Solved

RD Web SSO

Posted on 2011-09-12
5
2,089 Views
Last Modified: 2013-12-08
Working on SSO for RDWeb.  I'm running Windows Server 2008 R2 and our desktops have Windows 7 32-bit Pro with IE9.  

The remote application works fine and I will be purchasing SSL certs for later.  My question is whether or not there is a way to have the Windows Security Credentials box not appear after the client has authenticated via https://myserver.mycompany.com/RdWeb

Thanks
0
Comment
Question by:jwilson347
  • 2
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 500 total points
ID: 36545423
I have this working perfectly.   There are several conditions which have to be met in order for it to work, and they are as follows:

You must have a valid certificate for your RDWeb server, that Internet Explorer can use without any certicate warnings.  SSO will not work on an unencrypted RDWeb site.
At the RDWeb login screen, you MUST enter your domain and username when you log in.  For example, CONTOSO\PhilipJFry as the username.  This is an ABSOLUTE REQUIREMENT - I know you can specify a default domain in the RDWeb configuration, but this doesn't help whatsoever, you have to specify the domain as part of your username.
You must select "This is a private computer" on the login screen.
After you have signed in, make sure you have allowed the ActiveX control - you only have to do this once per computer.  If you have locked down IE via Policy, this control may be inadvertently disabled

Here's a little bonus gotcha - don't use IIS Redirection to get your users to the /RDWeb site on your web server - it will interfere (badly) with your TS Gateway, assuming you wish to use that.
0
 

Author Comment

by:jwilson347
ID: 36545698
Thank you Lester.  I have a certificate follow up question.

I have an external IP aliased as companyerp.company.com pointing at the internal server which is servername.mycompany.com  

I read somewhere that I needed TWO certs.  One internal and one external.  Is this true?
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36549592
You can get away with just 1 certificate (external certificate), if you're happy to keep confirming an ugly yellow box which will pop up while launching an application.  Here is the certificate usages you'd effectively need:

External Certificate for:

RDS Web Server / Gateway (you can run both from the same server - preferred)
Application Signing

Internal Certificate(s) for:

Terminal Servers

Your internal certificates just need to be valid from the point of view of your internal servers - i.e. your TS Gateway needs to be able to validate them, so an Internal CA would be fine in this case.  My structure is quite complicated, but you could get away with having a Certificate Authority which has issued certificates for your terminal servers.  Be sure to add the Certificate Authority's certificate to the trusted certificate authority for all the servers involved - this mean it will automatically accept any certificates issued from it.

Your applications must be signed by the external certificate for them to become trusted. Alternatively, you can issue an internal certificate as long as the workstation which is connecting trusts the Certificate Authority.  My guess is that this won't always be the case, so that's why external certificates are more desired.
0
 

Author Comment

by:jwilson347
ID: 36550689
I got it the way I wanted, but it is a bit of a PITA.

Set up external SSL
Set up internal self-signed cert
Install the cert to each  local system under trusted authority

All is good now.  Thank you for your assistance.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Several part series to implement Internet Explorer 11 Enterprise Mode
OfficeMate Freezes on login or does not load after login credentials are input.
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now