3.2.5.1 Processing the RDP_TUNNEL_CREATEREQUEST PDU
The RDP_TUNNEL_CREATEREQUEST PDU (section 2.2.2.1) is used by the server for two purposes. The first purpose is to correlate incoming requests to the existing main RDP connection on the server that originally sent the Initiate Multitransport Request PDU ([MS-RDPBCGR] section 2.2.15.1). The second is a security check that matches the incoming security cookie to the security cookie that was sent over the secured main RDP connection.
The RequestID and SecurityCookie fields of the RDP_TUNNEL_CREATEREQUEST PDU MUST be identical to the corresponding fields in the Initiate MultiTransport Request PDU that was sent from the server to the client over the main RDP connection. These fields are compared to the data stored in the Connection Store abstract data model element (section 3.2.1).
If a match for the RequestID and SecurityCookie pair is found on the server for a pending multitransport request, the server associates the incoming multitransport connection with the existing session and MUST send the client an RDP_TUNNEL_CREATERESPONSE PDU (section 2.2.2.2) with a successful HRESULT code.
If a match is not found, the server can either close the connection to the client or send an RDP_TUNNEL_CREATERESPONSE PDU with an unsuccessful HRESULT code.<3>