login to remote app with only your domain username
- Hi all my question is, is it possible and how do you setup remote apps login in such a way that you can login but not specify the domain name.
my setup is 1x 2003 DC with 2x windows 2008 terminal servers load ballanced.
ie if you normally login like
MYDOMAIN\username
password
can you set the domain by default so that the user does not have to type the domain name at the point of login.
i have read about using a registry key to do this but that only works if nobody logs in to the server itself as a local user ( in this case we do sometimes do that )
if anyone has an idea it would be greatly appreciated
Answers
- Hi,
Can you please add the following rdp file property to the custom rdp file properties in remote app manger. ( ie add the following rdp file property to remote app rdp files )
username:s:<Domain>\
This shoudl assign the default domain.
Regards,
Rajesh.
Regards, Rajesh.- Proposed As Answer byRajesh GantaMSFT, ModeratorThursday, July 30, 2009 5:36 PM
- Marked As Answer byRajesh GantaMSFT, ModeratorFriday, July 31, 2009 10:23 AM
- Unmarked As Answer byLloydy82 Thursday, July 30, 2009 1:40 AM
- Marked As Answer byLloydy82 Thursday, July 30, 2009 1:33 AM
All Replies
- Hi it is rather an AD question then TS.
Is UPN an option for you?
http://support.microsoft.com/?scid=kb%3Ben-us%3B243280&x=10&y=11
not specifying a domain name could mean that the user would want to login locally or to a different
child domain etc.
username@MYDOMAIN
Citrix Technology Professional, PubForum.net Founder, LinkedIn, TS Training in Europe! Love Microsoft &its people to bits! - so setting DefaultDomainName and AltDefaultDomainName doesn't do the trick?
- Hi,
Can you please add the following rdp file property to the custom rdp file properties in remote app manger. ( ie add the following rdp file property to remote app rdp files )
username:s:<Domain>\
This shoudl assign the default domain.
Regards,
Rajesh.
Regards, Rajesh.- Proposed As Answer byRajesh GantaMSFT, ModeratorThursday, July 30, 2009 5:36 PM
- Marked As Answer byRajesh GantaMSFT, ModeratorFriday, July 31, 2009 10:23 AM
- Unmarked As Answer byLloydy82 Thursday, July 30, 2009 1:40 AM
- Marked As Answer byLloydy82 Thursday, July 30, 2009 1:33 AM
Hello
When I try to enter username:s:<Domain>\ into the custom RDP box it says "There are settings that you have entered in the Custom RDP settings box that are either not valid or cannot be overridden. The following RDP settings are not recognized:
username:s:<Domain>\
Obviously I replaced <Domain> with my domain.
This is on Server 2008 R2 though. Has this parameter been renamed in R2?
Thanks
Robin
Robin Wilson- Hello,
I am getting the same error. The option works if I do an unsigned RDP file and add it in notepad but we want the files signed so they cant be tampered with without breaking them, so I have to use the Custom settings window. Please advise. Thanks! - I'm getting the same problem, and as I understand it, this is an issue with IIS. (Since I'm using a gateway server here, IIS is used to proxy the connection to the actual terminal server) Apparently, there is no way with IIS to automatically specify the domain when using Windows Authentication. The only way is to implement something in the client to modify the login information before it's sent down the wire.
Adding "username:s:<Domain>\" cannot be added using the "Custom RDP Settings" for some reason... (not sure why exactly). It seems to think that that parameter is invalid. Simply unsigning & adding the "username:s:<MyDomain>\" to the rdp file did NOT help, and appears to be completely ignored. If I skip the gateway server & connect directly to the terminal server, I do not need to specify the domain.
My question is this:
Specifying the domain & username seems to be valid syntax for the .rdp file, but for some reason it is not used when connecting using a gateway. Why is that? Are there some other parameters I should be using with reguards to a gateway server? - I would have preferred to have single sigon working but as that did not seem possible to achieve externally (works internally) I was hoping I could get this working as an alternative as getting users to log into RemoteApp once with Forms Authetication and then login again with windows authentication and also replacing the domain where it inserts their local computer name makes this a lot more complicated for less computer literate people and a hassle for people who are.
Hoping there is some solution to this.
Robin Wilson - Try adding:
domain:s:<yourDomainHere>
I have tested this and it works.
Hope this helps,
Kristin L. Griffin
Co-Author of the Windows Server 2008 Terminal Services Resource Kit (and a SUPER BIG fan of the Microsoft RDV Team!!!)- Proposed As Answer byKristin L. GriffinMVP, ModeratorWednesday, October 07, 2009 6:04 PM
- Hello Kristin
This does not work and it tells you the RDP settings are not recognised as it does with the username:s:domain setting.
As far as I understand it the domain:s parameter was dropped in Server 2008 R2 for some reason but the username:s can be used instead although not in the remoteapp custom RDP settings screen it would seem.
Does anyone have any more suggestions of anything we can try?
Thanks
Robin
Robin Wilson - Robin,
Actually, coinsidentally, I have another thread, same topic going on now.
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/d9927b7b-95ee-4d9f-bf1f-a22b6bb743ed
PLease read that and when i have answer I will follow up there.
Thanks!
Hope this helps,
Kristin L. Griffin
Co-Author of the Windows Server 2008 Terminal Services Resource Kit (and a SUPER BIG fan of the Microsoft RDV Team!!!) - Has this been changed in 2008 R2? I am getting the same error as previously described.
- Hello Kristin
Thanks for your reply. I replied to the other topic.
mongoose90584: I'm not sure if this same problem existed with Server 2008 as I never really tried to use RemoteApp then as you couldn't specify multiple RemoteApp Servers and it had other limitations.
RemoteApp is good apart from this annoying problem.
Robin
Robin Wilson Hi all,
I also have this problem, although the annoying thing for us is there was a post about editing the ASP.NET files to automatically populate the internal variable with the domain (in the FBA login.aspx page). This allows you to login and see the list of applications however when you try to start one you get "Your computer can't connect to the remote computer because an error occured on the remote computer that you want to connect to. Contact your network administrator for assistance.". I also got the same message after installing the RDC 7.0 but that was because CredSSP wasn't enabled.
Anyway including the domain in the RDP file with a custom setting in the RemoteApp manager would be ideal, editing the raw RDP files isnt an option as it would just get forgotton when adding new applications.
Does anyone have a workaround for this?
Thanks,
RossHi,
The solution we employed was to tweak the underlying web files to better handle the domain. We only have one domain so this was fixed, what I did was edit the renderscripts.js file (which includes the JS procedure which occurs after the login dialog 'submit') to check to see if the user has entered a domain (checking whether a backslash exists) and if not physically edit the edit box contents with the new domain.
In the renderscripts.js file look for the function onLoginFormSubmit(), where it probes the username edit box simply insert the domain. The code extract below includes a peice from the original file which shows you where it should be placed together with the new code (separated by blank lines). In this instance the domain is called CHARLYMONKEY.
if ( objForm != null )
{
strDomainUserName = objForm.elements("DomainUserName").value;// add default domain...
if ( strDomainUserName.indexOf("\\") == -1 )
{
strDomainUserName = "CHARLYMONKEY\\" + strDomainUserName;
objForm.elements("DomainUserName").value = strDomainUserName;
}strPassword = objForm.elements("UserPass").value;
strWorkspaceId = objForm.elements("WorkSpaceID").value;
It is messier that an RDP setting but we had to edit the web access site anyway for corporate branding, this was simply the next level.
I hope that is of help, obviously if anything goes wrong with the login the modified value of the edit is written back to the edit box (this is essential) so the user can see if somehow they've entered the domain or something but with the wrong kind of slash.
Please note that if you also tweak your main screen to check for RDC 7.0 and if not force users to download and install it the single sign-on works fantastically. I haven't done this yet but am hoping the RDC ActiveX control can be probed by JavaScript so that proper version checking can take place.
kind regards,
Ross- Proposed As Answer byRoss CP Friday, November 13, 2009 3:29 PM
- Hi,
For those of you that were interested (and those that may get directed here via google or other some such linking) I managed to get a test web page to test the RDC version (which I illuded to in my previous post). This means that you can potentially create an interim page for RDWebAccess to check for the version of the RDC client and push the user towards the download location. As single sign-one works lovely with the new version providing the above default domain tweak is in place this really ties the website up with a bow.
This page creates the ActiveX control, but you HAVE to do this anyway for RDWebAccess to work anyway so they simply enable it for the intro page, and it will not prompt for the main login page.
OK here is the demo web page:
SNIP ----------------------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW, NOARCHIVE" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<script type="text/javascript">
<!--
function versionRdc()
{
try
{
rdpClient = new ActiveXObject("MsRdp.MsRdp.5");
return rdpClient.Version;
}
catch (e)
{
}
return "";
}
function parseVersionString (str)
{
if (typeof(str) != "string") { return false; }
var x = str.split(".");
var maj = parseInt(x[0]) || 0;
var min = parseInt(x[1]) || 0;
var pat = parseInt(x[2]) || 0;
return { major: maj, minor: min, patch: pat }
}
function rdc7()
{
var rdpver = versionRdc();
var rdc7res = true;
if (rdpver != "")
{
var running_version = parseVersionString(rdpver);
var latest_version = parseVersionString("6.1.7600"); // rdc 7.0
if (running_version.major < latest_version.major) { var rdc7res = false; }
else
{
if (running_version.major == latest_version.major)
{
if (running_version.minor < latest_version.minor) { var rdc7res = false; }
else
{
if (running_version.minor == latest_version.minor)
{
if (running_version.patch < latest_version.patch) { var rdc7res = false; }
}
}
}
}
}
return rdc7res;
}
function test()
{
if (rdc7())
{
alert("RDC7 is installed and single sign-on will work.");
}
else
{
alert("RDC7 is not installed.");
}
}
// -->
</script>
</head>
<body onload="test();">
</body>
</html>
SNIP ----------------------------
I hope that is of help.
kind regards,
Ross
