Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

When setting up a KMS host you may receive the following Event ID in the application event log on the KMS host.

Source:  Security-SPP
Event ID:  12293
Publishing the Key Managment Service (KMS) to DNS in the 'contoso.com' domain failed.
Info:  0x80072338

0x80072338: DNS_ERROR RCODE_BADSIG
DNS signature failed to verify.

Symptoms

This error can occur if the KMS host does not have permissions to edit the existing _VLMCS SRV record in DNS. 

Cause

Use the following steps to change the permissions to allow the new KMS host to update the record.  

  1. In DNS goto Forward Lookup Zones\Contoso.com\_tcp.

  2. Locate the _VLMCS record

  3. Right click, choose properties

  4. On security tab add the new KMS host computer name with Full Control

  5. Restart sppssvc or slsvc service on KMS host

Note:  These are instructions specific to Microsoft DNS server.  If you are using a 3rd party DNS server please consult your documentation for how to change permissions. 

 

Resolution

SRV records in DNS use the record name as the ID for all records of that type. The first KMS host to create a record named VLMCS.TCP becomes the Creator/Owner of SRV records with that name. Other KMS cannot publish SRV records in that zone with that name until given permission to do so.

The _VLMCS SRV record can be thought as an array with single name.  In a default DDNS configuration, any machine can create a unique SRV record.  Once a _VLMCS record exists, no other computer has the rights to change that record.  The 2nd and later KMS hosts create the SRV records with the same name.  The SRV record design allows a DNS admin to explicitly and simply control which machines are allowed to advertise services in the DNS zone. 

When publishing to DNS is successful the KMS host will log a Event ID 12294 in the application event log.

More Information

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×