Microsoft RDS, RDS Gateway, RDS Web Access and SSO

Share Button

A colleague of mine wrote a design for a customer based on Windows 2008 RDS with a RDS Gateway and RDS Web Access with Windows 7 and XP workstations, when accessing published applications the single sign on worked but when publishing a desktop the single sign on failed. We logged a call at Microsoft Support and after extensive troubleshooting we couldn’t directly solve the problem. Microsoft created a fix for this bug in Windows 8 and back ported it to Windows 7 but our customer wanted to deliver the applications on multiple, managed and unmanaged platforms so we advised them to implement Citrix XenApp with a Citrix Access Gateway so the new requirements and old requirements could be fulfilled.

The case was closed with the following statement:

You have a Windows Server 2008  EN, with the RDS Web Access and RDS Gateway roles installed. SSO does not work for some reason. When you log on to the RDS Web Access from a Windows 7 EN client you are asked for your credentials.
•    Symptom – When you log on to the RDS Web Access from a Windows 7 EN client you are asked for your credentials. Also XP clients needed a registry modification and RDP 6.1. In this case our customer wanted to deliver applications on managed and unmanaged machines, therefore the solution had to be revised because of the additional requirements.
•    Resolution – The Microsoft solution isn’t the right solution for this customer so they’re going to implement Citrix (with this solution SSO won’t be a problem as they use their own STA’s) and client support isn’t an issue as well because of the broad deliverance of Citrix receivers.

In the end of the day this solution is only applicable on environments with internally managed clients on Windows 7. You don’t want to set registry keys on Windows XP and install RDP 6.1 just to access RDS Web Access. Citrix has build a proper solution with it’s own STA’s and the Citrix Access Gateway:

So the mentioned problem with RDS and SSO is ruled out by using this architecture, as this is proven technology we’ve implemented this with success and all the requirements where fulfilled.

Share Button

Leave a Reply