Remote Desktop Web Access single sign-on now easier to enable in Windows Server 2012

Hi, I’m Sergey, one of the developers on the team that produces Remote Desktop Services. In Windows Server 2008 R2, we introduced Web Single Sign-On (web SSO), which reduced the number of times a user was asked for credentials when accessing RemoteApp programs published through Remote Desktop Web Access (RD Web Access). Enabling this was… Read more

Introducing Web Single Sign-On for RemoteApp and Desktop Connections

In Windows Server 2008 R2, the Web Single Sign-On (Web SSO) feature provides users with the ability to enter their credentials only once during logon to Remote Desktop Web Access (RD Web Access). After logon, users can launch RemoteApp programs that are part of the same connection in RemoteApp and Desktop Connections without any further… Read more

Configuring Terminal Servers for Server Authentication to Prevent “Man in the Middle” Attacks

General Intro “Man In The Middle (MITM) attack” is a term used to describe a class of security vulnerabilities in which an attacker intercepts communication between two parties and impersonates each one to the other. The attacker can view and/or modify the traffic without the two parties knowledge. As a result, a user might be… Read more

Problems using default credentials with Vista RDP clients with Single Sign-on Enabled

Note: This post was updated with improved suggestions. With Single Sign-on enabled, the current user’s credentials, also known as “default credentials”, are used to log on to a remote computer. In several scenarios, users may get the following error message when trying to connect to a TS server with Vista clients using default credentials: Below… Read more

Instantaneous Session Broker redirection leveraging CredSSP

  This article discusses some significant improvements achieved in Windows Server® 2008 related to redirecting connections in a TS Farm. Understanding the terminologies: Terminal Services Session Broker (TS Session Broker) is a role service in Windows Server® 2008 that allows a user to reconnect to an existing session in a load-balanced terminal server farm. TS Session Broker stores session… Read more

Problems using saved credentials with Vista RDP clients and above

Background Information Windows Vista Credential Delegation policy does not allow a Vista RDP client to send saved credentials to a TS server when the TS server is not authenticated.  By default Vista RDP clients use the Kerberos protocol for server authentication. Alternatively, they can use SSL server certificates, but these are not deployed to servers… Read more

Single credential prompt for TS Gateway Server and Terminal Server

What is the advantage of displaying a single credential prompt for TS Gateway Server and Terminal Server? There are two levels of authentication required for a successful connection to a Terminal Server through a TS Gateway server. First level of authentication happens when the TS client connects to the TS Gateway server and the second… Read more

How to enable Single Sign-On for my Terminal Server connections

Note: This post was updated on March 12, 2009, to include the latest information.  What is Single Sign-On? When applied to Terminal Services, Single Sign-On means using the credentials of the currently logged on user (also called default credentials) to log on to a remote computer. If you use the same user name and password… Read more

TS connection experience improvements based on RDP 6.0 client customer feedback

Many users have downloaded the RDP 6.0 TS client through Windows update since it was released. We have received significant feedback on the RDP 6.0 client — both on what you liked and what you disliked. In this post we want to let you know that we heard you and show you how your continued… Read more

Vista Remote Desktop Connection Authentication FAQ

 Update: Some additional improvements are coming in this area.  Please see this article. There has been a lot of feedback about the new authentication features introduced in the latest version of the Remote Desktop Connection client. These features are part of our efforts to improve security for Terminal Services (TS) in Windows Vista and Windows… Read more