Wednesday, 04 December 2019 21:04

An alternative ESU MAK Activation Solution

Written by
Rate this item
(14 votes)


This blog post was shared with me by a colleague of mine, Daniel Dorner, a Microsoft Premier Field Engineer. It’s a really an interesting one because it highlights the creativity of my colleagues - a very, very broad range of personalities that have one thing in common: an absolute dedication to customer's success.

Today is December 4th, 2019, and with 40 calendar days away from the Windows 7 End of Support (EOS) deadline, some organizations are unable to complete the transition from Windows 7 Pro or Enterprise to Windows 10 - or from Windows Server 2008 and 2008 R2 Datacenter, Enterprise, or Standard to the latest version of Windows Server - on time. Microsoft gives these enterprises the option to ensure that these devices running these select editions and versions continue to receive security updates while they complete their Windows upgrade projects.

Microsoft's blog post goes into great detail how volume license customers can purchase, install, and deploy Extended Security Updates for eligible Windows 7, Windows Server 2008, and Windows Server 2008R2 devices to ensure those devices stay protected after January 14, 2020.

Based on interactions with customer's we are seeing certain challenges that may arise when attempting to perform bulk activations on systems (especially those that are completely isolated from any larger network), including:

  • Unlike KMS, the client can’t just acquire the key from the server. It needs to be proactively pushed to the client. Clients that are rarely used, might “miss” the installation or activation of the key.
  • VAMT requires the input of administrative credentials to connect to the clients
  • Firewall rules need to be in place: this may require a lot of time to implement in complex environments
  • Clients can’t connect to the Internet or the VAMT host because of security reasons. They can communicate via a few well known ports (e.g. 80/443) only
  • Offline activation of thousands of stand-alone clients is very time consuming
  • Multiple VAMT hosts need to be set up in a multi-forest environment

To overcome these challenges, Daniel has developed a solution named ActivationWs. ActivationWs provides customers with a “pull-based” activation solution. It eliminates the pre-requisites that VAMT brings along and reduces obstacles our customers could face in the product key activation process. ActivationWs can also be used to support customers in offline based scenarios and this in turn reduces the total activation time by at least 50% .

So how exactly does ActivationWS work and how does it benefit the customers?

  1. The customer deploys the Powershell script to the clients (e.g. using ConfigMgr)
  2. The script installs the ESU MAK key, queries the Installation ID and Product ID and sends a SOAP request to the ActivationWS web service (e.g. over port 80/443)
    *the ActivationWS web service is installed on the customers’ host (.Net 4.5 application pool) and requires internet connectivity. Windows 7 clients do not need to be connected to the internet
  3. Installation- and Product IDs are sent to the Microsoft BatchActivation Service
  4. Confirmation ID is returned to the customers´ web service, which will then return the Confirmation ID to the client
  5. The script deposits the Confirmation ID

Sample code is available on GitHub. Please share your experiences, should you use this solution in your environment.

Happy ESU deploying!

Disclaimer: This sample code is provided as is with no guarantee or waranty concerning the usability or impact on systems and may be used, distributed, and modified in any way provided the parties agree and acknowledge the Microsoft or Microsoft Partners have neither accountabilty or responsibility for results produced by use of this solution. Microsoft will not provide any support through any means.

Read 29263 times Last modified on Thursday, 05 December 2019 06:29

Recent Posts

  • Windows 10 21H2 Built-In Apps: What to Keep
    The development of the Windows 10, version 21H2 is finished and the update will soon be available for download from…
    Written on Wednesday, 20 October 2021 11:41
  • Group Policy Changes in Windows 10 21H2
    As Windows 10, version 21H2 update development winds down, Microsoft is now preparing for the final release of the Windows…
    Written on Wednesday, 20 October 2021 07:20
  • Group Policy Changes in Windows 10 20H1 Preview
    As Windows 10 Vibranium Update (20H1) development winds down, Microsoft is now beginning the phase of checking in the final…
    Written on Tuesday, 14 January 2020 04:51
  • An alternative ESU MAK Activation Solution
    This blog post was shared with me by a colleague of mine, Daniel Dorner, a Microsoft Premier Field Engineer. It’s…
    Written on Wednesday, 04 December 2019 21:04
  • The Case of Missing UE-V Templates
    My customers often deal with unexpected Windows behavior and this case is no different. This particular one is especially interesting…
    Written on Tuesday, 03 September 2019 12:20
  • The Case of Changing Default Printer
    While I sometimes long for the day when I no longer have to deal with unexpected Windows 10 behavior, there’s…
    Written on Wednesday, 14 August 2019 20:36