The second DNS name of the KMS server for the Azure Global cloud is with an IP address of 23.102.135.246. The first DNS name of the KMS server for the Azure Global cloud is with two IP addresses: 20.118.99.224 and 40.83.235.53. To resolve this problem, use the Azure custom route to route activation traffic to the Azure KMS server.
In the forced tunneling scenario, the activation fails because the activation request comes from your on-premises network instead of from an Azure public IP address. The activation requires that the activation request come from an Azure public IP address. The Azure Windows VMs need to connect to the Azure KMS server for Windows activation.
In this scenario, the Azure virtual machines (VMs) that run Windows fail to activate Windows. You enable forced tunneling on Azure virtual network subnets to direct all Internet-bound traffic back to your on-premises network. This article describes how to resolve the KMS activation problem that you might experience when you enable forced tunneling in site-to-site VPN connection or ExpressRoute scenarios.
