Hi,
I have setup a test RDS environment as follows:
AD domain: domain.com, 2 Session hosts (Both are session hosts and remoteapp servers).
1 Broker, 1 RDS Gateway Server, 1 RD Web Access server
All servers are 2008R2.
A wildcard SSL cert for *.domain.com has been installed on the broker, gateway, session hosts and the remoteapps have been signed. IIS on the web access server is using the wildcard ssl cert as well.
I have carried out all the steps here: http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx& here: http://blogs.msdn.com/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx . In addition, I have also enabled (in a GPO applied to client PCs: Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow default credentials with NTLM only server authentication.
When logged on to a non domain joined client:
- A Remote App RDP icon will ask me for authentication.
-The remote web access site will ask me for authentication only once. Any Remote app I click will open without further prompts for credentials. I also get a connection message that I am connected to the Remote
When logged onto a domain joined client, I see the following behaviour:
1) Remote App icons that are configured to bypass the gateway do not require me to reauthenticate.
2)The remote web access site will ask me for authentication only once. Any Remote app I click will open without further prompts for credentials. also get a connection notification message stating I am connected to the broker.domain.com.
3)Remote apps that are configured to use the gateway ask me for authentication even though when I right click and choose edit, they show that my windows credentials will be used.
4)In Windows 7, setting up a RemoteApp and Desktop Connection will ask me to enter my credentials (along with an option to save them). When I enter the credentials, I get a notification that I have connected to Remote Access (the custom name of the RD web access site)
Can you please advise on 3 & 4 above? What can I do to resolve?
Thanks,
HA