Event 17 – Certificate Corruption on Terminal Services/Remote Desktop License Servers

Event 17 – Certificate Corruption on Terminal Services/Remote Desktop License Servers

  • Comments 10

Note: This blog post was updated on 12/21/2010 to reference two new hotfixes.

Recently, we have started to get more calls related to an issue with the Terminal Services and Remote Desktop Services license server that is caused by the expiration of a root certificate. This blog post will help customers easily check if this has happened in their environment and how to address the issue.

How do I know I have this problem?

  • Event 17 is getting logged on every license server restart (a restart of the computer or a restart of the Terminal Services Licensing service [termservlicensing]).
  • After receiving Event 17, any interaction with the Microsoft Clearinghouse except “reactivation” pops up the error “The RD License Manager encountered an internal error from the license server. Message Number: 0xc0110011,”and then the license server gets deactivated (applies only to license servers connected to the Internet and that have the connection method set to Automatic).

Which license servers are affected by the above issues?

All the following versions of license servers that were activated before February 26, 2010 by using the automatic connection method will be affected by this issue:

  • Windows 2000 Server
  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2

Why is this happening?

When a license server is activated by using the automatic method, the Microsoft Clearinghouse provides the server with a digital certificate chain that validates server ownership and identity. On February 26, 2010, a certificate that is part of the digital certificate chain expired. Certificate expiration is interpreted as a corrupted certificate and thus Event 17 is getting logged.

How do I get rid of Event 17?

Please apply the hotfix mentioned in the following article: http://support.microsoft.com/kb/983385

Why does the license server go into the deactivated state automatically?

After Event 17 is logged, if the Microsoft Clearinghouse is contacted for any activity apart from the reactivation of the license server (for example, installing client access licenses or deactivating license servers), RD Licensing Manager throws the following error:

clip_image002

In addition, the certificate store on the license server that contains the Microsoft Clearinghouse-issued certificates gets corrupted, and as a result the license server goes into a deactivated state. Event 38 is logged with the following error:

“The Remote Desktop license server cannot issue a license to the client because of following error: Can't add certificate to store, error c0010020.”

Note: The license server database is not corrupted, so there is no need to rebuild the database or reinstall the license server.

How do I recover my license server from the deactivated state?

Please apply the hotfix mentioned in the following article: http://support.microsoft.com/kb/983385

Leave a Comment
  • Please add 2 and 8 and type the answer here:
  • Post
  • My RDS Server is internet connected, however, when I attempt to re-active my server I get the following message:  The RD LIcensing Manager received and unrecognized response from the Microsoft Clearinghouse.  The Site may be experiencing problems or your internet connection may not be functioning properly.  Check your internet connection and retry the operation.  If the problem persists, trying using a differnt connection method.

    I know my connection is working correctly, is the clearing house site having issues today?

  • When I click on the "Delete the license server certificate" link in the last paragraph, I get an error message from the MSDN Blogs site telling me "Access Denied: Post Permission Denied  Either this forum does not exist or you are not allowed to post."  (And I had to register there first.)

    Could you fix that link, please?  I could really use those instructions.

  • @phiggins:

    This link is supposed to point back to the "To delete the license server certificate" section above.

  • You can also try to reactivate the Terminal Server certificate from https://activate.microsoft.com

    using this site you can enter you license server id and product id and then it will gives you confirmation id using that you can reactivate the server.

    Cheers,

    Subhash Tiwari Orient Technologies Mumbai India

  • Thanks for this. I was getting the same error as in the screenshot when trying to re-activate. After deleting the certificates I was able to re-activate wihtout any problems. I am glad I didn't have to go digging for the licenses.

  • Thanks for posting this. It worked like a charm. Saves me days for finding the licenses.

  • Yes this procedure works very fine

    I entered to the regedit and erased the next keys

    HKLM\Software\Microsoft\TermServLicensing\Certificates.

    HKLM\System\CurrentControlSet\services\TermservLicensing\Parameters\Certificates.000

    HKLM\System\CurrentControlSet\services\TermservLicensing\Parameters\Certificates.001

    I restarted the server and there it was, The terminal server licensing was actived again and is issuing temporary licenses again...

    I had no to uninstall the terminal server licensing. This procedure is valid. Very Good. Thanks to all you.

  • what you’ve put here. there is a really great chart that breaks down all of the different types of remote desktop software

    it’s very useful for readers

    thank you very much,

  • If I'm using a MS Certification Authority, the TS Licensing use this certificate to encrypt the database?

    If yes, assuming that the certificate is automatically renewed by the CA - the "corruption" can be avoided?

  • interesting and informative article. thanks for posting.

Page 1 of 1 (10 items)