• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 168
  • Last Modified:

Server 2016 RDS Remote App and single sign-on

We have an RDS environment that consists of RDS on server 2016.  We have a URL that takes you to an F5 VIP, which takes you to the gateway servers.  Then there's an F5 VIP that takes you to the connection brokers, and of course, we have app servers behind that.

The issue is that users (coming in from non-domain joined PCs) have to enter their password at the web site, AND after clicking the remote app, they get a second prompt for username and password.

I have it set to single sign-on, but I don't think that works for non-domain joined PCs.

So, does anyone know how to get single sign-on to work in server 2016 RDS remote app servers when the PCs are not domain joined?

Thanks

Cliff
0
crp0499
Asked:
crp0499
1 Solution
 
Cliff GaliherCommented:
The sad honest answer is that SSO only works if the user signs into the web interface with internet explorer.  An active-x control has to be used to negotiate the basically two mutually exclusive authentication protocols.  It is a known limitation with current RDS technologies.

And of course I don't recommend using IE except behind the corporate firewall, and with non Doman machines, even moreso. Basically, logging in twice is a current almost-necessary evil.
0
 
crp0499CEOAuthor Commented:
You know, MS told me the same thing, but I have a boss who insists it can be done and if not, why.  You provided the why.
0
 
McKnifeCommented:
So they don't use IE for https://yourserver/rdweb ? Why not?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now