2012 RDS remote connections require two authentications

I am currently running a pilot environment for a 2012 RDS Farm, the environment consists of one RDS Connection Broker and two RDS Session Host Servers

When i connect from my desktop to the broker using mstsc i am asked to authenticate in a Windows Security pop-up window (domain\user autofilled) i put in my password and the connection is made. I am then greeted with the 2012 login page (domain\user auto filled again) and i have to put in my password to logon..

Standard users piloting this are also getting asked to sign in twice but these are using a pre-made RDP shortcut config below

screen mode id:i:1
use multimon:i:0
desktopwidth:i:1920
desktopheight:i:1080
session bpp:i:32
winposstr:s:0,3,-1280,-74,0,950
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:2
displayconnectionbar:i:1
disable wallpaper:i:1
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
full address:s:<connection broker server name>
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
redirectdirectx:i:1
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:
gatewayusagemethod:i:4
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:0
promptcredentialonce:i:1
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.<Collection name>
drivestoredirect:s:

When this is used the 2012 logon prompt is shown and users have to enter their password and then the logon prompt comes up again, its like the broker is requesting a logon before directing to the session hosts which then also ask for a login..

Within the RDS Deployment Properties i have attached a wildcard cert for the domain which is trusted by all clients and the deployment is showing as 'trusted'
LVL 2
Stuart LuptonDatacentre & Server EngineerAsked:
Who is Participating?
 
Brad BouchardInformation Systems Security OfficerCommented:
This happens because you have Windows XP, Vista, or other older operating systems in your environment.  Windows 7 and above users should be fine.  We also had this issue and it was due to thin clients not being up-to-date with the version of XP embedded they were using.  This article is for 2008 but it applies to 2012... have a look.

http://www.edugeek.net/forums/thin-client-virtual-machines/62950-windows-2008-r2-remote-desktop-double-login.html
0
 
Stuart LuptonDatacentre & Server EngineerAuthor Commented:
Thanks back in the office weds so will give this a go :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.