Remote Desktop Server prompts twice for credentials with connection broker

When using RDS with a connection broker you will sometimes notice that you get prompted twice for credentials.

To resolve this, you need to get the client to handle the authentication. For XP clients, you will need to enable Network Level Authentication and you will need SP3 installed with Remote Desktop Client at least v6.1 to do that.

To check if Network Level Authentication is enabled, open the remote desktop client, right-click in the title bar and choose About. If it says Network Level Authentication Not Supported, you will need to enable it as follows:

  • Browse to HKLM\SYSTEM\CurrentControlSet\Control\Lsa
  • Locate Security Packages and add tspkg to the bottom of the list
  • Browse to HKLM\System\CurrentControlSet\Control\SecurityProv iders
  • Locate Security Providers and add , credssp.dll at the end
  • Restart the computer

Now check that Network Level Authentication is enabled as above

Open up the RDP shortcut file in notepad make sure you’ve got the following settings:

  • authentication level:i:0
  • prompt for credentials:i:0
  • promptcredentialonce:i:1
  • enablecredsspsupport:i:1

Once you have enabled Network Level Authentication on the client machines you can select the following option within RDP-tcp Properties on the session host servers –

 

 

This will improve security on the TS Boxes, it will force authentication before launching any remote sessions.

Comments 1

Leave a Reply

Your email address will not be published. Required fields are marked *