I'm tasked with setting up a Windows 2019 AD environment (new domain) from scratch.
Normally we obtain our server licenses/activation from the company KMS system and we need to do that in this case as well.
Normally I would just install the Windows server without a license. Configure the KMS and get the license/activation working, before I add the AD roles...
But: In this case the new domain is behind a firewall and has no normal connection to the company network.
Due to an administrative oversight the firewall rules to allow access to the KMS were not requested in time.
There is a lengthy approval process (lots of red tape)
and I will not have KMS access for the new servers until a few days, possibly weeks AFTER the installation date for the DC, but we really need to get that domain operational ASAP.
I'm hoping I can configure KMS on the Server 2019 (without having actual activation because KMS is not responding) and then can just continue with the domain setup and it will pick up the activation later.
I know that a DC setup with an evaluation license can't be upgraded to proper license, unless you first move the AD roles to another server and reduce this DC to a normal server. Then you can re-license it.
I guess the real question is if a KMS setup with unreachable KMS server is treated as an evaluation installation or not.
For the new domain we need 2 DC's anyway. So I can always postpone adding the 2nd DC until AFTER we have the KMS and then re-license the 1st DC.
But it would require some extra work and another travel to go on-site (no remote access), which I would like to avoid.
Does anyone have any experience with this ?
You have the 180 day evaluation period. It's a full featured server during that time. So assuming you can get the license within the window, it should be an issue. I wouldn't setup KMS until the firewall rules are in place. The evaluation version doesn't know how you are going to apply your license.
The one caveat is that you have to use the right media for the evaluation with the type of key you plan to get. See this thread:
https://docs.microsoft.com/en-us/answers/questions/58587/windows-server-2019-activation-from-evaluation.html
If you scroll down about a third of the way down, there is an answer by Ryan that may be what you need so that you can still install your key without worrying about firewall issues.
Self-answer as I have now been able to empirically test this.
I installed a fresh Server 2019 using a VLK image (Latest Server 2019 ISO with integrated updates) from my VisualStudio subscription in VirtualBox.
After base installation I added the KMS server ip-address using SLMGR.VBS
I intentionally used the ip-address for another server which isn't a KMS server.
Server was obviously not able to Activate the license.
Then installed the DNS and AD role and went through the basis Forest configuration. Rebooted. Did some basic AD config like adding a few users and changing group-policy. Rebooted a couple of times. Domain worked as expected.
I then put in the correct KMS address and ran "slmgr /ato". Activated without any problems.
So apparently a KMS prepared setup is more forgiving about Activation afterwards than an Evaluation license installation.
EDIT Meanwhile also done the whole process "for real". No issues with KMS activation happening several weeks after servers were taking into production.
You can install Windows using a KMS key (which is the default for volume-licensed media) without actually having a KMS server in place; the system will complain about activation, but will be fully functional for 30 days.
When the KMS server becomes available, activation will "just work"; there will be no need to change/upgrade/reinstall anything.