RDS Farm Clients - Dual credential entry required

EDIT - I've located this answered question which hold some similarities - for TS Farm but same symptoms - any other infor still appreciated.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26627565.html


We have an issue with a client using an RDS Farm and HP t5740Thin clients running WIndows 2009 Embedded Standard.

Their current RDS environment is:

· RDS01 and RDS02 – RDS Session Hosts running Windows 2008R2, identical virtual machines, identical apps, part of farm “RDSfarm”. Using self-signed certificate on both hosts

·  WDS01 – RDS Licensing Server and Connection Broker and Session Host configured for dedicated redirection. Using self signed cert.

· All servers are on the same subnet as each other and connecting clients


 

Symptom: When a thin client is pointed at RDSfarm the user is prompted to authenticate by one of the session hosts, they enter credentials, the screen blanks momentarily and then they are presented with the login screen again. If they re-enter credentials, they are logged onto one of the session hosts as expected.

 I have read through sections of Microsoft’s Remote Desktop Services Resource Kit pertaining to setting up server farms and how the connection broker functions. What I can conclude is that the client (thin client or otherwise) is connecting to one of the RDS session hosts, authenticated, is then being pointed at the connection broker, the broker decides which session host to connect them to, and then they are presented with the login screen on the “brokered” session host.

Initially, the farm was setup using round-robin DNS load balancing.

I have also tried a setup with WDS01 configured as a dedicated redirector but the symptoms remain the same.
 

My research online has revealed other people with similar issues while using an RDS farm -

 http://social.technet.microsoft.com/Forums/en/winserverTS/thread/eaec24a5-e99b-4add-9a76-a3a87b251a31

http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2rds/thread/6acd6014-2de4-4648-8d23-671d1544e92e

 

At present I am pondering if this is an issue caused by one of:

-Thin clients not being domain joined?
-CredSSP settings on Thin Client?
-Requirement for Trusted certifcate to allow session brokering to work as expected?

We know that the thin clients haveMicrosoft Remote Desktop Connection 6.1.7600.16385 to support Remote Desktop Protocol v7.0.

 Please let me know if I can provide further detail for troubleshooting. Any help appreciated.
TEAMnetwork SystemsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cláudio RodriguesFounder and CEOCommented:
Have you tried contacting the thin client vendor? There were several issues with these and 2008 R2. Also did you bring R2 to SP1 level?
And as a test, would you be able to join one of the thin clients to the domain?

Cláudio Rodrigues
Citrix CTP
Microsoft MVP - RDS
0
TEAMnetwork SystemsAuthor Commented:
Cheers for your feedback Claudio - the RDS servers are running Windows 2008 R2 SP1. The TC vendor (HP) had no other ideas. If I strike this issue again I'll look at the domain joined option (would be nice to use some GPOs to control a few more aspects rather than Vendor management systems.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TEAMnetwork SystemsAuthor Commented:
Poor support responses from both MS and HP in this case, the band-aid of round-robin DNS was used to resolve the issue, but I am not happy with this as best practice.
0
AdvizeITCommented:
I have the same problem.  My HP Thin clients do similar things.  I have not tried joining the Thin Clients to the domain.
Have you had any luck finding a better solution?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.