VLMCSD.INI(5) KMS Activation Manual VLMCSD.INI(5) NAME vlmcsd.ini - vlmcsd KMS emulator configuration file SYNOPSIS vlmcsd.ini DESCRIPTION vlmcsd.ini (or simply called the "ini file") is a configuration file for vlmcsd(8). By default vlmcsd does not use a configuration file. It is completely optional and for advanced users only. You must use the -i option on the vlmcsd command line to use an ini file. There is no default name or default location for the ini file. Everything, that can be configured in the ini file, may also be speci‐ fied on the command line. Any configuration option specified on the command line takes precedence over the respective configuration line in the ini file. Benefits of a configuration file While you can use the configuration file to simply modify the default behavior of vlmcsd, it can also be used to change the configuration of vlmcsd after you sent a HUP signal(7). Whenever you send SIGHUP, the configuration file will be re-read. Any changes you made to the ini file will be reflected after vlmcsd received the hangup signal. Differences between command line and configuration file If you specify an illegal option or option argument on the command line, vlmcsd displays help and exits. If you specify an incorrect key‐ word or argument in the ini file, vlmcsd displays a warning with some information, ignores the respective line and continues. This is inten‐ tional and prevents vlmcsd from aborting after a SIGHUP if the configu‐ ration was modified incorrectly. SYNTAX vlmcsd.ini is a UTF-8 encoded text file with each line being in the format keyword = argument. The keyword is not case-sensitive. The argu‐ ment is treated literally. It is neither required nor allowed to enclose the argument in any form of quote characters except when quote characters are part of the argument itself. Whitespace characters are ignored only - at the beginning of a line - between the keyword and '=' - between '=' and the argument Lines, that start with '#' or ';' are treated as comments. Empty lines are ignored as well. If a keyword is repeated in another line, vlmcsd will use the argument of the last occurence of the keyword. An excep‐ tion to this is the Listen keyword which can be specified multiple times and causes vlmcsd to listen on more than one IP address and/or port. Some arguments are binary arguments that need to be either TRUE or FALSE. You can use "Yes", "On" or "1" as an alias for TRUE and "No", "Off" or "0" as an alias for FALSE. Binary arguments are case-insensi‐ tive. KEYWORDS The following keywords are defined (not all keywords may be available depending on the operating system and the options used when vlmcsd(8) was compiled): Listen This defines on what combinations of IP addresses and ports vlm‐ csd should listen. Listen can be specified more than once. The argument has the form ipaddress[:port]. If you omit the port, the default port of 1688 is used. If the ipaddress contains colons and a port is used, you must enclose the ipaddress in brackets. The default is to listen to 0.0.0.0:1688 and [::]:1688 which means listen to all IPv4 and all IPv6 addresses. See the -L option in vlmcsd(8) for more info about the syntax. If you use -L or -P on the command line, all Listen keywords in the ini file will be ignored. The Listen keyword cannot be used if vlm‐ csd has been compiled to use Microsoft RPC (Windows and Cygwin only) or simple sockets. Examples: Listen = 192.168.1.123:1688 Listen = 0.0.0.0:1234 Listen = [fe80::1721:12ff:fe81:d36b%eth0]:1688 Port Can only be used if vlmcsd has been compiled to use simple sock‐ ets or on Windows and Cygwin if vlmcsd(8) has been compiled to use Microsoft RPC. Otherwise you must use Listen instead. Causes vlmcsd to listen on that port instead of 1688. FreeBind Can be TRUE or FALSE. If TRUE, you can use the Listen keyword with IP addresses that are currently not defined on your system. vlmcsd(8) will start listening on these IP addresses as soon as they become available. This keyword is only available under Linux and FreeBSD because no other OS currently supports that feature. FreeBSD supports this only for IPv4 and requires the PRIV_NETINET_BINDANY privilege which is normally assigned to proccesses of the root user. PublicIPProtectionLevel Set the level of protection against KMS activations from public IP addresses. 0 = No protection (default) 1 = Listen on private IP addresses only (plus those specified by one or more Listen statements) 2 = Disconnect clients with public IP addresses without activat‐ ing 3 = Combines 1 and 2 For details on public IP protection levels see vlmcsd(8) command line option -o. UseNDR64 Can be TRUE or FALSE. Specifies whether you want to use the NDR64 transfer syntax. See options -n0 and -n1 in vlmcsd(8). The default is TRUE. UseBTFN Can be TRUE or FALSE. Specifies whether you want to use bind time feature negotiation in RPC. See options -b0 and -b1 in vlm‐ csd(8). The default is TRUE. RandomizationLevel The argument must 0, 1 or 2. This specifies the ePID randomiza‐ tion level. See options -r0, -r1 and -r2 in vlmcsd(8). The default randomization level is 1. LCID Use a specific culture id (LCID) even if the ePID is randomized. The argument must be a number between 1 and 32767. While any number in that range is valid, you should use an offcial LCID. A list of assigned LCIDs can be found at http://msdn.micro‐ soft.com/en-us/goglobal/bb964664.aspx. On the command line you control this setting with option -C. MaxWorkers The argument specifies the maximum number of worker processes or threads that will be used to serve activation requests concur‐ rently. This is the same as specifying -m on the command line. Minimum is 1. The maximum is platform specific and is at least 32767 but is likely to be greater on most systems. The default is no limit. ConnectionTimeout Used to control when the vlmcsd disconnects idle TPC connec‐ tions. The default is 30 seconds. This is the same setting as -t on the command line. DisconnectClientsImmediately Set this to TRUE to disconnect a client after it got an activa‐ tion response regardless whether a timeout has occured or not. The default is FALSE. Setting this to TRUE is non-standard behavior. Use only if you are experiencing DoS or DDoS attacks. On the command line you control this behavior with options -d and -k. PidFile Write a pid file. The argument is the full pathname of a pid file. The pid file contains is single line containing the process id of the vlmcsd process. It can be used to stop (SIGTERM) or restart (SIGHUP) vlmcsd. This directive can be overriden using -p on the command line. LogFile Write a log file. The argument is the full pathname of a log file. On a unixoid OS and with Cygwin you can use the special filename 'syslog' to log to the syslog facility. This is the same as specifying -l on the command line. LogDateAndTime Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log‐ ging output does not include date and time. This is useful if you log to stdout(3) which is redirected to another logging mechanism that already includes date and time in its output, for instance systemd-journald(8). If you log to syslog(3), LogDate‐ AndTime is ignored and date and time will never be included in the output sent to syslog(3). Using the command line you control this setting with options -T0 and -T1. LogVerbose Set this to either TRUE or FALSE. The default is FALSE. If set to TRUE, more details of each activation will be logged. You use -v and -q in the command line to control this setting. LogVer‐ bose has an effect only if you specify a log file or redirect logging to stdout(3). ActivationInterval This is the same as specifying -A on the command line. See vlm‐ csd(8) for details. The default is 2 hours. Example: Activation‐ Interval = 1h RenewalInterval This is the same as specifying -R on the command line. See vlm‐ csd(8) for details. The default is 7 days. Example: RenewalIn‐ terval = 3d. Please note that the KMS client decides itself when to renew activation. Even though vlmcsd sends the renewal inter‐ val you specify, it is no more than some kind of recommendation to the client. Older KMS clients did follow the recommendation from a KMS server or emulator. Newer clients do not. User Run vlmcsd as another, preferrably less privileged, user. The argument can be a user name or a numeric user id. You must have the required privileges (capabilities on Linux) to change the security context of a process without providing any credentials (a password in most cases). On most unixoid OSses 'root' is the only user who has these privileges in the default configuration. This setting is not available in the native Windows version of vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on the fly by sending SIGHUP to vlmcsd. Group Run vlmcsd as another, preferrably less privileged, group. The argument can be a group name or a numeric group id. You must have the required privileges (capabilities on Linux) to change the security context of a process without providing any creden‐ tials (a password in most cases). On most unixoid OSses 'root' is the only user who has these privileges in the default config‐ uration. This setting is not available in the native Windows version of vlmcsd. See -g in vlmcsd(8). This setting cannot be changed on the fly by sending SIGHUP to vlmcsd. SPECIAL KEYWORDS Any valid GUID is being treated as a special keyword in the ini file. It is used to select a specfic ePID and HwId for an application GUID. The argument has the form ePID [ / HwId ]. KMS currently knows only 3 application GUIDs: 55c92734-d682-4d71-983e-d6ec3f16059f (Windows) 59a52881-a989-479d-af46-f275c6370663 (Office 2010) 0ff1ce15-a989-479d-af46-f275c6370663 (Office 2013) To use specific ePIDs for Windows, Office 2010 and Office 2013/2016 you could add the following lines to vlmcsd.ini: 55c92734-d682-4d71-983e-d6ec3f16059f = 55041-00206-184-207146-03-1062-6002.0000-3322013 59a52881-a989-479d-af46-f275c6370663 = 55041-00096-216-598637-03-17418-6002.0000-3312013 0ff1ce15-a989-479d-af46-f275c6370663 = 55041-00206-234-742099-03-9217-6002.0000-2942013 The ePID is currently a comment only. You can specify any string up to 63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs that were used in KMSv5 versions of the "ratiborus virtual machine". Microsoft has given up on blacklisting when KMS emulators appeared in the wild. Even if you can use "Activated by cool hacker guys" as an ePID, you may wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't know how these "valid" ePIDs look like exactly, do not use GUIDS in vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid ePIDs. If you use non-ASCII characters in your ePID (you shouldn't do anyway), these must be in UTF-8 format. This is especially important when you run vlmcsd on Windows or cygwin because UTF-8 is not the default encod‐ ing for most editors. If you are specifying an optional HWID it follows the same syntax as in the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in quotes even if it contains spaces. FILES vlmcsd.ini(5) AUTHOR vlmcsd(8) was written by crony12, Hotbird64 and vityan666. With contri‐ butions from DougQaid. CREDITS Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati‐ borus, ... SEE ALSO vlmcsd(8), vlmcsd(7), vlmcs(1), vlmcsdmulti(1) Hotbird64 July 2016 VLMCSD.INI(5)