This error message can be recorded in a variety of situations. The error code specified in the event description may provide additional clues in regards to the nature of the problem:
Error code: 0x800705B4 = Authentication failed
Error code: 0x80072747 = No buffer space available
Error code: 0x8007232A = DNS server failure
Error code: 0x80072338 = DNS signature failed to verify
Error code: 0x80072339 = DNS bad key
See the Implementing KMS Activation for some information on using KMS - TB490214
* * *
From a newsgroup post:
Steps for Configuring KMS Publishing to DNS
- If you are using only one KMS host, you may not need to configure any permission, because the default behavior is to allow a computer to create an SRV record and then update it. However, if you have more than one KMS hosts (the usual case), the others will be unable to update the SRV record unless SRV default permissions are changed.This procedure is an example that has been implemented in the Microsoft environment. It is not the only way to achieve the desired result.Detailed steps for each of the tasks are not provided, because they may differ from one organization to another.
- If you are a domain administrator and want to delegate the ability to carry
out the following steps to others in your organization, optionally create a security group in Active Directory and add the delegates, for example, create a group called Key Management Service Administrators, and then delegate permissions to manage the DNS SRV privileges to this security group. The remainder of this procedure assumes that either a domain administrator or
delegate is performing the steps.
- Create a global security group in Active Directory that will be used for
your KMS hosts, for example, Key Management Service Group.
- Add each of your KMS hosts to this group. They must all be joined to the
Once the first KMS host is created, it should create the SRV record. Add
each KMS host to this security group.
- If the first computer is unable to create the SRV record, it may be because
your organization has changed the default permissions. In this case, you will need to create the SRV record manually with the name _VLMCS._TCP (service name and protocol) for the domain. Set the time-to-live (TTL to 60 minutes).
- Set the permissions for the SRV group to allow updates by members of the
global security group.
To automatically publish KMS in additional DNS domains:
On the KMS host, create the following registry key, using regedit.exe.
Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SLValue Name:
DnsDomainPublishList Type: REG_MULTI_SZValue Data: Enter each DNS Domain
that KMS should publish to on separate lines.
Restart the Software Licensing Service and the records should be created immediately.The application event log will contain a 12294 event for each
successfully published domain and a 12293 event for each unsuccessful domain
For the 12293 event, the failure code can be diagnosed by running the following:slui.exe 0x2a 0x"