mstsc Single-Sign-On

Chacko42 1 Reputation point
2021-03-29T10:56:16.987+00:00

Hi Community,

I recently noticed within a customer environment, that you can connect to RDP servers, with single-sign-on.

As soon as the hostname is the FQDN, the username changes automatically to "use windows logon credentials" and the connection opens without additional password prompts.

I think that is a really nice feature and I want to use that.

On my search, I found the keywords "credential delegation" and a few settings on the RDP-Server side, but there is no straight forward documentation.

Could someone explain, which steps are necessary to get this running?

We got Win-10 endpoints and Win-2016 RDP servers.

I'm looking forward to your inputs

Regards

Chacko

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,240 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Grace HE 1,241 Reputation points
    2021-03-30T05:43:44.873+00:00

    Hi,
    Thank you for posting your query. According to your description, you are intended to enable SSO RDP. Here are some hints for you and hope it will be helpful.
    How to enable Single Sign-On for my Terminal Server connections
    https://techcommunity.microsoft.com/t5/microsoft-security-and/how-to-enable-single-sign-on-for-my-terminal-server-connections/ba-p/246523

    Best Regards,
    Grace

    ---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. ---

    0 comments
  2. Chacko42 1 Reputation point
    2021-03-30T14:33:51.167+00:00

    Hi @Grace HE ,

    thanks for that input.
    I already did the credential delegation config and changed the TS-Gateway setting now as well.
    Unfortunately it won't work.

    Any additional ideas?
    The KB doesn't mention Win-10 and Server-2016 specifically - I wouldn't be so fixed, if I hadn't seen that working with the newer releases :)

    Regards
    chacko

    0 comments
  3. Grace HE 1,241 Reputation points
    2021-04-07T09:11:33.827+00:00

    Hi,
    Thank you for posting your query and sincerely sorry for the delay of reply. Via some research, here are some hints.
    Configuring SSO (Single Sign-On) Authentication on Windows Server RDS
    http://woshub.com/sso-single-sign-on-authentication-on-rds/

    Please note that this is not our official link. You may just take it as reference.

    Best Regards,
    Grace

    ---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. ---

    0 comments
  4. Chacko42 1 Reputation point
    2021-04-08T12:53:19.913+00:00

    Hi @Grace HE ,

    I notice, that on the server-side configuration, server roles like rds, broker etc. are mentioned.
    We have a simple 2016/2019 Windows Server with RDP enabled and want to use that - since I know this is possible, I'm a little bit confused, that there is no official guide/documentation by Microsoft.

    Regards
    Chacko