Hi, this article will be more like a review on what consideration that need to be include in planning especially on some service in azure that somehow need some connection to azure backend service .
As for this case, quick background is this all traffic is redirected to Azure Firewall as an outbound , after few month of running turn out the windows vm status show not activated on the desktop .
A quick check to rectify the issue is by running psping against Azure KMS ip or fqdn.
or ping the ip is the DNS cannot be resolve - 23.102.135.246 with the same port 1688
or issue a Test-NetConnection kms.core.windows.net -Port 1688 on powershell
As for these case, i did a firewall rule under network rule to allow this subnet to those IP. Here is the result after rule has been applied .
The connection is successful now and one last step to instruct windows to activate via this command
"1..12 | ForEach-Object { Invoke-Expression "$env:windir\system32\cscript.exe $env:windir\system32\slmgr.vbs /ato" ; start-sleep 5 }"
So this give a a thought how the infrastructure should be design in proper manner in which ever public cloud service. If this kind of blocking is happening without proper plan it will block more feature to be able to use like having log analytic for metric and maybe azure update management for tracking and perform update.
As for now, few scenario relate to this windows is not activated can be happen due few reason
1. VM is behind Standard Private load balancer with is secured by default
2. Outbound traffic is via Azure Firewall or NVA but the necessary or i will say crucial is not implemented.
Latest update from microsoft "The first DNS name of the KMS server for the Azure Global cloud is azkms.core.windows.net with two IP addresses: 20.118.99.224 and 40.83.235.53. The second DNS name of the KMS server for the Azure Global cloud is kms.core.windows.net with an IP address of 23.102.135.246"
More details solution can be found here at Microsoft document and few other
2. Azure Windows Server license not activated - Stack Overflow
That is all for now have nice day ahead and stay safe
