3.3.5.3.13.1 Sending Demand Active PDU

The structure and fields of the Demand Active PDU are described in section 2.2.1.13.1.

The tpktHeader field is initialized as described in [T123] section 8, while the x224Data field (which contains an X.224 Class 0 Data TPDU) is initialized as specified in [X224] section 13.7.

The mcsSDin field is initialized as described in [T125] section 11.33. The embedded initiator field MUST be set to the MCS server channel ID held in the Server Channel ID store (section 3.3.1.5) and the embedded channelId field MUST be set to the MCS I/O channel ID held in the I/O Channel ID store (section 3.3.1.3). The embedded userData field contains the remaining fields of the Demand Active PDU.

If Enhanced RDP Security (section 5.4) is in effect, the External Security Protocol (section 5.4.5) MUST be used to encrypt the entire PDU and generate a verification digest before the PDU is transmitted over the wire. Also, in this scenario the securityHeader field MUST NOT be present.

If Standard RDP Security mechanisms (section 5.3) are in effect, the PDU data following the optional securityHeader field can be encrypted and signed (depending on the values of the Encryption Level and Encryption Method selected by the server as part of the negotiation described in section 5.3.2) using the methods and techniques described in 5.3.6. The format of the securityHeader field is selected as described in section 2.2.1.13.1 and the fields populated with appropriate security data. If the data is to be encrypted, the embedded flags field of the securityHeader field MUST contain the SEC_ENCRYPT (0x0008) flag.

The remaining fields are populated as described in section 2.2.1.13.1.1, with the combined capability set data being inserted into the capabilitySets field.