Given the recent communications from the Microsoft Security Response Center regarding measures taken by Microsoft to address the risk of unauthorized software certificate signatures associated with “Flame” malware, we wanted to share information describing how this impacts license servers in Terminal Services and Remote Desktop Services.
This change requires no specific action on the part of the Terminal Services or Remote Desktop Services administrator unless the administrator needs to set up a new or reactivate an existing Terminal Services license server or Remote Desktop license server, or install a new client access license (CAL) pack on a license server.
If you attempt to install a new CAL pack on a license server before reactivating it, you will get the following error message, and you will need to reactivate your license server:
"The license server information is not valid. This may be caused by an invalid or unsupported activation or by disk corruption. The license server needs to be reactivated. Do you want to reactivate the license server now?"
In conjunction with Microsoft placing certificates into the Windows Untrusted Certificate Store through Windows Update, we updated our certificates in the Microsoft Product Activation Clearinghouse. The update of certificates in the Microsoft Product Activation Clearinghouse requires customers to reactivate their license server before performing any administration activity that interacts with the Microsoft Product Activation Clearinghouse—even if the Windows Update was not installed.
If you do need to reactivate a license server or add a new CAL pack, the information below provides details on how to do so.
Instructions to reactivate a license server by using Remote Desktop Licensing Manager
-
In Remote Desktop Licensing Manager, click
Advanced
, and then click
Reactivate Server
.
The Reactivate Server Wizard opens (refer to screen capture in step 2).
-
Click
Next
to start the
Reactivate Server Wizard
.
The Reactivate Server Wizard Information page opens (refer to screen capture in step 3).
-
Confirm the customer information, and then select a
Reason
to reactivate the server.
(Note – In the drop-down box you can select any reason for reactivation.)
-
Click
Next.
You will see confirmation that the license server reactivation was successful.
-
Click
Finish
, and then resume normal operations.
Q: When should I reactivate my license server?
A: If you need to add CAL packs to your license server. For regular ongoing usage, there is no need to reactivate.
Q: How will this affect the state of any licenses already installed on the license server?
A: There will be no impact to the state of any licenses already installed on the license server.
Q: Is there a way to trigger the reactivation proactively, rather than waiting to be prompted when executing some other action?
A: There is no way to force reactivation from the Microsoft side. The only time this scenario will come into play is if the customer initiates an operation that communicates with the Microsoft Product Activation Clearinghouse, or if the customer’s old license expires.
For more information about the security vulnerability, and background on why Microsoft released this Security Advisory, please review the following information:
Microsoft Security Response Center:
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Advisory 2718704
http://technet.microsoft.com/en-us/security/advisory/2718704
Microsoft Security Response Center Blog:
http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704...
Technical details about the vulnerability:
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-cer...