Problems using saved credentials with Vista RDP clients and above
The Terminal Services Team has posted a new blog entry detailing issues surrounding saved RDP credentials with Vista RDP clients. Some of the issues involve TS Gateway, Kerberos, Server farms, stand-alone servers, etc.
“Windows Vista Credential Delegation policy does not allow a Vista RDP client to send saved credentials to a TS server when the TS server is not authenticated. By default Vista RDP clients use the Kerberos protocol for server authentication. Alternatively, they can use SSL server certificates, but these are not deployed to servers by default. There are three common scenarios where using the Kerberos protocol to authenticate the server is not possible, but using SSL server certificates is possible. Because SSL server certificates are not deployed by default, using saved credentials does not work in these scenarios.
Scenario 1: Connecting from home to a TS server through a TS Gateway server
When you connect from home through a TS Gateway server to a TS server hosted behind a corporate firewall, the TS client has no direct connectivity to a key distribution center hosted on a domain controller behind the corporate firewall. As a result, server authentication using the Kerberos protocol fails.
Scenario 2: Connecting to a stand-alone computer
When connecting to a stand-alone server the Kerberos protocol is not used…
Technorati : Kerberos, RDP, Remote Desktop Protocol, TS Gateway, Vista
Del.icio.us : Kerberos, RDP, Remote Desktop Protocol, TS Gateway, Vista
Ice Rocket : Kerberos, RDP, Remote Desktop Protocol, TS Gateway, Vista