In working with some customers lately we have seen a troubling trend. Many of our customers had worked long and hard to troubleshoot their WebSSO (Web Single Sign On) issues, but to no avail. They were excited and hopeful to present to their customers the ability to log onto a website and then to only have to click on a link to open up any number of RemoteApps.
This was the promise of Remote Desktop Services and the RemoteApps publishing in Windows Server 2008 R2. But then they end up getting prompted for credentials, and prompted again. Checking and double-checking settings and configurations all check out. Here is an example:
Bob gets prompted twice when he’s in the office, but Sally sitting next to him does not.
Then Bob goes home and connects via the Remote Desktop Gateway and doesn’t get prompted except at initial log on.
He comes into work the next day, and then gets double prompted again.
When it is not, we fail to provide the User credentials which were gathered at logon to the Web Page. This then causes the RDP Client to get launched without credentials being presented to it. So we prompt the user for credentials (again) after they already provided them.
The fix is simple and has already been published on the Web as pertaining to a different symptom. Here is the article in question:
977507 The "Connected" icon does not appear in the notification area when you connect to a remote application by using Remote Desktop Web Access on a computer that is running Windows Server 2008 R2
The article goes into editing the RenderScripts.js file, which is fairly simple and can be done in Notepad. We have seen this change fix many different WebSSO problems and other behavior regarding multiple prompts when connecting to RDWeb and WebSSO.
So, if you are having trouble with WebSSO, give it a try.
That’s it for now in regards to making your Web Single Sign-on experience better and better.