Solved

Server 2008 RemoteApp - Single sign on

Posted on 2013-05-17
4
484 Views
Last Modified: 2013-06-08
Hi,

I'm having trouble getting SSO to work on a Server 2008 terminal server with a RemoteApp.

I have set the server settings for TS to:
Security layer - Negotiate
Encryption Level - Client Compatible
Allow connections from computers running RD with NLA is unchecked
Always prompt for a password is also unchecked.

On the client I have set a GPO to enable:
Allow Delegating Default Credentials with NTLM-only Server Authentication
Allow Delegating Default Credentials

Both these have the TS server listed as
termserv/tsserver
termserv/tsserver.mydomain.com

The client is Windows 7 32 and 64 bit.

If I launch the remote app or even just a normal RDP session it always still prompts for credentials. I'm a bit lost as to what to do now.

Could anyone help please?

Thanks
Gav
0
Comment
Question by:piemckay
  • 2
4 Comments
 
LVL 20

Assisted Solution

by:Patrick Bogers
Patrick Bogers earned 100 total points
ID: 39177059
Hi,

Sounds like either the username/password are not forwarded to the TS as expected or the username password is not stored on the box trying to connect.

What if you connect to the TS with MSTSC and have this remember username password. (i would play with the session, leave it on (just click on the X)) then try your app.

If still no luck i believe it is time to sniff the network traffic and see what the reason is TS is not being served the right credentials. Sniffing can be done with Wireshark or Fiddler.
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 100 total points
ID: 39207808
assuming the TS & clients are on the same domain and the user is logged in with the appropriate domain account?

There were some known issues with Windows 7 and SSO so I cant guarantee there is an answer, but try forcing NLA in your RDP settings, as this is required for SSO to function.

http://www.computerweekly.com/news/1280096991/XP-single-sign-on-applications-fail-on-Windows-7
0
 

Accepted Solution

by:
piemckay earned 0 total points
ID: 39215940
Hello,
Thanks for the suggestions. I could not find anything with packet sniffers and I did try the settings to force NLA but none of these worked.

It turns out that we needed to use different accounts anyway so we have saved the credentials in the connection now. Not the slickest but we have our application working.

Thanks
Gav
0
 

Author Closing Comment

by:piemckay
ID: 39231301
No solution found. Known issues with this and good suggestions.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question