Share via

RDS RemoteApp published applications sometimes need to enter credentials a second time prior to launch

Matt Fortune 26 Reputation points
2020-12-28T20:06:32.077+00:00

Server: Windows Server 2019 OS - RDS session host - RemoteApp

Published applications: ADUC, GPOAdmin, SCCM console, SCOM console all within same Active Directory forest, only one logon credentials needed to access/launch.

Issue: Sometimes when logon to the RDS session host server gateway then double click to launch a published application, a user will need to enter his/her credentials again for the application to launch. Most of the time, the published application will launch upon logon to the RDS session host gateway without requiring an addition login i.e. IWA/pass-thru is working.

It seems when logon to RDS session host gateway published apps (RemoteApp) using IE browser, it almost always will launch the published application e.g. ADUC, GPOAdmin, SCOM console etc. w/o credentials. When using EDGE browser, it will almost always require entering logon credentials again prior to launching the same applications.

These RemoteApp published applications are only used by a group of < 100 people within big organization. IE/EDGE security settings & trusted sites are governed by corporate security policy and automated .reg settngs. the domain FQDNs are automatically added to IE Trusted sites and local Intranet zones.

Q: How can we configure our RDS RemoteApp published applications to launch without requiring entering credentials a second time.

Thanks,

~ Matt

Windows for business Windows Client for IT Pros User experience Remote desktop services and terminal services
0 comments
Accepted answer
  1. Anonymous
    2020-12-29T02:34:27.203+00:00

    Hello @Matt Fortune

    When the user is asked to enter credential to open the remoteapp, what is presented in the logon box?

    Not all browsers support Single-Sign-On to a RDSH from Web Access.

    This thread might help:
    Remote Desktop Services - Users prompted twice when launching remote App

    "there is no way to stop the two credential prompts for non-IE browsers. One possibility is to have people save the .rdp file to their desktop and then set it to save the password, although this may not completely eliminate the prompts. Downside is the file would be static and if you ever make changes people would need to re-download a new version and save it to their desktop again. And password changes (if you implement those) would affect the experience too."

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards
    Karlie

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Matt Fortune 26 Reputation points
    2020-12-29T14:47:14.937+00:00

    Thank you for the definitive answer Karlie; "there is no way to stop the two credential prompts for non-IE browsers."

    With IE, the RemoteApp published applications will launch. With EDGE or Chrome, requires second entering of credentials prior to application launching.

    It would be nice if Microsoft made EDGE capable of pass-thru/IWA authentication.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.