How to enable SSO ina TS + TSG Environment? RRS feed

  • Question

  • I´m trying to enable SSO in a Win2008 R2 TS+TSG Server, what i´m doing wrong?

    1) TS and TSG server are the same server, known by a FQDN name widely used internally and externally. When the user opens https://ts.company.com he views an RDS Form to type the DOMAIN\USERNAME credentials. The IIS is using anonymous auth to show the Form

    2) I have an Enterprise CA and generated a Server Certificate for the FQDN and the users are connecting to https://ts.company.com

    3) I changed the Desktops.ASPX a line with the "gatewayusagemethod" directive from "1" to "2"

    4) Using GPOs i´ve enabled "Set RDS Gateway server authenticated method" to "use locally logged-on user credentials" and the "Allow Delegation Default Credentials" with the TERMSRV/Server added to (netBIOS and FQDN names added)

    After doing all this stuff, i´m using a Win7 domain-joined machine and even thta way, i only open RemoteApp after typing the credentials again, one in the Form ASPX page and after clicking the RemoteApp, agina i have to type the crecentials i´m already on using because i´m logged as a Domain account

    I forgot something? (next step is to test it with XP SP3 + CredSSP)



    • Moved by Tim Quan Wednesday, June 30, 2010 9:12 AM (From:Windows Server 2008 R2 Remote Desktop Services)
    Tuesday, June 29, 2010 4:56 PM


All replies

  • Hello KayZerSoze,

    Have you already seen this article?

    How to enable Single Sign-On for my Terminal Server connections

    Best regards,
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, June 30, 2010 5:21 AM
  • I solved the problem configuring a signed certificate for the RemoteApp and after that all RemoteApp worked weel, but one of the RemoteApp failed in some machines and only works for everyone if i configure the RDS security as "RDP Security Layer" insted "Negotiate" ou "TLS". I´m researching why this is happening.

    I´ve tested the new RDP 7 for XP and the SSO worked for a XP SP3 machine in the test environment.





    Wednesday, June 30, 2010 11:44 AM