none
RemoteApp Single Sign On (SSO) from a Windows 7 client

    Question

  • Hi, we are running the Windows 7 RTM client and are trying to use RemoteApp with Single Sign On (SSO). The Server OS is Windows Server 2008 Standard SP1. We believe SSO is setup correctly on the server side because we can use SSO successfully from all of our Windows XP SP3 clients. We are looking to rollout Windows 7 in the near future, but we need SSO to function on Windows 7 before proceeding.

    If I launch a RemoteApp from Windows 7, I receive a message stating "Your Credentials did not work". I am prompted for a password. Below the password is a red circle with an x that says "The logon attempt failed". If I type in the password, the RemoteApp launches. If I launch other RemoteApps at this point I am not prompted for a password.

    On the Windows 7 client, I enabled the "Allow Delegating Default Credentials" setting in the local policy editor. I added "TERMSRV/*.mydomain.com" to the list. No luck. I've tried every possible fix I could find on the web. Thanks.
    Tuesday, August 18, 2009 2:33 PM

All replies

  • Hi,

    The credential delegation is failing because client is not able to authenticate the server.  Can you please enable the setting "Allow delegating default credentials with NTLM only server authentication" and try ?


    Regards, Rajesh.
    Friday, August 21, 2009 1:12 PM
    Moderator
  • Hi Rajesh,
      I enabled that policy as requested on my Windows 7 client. I did a gpupdate and rebooted, same scenario as described earlier. At this point, I have the following two local policies enforced on Windows 7 "Allow Delegating Default Credentials with NTLM-only Server Authentication" which includes TERMSRV/*.mydomain.com in the list of allowed servers, and the policy "Allow Delegating Default Credentials".

    Is there anything I need to set on the 2008 Terminal Server to enforce the use of NTLM-only server authentication?

    Thanks,
    Leo
    Monday, August 24, 2009 12:38 PM
  • Hi,

    Is it working if you specify TERMSRV/* in the GP ?  What is the terminal server name that you are specifying in mstsc or TS remote app manager ? Can you write it here ? Is the terminal server name ends with the suffix mydomain.com ?





    Regards, Rajesh.
    Thursday, August 27, 2009 2:35 PM
    Moderator
  • Hi, I currently have TERMSRV/NJ-2010-TS.BTCO.com , along with TERMSRV/* and TERMSRV/*.BTCO.com.

    The terminal server name in mstsc or TS remote app manager is nj-2010-ts.btco.com

    Thanks,
    Leo
    Thursday, August 27, 2009 6:46 PM
  • with what user did you log on to the client ? Is it a domain user ? SSO works only for domain users ?

    Can you please check "whether you can connect to the terminal server by specifying the credentials while connecting to the terminal server"


    Regards, Rajesh.
    Friday, August 28, 2009 4:57 AM
    Moderator
  • Hi, I'm trying with my account which is a domain user account. I can logon to the terminal server every way imaginable. The problem I and others in my pilot group are having is that on a Windows 7 (RTM) client, when attempting to launch a remoteapp I (and others) must type in my credentials the first time launching a RemoteApp. On Windows XP you are never prompted to sign onto to RemoteApp. It's all single sign on.

    Thanks, Leo
    Friday, August 28, 2009 7:18 PM
  • Hi,

    Please go through this blog http://blogs.msdn.com/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx to have proper understanding on how to enable SSO.


    Regards, Rajesh.
    Saturday, August 29, 2009 7:50 AM
    Moderator
  • Rajesh,
       I read that blog many times (and countless others) before I posted this request for assistance.

    Leo
    Monday, August 31, 2009 11:44 AM
  • Any progress with this?
    Wednesday, September 09, 2009 7:36 PM
  • Hello, i'm having the exact the same problem. Windows 7 clients, 2008 R2 RDS servers with Connection Broker. If i connect trough the web access with Internet Explorer, then SSO works perfectly. But when launching Remoteapp i get an username/password popup.

    I have also followed the blog article point by point. Anyone have a sucess story for this?

    Thursday, October 08, 2009 10:04 AM
  • Hi,

    I noticed on your post that you got all your XP SP3 PC's to work with SSO.. May I ask how..?

    I followed the Microsoft Article

    http://support.microsoft.com/kb/951608/

    But it didn't work am I missing something..?

    Thanks in Advance.

    Tsasha


    • Proposed as answer by PDXDavid Friday, October 07, 2011 11:22 PM
    • Unproposed as answer by PDXDavid Friday, October 07, 2011 11:23 PM
    Wednesday, October 28, 2009 12:02 PM
  • I'm having the exact same problem.   I've gotten SSO to work on XP clients but Windows 7 is giving me the "The logon attempt failed" when trying to launch a remote app.  Hopefully someone has discovered something new?
    Saturday, November 07, 2009 2:42 AM
  • I'm using Windows Server 2008 R2 and RD Web Access. On my Vista machine with RDC 7 installed, I only have to login to the RD Web Access page, and then I don't get prompted for any other credentials after launching my RemoteApp. However, on my Windows 7 machine I get prompted for credentials again after logging into the RD Web Access page, and clicking on my RemoteApp icon.
    www.jeremywadsworth.com
    Friday, December 11, 2009 12:43 AM
  • I'm using Windows Server 2008 R2 and RD Web Access. On my Vista machine with RDC 7 installed, I only have to login to the RD Web Access page, and then I don't get prompted for any other credentials after launching my RemoteApp. However, on my Windows 7 machine I get prompted for credentials again after logging into the RD Web Access page, and clicking on my RemoteApp icon.
    www.jeremywadsworth.com

    UPDATE: After resetting the browser on the Windows 7 RTM client, the SSO now works. We have SSO working whether we use RD Session Host mode or RD Connection Broker mode. We had the problem on one of our Vista clients as well, and resetting the browser fixed the problem. Both machines were used throughout the initial setup of the project and may have had cached files that needed to be cleared.


    www.jeremywadsworth.com
    Friday, December 11, 2009 10:08 PM
  • Same issue, different fix.

    "I'm using Windows Server 2008 R2 and RD Web Access. On my Vista machine with RDC 7 installed, I only have to login to the RD Web Access page, and then I don't get prompted for any other credentials after launching my RemoteApp. However, on my Windows 7 machine I get prompted for credentials again after logging into the RD Web Access page, and clicking on my RemoteApp icon"

    Resetting the browser didn't work for me, but it got me thinking about the add-on when you hit the RDS web page for the first time. So I went looking at the add-on by clicking Tools>Manage Add-ons in IE. I found that the MsRDPClientShell class needs to be approved for more than the server name hosting the website.

    My fix was to right click on the add-on from the manage add-ons interface, choose more information. In the "You have approved this add-on to run on the following websites:" box highlight your server name, and chose the "Allow on all sites" button below.

    Alternatively, if you reset your browser settings, go to the rds web page and when you are prompted to run the add-on for the first time, choose the "Run add-on on all websites" NOT "run add-on".

     

     

    Wednesday, April 21, 2010 3:10 PM
  • Hi All

     

    I am deploying apps from the RemoteApp server via GPO.

    The problem I am having is that I cannot get the app that has been deployed, so accept a single sign on with my domain account.

    So if i change my domain password at any point , the apps do not automatically pick this up.

    Can anyone please help , and i hope i explained it correctly.

     

    Terminal Server has Windows 2008 R2 , clients are Windows XP and some Windows 7

    Thanks

    Ike

    Thursday, April 22, 2010 10:29 AM
  •  

     

    I am running into a similar issue but with our custom apps, and found this article:

    http://www.computerweekly.com/Articles/2009/08/28/237474/XP-single-sign-on-applications-fail-on-Windows-7.htm

    and looking for an alternative?

    Thanks,

    Samy

    Thursday, July 15, 2010 4:13 PM
  • Has anyone from Microsoft actually gotten this to work from Windows 7 using the latest version of Remote Desktop Connection software? I somehow doubt it, because there's a lot of chatter about this in the blogs from well educated and experienced administrator who have followed all the steps in all the articles and nothing seems to work.

    Microsoft: Please fix this.

    Thank you,

    Jeremy

    Friday, August 19, 2011 2:30 AM
  • Hi,

     

    i have nearly the same issue.

    Smart Card logon and SSO to RemoteApp Server doesn't work!

    i found a lot of artikles, where it is written:

    Windows Server 2008 (R2) doesn't supports Samrt Card logon

  • Single Sign-on only works with Passwords. Does not work with Smartcards.
    http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx

    Microsoft, please!

     

Thursday, September 15, 2011 4:22 PM