Note: This blog post was updated on 12/21/2010 to reference two new hotfixes.
Recently, we have started to get more calls related to an issue with the Terminal Services and Remote Desktop Services license server that is caused by the expiration of a root certificate. This blog post will help customers easily check if this has happened in their environment and how to address the issue.
How do I know I have this problem?All the following versions of license servers that were activated before February 26, 2010 by using the automatic connection method will be affected by this issue:
When a license server is activated by using the automatic method, the Microsoft Clearinghouse provides the server with a digital certificate chain that validates server ownership and identity. On February 26, 2010, a certificate that is part of the digital certificate chain expired. Certificate expiration is interpreted as a corrupted certificate and thus Event 17 is getting logged.
How do I get rid of Event 17?Please apply the hotfix mentioned in the following article: http://support.microsoft.com/kb/983385
Why does the license server go into the deactivated state automatically?
After Event 17 is logged, if the Microsoft Clearinghouse is contacted for any activity apart from the reactivation of the license server (for example, installing client access licenses or deactivating license servers), RD Licensing Manager throws the following error:
In addition, the certificate store on the license server that contains the Microsoft Clearinghouse-issued certificates gets corrupted, and as a result the license server goes into a deactivated state. Event 38 is logged with the following error:
“The Remote Desktop license server cannot issue a license to the client because of following error: Can't add certificate to store, error c0010020.”
Note : The license server database is not corrupted, so there is no need to rebuild the database or reinstall the license server.
How do I recover my license server from the deactivated state?Please apply the hotfix mentioned in the following article: http://support.microsoft.com/kb/983385
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.