2.2.13.2.1 Standard Security Server Redirection PDU (TS_STANDARD_SECURITY_SERVER_REDIRECTION)

The Standard Security Server Redirection PDU is sent by the server to the client to instruct it to reconnect to an existing session on another server. The information required to perform the reconnection is contained in an embedded Server Redirection Packet (section 2.2.13.1). This PDU MUST NOT be sent if the Encryption Level selected by the server is ENCRYPTION_LEVEL_NONE (0); the Enhanced Security Server Redirection PDU (section 2.2.13.3.1) MUST be used instead. Because the Standard Security Server Redirection PDU can contain confidential information, it MUST always be encrypted using Standard RDP Security mechanisms (section 5.3).


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

tpktHeader

x224Data

mcsSDin (variable)

...

securityHeader (variable)

...

serverRedirectionPDU (variable)

...

tpktHeader (4 bytes): A TPKT Header, as specified in [T123] section 8.

x224Data (3 bytes): An X.224 Class 0 Data TPDU, as specified in [X224] section 13.7.

mcsSDin (variable): Variable-length PER-encoded MCS Domain PDU (DomainMCSPDU) which encapsulates an MCS Send Data Indication structure (SDin, choice 26 from DomainMCSPDU), as specified in [T125] section 11.33 (the ASN.1 structure definitions are specified in [T125] section 7, parts 7 and 10). The userData field of the MCS Send Data Indication contains a Security Header and the Server Redirection PDU data.

securityHeader (variable): Security header. The format of the security header depends on the Encryption Level and Encryption Method selected by the server (sections 5.3.2 and 2.2.1.4.3). This field MUST contain one of the following headers:

  • Non-FIPS Security Header (section 2.2.8.1.1.2.2) if the Encryption Method selected by the server is ENCRYPTION_METHOD_40BIT (0x00000001), ENCRYPTION_METHOD_56BIT (0x00000008), or ENCRYPTION_METHOD_128BIT (0x00000002).

  • FIPS Security Header (section 2.2.8.1.1.2.3) if the Encryption Method selected by the server is ENCRYPTION_METHOD_FIPS (0x00000010).

    The flags field of the security header MUST contain the SEC_REDIRECTION_PKT (0x0400) flag (section 2.2.8.1.1.2.1).

serverRedirectionPDU (variable): Information required by the client to initiate a reconnection to a given session on a target server encapsulated in a Server Redirection Packet (section 2.2.13.1) structure.

Show: