Issue:
The setting up the KMS secondary instance stuck at installation console and failed on windows.
Description:
Key Management System instance in the secondary application server stuck at command line setup.bat.
When we observe the set up has copied the KMS files to the target location and logs created , However the KMS command line scripts has not returned success. Along with this, even if you forcefully start the KMS windows service at windows service manager ; it will result in failure .
Analysis:
Open the KMS set up folder and check whether the set up log being created
Open the latest set up log and navigate to the end of the file , check if you had got this below error
Loading Encryption certificates "Configuration 'Server[1].Encryption.RSA.ActiveThumbPrint' not valid. Corresponding certificate not found in certificate store"
This is caused due to the certificate being not added to certificate store gracefully. In the good scenario, the KMS set up scripts will add the server certificates on data folder to 'trusted people' folder of the windows certificate manager.
Resolution / Fix:
Open Windows certificate manager (mmc.exe) and check you have you certificates exist. example: if your KMS log throws error for 'server1' then find server1.
If the specific certificate not found on certificate manager trusted root folder then import it manually. In other words if the server 1 certificate you are getting error then import the server1.cer file.
This issue with set up environment in case if you are building instance with mirror copy of primary OS. Sometime this issue might also occur in case of issue with initial set up scripts.