Home

RDS 2019 Getting Prompted for Credentials Twice

%3CLINGO-SUB%20id%3D%22lingo-sub-827160%22%20slang%3D%22en-US%22%3ERDS%202019%20Getting%20Prompted%20for%20Credentials%20Twice%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-827160%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%20size%3D%223%22%3EJust%20set%20up%20a%20new%20RDS%202019%20deployment%2C%20and%20am%20having%20an%20issue%20with%20getting%20prompted%20twice%20for%20credentials.%26nbsp%3B%20Once%20when%20they%20sign%20into%20the%20web%20page%2C%20and%20once%20when%20they%20launch%20the%20remote%20desktop.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%223%22%3EI've%20tried%20making%20this%20policy%20change%2C%20but%20it%20didn't%20seem%20to%20help%20-%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3E%3CSTRONG%3EComputer%20Configuration%5CAdministrative%20Templates%5CWindows%20Components%5CRemote%20Desktop%20Services%5CRemote%20Desktop%20Session%20Host%5CSecurity%3C%2FSTRONG%3E%E2%80%9D%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%222%22%3ESet%20the%20%E2%80%9C%3CSTRONG%3EAlways%20prompt%20for%20password%20upon%20connection%3C%2FSTRONG%3E%E2%80%9D%20setting%20to%20%3CSTRONG%3EDisabled%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%223%22%3EWe%20have%20a%20pretty%20simple%20set%20up%2C%20broker%20and%20licensing%20running%20on%20one%20server%2C%20gateway%20and%20web%20running%20on%20another%2C%20and%20two%20session%26nbsp%3B%3C%2FFONT%3E%3CFONT%20size%3D%222%22%3E%3CFONT%20size%3D%223%22%3Ehosts.%26nbsp%3B%3C%2FFONT%3E%20%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20happens%20if%20I%20try%20internally%20or%20externally.%26nbsp%3B%20Also%2C%20the%20certificate%20is%20showing%20trusted.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20would%20be%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-827160%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-828558%22%20slang%3D%22en-US%22%3ERe%3A%20RDS%202019%20Getting%20Prompted%20for%20Credentials%20Twice%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-828558%22%20slang%3D%22en-US%22%3E%3CP%3ENot%20all%20browsers%20support%20Single-Sign-On%20to%20a%20RDSH-Session%20from%20Web-Access.%20To%20test%20this%20make%20sure%20that%20you%20put%20your%20RD-WebAccess%20URI%20into%20the%20intranet%20site%20zone%20and%20use%20Internet%20Explorer%20instead%20of%20an%20alternative%20browser.%20If%20SSO%20works%20there%2C%20your%20configuration%20is%20correct.%3C%2FP%3E%3CP%3EOur%20RDSH-Farms%20works%20fine%20with%20SSO.%20We%20have%20https%3A%2F%2F*.ourdomain.com%20in%20the%20trusted%20sites%20list%2C%20defined%20as%20intranet%20site%2C%20and%20put%20a%20link%20to%20RD-Webaccess%20on%20the%20users%20desktop%2C%20which%20opens%20with%20Internet%20Explorer.%3C%2FP%3E%3CP%3EAlternatively%2C%20if%20you%20just%20need%20a%20full%20Session%20for%20your%20end-users%2C%20and%20not%20other%20features%20of%20WebAccess%2C%20you%20could%20skip%20RD-WebAccess%20and%20just%20use%20a%20direct%20RDP-Connection.%20Download%20the%20.rdp%20file%20from%20Web%20Access%20and%20deploy%20it%20to%20your%20endusers.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F141531%22%20target%3D%22_blank%22%3E%40Faye%20Jasman%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-828855%22%20slang%3D%22en-US%22%3ERe%3A%20RDS%202019%20Getting%20Prompted%20for%20Credentials%20Twice%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-828855%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F261242%22%20target%3D%22_blank%22%3E%40dretzer%3C%2FA%3E%26nbsp%3BOk%2C%20so%20based%20on%20your%20response%2C%20is%20there%20no%20way%20to%20avoid%20the%20double%20logon%20for%20remote%20users%20for%20whom%20I%20may%20have%20no%20control%20over%20the%20system%20(or%20a%20device%20such%20as%20an%20iPad%20or%20Android%20tablet)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20won't%20have%20a%20lot%20of%20internal%20use%2C%20and%20are%20trying%20to%20get%20people%20away%20from%20using%20IE.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20require%20two%20factor%20authentication%20(using%20DUO%2C%20which%20I've%20set%20up)%2C%20so%20don't%20think%20the%20.rdp%20file%20would%20be%20a%20solution.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20there%20is%20no%20way%20to%20avoid%20it%2C%20thats%20fine%2C%20I%20just%20have%20to%20be%20prepared%20to%20explain%20that%20to%20our%20end%20users.%26nbsp%3B%20This%20would%20be%20a%20change%20for%20them%20since%20they%20don't%20currently%20have%20to%20do%20this%20with%20Citrix.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-828999%22%20slang%3D%22en-US%22%3ERe%3A%20RDS%202019%20Getting%20Prompted%20for%20Credentials%20Twice%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-828999%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20could%20try%20deploying%20RD-Webclient%20which%20should%20be%20included%20in%20Server%202019%20RDSH-Deployments.%20This%20will%20allow%20you%20to%20have%20the%20RD-Session%20directly%20inside%20the%20browser%20(HTML5-capable%20browser%20only).%20It%20should%20work%20with%20all%20modern%20browsers%2C%20on%20PC%2C%20Mac%2C%20Tablets%20and%20Phones.%20Also%20this%20does%20not%20need%20a%20double-authentication%20so%20it%20would%20solve%20your%20particular%20problem%20as%20well.%3C%2FP%3E%3CP%3EPersonally%20I%20hand't%20the%20time%20to%20test%20RD-Webclient%20with%20Server%202019%20yet%2C%20but%20you%20should%20definitely%20take%20a%20look%20at%20it%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fremote%2Fremote-desktop-services%2Fclients%2Fremote-desktop-web-client-admin%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fremote%2Fremote-desktop-services%2Fclients%2Fremote-desktop-web-client-admin%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F141531%22%20target%3D%22_blank%22%3E%40Faye%20Jasman%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-829000%22%20slang%3D%22en-US%22%3ERe%3A%20RDS%202019%20Getting%20Prompted%20for%20Credentials%20Twice%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-829000%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F261242%22%20target%3D%22_blank%22%3E%40dretzer%3C%2FA%3E%26nbsp%3BThanks%2C%20I'll%20give%20that%20a%20try%20and%20let%20you%20know%20how%20it%20goes.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Faye Jasman
Occasional Contributor

Just set up a new RDS 2019 deployment, and am having an issue with getting prompted twice for credentials.  Once when they sign into the web page, and once when they launch the remote desktop.

 

I've tried making this policy change, but it didn't seem to help - 

Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security

Set the “Always prompt for password upon connection” setting to Disabled

 

We have a pretty simple set up, broker and licensing running on one server, gateway and web running on another, and two session hosts.   

 

This happens if I try internally or externally.  Also, the certificate is showing trusted.

 

Any help would be appreciated.

 

4 Replies

Not all browsers support Single-Sign-On to a RDSH-Session from Web-Access. To test this make sure that you put your RD-WebAccess URI into the intranet site zone and use Internet Explorer instead of an alternative browser. If SSO works there, your configuration is correct.

Our RDSH-Farms works fine with SSO. We have https://*.ourdomain.com in the trusted sites list, defined as intranet site, and put a link to RD-Webaccess on the users desktop, which opens with Internet Explorer.

Alternatively, if you just need a full Session for your end-users, and not other features of WebAccess, you could skip RD-WebAccess and just use a direct RDP-Connection. Download the .rdp file from Web Access and deploy it to your endusers.

@Faye Jasman 

@dretzer Ok, so based on your response, is there no way to avoid the double logon for remote users for whom I may have no control over the system (or a device such as an iPad or Android tablet)?

 

We won't have a lot of internal use, and are trying to get people away from using IE.  

 

We require two factor authentication (using DUO, which I've set up), so don't think the .rdp file would be a solution.

 

If there is no way to avoid it, thats fine, I just have to be prepared to explain that to our end users.  This would be a change for them since they don't currently have to do this with Citrix.

 

Thanks

You could try deploying RD-Webclient which should be included in Server 2019 RDSH-Deployments. This will allow you to have the RD-Session directly inside the browser (HTML5-capable browser only). It should work with all modern browsers, on PC, Mac, Tablets and Phones. Also this does not need a double-authentication so it would solve your particular problem as well.

Personally I hand't the time to test RD-Webclient with Server 2019 yet, but you should definitely take a look at it: https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-deskto...

 

@Faye Jasman 

@dretzer Thanks, I'll give that a try and let you know how it goes.

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies