Hi there...still relatively new to CSP. I thought I had this figured out, but I'm still seeing CSP block Windows KMS product activation. Event Viewer isn't logging anything as blocked though.
Originally, I thought it was a port block. So I added our KMS server port (1688) to our Prevention Policy under Kernel_PS > Advanced> Network Controls > Outbound. I pushed the policy out and most of the servers can activate, and I can drop to an admin console and run commands like slmgr.vbs -dlv and slmgr.vbs -ato
However we have about 20 servers that are still not able to activate against the KMS. When I run slmgr /dlv, I get:
"On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x46' to display the error text. Error: 0x46"
or
"On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80041013' to display the error text. Error: 0x80041013"
If I try to run slui.exe to get the error, it never opens. WScript.exe and slui.exe are assigned to svc_safepriv_ps
As soon as I disable CSP, I can run these commands and Windows activates without issue.
Any ideas? When Windows goes unactivated, I can't run SCCM or perform Windows Updates.
Thanks!
Max