Jul 24 2018 07:29 AM
In the release notes for build 17713, support was announced for logging into remote desktop sessions using biometrics via windows hello. I have a few questions I'm hoping someone can answer:
The way the blog post is worded, it's not clear whether the 'new' part of this is strictly related to biometrics, or if using Windows Hello to log into a remote desktop server is completely new. Was it previously possible to use Windows Hello with a PIN to log in to a remote desktop session? If so, is there any documentation on this available?
In the example used in the blog post, the Remote Desktop connection is from a Windows 10 client to a Windows Server 2016 server. Is Server 2016 required, or will this work with older server OS versions?
Does it matter which type of deployment (Key-Trust vs Certificate-Trust) is used for Windows Hello for business?
I've tried using this feature in my environment, to connect from a client running build 17713 to a Server 2016 server, but get an error "The client certificate does not contain a valid UPN. . . " (screenshot below)
Any idea what would cause that?
Have any Insiders out there been able to use this new feature successfully?
Oct 03 2018 10:58 AM
Did you ever figure this out? Just installed 1809 and ran into the same message.
Oct 03 2018 03:31 PM
SolutionAlthough late, we have published information around WHfB with RDP :
Jan 07 2019 10:57 AM
This only pertains to certificate trust deployments and biometrics. Will WHFB work with rdp/rdweb while using a PIN?
Jan 25 2019 08:23 PM
I performed the steps in the guide after seeing this error and now WHFB has completely dissapeared as an option for RDP. Just traditional UPN or Domain\user logon are the only options. I would love to go password-less, but it seems there is still some refinement required.
Feb 04 2019 11:30 AM
It would be nice to actually get a reply to one question I ask on this forum.
Feb 04 2019 12:41 PM
RDP with Windows Hello for Business only works with certificate based deployments. Support for RDP with Windows Hello for Business PIN has been available for multiple releases. The changes in 1809 add support for biometric auth in addition to PIN.
Feb 04 2019 12:55 PM
Apr 17 2019 01:03 PM
Jun 03 2019 09:59 PM
Jun 04 2019 04:57 AM
Jun 12 2019 08:33 AM
Jun 12 2019 01:08 PM
@jurajt Nope, not as far as I know. If it was resolved, and key-trust worked with RDP, I would be chugging margaritas and dancing on tables.
Jun 12 2019 03:52 PM
Sadly it still hasn't been fixed, and there is still little information available. I'm engaging Microsoft under our Unified Support to better understand what's happening in this space.
Jun 12 2019 05:41 PM
Jun 12 2019 05:44 PM
I'd be happy with a registry key to disable/hide the PIN/Biometric login option from RDP while Microsoft work to make the Key Trust model work.
Nov 24 2019 11:53 AM
Nov 24 2019 11:55 AM
@Azim null wrote:I performed the steps in the guide after seeing this error and now WHFB has completely dissapeared as an option for RDP. Just traditional UPN or Domain\user logon are the only options. I would love to go password-less, but it seems there is still some refinement required.
For me I want to have access to PIN when using my Hyper-V VM in enhanced session mode, but Windows hello options disappear and only appear when using basic session mode in Hyper-V VM console.
Nov 29 2019 11:02 AM
@Clint LechnerThat AAD Connect comment was gold. I was fuzzy too as it seemed no RA was required for the key trust model. Regardless, based on all these comments, the idea that I might be able to get away with the key-trust model seems to be out the window especially since we have a brand new requirement to deploy a single new RDP based PAW (Privileged Access Workstation) that should only be accessed with WHfB credentials. All I can say is I'm lucky all our servers are 2019 and workstations Win 10/1909. Now to build the lab! Krikey!
Jan 21 2020 03:55 PM
Oct 03 2018 03:31 PM
SolutionAlthough late, we have published information around WHfB with RDP :