On 2021-01-21 Scott Toderash wrote:

I used virt-p2v to create a Windows instance of a fresh install. I had just bought a new machine and thought I would be clever if I did this before wiping it and installing Ubuntu. It mostly worked. I actually wrote down what happened and here's the weird story. Licensing is stupid. When I was done, it told me I needed to activate but then it complained and said I had the wrong license type for a VM. I forget the wording of that though.

Also though, afaik you can run without activating indefinitely.

So you got it virt'ed but you never got it back into a "properly activated" state?

The p2v option is certainly good to know.

Again, not a lawyer, so that is NOT legal advice. But the information is out there should anyone wish to make an informed decision.

On 2021-01-22 7:21 a.m., Scott Toderash wrote:

Yes. I'm still thinking about the activation state before converting. I wiped the machine after, so I can't verify. I don't recall seeing any request for me to activate while it was on the original hardware, only after virtualization.

Exactly.

Still, if you pass the hardware bits required to the VM, it would activate. And,  as long as that is your sole Windows VM running on that host, you should be fine.

So technically it worked, but eventually I'll be punished for not activating Windows. If I acquire the right kind of key I can fix that though.

Again, if you have a licence (be it OEM or Retail) for the original hardware, and as long as you have a licence for each instance of Windows you are running, you're fine.

===

https://www.microsoft.com/OEM/en/Pages/support-faq.aspx#fbid=u11sV_78rNg

*Q.* Can I install OEM software on a virtual machine (VMware)?

*A.* You can install OEM software in a virtual environment as long as you have a separate license for each instance of the software. It is fine to use the OEM version as long as it is properly licensed. To be clear, a separate version of the software must be installed for both the “standard” and “virtual” installations.

===

Thus, if you're using FOSS to virtualize, you don't need a licence for that (!). But you do need a licence for the VM, which you're passing through from the hardware bits in my example.

Let's say you're running Windows on a machine. But now you embraced the Penguins.

So you p2v your current install, install Linux, KVM the old install. Boot it up. No activation.

Two options:

1) Use your key (Retail or OEM) to activate. You may have to call Microsoft. If you go back to bare metal, you will have to do it all over again.

1a) "But I don't have my OEM key, there's only a fancy sticker saying Windows!"... yes, you do. It's somewhere(tm). Again, passing the bits is more practical, but there are ways to get there if you would rather not bother. And no, it's nothing "illegal". I am *NOT* talking about Piracy *AT ALL*, let's make this absolutely clear.

2) Pass the bits as I described. No need to call. If you ever decide to go back to Windows, you are fine too.

Trevor, if WINE does not work, get a single Retail licence and activate the VM on one of the machines. Then, try to jump it around and see if it keeps the activation. As long as xml files - or whatever VirtualBox uses - are one and the same, it *should* keep the activation.

Keep me posted on this, it does pique my interest :)

Kind regards, Alberto Abrao

Oops! Brain tired. Should read "If the two Linux hosts have the same CPUs (manufacturer and gen) you should have no problem".

On Thu, Jan 21, 2021 at 8:42 AM Kevin McGregor kevin.a.mcgregor@gmail.com wrote:

Yes, this will work fine.

I'm assuming you will create a Windows VM on one Linux box (KVM, VirtualBox, VMware, whatever), then install Windows 10 into that VM. When Windows is installed and boots, it will get activated *in that VM image*, which is 100% supported by Microsoft. Don't p2v. If this VM is stored on a removable media, you would just shut down the VM, unplug the media, move it physically to a different Linux host, plug it in, then boot the VM.

Windows will still think it's running on the same VM, *because it is*, and thus not need reactivation.

If the two Linux hosts have different CPUs (keep the same manufacturer and gen) you should have no problem. Everything else about the VM is encapsulated - BIOS version, motherboard, devices, etc. The versions of the virtualisation software should be the same or as similar as possible. Obviously don't try to boot a VM on VirtualBox on one host and KVM on another host.

On Thu, Jan 21, 2021 at 2:55 AM Trevor Cordes trevor@tecnopolis.ca wrote:

...

Is it possible to run a virtual Windows (10) on a Linux host running something like virtualbox? It has to be normal Win 10 Home or Pro though, no corporate licensing.

I ask because I'm unsure how Windows activation (cursed be!) handles that situation. I'd like to be able to run the same host image on 2 different boxes (but not at the same time) and not have it moan about activation. So I guess the question is more this: does the VM hide/abstract the hardware enough from Windows to have it think it hasn't changed boxes?

(The idea is a portable drive with the VM on it would travel between 2 locations which are never used simultaneously. Each location would have an identical Linux box. Don't ask why; suffice it to say that speed is paramount and cloud or net access or remote access won't cut it. Lugging the entire box is not an option. Laptop is a very sub-par option.)

Thanks! _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable

On 2021-01-21 10:03 p.m., Trevor Cordes wrote:

On 2021-01-21 Kevin McGregor wrote:

...

Oops! Brain tired. Should read "If the two Linux hosts have the same CPUs (manufacturer and gen) you should have no problem".

Yes, in this case the physical hardware would be identical.

Means nothing. There's still the GUID of the mainboard, which is very much different even when everything else is the same.

However, there is conflict between Alberto's & Kevin's answers... has anyone actually tried it?

I do have experience with Windows and its activation perks... mostly for the consumer version, which incidentally is what you want.

And for sure you weren't using a corporate Windows license key? (And not a Server version either.) I recall hearing something like Alberto said re: non-corporate Windows detecting it was in a VM and complaining.

I am less concerned about the "being on a VM" and more about "making sure you have a reliable anchor for it". It would not matter for a sitting duck, but you want to dance around with it. I am reasonably sure that you don't want to be typing lengthy codes on your phone when calling the Microsoft Activation Hotline. (Thank you for calling Microsoft! Which product would you like to activate? Please say Windows, Office, ... ugh).

Even then, we want to abide to Microsoft's terms.

And here (https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_W...) we find:

*b.**Device.* In this agreement, “device” means a hardware system (whether physical or virtual) with an internal storage device capable of running the software. A hardware partition or blade is considered to be a device.

(iv) *Use in a virtualized environment*. This license allows you to install only one instance of the software for use on one device, whether that device is physical or virtual. If you want to use the software on more than one virtual device, you must obtain a separate license for each instance.

Keep in mind I am not a lawyer (really? lol). Now, as with everything Microsoft licensing, this is ambiguous enough to have you thread the grey area if you have a single licence for the dancing VM, as it states a device meaning a *hardware *system, physical or virtual. It does mention "one virtual device", and we can argue that we are talking about a single virtual environment , even though it sometimes travels between different hosts. Now, we are talking about consumer, retail versions here, so I may not be grasping at straws when I point this. That said, keep in mind that I am not a lawyer (you don't say? :D), so my opinion is worth...yeah. That said, stay with me.

Even assuming that would be perfectly legit, you still have the problem of keeping the activation when changing hardware. The virtual environment may be abstract enough that it does not detect enough of a change and just pretends nothing ever happened. Or it does smell a rat and asks for activation. Well, please see above if that happens. In this case, if our assumption is right, it would be OK for licensing, but not nice at all to administrate.

I guess the big part of the question is, if Windows doesn't have a blanket anti-VM block in it, how much of the host hw id info really does "seep" into to guest...

As much as you let in, for KVM at least.

The problem here that testing it might "waste" a paid Windows license. Even if we bought 2 licenses and activated twice, I'm not convinced the activation code won't get angry at going back and forth between the 2 boxes.

It will not, because the code goes to Microsoft only once. When you pass the tables like I described on my previous email, it results in a hash that Windows is able to pass onto the activation servers.

- Hardware hash is passed to Microsoft activation servers. - If there is no key tied to it, it reports "not activated". Boo. Gimme key! - You have the key in. Let's say, Pro version. - Key is now tied to the hash. - You're activated!

So now you nuke it from orbit and start fresh. Same process happen again, but this time:

- Hardware hash is passed to Microsoft activation servers. - Uncle Bill says: "oh, I remember you! You have a licence here, but let's talk first: what are you, really?" - "I am a Pro, dude, but I have no l33t codes on me, sry" - "Just as I remembered. Sweet! I remember your l33t codes from times gone by, no need to bore me again. Here, a cookie. Off you go." - Activated!

And that alone is *enough*. With that, it quickly finds out if you're activated or not, and off it goes. No key, no rearm, nothing. You will *never* be prompted for a key if there is a valid licence tied to your hardware's hash, thus, by passing the SLIC bits to the VM, and that physical hardware having a good valid Windows 10 licence previously activated with Microsoft, it will just take care of itself. Done. You will never type a key for that hardware ever again, assuming you 1) never phone-activate the key on another device, thus revoking the authorization for the one to which it is tied (true for RETAIL versions, keep that in mind, as OEM licences are not able to be revoked in this manner, at least theoretically); and 2) use the same version of Windows (e.g. Windows 10 Pro key = Windows 10 Pro install. Home = Home. You get the idea).

That also means that both machines would have a Windows licence *tied to their hardware*, which could be used even after the VM setup is no longer warranted, either for another VM, or for a bare metal install should it ever be repurposed as a beefy workstation, for example.

Now, it remains to be seen if that's feasible using VirtualBox. As I said, one is able to do that with KVM.

Man, do I hate Windows and non-FLOSS. Maybe I need to see if my customer could instead forget Windows and make everything work in WINE...

As you mentioned WINE, I suggest you investigate that and see if he is happy. If that is not an option, let me know and we can research something that is sure to steer your client far away from uncle Bill's fury.

Kind regards, Alberto Abrao

What John said.

The rest of you are making this way too complicated. The physical hardware beyond the CPU capabilities does not "seep" into a VM. The motherboard (chipset and everything else) is fully virtual and moves with the VM. As an aside, on VMware ESX you can specify a "maximum" CPU generation such that e.g. any Intel CPU newer than Nehalem looks exactly like a Nehalem. Good for multiple generations of blades in a server farm; with this enabled you can live-migrate from any blade to any other blade all you want.

Just don't P2V. Ever.

I've moved VMs from host to host many times and *never* had a licensing problem.

There are no "VM-unfriendly" versions of Windows licenses. They can all be virtualized equally. You need one license per "machine", whether that machine is physical or virtual. Moving the VM around changes nothing.

On Fri, Jan 22, 2021 at 12:37 AM John Lange john@johnlange.ca wrote:

I'll offer up my non-expert opinion and say that you will be fine with a single VM on removable media running Windows10 regardless of which machine you fire it up on. My reasoning is straight forward; it is very much common practice to have virtual environments with many physical hosts and to move VMs between hosts on a regular basis. Granted that is a more complex environment that just removable media but the concept is the same. Moving VMs between physical hosts is afterall one of the whole points of virtualizing so if Windows10 stopped working everytime you did that what would be the point?

As far as testing goes, I have in the past had Windows VMs on a Linux workstation and when I upgraded to a newer system I just copied the VMs over and fired them up on the new machine, no problem. (this was Windows7, but I expect W10 would be the same).

However, the one thing that I don't believe will work is to P2V a workstation that was purchased with Windows10 already on it. That version of Windows is OEM licensing and I believe it still has very specific terms that the license lives and dies on the original hardware only. I'm sure you can P2V it and it will run, but it may complain? That being said I'm sure there is a way to re-activate it by buying the proper Windows10 license.

John

On Thu, Jan 21, 2021 at 11:28 PM Alberto Abrao alberto@abrao.net wrote:

...

On 2021-01-21 10:03 p.m., Trevor Cordes wrote:

On 2021-01-21 Kevin McGregor wrote:

Oops! Brain tired. Should read "If the two Linux hosts have the same CPUs (manufacturer and gen) you should have no problem".

Yes, in this case the physical hardware would be identical.

Means nothing. There's still the GUID of the mainboard, which is very much different even when everything else is the same.

However, there is conflict between Alberto's & Kevin's answers... has anyone actually tried it?

I do have experience with Windows and its activation perks... mostly for the consumer version, which incidentally is what you want.

And for sure you weren't using a corporate Windows license key? (And not a Server version either.) I recall hearing something like Alberto said re: non-corporate Windows detecting it was in a VM and complaining.

I am less concerned about the "being on a VM" and more about "making sure you have a reliable anchor for it". It would not matter for a sitting duck, but you want to dance around with it. I am reasonably sure that you don't want to be typing lengthy codes on your phone when calling the Microsoft Activation Hotline. (Thank you for calling Microsoft! Which product would you like to activate? Please say Windows, Office, ... ugh).

Even then, we want to abide to Microsoft's terms.

And here ( https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_W...) we find:

*b.* *Device.* In this agreement, “device” means a hardware system (whether physical or virtual) with an internal storage device capable of running the software. A hardware partition or blade is considered to be a device.

(iv) *Use in a virtualized environment*. This license allows you to install only one instance of the software for use on one device, whether that device is physical or virtual. If you want to use the software on more than one virtual device, you must obtain a separate license for each instance.

Keep in mind I am not a lawyer (really? lol). Now, as with everything Microsoft licensing, this is ambiguous enough to have you thread the grey area if you have a single licence for the dancing VM, as it states a device meaning a *hardware *system, physical or virtual. It does mention "one virtual device", and we can argue that we are talking about a single virtual environment , even though it sometimes travels between different hosts. Now, we are talking about consumer, retail versions here, so I may not be grasping at straws when I point this. That said, keep in mind that I am not a lawyer (you don't say? :D), so my opinion is worth...yeah. That said, stay with me.

Even assuming that would be perfectly legit, you still have the problem of keeping the activation when changing hardware. The virtual environment may be abstract enough that it does not detect enough of a change and just pretends nothing ever happened. Or it does smell a rat and asks for activation. Well, please see above if that happens. In this case, if our assumption is right, it would be OK for licensing, but not nice at all to administrate.

I guess the big part of the question is, if Windows doesn't have a blanket anti-VM block in it, how much of the host hw id info really does "seep" into to guest...

As much as you let in, for KVM at least.

The problem here that testing it might "waste" a paid Windows license. Even if we bought 2 licenses and activated twice, I'm not convinced the activation code won't get angry at going back and forth between the 2 boxes.

It will not, because the code goes to Microsoft only once. When you pass the tables like I described on my previous email, it results in a hash that Windows is able to pass onto the activation servers.

• Hardware hash is passed to Microsoft activation servers.
• If there is no key tied to it, it reports "not activated". Boo. Gimme

key!

• You have the key in. Let's say, Pro version.
• Key is now tied to the hash.
• You're activated!

So now you nuke it from orbit and start fresh. Same process happen again, but this time:

• Hardware hash is passed to Microsoft activation servers.
• Uncle Bill says: "oh, I remember you! You have a licence here, but

let's talk first: what are you, really?"

• "I am a Pro, dude, but I have no l33t codes on me, sry"
• "Just as I remembered. Sweet! I remember your l33t codes from times

gone by, no need to bore me again. Here, a cookie. Off you go."

• Activated!

And that alone is *enough*. With that, it quickly finds out if you're activated or not, and off it goes. No key, no rearm, nothing. You will *never* be prompted for a key if there is a valid licence tied to your hardware's hash, thus, by passing the SLIC bits to the VM, and that physical hardware having a good valid Windows 10 licence previously activated with Microsoft, it will just take care of itself. Done. You will never type a key for that hardware ever again, assuming you 1) never phone-activate the key on another device, thus revoking the authorization for the one to which it is tied (true for RETAIL versions, keep that in mind, as OEM licences are not able to be revoked in this manner, at least theoretically); and 2) use the same version of Windows (e.g. Windows 10 Pro key = Windows 10 Pro install. Home = Home. You get the idea).

That also means that both machines would have a Windows licence *tied to their hardware*, which could be used even after the VM setup is no longer warranted, either for another VM, or for a bare metal install should it ever be repurposed as a beefy workstation, for example.

Now, it remains to be seen if that's feasible using VirtualBox. As I said, one is able to do that with KVM.

Man, do I hate Windows and non-FLOSS. Maybe I need to see if my customer could instead forget Windows and make everything work in WINE...

As you mentioned WINE, I suggest you investigate that and see if he is happy. If that is not an option, let me know and we can research something that is sure to steer your client far away from uncle Bill's fury.

Kind regards, Alberto Abrao _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable

-- John Lange

---

Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable

I don’t think Trevor was considering a P2V, which means most of the foregoing discussion is moot.

Trevor, go ahead. It’ll work fine. 😀

On Fri, Jan 22, 2021 at 08:57 Alberto Abrao alberto@abrao.net wrote:

On 2021-01-22 8:28 a.m., Kevin McGregor wrote:

What John said.

The rest of you are making this way too complicated. The physical hardware beyond the CPU capabilities does not "seep" into a VM. The motherboard (chipset and everything else) is fully virtual and moves with the VM. As an aside, on VMware ESX you can specify a "maximum" CPU generation such that e.g. any Intel CPU newer than Nehalem looks exactly like a Nehalem. Good for multiple generations of blades in a server farm; with this enabled you can live-migrate from any blade to any other blade all you want.

KVM does the same. And yes, come to think of it, that would pretty much eliminate the activation re-trigger. Good point.

Just don't P2V. Ever.

I've moved VMs from host to host many times and *never* had a licensing problem.There are no "VM-unfriendly" versions of Windows licenses. They can all be virtualized equally. You need one license per "machine", whether that machine is physical or virtual. Moving the VM around changes nothing.

All of the above is true - except for P2V'ing - and even for OEM licenses.

(and yes, we are making it complicated, lol)

On Fri, Jan 22, 2021 at 12:37 AM John Lange john@johnlange.ca wrote:

...

I'll offer up my non-expert opinion and say that you will be fine with a single VM on removable media running Windows10 regardless of which machine you fire it up on. My reasoning is straight forward; it is very much common practice to have virtual environments with many physical hosts and to move VMs between hosts on a regular basis. Granted that is a more complex environment that just removable media but the concept is the same. Moving VMs between physical hosts is afterall one of the whole points of virtualizing so if Windows10 stopped working everytime you did that what would be the point?

As far as testing goes, I have in the past had Windows VMs on a Linux workstation and when I upgraded to a newer system I just copied the VMs over and fired them up on the new machine, no problem. (this was Windows7, but I expect W10 would be the same).

However, the one thing that I don't believe will work is to P2V a workstation that was purchased with Windows10 already on it. That version of Windows is OEM licensing and I believe it still has very specific terms that the license lives and dies on the original hardware only. I'm sure you can P2V it and it will run, but it may complain? That being said I'm sure there is a way to re-activate it by buying the proper Windows10 license.

You can P2V*, it *will* complain, and then you have the two options I described before for activation. All are A-OK.

The only caveat with OEM is that the VM must run on the same physical hardware tied to the licence. If you buy a server with an OEM Windows Server licence, for example, and wants to virtualize it on top of something else (VMware, for example), it is OK to use the same licence to do so, as long as VMware is running on top of the original hardware.

• as a fun tidbit, virt-p2v clones the physical hardware to the point that

it also clones the NIC's MAC Address. When I was preparing my last presentation, I p2v'd a machine, then started it on the virtual host. After that, I went back to the physical machine and wiped its hard drive, proceeding to stage the environment for the demo Nextcloud install. After all was said and done, I was left wondering why the connection for the fresh physical machine would drop every minute or so...

...yep, the resulting p2v virtual machine had the exact same MAC address of the NIC found on the physical one. So when I had the physical machine back on the network, chaos ensued. :D

Kind regards, Alberto Abrao _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable