Solved

Windows 2012 Remoteapp single signon

Posted on 2014-01-03
1
4,497 Views
Last Modified: 2014-01-16
Looking for a way to eliminate users having to renter their credentials multiple times on our network.  Currently we have Active Directory on a Win2008 server and on a Win2003 server.  We also have two Win 2003 Terminal Servers - each runs different application software and several users must access both servers.  So users login to the network with their AD account then RDP to each server and renter their credentials.  
We are implementing a Win 2012 server which will replace the Win2003 Terminal Servers and I am trying to get RemoteApp to eliminate the multiple login problem.  We have gotten the Remoteapp to work thru the RD Web Access but it still prompts for the username and password.  I am not sure how or if creating a msi package and installing it on the client machines will correct the problem.  
Any assistance is greatly appreciated.
0
Comment
Question by:texastek
1 Comment
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39755910
Specific to Win2012 WebSSO, see [1]. For the new web SSO to work, the RD Connection Broker server and the RD Session Host servers in the deployment must run Windows Server 2012, and all virtual desktops must run Windows 8. The accessing clients must support RDP 8.0. In mixed environments, you’ll have to configure web SSO the old way. As before, web SSO with smart cards is not supported.

On the "old way", check out this introductory [2] for the WebSSO requirement esp the client machine. Based on past, Single Sign-On works only when connecting from an XP SP3, Vista or a Windows Server 2008 machine to a Vista or Windows Server 2008 machine. If the server you are connecting to cannot be authenticated via Kerberos or SSL certificate, Single Sign-On will not work.  Single Sign-On works only when using domain user accounts. If the terminal server is configured to Always prompt or RDP file setting Always prompt, then Single Sign-on to TS will not work. Single Sign-on only works with Passwords. Does not work with Smartcards.

[1] http://blogs.msdn.com/b/rds/archive/2012/06/25/remote-desktop-web-access-single-sign-on-now-easier-to-enable-in-windows-server-2012.aspx

[2] http://blogs.msdn.com/b/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx
Web SSO is supported for launching RemoteApp programs from RD Web Access or the Start menu in any of the above modes. For Web SSO to work when connecting to personal desktops or pooled virtual machines (VMs) the client machine needs this hotfix installed:  http://support.microsoft.com/kb/2524668.
Requirements
To take advantage of the new Web SSO feature, the client must be running Remote Desktop Connection (RDC) 7.0.

In order for Web SSO to work:

The connection in RemoteApp and Desktop Connections must have an ID. By default, it is set to the Fully Qualified Domain Name (FQDN) of the RD Connection Broker server in case of RD Connection Broker mode. In RD Session mode, it is set to the FQDN of the RD Web Access server.

RemoteApp programs must be digitally signed using a Server Authentication certificate [Secure Sockets Layer (SSL) certificate]. The certificate Enhanced Key Usage section must contain ‘Server Authentication (1.3.6.1.5.5.7.3.1)’. More details about the types of certificates used to digitally sign RemoteApp programs can be found here.

Client operating systems must trust the certificate with which the RemoteApp programs are signed.
Web SSO in Windows Integrated Authentication
If RD Web Access is configured to use Windows Authentication, which is the Windows Server 2008 mode, instead of the default Forms Based Authentication (FBA), users will be prompted for credentials twice: once for the Windows Integrated Authentication for RD Web Access and again on the launch of the first RemoteApp in the RemoteApp and Desktop Connection. Thereafter on subsequent RemoteApp launch, SSO will work as it works in the FBA mode.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question