Solved

SSO on XP SP3

Posted on 2010-08-27
5
778 Views
Last Modified: 2012-05-10
I've done the following and still can't seem to get SSO working from XP SP3:

My Domain has been setup for 2008, the primary DC is a 2003 still but the backup is a 2008.
This is a working, though not live, 2008 terminal server.

I have locally adjusted the policy to Allow Delegating Default Credentials, setting TERMSRV/*

On the XP box:
SP3 is installed.  
Going off of KB951608 I have
followed first portion to setup CREDSSP
followed the section regarding creating the registry keys
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows and created a key for CredentialsDelegation, then subkeys for AllowDefaultCredentials and AllowDefCredentialsWhenNTLMOnly.
Within CredentialsDelegation I have created DWORDs at value 1 labeled:
AllowDefaultCredentials
AllowDefCredentialsWhenNTLMOnly
ConcatenateDefaults_AllowDefault
ConcatenateDefaults_AllowDefNTLMOnly

Witin the other two subkeys I have created string values with Name = 1, Data = TERMSRV/*

I have also tried installing fixes from KB KB953760.

Still, after restarts of course, when I attempt to connect to the server either using standard MSTSC or a remoteapp RDP I am prompted for the username password.
------------

Also, I have set in the GPO for the server under System>logon to default to my Domain - however, when logging in if I do not specify the Domain it still puts the local server name.
0
Comment
Question by:americaneldercare
  • 3
  • 2
5 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33549481
try setting TERMSRV/* to "TERMSRV/*.MyDomain.com"
0
 

Author Comment

by:americaneldercare
ID: 33558013
that didn't appear to resolve it, though I haven't restarted yet so that might be necessary (I am brnging a virtual machine online to do further testing with which I will also apply this to).  

to verify something, because microsofts KB article was a little unclear, under the 'AllowDefaultCredentials" key the "1"="TERMSRV/MyServer" that they illustrate I am assuming is supposed be the following:
Create new String Value, name it 1.  Set the 'Data' portion equal to TERMSRV/MyServer

I am going to also try adding in TERMSRV/TSName and TERMSRV/TSname.domain.com and see if that does anything once I have the test machine online.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33559121
Yes...I think you've almost got it.  I think the one change you need to make is adding the domain to the server name...so, if you domain name is domain.com, then your key should look like:

"TERMSRV/TSName.domain.com"

I think adding the domain will take care of it.
0
 

Author Closing Comment

by:americaneldercare
ID: 33590931
doing it fresh on a brand new virtual machine with the domain added in worked...i exported all of the settings and built a script off of it.  also tested removing the domain portion and that worked as well...leading me to believe it is either something wrong with my computer, or i f*ed up a setting somewhere.

either way, it is working now and that is what was needed.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33591117
Great!  Thanks for the points!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cloning computer 13 68
GPO Delegation 4 30
Do Psexec queries install files on remote computers 6 48
local administrator password solution 26 79
OfficeMate Freezes on login or does not load after login credentials are input.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now