3.2.5.2 Processing Client New License Requests

The client MUST send the Client New License Request (section 2.2.2.2) when it does not have a license.

In case of a personal terminal server, no processing is done on the server side, and the server sends a Licensing Error Message (section 2.2.2.8) with the error code STATUS_VALID_CLIENT and the state transition code ST_NO_TRANSITION. The licensing protocol is complete at this point.

In the case of terminal servers, the server tries to follow the New License Flow (section 1.3.3.1).

The server MUST compute the license encryption key (see section 5.1.2) by using the client-generated random number and premaster secret. The premaster secret is obtained by decrypting the encrypted premaster secret with the terminal server's private key. This allows elements of the remainder of the licensing protocol to be encrypted.

The terminal server MUST decrypt (see section 5.1.4) the EncryptedHWID field (see section 2.2.2.3) using the license encryption key to get the Client Hardware Identification (section 2.2.2.3.1) structure. It then MUST generate the MAC checksum (see section 5.1.5) over the decrypted Client Hardware Identification and MUST compare it with the MAC checksum received in the Client License Information (section 2.2.2.3) message to verify data integrity.

The server MUST respond by issuing a platform challenge to the client. The server MUST encrypt and MUST send the Platform Challenge (section 3.2.1.6) in a Server Platform Challenge (section 2.2.2.4) message.

The ClientUserName and ClientMachineName fields are preserved for the licensing protocol session and are used to issue a CAL to the client when the client successfully responds to the Server Platform Challenge message.