Just set up a new RDS 2019 deployment, and am having an issue with getting prompted twice for credentials. Once when they sign into the web page, and once when they launch the remote desktop. I've tried making this policy change, but it didn't seem to help - Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security”Set the “Always prompt for password upon connection” setting to Disabled We have a pretty simple set up, broker and licensing running on one server, gateway and web running on another, and two session hosts. This happens if I try internally or externally. Also, the certificate is showing trusted. Any help would be appreciated.

You could try deploying RD-Webclient which should be included in Server 2019 RDSH-Deployments. This will allow you to have the RD-Session directly inside the browser (HTML5-capable browser only). It should work with all modern browsers, on PC, Mac, Tablets and Phones. Also this does not need a double-authentication so it would solve your particular problem as well.Personally I hand't the time to test RD-Webclient with Server 2019 yet, but you should definitely take a look at it: https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin Faye Jasman

Not all browsers support Single-Sign-On to a RDSH-Session from Web-Access. To test this make sure that you put your RD-WebAccess URI into the intranet site zone and use Internet Explorer instead of an alternative browser. If SSO works there, your configuration is correct.Our RDSH-Farms works fine with SSO. We have https://*.ourdomain.com in the trusted sites list, defined as intranet site, and put a link to RD-Webaccess on the users desktop, which opens with Internet Explorer.Alternatively, if you just need a full Session for your end-users, and not other features of WebAccess, you could skip RD-WebAccess and just use a direct RDP-Connection. Download the .rdp file from Web Access and deploy it to your endusers.Faye Jasman

dretzer Ok, so based on your response, is there no way to avoid the double logon for remote users for whom I may have no control over the system (or a device such as an iPad or Android tablet)? We won't have a lot of internal use, and are trying to get people away from using IE. We require two factor authentication (using DUO, which I've set up), so don't think the .rdp file would be a solution. If there is no way to avoid it, thats fine, I just have to be prepared to explain that to our end users. This would be a change for them since they don't currently have to do this with Citrix. Thanks

dretzer Thanks, I'll give that a try and let you know how it goes.

dretzer Replying kind of late but installed the web client per the instructions, but must have done something wrong, I see no resources presented after I log in (currently only publishing a desktop).

RDS 2019 Getting Prompted for Credentials Twice

11 Replies

Steve_B525
Copper Contributor
Mar 04, 2024
Faye Jasman

Did you ever get a fix for this, its driving me insane.
dretzer
Iron Contributor
Aug 29, 2019
Not all browsers support Single-Sign-On to a RDSH-Session from Web-Access. To test this make sure that you put your RD-WebAccess URI into the intranet site zone and use Internet Explorer instead of an alternative browser. If SSO works there, your configuration is correct.
Our RDSH-Farms works fine with SSO. We have https://*.ourdomain.com in the trusted sites list, defined as intranet site, and put a link to RD-Webaccess on the users desktop, which opens with Internet Explorer.
Alternatively, if you just need a full Session for your end-users, and not other features of WebAccess, you could skip RD-WebAccess and just use a direct RDP-Connection. Download the .rdp file from Web Access and deploy it to your endusers.
Faye Jasman
- Faye Jasman
  Copper Contributor
  Aug 29, 2019
  dretzer Ok, so based on your response, is there no way to avoid the double logon for remote users for whom I may have no control over the system (or a device such as an iPad or Android tablet)?
  
  We won't have a lot of internal use, and are trying to get people away from using IE.
  
  We require two factor authentication (using DUO, which I've set up), so don't think the .rdp file would be a solution.
  
  If there is no way to avoid it, thats fine, I just have to be prepared to explain that to our end users. This would be a change for them since they don't currently have to do this with Citrix.
  
  Thanks
  - dretzer
    Iron Contributor
    Aug 29, 2019
    You could try deploying RD-Webclient which should be included in Server 2019 RDSH-Deployments. This will allow you to have the RD-Session directly inside the browser (HTML5-capable browser only). It should work with all modern browsers, on PC, Mac, Tablets and Phones. Also this does not need a double-authentication so it would solve your particular problem as well.
    Personally I hand't the time to test RD-Webclient with Server 2019 yet, but you should definitely take a look at it: https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin
    
    Faye Jasman

Forum Discussion

RDS 2019 Getting Prompted for Credentials Twice

11 Replies

Resources