Getting multiple credential prompts when connecting to Remote Desktop Remote Apps

Getting multiple credential prompts when connecting to Remote Desktop Remote Apps

  • Comments 2
  • Likes

In working with some customers lately we have seen a troubling trend. Many of our customers had worked long and hard to troubleshoot their WebSSO (Web Single Sign On) issues, but to no avail. They were excited and hopeful to present to their customers the ability to log onto a website and then to only have to click on a link to open up any number of RemoteApps.

This was the promise of Remote Desktop Services and the RemoteApps publishing in Windows Server 2008 R2. But then they end up getting prompted for credentials, and prompted again. Checking and double-checking settings and configurations all check out. Here is an example:

 

Bob gets prompted twice when he's in the office, but Sally sitting next to him does not.

Then Bob goes home and connects via the Remote Desktop Gateway and doesn't get prompted except at initial log on.

He comes into work the next day, and then gets double prompted again.

 

We have found that there is a very simple fix which can be applied to many of these situations. It comes down to the handling of the Internet Cookie that gets generated and then forwarded back to the client when the user clicks on the RDP Link in the Remote Desktop Web. What we have found is that in the JavaScript code used by the RDWeb page we are not doing any clean-up of the cookie. We expect the TSWAAuthClientSideCookie element in the transmission from the Server to the client to be the first element in the cookie data being returned.

When it is not, we fail to provide the User credentials which were gathered at logon to the Web Page. This then causes the RDP Client to get launched without credentials being presented to it. So we prompt the user for credentials (again) after they already provided them.

The fix is simple and has already been published on the Web as pertaining to a different symptom. Here is the article in question:

 

977507 The "Connected" icon does not appear in the notification area when you connect to a remote application by using Remote Desktop Web Access on a computer that is running Windows Server 2008 R2

http://support.microsoft.com/default.aspx?scid=kb;EN-US;977507

 

The article goes into editing the RenderScripts.js file, which is fairly simple and can be done in Notepad. We have seen this change fix many different WebSSO problems and other behavior regarding multiple prompts when connecting to RDWeb and WebSSO.

So, if you are having trouble with WebSSO, give it a try.

That’s it for now in regards to making your Web Single Sign-on experience better and better.

Thanks,

David John

Additional Information:

http://blogs.msdn.com/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx

http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx

http://blogs.technet.com/b/askperf/archive/2008/02/21/ws2008-frontside-authentication-and-sso.aspx

Share this post :


Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • We create shortcuts on the users desktops in the office.  They don't use the web portal.  Does this fix also work in this situation?  The rdp link is created to hit the gateway for RDS.  Different people will get prompted 2-6 times before it will let them in, others only get prompted once.

  • We see similar activity to Tom except our users are using mstsc.exe to connect. They are prompted to enter their credentials when mstsc launches and then again when the computer session launches on computers but not on others.  In each situation mstsc is launched from the same computer when this occurs.