Having deployed 2008 R2 RDS with RDWeb Single Sign On feature for the first time I have an issue where I’m getting a second logon prompt when launching the first RemoteApp, despite having already logged into the RDWeb site with domain user credentials.
Servers
Server1: Connection Broker / RDWeb / Licence
Server2: Session Host / RemoteApp
Server3: Session Host / RemoteApp
Server4: Session Host / RemoteApp
Connecting desktops are Win7 with RDP8 client.
When Launching Remote Apps from RDWeb I am prompted for authentication twice – Once wen logging into the site http://rds.domain.com/rdweb (as expected) and secondly when launching a Remote App (Not expected as RDWeb is configured for Web SSO). The Prompt is only for the first application launched, subsequent applications will not prompt.
RDWeb (Server1) is added to the TS Web Access computers group on the 3 session host servers and connection broker server (its self)
Each session host and RDWeb has a cert signed by internal Enterprise CA
Published RemoteApps are signed with cert
SHA1 thumbprint is added to trusted .rdp publishers via Group Policy
Finally I have tried editing the JavaScript file on RDWeb server as described in the following TechNet blog –
http://blogs.technet.com/b/askperf/archive/2010/11/19/getting-multiple-credential-prompts-when-connecting-to-remote-desktop-remote-apps.aspx
... again without success.
Having read though http://blogs.msdn.com/b/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx I have already completed all the of the steps covered.
Any ideas where I should look next? I’m pretty sure my cert setup is good as I’m not getting any ‘trust’ issues so think the issue lies with SSO or farm configuration?
Incidentally when launching RemoteApps that have been published to the Win7 Start Menu by adding the connection in Control Panel > RemoteApp and Desktop Connections I get I have no issues – again validating that there is no issue with certs?
