Event 17 – Certificate Corruption on Terminal Services/Remote Desktop License Servers

Note: This blog post was updated on 12/21/2010 to reference two new hotfixes.

Recently, we have started to get more calls related to an issue with the Terminal Services and Remote Desktop Services license server that is caused by the expiration of a root certificate. This blog post will help customers easily check if this has happened in their environment and how to address the issue.

How do I know I have this problem?

  • Event 17 is getting logged on every license server restart (a restart of the computer or a restart of the Terminal Services Licensing service [termservlicensing]).
  • After receiving Event 17, any interaction with the Microsoft Clearinghouse except “reactivation” pops up the error “The RD License Manager encountered an internal error from the license server. Message Number: 0xc0110011,”and then the license server gets deactivated (applies only to license servers connected to the Internet and that have the connection method set to Automatic).

Which license servers are affected by the above issues?

All the following versions of license servers that were activated before February 26, 2010 by using the automatic connection method will be affected by this issue:

  • Windows 2000 Server
  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2

Why is this happening?

When a license server is activated by using the automatic method, the Microsoft Clearinghouse provides the server with a digital certificate chain that validates server ownership and identity. On February 26, 2010, a certificate that is part of the digital certificate chain expired. Certificate expiration is interpreted as a corrupted certificate and thus Event 17 is getting logged.

How do I get rid of Event 17?

Please apply the hotfix mentioned in the following article: http://support.microsoft.com/kb/983385

Why does the license server go into the deactivated state automatically?

After Event 17 is logged, if the Microsoft Clearinghouse is contacted for any activity apart from the reactivation of the license server (for example, installing client access licenses or deactivating license servers), RD Licensing Manager throws the following error:

clip_image002

In addition, the certificate store on the license server that contains the Microsoft Clearinghouse-issued certificates gets corrupted, and as a result the license server goes into a deactivated state. Event 38 is logged with the following error:

“The Remote Desktop license server cannot issue a license to the client because of following error: Can’t add certificate to store, error c0010020.”

Note: The license server database is not corrupted, so there is no need to rebuild the database or reinstall the license server.

How do I recover my license server from the deactivated state?

Please apply the hotfix mentioned in the following article: http://support.microsoft.com/kb/983385