?
Solved

Login screen to Windows 2008 R2 Terminal server

Posted on 2013-05-16
9
Medium Priority
?
1,440 Views
Last Modified: 2013-12-04
Hi there

We just replaced our Windows 2003 terminal server with Windows 2008 R2 terminal server.

On old terminal server, we used to get to the server and get the login screen of username, password and domain.

On the new terminal server, even before we actually see the Windows 2008 R2 server, the RDP client asks us for the username and password.

Ideally, when a user puts the server name in the RDP client and clicks on connect, we want two things.

1. Instead of asking for username password right then, it should take us to the server and it should present us with the username and passwords field.

2. The logon domain, by default, is set to the servers's computer name. It should be set to the domain name.

Setup we have is simple. One domain controller and one terminal server.

Users logon to the TS from domain computers as well as from remote locations where the computers are not part of the domain.

What I don't know is if this is RDP client issue or server side issue and I don't know what setting to change.
0
Comment
Question by:alex110109
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 2

Expert Comment

by:Mike Schultz
ID: 39172450
Try editting the default.rdp client
It is located in the root of the My Documents folder

Open/edit default.rdp with notepad
Insert the following line

enablecredsspsupport:i:0

Save and exit
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39172745
Hi.

You now have a modern TS, you should not even worry about this :) Turn on single sign on, no more password typing.
0
 

Author Comment

by:alex110109
ID: 39174025
Hi Mike

Thanks for the tip.

We have prevented use of saved creds because of security.

Does your setting conflict with that?

I am aware of saving the creds but due our security policy, we get a message on the rdp client itself that the server doesn't allow saved creds and again prompts you for the details.

What I want is that the RDP client shouldn't ask me for login info at all and take me to the server and that's where I type my login information.

I don't know if this is possible, but if it is, I would like to know.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 2

Expert Comment

by:Mike Schultz
ID: 39174349
enablecredsspsupport:i:0

The way I understood it is:

This does not save credentials but passses on the credentials that are currently logged into the PC.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39174688
0
 

Author Comment

by:alex110109
ID: 39542614
The SSO won't work because there are users who access the terminal server from computers which are not part of the domain.

Also we have users who login to TS using some generic logins.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39545941
Oh, feedback!
Well, I see.
1) That behavior is normal with 2008 RDP. It is a security mechanism that won't let you connect to the server until you authenticated. Not sure if this can be altered.
2) I don't experience it like that - do you start the rdp client with a domain account? Then this should not happen, I suppose.
0
 

Author Comment

by:alex110109
ID: 39546013
Hi McKnife

Ah, you say that but we do have our domain controller which is Windows 2008 R2 as well.

It does exactly what I need to do which is when you RDP into it, it doesn't ask you for username or password on the RDP client itself, but when you get connected, you see just the username and password field.

Anyway,  I will close the question as I am not getting anywhere with this, I am not sure why it works on the DC and not on TS.
0
 
LVL 56

Accepted Solution

by:
McKnife earned 1500 total points
ID: 39546040
I wrote: "not sure if that can be altered" - now you prove it can be altered as it works on one.
I strongly believe, it's this server-side policy:
"configure server authentication for client" [gpedit.msc - computer config - admin. templates - windows components - remote desktop services - remote desktop connection client]
This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.

If you enable this policy setting, you must specify one of the following settings:

Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server.

Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.

Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated.

If you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question