TermServLicensing creates a new private key every start

  • Thread starter Thread starter markus.bonn
  • Start date Start date
M

markus.bonn

Guest
Hallo,
using Windows Server 2003 SP2 german (new stand-alone installation, standard
configuration) only with Terminal Services Licensing Server enabled, the
TermServLicensing service starting lserver.exe creates a new private key
(TlsContainerXXXX) every time in Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\S-1-5-18. How can I avoid this?
Thank you in advance,
Markus
 
Re: TermServLicensing creates a new private key every start

I'm not sure, but it seems that you have configured the server to use
Transport Layer Security (TLS), and something isn't quite right.

Check if this helps:

895433 - How to configure a Windows Server 2003 terminal server to
use TLS for server authentication
http://support.microsoft.com/?kbid=895433

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?bWFya3VzLmJvbm4=?=
<markusbonn@discussions.microsoft.com> wrote on 02 okt 2007 in
microsoft.public.windows.terminal_services:

> Hallo,
> using Windows Server 2003 SP2 german (new stand-alone
> installation, standard configuration) only with Terminal
> Services Licensing Server enabled, the TermServLicensing service
> starting lserver.exe creates a new private key
> (TlsContainerXXXX) every time in Documents and Settings\All
> Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18. How can I
> avoid this? Thank you in advance,
> Markus
 
Re: TermServLicensing creates a new private key every start

Dear Vera Noest,
thank you for the answer. I did as instructed, installed certificate
services and IIS software components, created a certificate via web
(workgroup) or via Certificate Request Wizard (domain) and configured
terminal services. Everything works ok as with RDP encryption, but the
Terminal Services licensing service (all installed on the same computer)
still creates a new private key every time it starts whether its server is
activated or not. As far as I understand, this certificate enables
authentication of the Terminal Server and data encryption with the Remote
Clients. It does not work for the Licensing Server which - if activated - has
separate certificates shown in the registry under TermServLicensing with
inconsistent entries for exchange and signature CAs and corrupt Parm keys. If
you have some time, maybe you want to investigate. Otherwise, I would like to
ask you and everyone else who reads this thread and has access to a Windows
Server 2003 with Terminal Services licensing server installed to check the
Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\S-1-5-18 directory for files with a name of 32 hex
digits + "_" + MachineGUID and a size of 1789 bytes, and post the results.
Could anyone explain this phenomenon? Autoenrollment options do not help.
Thanks for any message in advance,
Markus
 

Similar threads

A
IIS Admin Service unable to start - How and Why it can happen?
Replies
0
Views
246
ashfana
A
I
ARR as reverse-proxy authenticating itself to backend nodes with a Client Certificate
Replies
0
Views
329
IIS
I
J
Windows 10 Issues Restoring a Redirected Folders Share / Offline Files Cache Wipe
Replies
0
Views
112
JohnSmith78
J
M
10 awesome Amazon deals that are only for Prime members
Replies
0
Views
133
Maren Estrada
M
W
Unable to save new changes where the primary key (parent table) in a tab control is linked to foreign key (child table) in another tab control of the
Replies
0
Views
74
wirejp
W
Back
Top