Problems using saved credentials with Vista RDP clients and above

by Jason Conger [Published on 31 July 2007 / Last Updated on 31 July 2007]


The Terminal Services Team has posted a new blog entry detailing issues surrounding saved RDP credentials with Vista RDP clients. Some of the issues involve TS Gateway, Kerberos, Server farms, stand-alone servers, etc.
"Windows Vista Credential Delegation policy does not allow a Vista RDP client to send saved credentials to a TS server when the TS server is not authenticated. By default Vista RDP clients use the Kerberos protocol for server authentication. Alternatively, they can use SSL server certificates, but these are not deployed to servers by default. There are three common scenarios where using the Kerberos protocol to authenticate the server is not possible, but using SSL server certificates is possible. Because SSL server certificates are not deployed by default, using saved credentials does not work in these scenarios.
Scenario 1: Connecting from home to a TS server through a TS Gateway server
When you connect from home through a TS Gateway server to a TS server hosted behind a corporate firewall, the TS client has no direct connectivity to a key distribution center hosted on a domain controller behind the corporate firewall. As a result, server authentication using the Kerberos protocol fails.
Scenario 2: Connecting to a stand-alone computer
When connecting to a stand-alone server the Kerberos protocol is not used...
Continue at source...


Technorati : Kerberos, RDP, Remote Desktop Protocol, TS Gateway, Vista Del.icio.us : Kerberos, RDP, Remote Desktop Protocol, TS Gateway, Vista Ice Rocket : Kerberos, RDP, Remote Desktop Protocol, TS Gateway, Vista

The Terminal Services Team has posted a new blog entry detailing issues surrounding saved RDP credentials with Vista RDP clients. Some of the issues involve TS Gateway, Kerberos, Server farms, stand-alone servers, etc.

"Windows Vista Credential Delegation policy does not allow a Vista RDP client to send saved credentials to a TS server when the TS server is not authenticated. By default Vista RDP clients use the Kerberos protocol for server authentication. Alternatively, they can use SSL server certificates, but these are not deployed to servers by default. There are three common scenarios where using the Kerberos protocol to authenticate the server is not possible, but using SSL server certificates is possible. Because SSL server certificates are not deployed by default, using saved credentials does not work in these scenarios.

Scenario 1: Connecting from home to a TS server through a TS Gateway server

When you connect from home through a TS Gateway server to a TS server hosted behind a corporate firewall, the TS client has no direct connectivity to a key distribution center hosted on a domain controller behind the corporate firewall. As a result, server authentication using the Kerberos protocol fails.

Scenario 2: Connecting to a stand-alone computer

When connecting to a stand-alone server the Kerberos protocol is not used...


Continue at source...

Technorati : , , , ,
Del.icio.us : , , , ,
Ice Rocket : , , , ,

Add Review or Comment

Featured Links