RDS Farm with FIDO2 Key

Copper Contributor

Hello everyone,
I'm trying to install an RDS farm with fido2 (Yubikey).
I think I have created the conditions.
The farm is onPrem (hybrid joined), the FIDO2 key is registered in Entra.
The farm works correctly with normal credentials.
However, setting up the FIDO2 key is giving me a headache.
If I log in directly to one of the session hosts, FIDO2 works. But if I want to log in via the session broker, as it should be. I am connected to the session broker as a host and not forwarded to the hosts.

But I only found this out by chance when I added the user to the Remodesktopuser group on the broker as a test. Otherwise you just get the message: "Access to the session was denied" and the broker's event log says "Couldn't find the file"

Jochen81_0-1708493933656.png

Jochen81_1-1708493983849.png

Jochen81_2-1708494268700.png

 

####################

redirectclipboard:i:1
redirectprinters:i:0
redirectcomports:i:1
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:4
full address:s:RDS-TEST-BR.xxxxxxxxxxxxx
gatewayhostname:s:rds-test.xxxxxxxxxxxxx
workspace id:s:RDS-Test-BR.xxxxxxxxxxxxx
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.Test
use multimon:i:1
alternate full address:s:RDS-TEST-BR.xxxxxxxxxxxxx
screen mode id:i:2
desktopwidth:i:800
desktopheight:i:600
winposstr:s:0,3,0,0,800,600
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i:0
disable wallpaper:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
audiomode:i:0
redirectlocation:i:0
redirectwebauthn:i:1
redirectposdevices:i:0
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewaybrokeringtype:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:
enablerdsaadauth:i:1
username:s:yubikey@xxxxxxxxxxxxx

####################

0 Replies