RDP logon smart card requires two pin codes with enablecredsspsupport:i:0

Mattias 1 Reputation point
2021-04-14T06:19:47.683+00:00

Hello forums!
We are working with a IT partner that have troubles on solving our RDP issue as an cry out for help i've turned to the forums.

We are looking into incorporating thin clients with smart cards into our environment.

Thin clients will start an RDP connection to our setup with no credentials supplied.
Logon window on connection broker asks for smart card pin code.
User supplies pin code.
User is routed to best terminal server.
Termanial server is now asking for the same smart card pin code.
User supplies pin code.
Logged on.

When user disconnects the session they can re-logon to the rdp without supplying double smart card pin codes.
However, when the user logged off they will get double pin codes.

I have also tested this on a PC, added enablecredsspsupport:i:0 to the rdp file. Same issue.

Our environment is:
1 RDP gateway (not used when using this as clients will be on network, no change if we enable it)
1 Connection broker
3 terminal servers.

All of them running 2019.

Any idéas?

Thanks
Best regards
Mattias

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,957 questions
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. Leila Kong 3,696 Reputation points
    2021-04-15T09:27:53.66+00:00
    0 comments No comments

  2. Mattias 1 Reputation point
    2021-04-20T08:02:00.597+00:00

    Thank you for the links. I've already read them but i can't find any topics on this particular issue.

    0 comments No comments

  3. Leila Kong 3,696 Reputation points
    2021-04-22T02:04:07.987+00:00

    Hello @Mattias ,

    1.When did this issue occur?
    2.Please enter command "get-hotfix" in Powershell to check if any patch is installed before the issue occurs;
    3.If trying to connect to the session host from internal network without rdcb and rdgateway, will the issue still exist?
    4.Check if the personal certificate expires in rdcb and rdgateway:

    90171-personal-certificate.png

    0 comments No comments

  4. Mattias 1 Reputation point
    2021-04-22T07:50:45.157+00:00
    1. Never worked.
    2. See above.
    3. Still exists.
    4. Many certs, need to check them. Will get back on this matter.

    Also did try and logon using username and password. Get the same issue. Double logon, only when i use the enablecredsspsupport:i:0. If you remove this and connect it gets passed.

    0 comments No comments

  5. Leila Kong 3,696 Reputation points
    2021-04-26T01:46:18.817+00:00

    Hello @Mattias ,

    Is there any progress on your side? You may also open a ticket to Microsoft for further professional help:
    https://support.microsoft.com/en-us/help/4341255/support-for-busines

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.