2012 R2 RDWeb - Removing Domain Prefix

We have a client with a 2012 RDS environment. They connect via RDWeb. Users log in to RDWeb, and once authenticated are presented with a Remote Desktop icon, which they launch to RDP to the RD session hosts. The client has requested to remove the requirement of needing to enter the domain\username, instead they only want their users to enter username. I followed the following article:

https://msfreaks.wordpress.com/2014/07/22/properly-removing-the-domain-prefix-requirement-from-rd-web-access-2012-r2/

I followed this guide and it did successfully remove the domain prefix for RDWeb. I was able to log in to RDWeb with just my username and no domain prefix.


However, this broke SSO. So, I can log in to RDWeb with no domain, but when I click the RDP icon in RDWeb to launch RDP session, I now get prompted for credentials, and have to enter domain\username.

Is there a way to have the domain passed through so SSO still works? When I revert back to backup files of login.aspx, renderscripts.js, and webscripts-domain.js SSO works again. Thank you.
LVL 1
CCtechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
So first, let me warn you that the changes you made are unsupported. Yes, it works, but patches are allowed to touch and replace any of those files. That has a side effect that, at best, the changes you make can be undone with a simple patch Tuesday, breaking the user experience. Far worse is that a mismatch occurs and the environment actually breaks, requiring a repair install or similar.

Don't mess with files in an unsupported fashion. Not all advice on the internet is food advice.

I will, however, pose a potential workaround. Windows has long supported the idea of a UPN that can be different that the AD domain. The domain\username format is a throwback to NT. If you get users into the habit of logging in (to their machine, web services, and more) via username@domainname.com and you set that UPN to be their public domain, you'll almost never find resistance. They see it as their "email" so they only ever have to remember one thing. This scales well too, as it means that same logon format can be used for computers, on premises services like RDweb, but also cloud services like O365 or google apps. Those cloud services, being multitenant, wouldn't know who "username" is so the "username@tenant.com" is a near universal format for public services. Getting users in that habit now makes scaling into new services in the future much easier. With almost no learning curve.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CCtechAuthor Commented:
only works if their AD domain matches email domain, but will consider in future
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.