Event ID 12293: 0x80072338 error registering KMS host in DNS

Article ID: 2553863 - View products that this article applies to.
Expand all | Collapse all

Symptoms

When setting up a KMS host you may receive the following Event ID in the application event log on the KMS host.

Source:  Security-SPP
Event ID:  12293
Publishing the Key Managment Service (KMS) to DNS in the 'contoso.com' domain failed.
Info:  0x80072338

0x80072338: DNS_ERROR RCODE_BADSIG
DNS signature failed to verify.

Cause

This error can occur if the KMS host does not have permissions to edit the existing _VLMCS SRV record in DNS. 

Resolution

Use the following steps to change the permissions to allow the new KMS host to update the record.  

  1. In DNS goto Forward Lookup Zones\Contoso.com\_tcp. 
  2. Locate the _VLMCS record
  3. Right click, choose properties
  4. On security tab add the new KMS host computer name with Full Control
  5. Restart sppssvc or slsvc service on KMS host

Note:  These are instructions specific to Microsoft DNS server.  If you are using a 3rd party DNS server please consult your documentation for how to change permissions. 

 

More Information

SRV records in DNS use the record name as the ID for all records of that type. The first KMS host to create a record named VLMCS.TCP becomes the Creator/Owner of SRV records with that name. Other KMS cannot publish SRV records in that zone with that name until given permission to do so.

The _VLMCS SRV record can be thought as an array with single name.  In a default DDNS configuration, any machine can create a unique SRV record.  Once a _VLMCS record exists, no other computer has the rights to change that record.  The 2nd and later KMS hosts create the SRV records with the same name.  The SRV record design allows a DNS admin to explicitly and simply control which machines are allowed to advertise services in the DNS zone. 

When publishing to DNS is successful the KMS host will log a Event ID 12294 in the application event log.

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2553863 - Last Review: December 15, 2011 - Revision: 8.0
APPLIES TO
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
Keywords: 
KB2553863

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com