Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

RD Web SSO

Posted on 2011-09-12
5
Medium Priority
?
2,139 Views
Last Modified: 2013-12-08
Working on SSO for RDWeb.  I'm running Windows Server 2008 R2 and our desktops have Windows 7 32-bit Pro with IE9.  

The remote application works fine and I will be purchasing SSL certs for later.  My question is whether or not there is a way to have the Windows Security Credentials box not appear after the client has authenticated via https://myserver.mycompany.com/RdWeb

Thanks
0
Comment
Question by:jwilson347
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 2000 total points
ID: 36545423
I have this working perfectly.   There are several conditions which have to be met in order for it to work, and they are as follows:

You must have a valid certificate for your RDWeb server, that Internet Explorer can use without any certicate warnings.  SSO will not work on an unencrypted RDWeb site.
At the RDWeb login screen, you MUST enter your domain and username when you log in.  For example, CONTOSO\PhilipJFry as the username.  This is an ABSOLUTE REQUIREMENT - I know you can specify a default domain in the RDWeb configuration, but this doesn't help whatsoever, you have to specify the domain as part of your username.
You must select "This is a private computer" on the login screen.
After you have signed in, make sure you have allowed the ActiveX control - you only have to do this once per computer.  If you have locked down IE via Policy, this control may be inadvertently disabled

Here's a little bonus gotcha - don't use IIS Redirection to get your users to the /RDWeb site on your web server - it will interfere (badly) with your TS Gateway, assuming you wish to use that.
0
 

Author Comment

by:jwilson347
ID: 36545698
Thank you Lester.  I have a certificate follow up question.

I have an external IP aliased as companyerp.company.com pointing at the internal server which is servername.mycompany.com  

I read somewhere that I needed TWO certs.  One internal and one external.  Is this true?
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36549592
You can get away with just 1 certificate (external certificate), if you're happy to keep confirming an ugly yellow box which will pop up while launching an application.  Here is the certificate usages you'd effectively need:

External Certificate for:

RDS Web Server / Gateway (you can run both from the same server - preferred)
Application Signing

Internal Certificate(s) for:

Terminal Servers

Your internal certificates just need to be valid from the point of view of your internal servers - i.e. your TS Gateway needs to be able to validate them, so an Internal CA would be fine in this case.  My structure is quite complicated, but you could get away with having a Certificate Authority which has issued certificates for your terminal servers.  Be sure to add the Certificate Authority's certificate to the trusted certificate authority for all the servers involved - this mean it will automatically accept any certificates issued from it.

Your applications must be signed by the external certificate for them to become trusted. Alternatively, you can issue an internal certificate as long as the workstation which is connecting trusts the Certificate Authority.  My guess is that this won't always be the case, so that's why external certificates are more desired.
0
 

Author Comment

by:jwilson347
ID: 36550689
I got it the way I wanted, but it is a bit of a PITA.

Set up external SSL
Set up internal self-signed cert
Install the cert to each  local system under trusted authority

All is good now.  Thank you for your assistance.
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question