[Server 2012] RemoteApp single sign on – login without warnings or messages desired

Home Forums Virtualization Terminal Services [Server 2012] RemoteApp single sign on – login without warnings or messages desired

Viewing 1 post (of 1 total)
  • Author

  • CE_MvB

    Our server 2012 Hyper-v environment is giving some difficult time concerning our RemoteApp setup.

    It seems that one of our collections is (almost) working perfectly and we can login without the expectation of several messages or warnings about .local certificates. The other collections seem to differ without giving a indication as to what could be the reason for this unique behaviour.

    First of all, the following situation is aiming at starting RDWEB from a Google Chrome browser instead of Internet Explorer. The biggest difference this gives, is downloading the .rdp connection when you click on a RemoteApp (when logged in RDWEB) as opposed to a seemingly automatic procedure (because of an Active-X plugin) where the rdgateway connection is setup right after logging in with Internet Explorer.
    The reason for preferring Chrome, is so we can publish the .rdp files to our clients without having them to take an extra step in the RDWEB before opening the RemoteApp.

    Long story short: everything is working pretty okay when using IE (RDWEB). Single Sign on etc, the certificate warnings don’t show me a .local certificate (since we have a wildcard certificate on the rdgateway server/connection broker)
    For one of the collection we’re experiencing no problems or warnings. Not even when I directly open the downloaded .rdp. I get a credential question 1 time, and after this the session broker has been set-up and within 1 minute the application is starting. But this is not the case with the rest of the collections which I start directly from the downloaded .rdp.
    At a certain point I came to the conclusion the difference had to do with the Collection security settings.
    I went to ‘edit properties’ for the collection, and on the security tab “Allow connections only from computers running Remote Desktop with Network Level Authentication” was unticked. Also the Encryption Level has been set to ‘low’. At a certain point I thought changing the Encryption Level from ‘Client Compatible’ to ‘Low’ was the solution. But this is not clear since at certain point this let’s me connect without a problem but most of the time I receive a question to enter the credentials and after this I also receive the following warning “The identity of the remote computer cannot be verified. The problem can occur if the remote computer is running a version of Windows that is earlier than Windows Vista, or if the remote computer is not configured to support server authentication.”.

    I thought this should actually be surpressed by unticking “Allow connections only from computers running Remote Desktop with Network Level Authentication”

    So conclusion is: there is one collection which has not further problems. I would suggest this has to do with the server it is on. I think I can say this for sure since we tried another collection only on this server and this still gives us the result we want. As soon as I create a collection on a different server (even though this server is inside the same OU and receives the same policies), we receive multiple credential questions plus a security warning.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: