cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Logging on to Remote Desktop using Windows Hello for Business & Biometrics

Steve Whitcher
Bronze Contributor

‎Jul 24 2018 07:29 AM

‎Jul 24 2018 07:29 AM

Logging on to Remote Desktop using Windows Hello for Business & Biometrics

In the release notes for build 17713, support was announced for logging into remote desktop sessions using biometrics via windows hello.  I have a few questions I'm hoping someone can answer:

 

The way the blog post is worded, it's not clear whether the 'new' part of this is strictly related to biometrics, or if using Windows Hello to log into a remote desktop server is completely new.  Was it previously possible to use Windows Hello with a PIN to log in to a remote desktop session?  If so, is there any documentation on this available?

 

In the example used in the blog post, the Remote Desktop connection is from a Windows 10 client to a Windows Server 2016 server.  Is Server 2016 required, or will this work with older server OS versions?

 

Does it matter which type of deployment (Key-Trust vs Certificate-Trust) is used for Windows Hello for business?  

 

I've tried using this feature in my environment, to connect from a client running build 17713 to a Server 2016 server, but get an error "The client certificate does not contain a valid UPN. . . " (screenshot below)hello_rdp3_surface.png

  

Any idea what would cause that?  


Have any Insiders out there been able to use this new feature successfully?

141K Views
0 Likes
49 Replies
Reply
49 Replies
dmutsaers

‎Feb 10 2022 10:21 PM

‎Feb 10 2022 10:21 PM

Re: Logging on to Remote Desktop using Windows Hello for Business & Biometrics

Hello @RossWalker,

I can't get Remote Credential Guard to authenticate successfully when connecting to a Remote Desktop Collection using a Remote Desktop Connection Broker. Should this even be possible?
0 Likes
Reply
RossWalker

‎Feb 11 2022 05:59 AM

‎Feb 11 2022 05:59 AM

Re: Logging on to Remote Desktop using Windows Hello for Business & Biometrics

RCG depends on Kerberos authentication so if that isn’t working properly or if you have redundant brokers setup, as Kerberos isn’t supported with redundant brokers (no shared service account support) then that will be the issue. If you do have redundant brokers then smart card will be you’re only alternative. For me when enabling key trust I was able to prevent the self signed smart card certificate from being created by setting group policy option to NOT enable smart card emulation then if you issue a smart card certificate through SCEP or group policy to users there won’t be a duplicate and then no prompting for a cert.
0 Likes
Reply
Jeroen_Gielen

‎Jun 10 2022 03:28 AM

‎Jun 10 2022 03:28 AM

Re: Logging on to Remote Desktop using Windows Hello for Business & Biometrics

Hi,

We are using WHFB cloud trust model instead of Key trust or Certificate-Trust.
Is it possible to login to Remote Desktop using Windows Hello for Business & Biometrics with cloud trust? I can't find an answer anywhere.

Thanks
0 Likes
Reply
StephenG

‎Nov 01 2022 10:02 PM

‎Nov 01 2022 10:02 PM

Re: Logging on to Remote Desktop using Windows Hello for Business & Biometrics

@Clint Lechner  all went well till I hit this command
certutil -dstemplate \<TemplateName\> \> \<TemplateName\>.txt

 

Can't make heads or tail of what to leave or remove so if my template is called

"authenticationCertificate"  how would this code above be formatted?

 

0 Likes
Reply
Clint Lechner

‎Nov 01 2022 10:27 PM

‎Nov 01 2022 10:27 PM

Re: Logging on to Remote Desktop using Windows Hello for Business & Biometrics

@StephenG 

 

I think they overcomplicated it.

certutil -dstemplate "authenticationCertificate" > "Output.txt"

note, "authenticationCertificate" is the name of the template within your CA.  Output.txt is simply a text file that gets created in the same directory you're running that command.

0 Likes
Reply
StephenG

‎Nov 02 2022 06:16 AM

‎Nov 02 2022 06:16 AM

Re: Logging on to Remote Desktop using Windows Hello for Business & Biometrics

@Clint Lechner That was totally it and worked perfectly I was even able to import with no errors.

thank you very much

1 Like
Reply
Vince97

‎Feb 01 2023 11:06 AM

‎Feb 01 2023 11:06 AM

Re: Logging on to Remote Desktop using Windows Hello for Business & Biometrics

Any solution for this issue so far? Cant use my PIN to login to a remote desktop by when im using my username and password its working.
0 Likes
Reply
JayDollas

‎Feb 18 2023 06:14 AM

‎Feb 18 2023 06:14 AM

Re: Logging on to Remote Desktop using Windows Hello for Business & Biometrics

@Jeroen_Gielen I'd be interested if you find a solution to this. Just rolled out Cloud Kerberos Trust and having the same issue with RDP and WHfB

0 Likes
Reply
Nils_WSC

‎Jun 28 2023 09:41 AM

‎Jun 28 2023 09:41 AM

Re: Logging on to Remote Desktop using Windows Hello for Business & Biometrics

Hello @Jeroen Gielen, we have the same issue (Cloud Kerberos Trust).
0 Likes
Reply
Nils_WSC

‎Jun 28 2023 09:42 AM

‎Jun 28 2023 09:42 AM

Re: Logging on to Remote Desktop using Windows Hello for Business & Biometrics

The link is broken. 404
0 Likes
Reply