This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 23%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
Hi there,
We are trying to get off of NTLM for our entire Domain and the last tricky spot seems to be our RDS implementation.
When we Restrict NTLM and set it to Deny All we RDS breaks. From looking at this old post (https://techcommunity.microsoft.com/t5/security-compliance-and-identity/creating-kerberos-identity-for-rd-session-host-farms-part-i/ba-p/246775) it seems like I need user Powershell to create a Kerberos identity for the deployment but I can't get past step 2. This makes me think that I'm either doing something wrong or the process has changed and I can't figure out what.
Does anyone have any ideas or directions you can point me in?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 84%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
To clarify do you mean you were unable to use "cd RDS:\"? If so, you need to run the following before this:
Import-Module RemoteDesktopServices
Now you should be able to use "cd RDS:\".
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 75%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL6%3C/text%3E%3C/svg%3E)
I have an similar issue at Step 3. "RDSFarms" doesn't exists. Only "LicenseServer" is available.
But Im definitely connected on my Connection Broker (the affected Server is License Server and Connection Broker at once).
Have anyone an idea, how can I fix this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 13%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHV%3C/text%3E%3C/svg%3E)
Dit you ever find a solutions for this. Or another way to do kerberos on an Rds farm?