RDS SSO with delegated credentials fails after installing 2022-10 updates

dadom 21 Reputation points
2022-10-27T07:13:57.033+00:00

Hi,

KB5018410 on W10 21H2 with its new mstsc.exe kills our local Single-Sign-On experience on a Server 2019 RDS farm which has worked for several years. KB5017380 (the 2022-09 preview update that was on WSUS for one day in September) did the same.

Clients without that update are still working fine. An affected client is working again after uninstalling the update or manually replacing the mstsc.exe and corresponding dll from a client that has not yet received the update.

We are using one 2019 RDS Broker with a valid certificate and several RDSH. GPO sets the delegation of standard credentials as well as the trusted SHA thumbprint of the cert. No Web Access or gateway in use, only local connections.

When trying to log on using a predefined .rdp file and the logged-in client user credentials (SSO), the server shows "Other user: invalid username or password" on a regular Windows 2019 login screen with picture background. After clicking OK, the username field is already filled and when you type your password manually, you get logged in. The session itself seems to work properly, once logged in.

Broker eventvwr shows lots of event IDs 4625/4648 with code 0xC000006D/0xC0000064. No matter which RDSH an affected clients gets redirected to, result is the same. It's clearly related to the mstsc.exe build (.2075) of the client. Servers did not get installed 2022-10 updates yet. Similar for W11 clients that got updated.

Other admins on different forums have confirmed they are having the same issue, no solution yet.

Disabling UDP does not change this.

Any ideas? Thanks!

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,117 questions
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,039 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,568 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,182 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,382 questions
0 comments No comments
{count} votes

11 answers

Sort by: Most helpful
  1. dadom 21 Reputation points
    2022-11-04T14:58:42.293+00:00

    Update:

    Try to edit your .rdp file and change the following parameter from 0 to 1:

    use redirection server name:i:1

    1 person found this answer helpful.

  2. Nielsen_ 1 Reputation point
    2022-10-31T10:26:18.053+00:00

    Experiencing the same problem. Do you have any links to other threads where you have read about this?

    0 comments No comments

  3. dadom 21 Reputation points
    2022-11-03T15:22:24.8+00:00

    Hi Nielsen,

    for example: https://www.reddit.com/r/sysadmin/comments/y0z1xa/comment/iso9gf8/
    This one is using Server 2022, but i assume it's not related to the server OS version.

    Best regards

    0 comments No comments

  4. Marc K 11 Reputation points
    2022-11-09T04:11:18.2+00:00

    I encountered this problem with a Windows Server 2019 RDS farm. Surprisingly, the same workstations don't experience the problem with an identically configured Windows Server 2016 RDS farm.

    0 comments No comments

  5. Michael Lehmann 1 Reputation point
    2022-11-30T08:31:48.033+00:00

    We encounter the same issue and

    use redirection server name:i:1

    did not help.
    Any other hints on how getting this issue solved?

    0 comments No comments