Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SSO on XP SP3

Posted on 2010-08-27
5
793 Views
Last Modified: 2012-05-10
I've done the following and still can't seem to get SSO working from XP SP3:

My Domain has been setup for 2008, the primary DC is a 2003 still but the backup is a 2008.
This is a working, though not live, 2008 terminal server.

I have locally adjusted the policy to Allow Delegating Default Credentials, setting TERMSRV/*

On the XP box:
SP3 is installed.  
Going off of KB951608 I have
followed first portion to setup CREDSSP
followed the section regarding creating the registry keys
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows and created a key for CredentialsDelegation, then subkeys for AllowDefaultCredentials and AllowDefCredentialsWhenNTLMOnly.
Within CredentialsDelegation I have created DWORDs at value 1 labeled:
AllowDefaultCredentials
AllowDefCredentialsWhenNTLMOnly
ConcatenateDefaults_AllowDefault
ConcatenateDefaults_AllowDefNTLMOnly

Witin the other two subkeys I have created string values with Name = 1, Data = TERMSRV/*

I have also tried installing fixes from KB KB953760.

Still, after restarts of course, when I attempt to connect to the server either using standard MSTSC or a remoteapp RDP I am prompted for the username password.
------------

Also, I have set in the GPO for the server under System>logon to default to my Domain - however, when logging in if I do not specify the Domain it still puts the local server name.
0
Comment
Question by:americaneldercare
  • 3
  • 2
5 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33549481
try setting TERMSRV/* to "TERMSRV/*.MyDomain.com"
0
 

Author Comment

by:americaneldercare
ID: 33558013
that didn't appear to resolve it, though I haven't restarted yet so that might be necessary (I am brnging a virtual machine online to do further testing with which I will also apply this to).  

to verify something, because microsofts KB article was a little unclear, under the 'AllowDefaultCredentials" key the "1"="TERMSRV/MyServer" that they illustrate I am assuming is supposed be the following:
Create new String Value, name it 1.  Set the 'Data' portion equal to TERMSRV/MyServer

I am going to also try adding in TERMSRV/TSName and TERMSRV/TSname.domain.com and see if that does anything once I have the test machine online.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33559121
Yes...I think you've almost got it.  I think the one change you need to make is adding the domain to the server name...so, if you domain name is domain.com, then your key should look like:

"TERMSRV/TSName.domain.com"

I think adding the domain will take care of it.
0
 

Author Closing Comment

by:americaneldercare
ID: 33590931
doing it fresh on a brand new virtual machine with the domain added in worked...i exported all of the settings and built a script off of it.  also tested removing the domain portion and that worked as well...leading me to believe it is either something wrong with my computer, or i f*ed up a setting somewhere.

either way, it is working now and that is what was needed.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33591117
Great!  Thanks for the points!
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS2008 and windows updates 2 21
full control root but more restrictive lower permissions 1 36
Robocopy parameters. 6 12
FTP server backups 5 5
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question