Forum Discussion

Robert Lawton's avatar
Robert Lawton
Copper Contributor
Apr 09, 2018

Remote App strange behavior with saved credentials

This problem has confused me for awhile now, and I haven't been able to find any solution.

I'm not sure if this is an issue with the mstsc.exe on the client, or if it's an issues server side at this point.

The bottom line issue, is that the "Remember me" checkbox for the remote app credentials will stop showing up, preventing the user from saving his or her credentials for the remote app connection.

 

So, here's the scenario.

 

I have a Windows Server 2016 environment, with it's own domain that provides access to applications to remote clients via Remote App services.

Joining the clients to the domain isn't an option.

We have a publicly trusted certificate deployed in our Remote App servers.

When we setup a client machine, we do so through the Remote App and Desktop Connections control panel app, and enter the RDweb url.

The client machines are a mix of Windows 7 machines to Windows 10.

When we give the users their credentials, it's always in the format of <username>@<domain name> not <domain name>\<username>

 

When we initially setup the client machine, usually the user will save his credentials. Which is fine.

However, when their password expires, or when they want to change it through the web interface, things get weird.

 

When everything is working fine, in the windows credential manager there are two entries, both in the Windows Credentials section.

1) <public FQDN of remote app collection>  with the username in the format of <username>@domainname>

2) TERMSRV/<public FQDN of remote app collection> with the username in the format of <username>@domainname>

 

When the users change their passwords via the RDWeb portal page, obviously it doesn't update their saved credentials. 

The expectation would be that the remote desktop client would prompt them for their new password, with the option to save it, as how it was when it was originally setup. 

 

And this is what happens, some times.

They get prompted for their password, with a screen that shows them their username in the <domain>\<username> format, with the remember me box.

 

Eventually though, it will break. And this is 100% repeatable by changing the password on the AD side, and trying to conenct again from the client.

At some point, one of those times they change their password, they will be prompted for their new password with a credential screen with no remember me box.

 

When it does this. if you look in the credential manager, there will be 3 entries.

Windows Credentials:

TERMSRV/<RDSessionHost FQDN> with username in <domain name>\<username> format

TERMSRV/<public FQDN of remote app collection>   with the username in the format of <username>@domainname>

Generic Credentials:

TERMSRV/<public FQDN of remote app collection>  with username in <domain name>\<username> format

 

After this happens, the users will never get the remember me box again, unless they completely delete the session from their control panel, and re-add it.

Manually fixing the credentials in the credential manager to make them match how they were when it was working fine works temporarily, but will break again next time they reboot their computer, or the session disconnects from the servers.

 

I’m not sure what to do with this next.

If anyone has any ideas, it'd be greatly appriciated.

Resources