Tuesday, 24 December 2013

RDS Logon Prompt Twice

At work we run Windows XP in an RDS environment (Server 2008 R2).

One of the big problems is with some XP machines going to the Server 2008 R2 logon screen and after logging in they make you log in a second time.

In fact, my own machine had an even more severe variation of this where my first logon attempt would get "rejected" as bad user/password combination.

It turns out that this is because by default XP will logon to the connection broker and then again to the chosen RDS host (chosen via load balancing of course).

The solution is to enable SSO (single sign on)/NLA (network level authentication) which is present in Windows XP but not on by default.

This is a good link on it:

But basically, you need to make sure you have RDP version 6.1 minimum, and then add two entries to the registry:

  • Go to: HKLM\SYSTEM\CurrentControlSet\Control\Lsa
  • Double click "Security Packages" and add "tspkg" to the bottom of the list
  • Go to: HKLM\System\CurrentControlSet\Control\SecurityProviders
  • Double click "Security Providers" and add "credssp.dll" to the end of the list. Remember to use a comma!
  • Restart the computer (this part is ESSENTIAL!)
After this, you can access RDS with NLA which means that the server never has to load up the logon screen. Instead, your own computer gives you a popup and prompts for login details before sending them at the same time as the logon request. Most importantly, you'll only have to log on once!

Alternatively if you don't want to edit the registry, you can instead just click on this Microsoft "Fixit" and have it all done automatically for you!

No comments:

Post a Comment

Popular Posts