see what&rsquo;s happening when a client requests
activation.</p>

<p style="margin-left:11%;"><b>vlmcsd -l
/var/log/vlmcsd.log</b></p>

<p style="margin-left:22%;">Starts <b>vlmcsd</b> as a
daemon and logs everything to /var/log/vlmcsd.log.</p>

<p style="margin-left:11%;"><b>vlmcsd -L
192.168.1.17</b></p>

<p style="margin-left:22%;">Starts <b>vlmcsd</b> as a
daemon and listens on IP address 192.168.1.17 only. This is
useful for routers that have a public and a private IP
address to prevent your KMS server from becoming public.</p>

<p style="margin-left:11%;"><b>vlmcsd -s -U /n -l
C:\logs\vlmcsd.log</b></p>

<p style="margin-left:22%;">Installs <b>vlmcsd</b> as a
Windows service with low privileges and logs everything to
C:\logs\vlmcsd.log when the service is started with
&quot;net start vlmcsd&quot;.</p>

<h2>BUGS
<a name="BUGS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">An ePID
specified in an ini file must not contain spaces.</p>

<h2>INTENTIONAL BUGS
<a name="INTENTIONAL BUGS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">vlmcsd
activates non-VL (retail) and beta/preview versions of
Windows. <br>
vlmcsd always reports enough active clients to satisfy the N
count policy of the request.</p>

<h2>AUTHOR
<a name="AUTHOR"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">Written by
crony12, Hotbird64 and vityan666. With contributions from
DougQaid.</p>

<h2>CREDITS
<a name="CREDITS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">Thanks to
CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad,
Ratiborus, ...</p>

<h2>SEE ALSO
<a name="SEE ALSO"></a>
</h2>



<p style="margin-left:11%; margin-top: 1em"><b>vlmcsd.ini</b>(5),
<b>vlmcsd</b>(7), <b>vlmcs</b>(1), <b>vlmcsdmulti</b>(1)</p>
<hr>
</body>
</html>