question

Chacko42-8188 avatar image
0 Votes"
Chacko42-8188 asked GraceHE-MSFT commented

mstsc Single-Sign-On

Hi Community,

I recently noticed within a customer environment, that you can connect to RDP servers, with single-sign-on.

As soon as the hostname is the FQDN, the username changes automatically to "use windows logon credentials" and the connection opens without additional password prompts.

I think that is a really nice feature and I want to use that.

On my search, I found the keywords "credential delegation" and a few settings on the RDP-Server side, but there is no straight forward documentation.

Could someone explain, which steps are necessary to get this running?

We got Win-10 endpoints and Win-2016 RDP servers.

I'm looking forward to your inputs

Regards

Chacko

remote-desktop-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GraceHE-MSFT avatar image
0 Votes"
GraceHE-MSFT answered

Hi,
Thank you for posting your query. According to your description, you are intended to enable SSO RDP. Here are some hints for you and hope it will be helpful.
How to enable Single Sign-On for my Terminal Server connections
https://techcommunity.microsoft.com/t5/microsoft-security-and/how-to-enable-single-sign-on-for-my-terminal-server-connections/ba-p/246523

Best Regards,
Grace

---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. ---

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Chacko42-8188 avatar image
0 Votes"
Chacko42-8188 answered

Hi @GraceHE-MSFT,

thanks for that input.
I already did the credential delegation config and changed the TS-Gateway setting now as well.
Unfortunately it won't work.

Any additional ideas?
The KB doesn't mention Win-10 and Server-2016 specifically - I wouldn't be so fixed, if I hadn't seen that working with the newer releases :)

Regards
chacko

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GraceHE-MSFT avatar image
0 Votes"
GraceHE-MSFT answered

Hi,
Thank you for posting your query and sincerely sorry for the delay of reply. Via some research, here are some hints.
Configuring SSO (Single Sign-On) Authentication on Windows Server RDS
http://woshub.com/sso-single-sign-on-authentication-on-rds/

Please note that this is not our official link. You may just take it as reference.

Best Regards,
Grace

---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. ---

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Chacko42-8188 avatar image
0 Votes"
Chacko42-8188 answered GraceHE-MSFT commented

Hi @GraceHE-MSFT,

I notice, that on the server-side configuration, server roles like rds, broker etc. are mentioned.
We have a simple 2016/2019 Windows Server with RDP enabled and want to use that - since I know this is possible, I'm a little bit confused, that there is no official guide/documentation by Microsoft.

Regards
Chacko

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Thank you for your feedback. I think my post before have steps to configure SSO. You may refer to that link.

0 Votes 0 ·