RDS 2012 - Starting RemoteApp from RDWeb Prompts for credentials

windows-server-2012-r2 remote-desktop-services rds remoteapp
7,878

I did a wee bit of digging around and read that 2012 doesn't use a Kerberos Identity like 2008 R2. So what I tried was enabling the following "Allow delegating default credentials with NTLM-only Server authentication".

This seem to do the trick and now I have single sign-on working correctly.

Thanks for your help. cheers

Share:
7,878

Related videos on Youtube

Des Armstrong
Author by

Des Armstrong

Updated on September 18, 2022

Comments

  • Des Armstrong
    Des Armstrong over 1 year

    I have the following Windows 2012 R2 RemoteApp Setup

    • Server1 - Role (Web Access, connection broker, RD Host) 192.168.100.1
    • Server2 - Role (connection broker, RD Host) 192.168.100.2

    DNS Entries used for Round Robin

    • RDWA 192.168.100.1, 192.168.100.2
    • RDCB 192.168.100.1, 192.168.100.2

    Connection Broker is setup using HA (Server1, Server2) - it uses the RDCB Alias for DNS Round Robin (ClientAccessName)

    Collection Name: "General" and am publishing just Notepad. Applied wildcard Cert.

    Configured IIS: Default Website Redirection to /RDWeb/..., Allowed for single Signon

    GPEDIT on Client machines.. To allow for default Credential Delegation and allowed TERMSRV/* for my testing.

    So basically. From a client if I open up my browser and point to RDWA (remote web access)... i get the remote web form.. I can see notepad. When I click on notepad. I get the following prompt:

    Your credentials did not work

    Your system administrator does not allow the use of default credentials to log onto the remote computer RDCB.TEST.LOCAL because its identity is not fully verified. Please enter new credentials.

    Note:

    Before I setup Connecton Broker HA, I was not prompted for this message. It would do the single sign-on OK. I was maybe thinking that I needed to setup a Kerberos identity called RDCB like I did in Windows 2008 R2. But this looks different in Windows 2012 and wasn't able to find the Powershell command to do this.

    • blaughw
      blaughw over 9 years
      You state only one server has web app role. Is this correct? I think this is a red herring and not really the issue. I think the issue lies with the TERMSERV*. Can you create a test domain group and delegate access with that?
  • blaughw
    blaughw over 9 years
    Oh man, I did some investigation and found this: blogs.msdn.com/b/rds/archive/2007/04/19/… . None of this info applies in RDS 2012. You get much better results out of the box. (Provided your clients are high enough version)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can you use a RemoteFx GPU in a Windows Server 2012 R2 Virtual Machine?
Why is it bad to deploy Remote Desktop Services on a domain controller?
How to migrate and upgrade Windows Server RDS CALs from 2008 to 2012
Can't access remote desktop services - server pool contains RD Connection Broker servers that are both clustered and not clustered
How to enable RemoteFX USB redirection between Win 10 and Server 2012 R2/Win 10 VDI
RDS Connection Broker High Availability cannot connect to database
Windows Internal Database causing slow performance?
Windows Search in Outlook 2013 on Remote Desktop Service Windows Server 2012R2
How do I enable Remote Desktop Connection on a domain controller?
Why is the Environment variable ClientName not updated during logon script?