Chinese (Simplified) Language Version
Chinese (Traditional) Language Version
Czech Language Version
Dutch Language Version
French Language Version
German Language Version
Hungarian Language Version
Italian Language Version
Japanese Language Version
Korean Language Version
Polish Language Version
Portuguese (Brazilian) Language Version
Russian Language Version
Spanish Language Version
Swedish Language Version
Turkish Language Version
The English version of this fix should have the following file attributes or later:
IMPORTANT: This hotfix must be applied to all Terminal Servers and Terminal Services Licensing Servers. Only TS CAL tokens that are issued after the application of this hotfix will utilize re-issuance logic.
Date Time Version Size File name
5/30/2001 04:50p 5.0.2195.3649 122,640 Icaapi.dll
5/29/2001 10:19a 5.0.2195.3649 93,456 Licmgr.exe
5/30/2001 04:48p 5.0.2195.3657 330,000 Lserver.exe
5/30/2001 04:50p 5.0.2195.3649 26,384 Mstlsapi.dll
5/29/2001 10:19a 5.0.2195.3649 141,584 Termsrv.exe
5/30/2001 04:50p 5.0.2195.3649 23,312 Tls236.dll
The updated files to correct the problem that is described in this article are superceded by files provided through the following Microsoft Knowledge Base article and included in Security Update MS01-52.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
This problem was first corrected in Windows 2000 Service Pack 3.
Post Logon License Token Issuance
Current BehaviorWindows 2000 Terminal Servers issue Terminal Services CAL (TS CAL) tokens to all clients after they connect by using the Terminal Services client. The TS CAL token is presented to the device before a user enters credentials and is granted or denied access to connect.
Enhanced BehaviorWhen an unlicensed client connects for the first time, the Terminal Server issues a temporary TS CAL token. After the user has logged into the session, the Terminal Server instructs the License Server to mark the issued temporary TS CAL token as being validated. The next time the client connects, an attempt is made to upgrade the validated temporary TS CAL token to a full TS CAL token. If no license tokens are available, the temporary TS CAL token will continue to function for 90 days.
This enhancement is designed to prevent TS CALs from being inadvertently allocated to devices that are not intended to be licensed for Terminal Services usage. To allocate a TS CAL token to a device, a successful logon to a Terminal Server must occur. However, this does not prevent users who are authorized to log on to a Terminal Server from logging on from devices that the organization does not intend to license. If this happens, a TS CAL token is still assigned to the device.
Automatic License Token Re-issuance
Current BehaviorTS CAL tokens are issued for each device, and are stored locally on each device that connects to a Windows 2000 Terminal Server. If a device loses this TS CAL token through hard disk failure, clean reinstallation, or other method, the TS CAL token remains assigned to that device. The only way to recover this TS CAL token is to place a phone call to the Microsoft Clearinghouse. The telephone number is (888) 571-2048.
Enhanced BehaviorAn expiration period has been added to each TS CAL token that is issued. This expiration period is a random number of days between 52-89 days of issuance. When a client connects to a Terminal Server, this date is checked. If the expiration is within 7 days, the Terminal Server connects to the License Server and renews the TS CAL token, giving it another expiration period of 52-89 days. If the License Server is not available, the TS CAL token functions as normal, with the Terminal Server attempting to replace it at each login. Upon expiration, the License Server returns any TS CAL token that has not been renewed to the group of available license tokens.
For example, an unlicensed device connects and receives a TS CAL token with an expiration period set at the maximum of 89 days. The device's operating system is then reinstalled. The device then connects again. Because no other TS CAL tokens are available, the device is issued a temporary TS CAL token so it can connect for 90 days. On day 89, the original TS CAL token is returned to the group of available licenses. The next time this device connects, the Terminal Server presents the device with the full TS CAL token that was returned to the group of available license tokens.
With the addition of these fixes, it should not be necessary to call the Microsoft Clearinghouse to recover lost license tokens. If a device loses its license token, the administrator can be confident that license tokens that are issued after the enhancement was installed will be recovered automatically.
IMPORTANT: There are a few cases in which license tokens will not be recovered automatically:
- License tokens are issued prior to the installation of this hotfix. Only TS CAL tokens that are issued after the installation of this fix will utilize the re-issuance logic. A TS CAL token that is issued to a device prior to the installation of this hotfix will remain assigned to that device. The Clearinghouse must be contacted to recover any TS CAL tokens that are issued prior to the installation of this hotfix. Because of this, it is important that this hotfix be installed on all Terminal Servers and Terminal Services Licensing Servers in an enterprise.
- Catastrophic failure that results in the loss of the licensing database. In the event of a failure that results in the loss of the licensing database when a known good backup is not available, Terminal Services Licensing must be reinstalled and reactivated. The Clearinghouse will then need to reissue any previously issued License Key Packs. The License Key Packs that were originally issued are based on the License Server ID at the time of issuance. If the License Server ID changes, License Key Packs that are based on the old License Server ID cannot be installed.