Sending License Error PDU - Valid Client

The structure and fields of the License Error (Valid Client) PDU are described in section

The tpktHeader field is initialized as described in [T123] section 8, while the x224Data field (which contains an X.224 Class 0 Data TPDU) is initialized as specified in [X224] section 13.7.

The mcsSDin field is initialized as described in [T125] section 11.33. The embedded initiator field MUST be set to the MCS server channel ID held in the Server Channel ID store (section and the embedded channelId field MUST be set to the MCS I/O channel ID held in the I/O Channel ID store (section The embedded userData field contains the remaining fields of the Valid Client PDU.

If Enhanced RDP Security (section 5.4) is in effect, the External Security Protocol (section 5.4.5) MUST be used to encrypt the entire PDU and generate a verification digest. The securityHeader field MUST be present; however, it will contain a Basic Security Header structure (section

If Standard RDP Security mechanisms (section 5.3) are in effect, the PDU data following the securityHeader field can be encrypted and signed (depending on the values of the Encryption Level and Encryption Method selected by the server as part of the negotiation described in section 5.3.2 and the contents of the Client Licensing Encryption Ability store (section using the methods and techniques described in section 5.3.6). The format of the securityHeader field is selected as described in section and the fields populated with appropriate security data. If the data is to be encrypted, the embedded flags field of the securityHeader field MUST contain the SEC_ENCRYPT (0x0008) flag.

The embedded flags field of the securityHeader field (which is always present) MUST contain the SEC_LICENSE_PKT (0x0080) flag (described in section to indicate that the message is a licensing PDU. If the server can handle encrypted licensing packets from the client and Standard RDP Security mechanisms are being used, then the SEC_LICENSE_ENCRYPT_CS (0x0200) flag SHOULD also be included in the flags subfield of the securityHeader field.

The remainder of the PDU MUST be populated according to the structure and type definition in section

After sending the License Error (Valid Client) PDU, the server MUST send the Demand Active PDU (section to the client.