If you wish to create a multi-tree forest domain setup, and the root authority pays for the licenses, you only need 1 KMS server for the forest. But the DNS service entry for KMS doesn’t replicate through the forest DSN tables by default. To change this, make a registry change as follows (this assumes you have KMS installed, activated, firewall and root DNS verified):
- Navigate to HKLM\Software\Microsoft\Windows NT\Current Version\SoftwareProtectionPlatform
- Create a new multi-value subkey called “DnsDomainPublishList”
- Enter each desired domain name on a separate line (no commas, colons, semi-colons)
- Add Public and Private network group rules to firewall for KMS service, same as extant Domain group rule
- Restart the KMS service
- Reload each child domain DNS and verify the new ‘_tcp’ entry for the VLMCS record.