I am stumped and need some assistance.
I have a simple 2012 R2 RDS server set up for remote access. The server holds all RDS roles.
The problem is, SSO is appears to be broken.
When a user logs in to RDWeb, they are presented with the Remote Desktop icon. Also, using IE the "Connected to RemoteApp and Desktop Connections" icon appears in the tray. When they click the app they are prompted for credentials again. They are getting the message shown in screenshot attached.
"The server's authentication policy does not allow connection requests using saved credentials. Please enter new credentials."
This only happens through RDWeb. If I try to connect through RD Gateway via RDP client, I do not get prompted again and do not get this message.
I have tried deleting and creating a new collection, still the same issue. I think there may be a local security policy in place, or a registry setting forcing this, but the fact that it only happens through RDWeb perplexes me.
I have run gpresult /h as an administrator and there are no group or local security policies related to passwords or credentials being saved. So, there is either a registry setting, OR something configured on the gateway or RDWeb is not allowing the credentials to pass. Possibly IIS?