Solved

Server 2008 RemoteApp - Single sign on

Posted on 2013-05-17
4
477 Views
Last Modified: 2013-06-08
Hi,

I'm having trouble getting SSO to work on a Server 2008 terminal server with a RemoteApp.

I have set the server settings for TS to:
Security layer - Negotiate
Encryption Level - Client Compatible
Allow connections from computers running RD with NLA is unchecked
Always prompt for a password is also unchecked.

On the client I have set a GPO to enable:
Allow Delegating Default Credentials with NTLM-only Server Authentication
Allow Delegating Default Credentials

Both these have the TS server listed as
termserv/tsserver
termserv/tsserver.mydomain.com

The client is Windows 7 32 and 64 bit.

If I launch the remote app or even just a normal RDP session it always still prompts for credentials. I'm a bit lost as to what to do now.

Could anyone help please?

Thanks
Gav
0
Comment
Question by:piemckay
  • 2
4 Comments
 
LVL 19

Assisted Solution

by:Patricksr1972
Patricksr1972 earned 100 total points
ID: 39177059
Hi,

Sounds like either the username/password are not forwarded to the TS as expected or the username password is not stored on the box trying to connect.

What if you connect to the TS with MSTSC and have this remember username password. (i would play with the session, leave it on (just click on the X)) then try your app.

If still no luck i believe it is time to sniff the network traffic and see what the reason is TS is not being served the right credentials. Sniffing can be done with Wireshark or Fiddler.
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 100 total points
ID: 39207808
assuming the TS & clients are on the same domain and the user is logged in with the appropriate domain account?

There were some known issues with Windows 7 and SSO so I cant guarantee there is an answer, but try forcing NLA in your RDP settings, as this is required for SSO to function.

http://www.computerweekly.com/news/1280096991/XP-single-sign-on-applications-fail-on-Windows-7
0
 

Accepted Solution

by:
piemckay earned 0 total points
ID: 39215940
Hello,
Thanks for the suggestions. I could not find anything with packet sniffers and I did try the settings to force NLA but none of these worked.

It turns out that we needed to use different accounts anyway so we have saved the credentials in the connection now. Not the slickest but we have our application working.

Thanks
Gav
0
 

Author Closing Comment

by:piemckay
ID: 39231301
No solution found. Known issues with this and good suggestions.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now