locked
RDS SSO not working when component installation disabled? RRS feed

  • Question

  • We have 1 HTTPS trunk with a bunch of web applications and RDS RemoteApp published to the trunk.

    We decided to turn off endpoint compliance checks for the first release.  We did this by checking "Disable component installation and activation" in trunk settings.

    As soon as we did this,  SSO for published RDS RemoteApps stopped working.  The end user is prompted for credentials when they click on the published RemoteApp in the portal.

    Not sure if this is expected or if we have misconfigured something else.   Appreciate any confirmation/denial and also any work arounds to get this to work.

    Wednesday, June 23, 2010 11:28 PM

Answers

  • Hi,

    You are correct that the two pieces of functionality – UAG endpoints components and RDS SSO – are not related, but unfortunately currently RDS SSO only works when the component installation is not disabled in the UAG Management console (even if the components are not actually installed by the end-user and she/he chooses to “Continue with limited functionality”).

    We hope to have this issue fixed in a future Update or Service Pack for UAG.

    Unfortunately there is no good way that I can offer currently you to work around this issue.

    Regards,

    -Ran

    • Marked as answer by superNaraen Thursday, August 5, 2010 10:24 PM
    Thursday, August 5, 2010 9:52 AM

All replies

  • The client components are an essential part of much of UAGs functionality. If you want to bypass the compliance checks, the best way is to set the trunk and application to use the policy "always", which also bypasses all checks. Keep in mind that disabling the clients also disabled other functionality, like the application wrapper, the attachment wiper - this could lead to serious problems.
    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, June 29, 2010 8:43 PM
    • Unmarked as answer by superNaraen Wednesday, August 4, 2010 5:44 PM
    Tuesday, June 29, 2010 8:43 PM
  • Thanks Ben.  Your answer didn't address the question I was asking.   Attempting to rephrase the question below ...

    The real requirement is to avoid forcing our users to install the UAG client components.   We noticed that it is possible to hit "continue" when prompted to install UAG client components (and proceed with limited functionality).   Everything we want including RDP SSO still works in this "limited functionality" mode.

    So, the real question I was trying to ask was ...

    How can we bypass the screens that force users to install endpoint components and still get RDP SSO.   From our *limited* analysis described above,  it doesn't really look like the two pieces of functionality are really linked.

    Appreciate your suggestions.   We are already on track to customize UAG heavily, so a little bit more doesn't seem too daunting.    Thanks in advance for the answers.

     

    Wednesday, August 4, 2010 5:53 PM
  • Hi,

    You are correct that the two pieces of functionality – UAG endpoints components and RDS SSO – are not related, but unfortunately currently RDS SSO only works when the component installation is not disabled in the UAG Management console (even if the components are not actually installed by the end-user and she/he chooses to “Continue with limited functionality”).

    We hope to have this issue fixed in a future Update or Service Pack for UAG.

    Unfortunately there is no good way that I can offer currently you to work around this issue.

    Regards,

    -Ran

    • Marked as answer by superNaraen Thursday, August 5, 2010 10:24 PM
    Thursday, August 5, 2010 9:52 AM
  • Appreciate the clear response,  Ran.  Thank you.

    We'll stop banging our heads against the wall and wait for this to work in a future update instead. :-)

    Thursday, August 5, 2010 10:27 PM