Tuesday, August 18, 2009 2:33 PMHi, we are running the Windows 7 RTM client and are trying to use RemoteApp with Single Sign On (SSO). The Server OS is Windows Server 2008 Standard SP1. We believe SSO is setup correctly on the server side because we can use SSO successfully from all of our Windows XP SP3 clients. We are looking to rollout Windows 7 in the near future, but we need SSO to function on Windows 7 before proceeding.
If I launch a RemoteApp from Windows 7, I receive a message stating "Your Credentials did not work". I am prompted for a password. Below the password is a red circle with an x that says "The logon attempt failed". If I type in the password, the RemoteApp launches. If I launch other RemoteApps at this point I am not prompted for a password.
On the Windows 7 client, I enabled the "Allow Delegating Default Credentials" setting in the local policy editor. I added "TERMSRV/*.mydomain.com" to the list. No luck. I've tried every possible fix I could find on the web. Thanks.
Friday, August 21, 2009 1:12 PMModeratorHi,
The credential delegation is failing because client is not able to authenticate the server. Can you please enable the setting "Allow delegating default credentials with NTLM only server authentication" and try ?
Monday, August 24, 2009 12:38 PMHi Rajesh,
I enabled that policy as requested on my Windows 7 client. I did a gpupdate and rebooted, same scenario as described earlier. At this point, I have the following two local policies enforced on Windows 7 "Allow Delegating Default Credentials with NTLM-only Server Authentication" which includes TERMSRV/*.mydomain.com in the list of allowed servers, and the policy "Allow Delegating Default Credentials".
Is there anything I need to set on the 2008 Terminal Server to enforce the use of NTLM-only server authentication?
Thursday, August 27, 2009 2:35 PMModeratorHi,
Is it working if you specify TERMSRV/* in the GP ? What is the terminal server name that you are specifying in mstsc or TS remote app manager ? Can you write it here ? Is the terminal server name ends with the suffix mydomain.com ?
Thursday, August 27, 2009 6:46 PMHi, I currently have TERMSRV/NJ-2010-TS.BTCO.com , along with TERMSRV/* and TERMSRV/*.BTCO.com.
The terminal server name in mstsc or TS remote app manager is nj-2010-ts.btco.com
Friday, August 28, 2009 4:57 AMModerator
with what user did you log on to the client ? Is it a domain user ? SSO works only for domain users ?
Can you please check "whether you can connect to the terminal server by specifying the credentials while connecting to the terminal server"
Friday, August 28, 2009 7:18 PMHi, I'm trying with my account which is a domain user account. I can logon to the terminal server every way imaginable. The problem I and others in my pilot group are having is that on a Windows 7 (RTM) client, when attempting to launch a remoteapp I (and others) must type in my credentials the first time launching a RemoteApp. On Windows XP you are never prompted to sign onto to RemoteApp. It's all single sign on.
Saturday, August 29, 2009 7:50 AMModeratorHi,
Please go through this blog http://blogs.msdn.com/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx to have proper understanding on how to enable SSO.
- Proposed As Answer by Rajesh GantaMicrosoft Employee, Moderator Saturday, August 29, 2009 7:50 AM
Monday, August 31, 2009 11:44 AMRajesh,
I read that blog many times (and countless others) before I posted this request for assistance.
Wednesday, September 09, 2009 7:36 PMAny progress with this?
Thursday, October 08, 2009 10:04 AMHello, i'm having the exact the same problem. Windows 7 clients, 2008 R2 RDS servers with Connection Broker. If i connect trough the web access with Internet Explorer, then SSO works perfectly. But when launching Remoteapp i get an username/password popup.
I have also followed the blog article point by point. Anyone have a sucess story for this?
Wednesday, October 28, 2009 12:02 PMHi,
I noticed on your post that you got all your XP SP3 PC's to work with SSO.. May I ask how..?
I followed the Microsoft Article
But it didn't work am I missing something..?
Thanks in Advance.
Saturday, November 07, 2009 2:42 AMI'm having the exact same problem. I've gotten SSO to work on XP clients but Windows 7 is giving me the "The logon attempt failed" when trying to launch a remote app. Hopefully someone has discovered something new?
Friday, December 11, 2009 12:43 AMI'm using Windows Server 2008 R2 and RD Web Access. On my Vista machine with RDC 7 installed, I only have to login to the RD Web Access page, and then I don't get prompted for any other credentials after launching my RemoteApp. However, on my Windows 7 machine I get prompted for credentials again after logging into the RD Web Access page, and clicking on my RemoteApp icon.
Friday, December 11, 2009 10:08 PM
I'm using Windows Server 2008 R2 and RD Web Access. On my Vista machine with RDC 7 installed, I only have to login to the RD Web Access page, and then I don't get prompted for any other credentials after launching my RemoteApp. However, on my Windows 7 machine I get prompted for credentials again after logging into the RD Web Access page, and clicking on my RemoteApp icon.
UPDATE: After resetting the browser on the Windows 7 RTM client, the SSO now works. We have SSO working whether we use RD Session Host mode or RD Connection Broker mode. We had the problem on one of our Vista clients as well, and resetting the browser fixed the problem. Both machines were used throughout the initial setup of the project and may have had cached files that needed to be cleared.
Wednesday, April 21, 2010 3:10 PM
Same issue, different fix.
"I'm using Windows Server 2008 R2 and RD Web Access. On my Vista machine with RDC 7 installed, I only have to login to the RD Web Access page, and then I don't get prompted for any other credentials after launching my RemoteApp. However, on my Windows 7 machine I get prompted for credentials again after logging into the RD Web Access page, and clicking on my RemoteApp icon"
Resetting the browser didn't work for me, but it got me thinking about the add-on when you hit the RDS web page for the first time. So I went looking at the add-on by clicking Tools>Manage Add-ons in IE. I found that the MsRDPClientShell class needs to be approved for more than the server name hosting the website.
My fix was to right click on the add-on from the manage add-ons interface, choose more information. In the "You have approved this add-on to run on the following websites:" box highlight your server name, and chose the "Allow on all sites" button below.
Alternatively, if you reset your browser settings, go to the rds web page and when you are prompted to run the add-on for the first time, choose the "Run add-on on all websites" NOT "run add-on".
Thursday, April 22, 2010 10:29 AM
I am deploying apps from the RemoteApp server via GPO.
The problem I am having is that I cannot get the app that has been deployed, so accept a single sign on with my domain account.
So if i change my domain password at any point , the apps do not automatically pick this up.
Can anyone please help , and i hope i explained it correctly.
Terminal Server has Windows 2008 R2 , clients are Windows XP and some Windows 7
Thursday, July 15, 2010 4:13 PM
I am running into a similar issue but with our custom apps, and found this article:
and looking for an alternative?
Friday, August 19, 2011 2:30 AM
Has anyone from Microsoft actually gotten this to work from Windows 7 using the latest version of Remote Desktop Connection software? I somehow doubt it, because there's a lot of chatter about this in the blogs from well educated and experienced administrator who have followed all the steps in all the articles and nothing seems to work.
Microsoft: Please fix this.
Thursday, September 15, 2011 4:22 PM
i have nearly the same issue.
Smart Card logon and SSO to RemoteApp Server doesn't work!
i found a lot of artikles, where it is written:
Windows Server 2008 (R2) doesn't supports Samrt Card logon
- Single Sign-on only works with Passwords. Does not work with Smartcards.
- Single Sign-on only works with Passwords. Does not work with Smartcards.