Windows Server TechCenter >
Windows Server Forums
>
Terminal Services
>
RemoteApp Single Sign On (SSO) from a Windows 7 client
RemoteApp Single Sign On (SSO) from a Windows 7 client
- Hi, we are running the Windows 7 RTM client and are trying to use RemoteApp with Single Sign On (SSO). The Server OS is Windows Server 2008 Standard SP1. We believe SSO is setup correctly on the server side because we can use SSO successfully from all of our Windows XP SP3 clients. We are looking to rollout Windows 7 in the near future, but we need SSO to function on Windows 7 before proceeding.
If I launch a RemoteApp from Windows 7, I receive a message stating "Your Credentials did not work". I am prompted for a password. Below the password is a red circle with an x that says "The logon attempt failed". If I type in the password, the RemoteApp launches. If I launch other RemoteApps at this point I am not prompted for a password.
On the Windows 7 client, I enabled the "Allow Delegating Default Credentials" setting in the local policy editor. I added "TERMSRV/*.mydomain.com" to the list. No luck. I've tried every possible fix I could find on the web. Thanks.
All Replies
- Hi,
The credential delegation is failing because client is not able to authenticate the server. Can you please enable the setting "Allow delegating default credentials with NTLM only server authentication" and try ?
Regards, Rajesh. - Hi Rajesh,
I enabled that policy as requested on my Windows 7 client. I did a gpupdate and rebooted, same scenario as described earlier. At this point, I have the following two local policies enforced on Windows 7 "Allow Delegating Default Credentials with NTLM-only Server Authentication" which includes TERMSRV/*.mydomain.com in the list of allowed servers, and the policy "Allow Delegating Default Credentials".
Is there anything I need to set on the 2008 Terminal Server to enforce the use of NTLM-only server authentication?
Thanks,
Leo - Hi,
Is it working if you specify TERMSRV/* in the GP ? What is the terminal server name that you are specifying in mstsc or TS remote app manager ? Can you write it here ? Is the terminal server name ends with the suffix mydomain.com ?
Regards, Rajesh. - Hi, I currently have TERMSRV/NJ-2010-TS.BTCO.com , along with TERMSRV/* and TERMSRV/*.BTCO.com.
The terminal server name in mstsc or TS remote app manager is nj-2010-ts.btco.com
Thanks,
Leo with what user did you log on to the client ? Is it a domain user ? SSO works only for domain users ?
Can you please check "whether you can connect to the terminal server by specifying the credentials while connecting to the terminal server"
Regards, Rajesh.- Hi, I'm trying with my account which is a domain user account. I can logon to the terminal server every way imaginable. The problem I and others in my pilot group are having is that on a Windows 7 (RTM) client, when attempting to launch a remoteapp I (and others) must type in my credentials the first time launching a RemoteApp. On Windows XP you are never prompted to sign onto to RemoteApp. It's all single sign on.
Thanks, Leo - Hi,
Please go through this blog http://blogs.msdn.com/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx to have proper understanding on how to enable SSO.
Regards, Rajesh.- Proposed As Answer byRajesh GantaMSFT, ModeratorSaturday, August 29, 2009 7:50 AM
- Rajesh,
I read that blog many times (and countless others) before I posted this request for assistance.
Leo - Any progress with this?
- Hello, i'm having the exact the same problem. Windows 7 clients, 2008 R2 RDS servers with Connection Broker. If i connect trough the web access with Internet Explorer, then SSO works perfectly. But when launching Remoteapp i get an username/password popup.
I have also followed the blog article point by point. Anyone have a sucess story for this? - Hi,
I noticed on your post that you got all your XP SP3 PC's to work with SSO.. May I ask how..?
I followed the Microsoft Article
http://support.microsoft.com/kb/951608/
But it didn't work am I missing something..?
Thanks in Advance.
Tsasha
- I'm having the exact same problem. I've gotten SSO to work on XP clients but Windows 7 is giving me the "The logon attempt failed" when trying to launch a remote app. Hopefully someone has discovered something new?
