none
RDP to TS Farm asks for username / password twice RRS feed

  • Question

  • Hi, 

    My problem is users have to enter their username and password then a few seconds later it asks a second time before they can log in. Can any body help - I have currently set up TS 2008 as follows:

    We are using a 2003 DC with a 2008 Gateway and 2 x 2008 servers in the farm. We are planning to upgrade the DC in the next few months.

    I experience the same issue as the users but not all the time. Initially I thought it was a .net update issue but more testing showed it wasnt. 

    Remote sites use a hardware VPN so they RDP to TS-Farm. I am connected at head office directly to the network so it's not a remote site issue. 

    I also saved username in the RDP file in various formats including my username@domain.local etc but this didnt work all the time either. I know this issue occurs when you have a session redirected from one server to another. Once I have connected to the server and logged off and back on again this sometimes resolved the issue too but again not all the time. Could this be down to the session broker?

    My next problem might not be related but just thought I would mention for completeness. I have a problem RDP-ing directly to a server on the farm for admin purposes - I get redirected from say server 2 to server 1. If I attempt to RDP to both it pulls my session across from the first login and its the same server!!! 

    I have set up Round Robin DNS and double checked my settings but I thought I could rdp directly via IP. My current work arounds include going to each server directly or RDP-ing directly to the console within admin tools - although in 2003 this caused me other issues. 

    Any ideas
     
    Tuesday, October 14, 2008 8:08 PM

Answers

All replies

  • If you set up a farm and you access it not as admin - even entering specific server name or IP you will still be soccer'ed between the servers in the farm. To avoid this you can connect as admin then the farm settings are overrided.
    You can also enable SSO on your client so that you dont need to enter your credentials twice.


    Citrix Technology Professional, PubForum Founder http://www.pubforum.net
    Thursday, October 16, 2008 12:50 PM
    Moderator
  • I am domain admin so surely I should override this problem?

    I have enabled single sign on on the servers, how do I set this on the client? Am I missing something.

    I am new to 2008 so forgive the gaps in my knowledge.

    I also see that you can only enable SSO on vista clients. I am using xp home and pro pc's at the moment.
    • Edited by Metallicabk Thursday, October 16, 2008 3:00 PM
    Thursday, October 16, 2008 2:15 PM
  • If you have domain admin and do not logon to the Server with RDP Client /admin switch you are seen as a normal user.
    So please use the /admin switch.

    You enabled Single Sign On on server - you mean Domain Group Policy? If not then you need to enable this on the local clients - what you also can do via Group Policies.

    You can enable SSO on Windows XP Service Pack 3 too. Please refer to the following article:


    http://blogs.msdn.com/ts/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx

    here is for XP SP3

    "

    Additional information for SSO for TS farms from XP SP3 clients:

    There is a QFE availbe for SSO to TS farms from XP SP3 - please see kb article located here: "http://support.microsoft.com/kb/953760"

    Also, please make sure you have CredSSP enabled on your XP SP3 client -  please see kb article located here: "http://support.microsoft.com/kb/951608""



    Hope that answer your question.


    Citrix Technology Professional, PubForum Founder http://www.pubforum.net
    Friday, October 17, 2008 5:19 PM
    Moderator
  •  Alex, thanks for your replies. You have been most helpful. I am still getting to grips with TS on 2008. I have spent hours on forums, various websites and googling but my company wants me to deploy this yesterday so to speak. I am just making sure everything works 100%. I hope one day ill be able to help you in return.

    We were using a program called jetro cockpit before but experienced regular disconnections hence the rapid roll out...

    Once again thanks

    Saturday, October 18, 2008 7:13 PM
  • Alex,

    The admin switch worked a treat. I used to use both the mstsc and the remote desktop within the admin pack to connect to servers. Out of the ones I used from the admin pack some were configured to connect directly to console and some were not.

    I have just read about the two switches /admin and /console. If anyone else is interested in more detail please visit...

    http://support.microsoft.com/kb/947723

    My group policy is 2003 as is my DC so I will use the TS 2008 farm servers local group policy and enable SSO that way. I have read the articles you referenced...one is the Kerberos.dll which I will need to request directly from Microsoft and the other is CredSSP both of which I am going to attempt if the TS 2008 local gp doesnt work.

    Thanks again
    • Edited by Metallicabk Tuesday, October 21, 2008 11:33 AM
    Monday, October 20, 2008 5:04 PM