TermServLicensing creates a new private key every start

[Guest markus.bonn]

Hallo,

using Windows Server 2003 SP2 german (new stand-alone installation, standard

configuration) only with Terminal Services Licensing Server enabled, the

TermServLicensing service starting lserver.exe creates a new private key

(TlsContainerXXXX) every time in Documents and Settings\All Users\Application

Data\Microsoft\Crypto\RSA\S-1-5-18. How can I avoid this?

Thank you in advance,

Markus

[Guest Vera Noest [MVP]]

Re: TermServLicensing creates a new private key every start

 

I'm not sure, but it seems that you have configured the server to use

Transport Layer Security (TLS), and something isn't quite right.

 

Check if this helps:

 

895433 - How to configure a Windows Server 2003 terminal server to

use TLS for server authentication

http://support.microsoft.com/?kbid=895433

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

=?Utf-8?B?bWFya3VzLmJvbm4=?=

<markusbonn@discussions.microsoft.com> wrote on 02 okt 2007 in

microsoft.public.windows.terminal_services:

> Hallo,

> using Windows Server 2003 SP2 german (new stand-alone

> installation, standard configuration) only with Terminal

> Services Licensing Server enabled, the TermServLicensing service

> starting lserver.exe creates a new private key

> (TlsContainerXXXX) every time in Documents and Settings\All

> Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18. How can I

> avoid this? Thank you in advance,

> Markus

[Guest markus.bonn]

Re: TermServLicensing creates a new private key every start

 

Dear Vera Noest,

thank you for the answer. I did as instructed, installed certificate

services and IIS software components, created a certificate via web

(workgroup) or via Certificate Request Wizard (domain) and configured

terminal services. Everything works ok as with RDP encryption, but the

Terminal Services licensing service (all installed on the same computer)

still creates a new private key every time it starts whether its server is

activated or not. As far as I understand, this certificate enables

authentication of the Terminal Server and data encryption with the Remote

Clients. It does not work for the Licensing Server which - if activated - has

separate certificates shown in the registry under TermServLicensing with

inconsistent entries for exchange and signature CAs and corrupt Parm keys. If

you have some time, maybe you want to investigate. Otherwise, I would like to

ask you and everyone else who reads this thread and has access to a Windows

Server 2003 with Terminal Services licensing server installed to check the

Documents and Settings\All Users\Application

Data\Microsoft\Crypto\RSA\S-1-5-18 directory for files with a name of 32 hex

digits + "_" + MachineGUID and a size of 1789 bytes, and post the results.

Could anyone explain this phenomenon? Autoenrollment options do not help.

Thanks for any message in advance,

Markus