RDP 6 Does not work
Cafetom
We have a TS, Windows 2003 for 25 users. We also have the Novell 4.91 sp3
client on this server also.
I just installed the new RDP 6 client on ALL of our workstations, via WSUS,
and the silly thing does not work properly,
First, why does it make you provide a username and password to just connect
to the server? Is there a way to NOT prompt for this information.
Second, the username and password information are not being passed properly
to the Novell GINA. The domain inwhich the user is being logged into is not
populated properly.
I know what many are going to say, uninstall the netware client. Not an
option! I do not want the initial authentication! I want them to reach the
TS server and THEN authenicate.
Can I do it, if so, how?
TP
Provider (CredSSP) for the connection. If you are using a
specific .RDP file to launch the connection to your server, open
it up in notepad and add the following line:
enablecredsspsupport:i:0
If you are manually opening the Remote Desktop Client using the
default shortcut or via start-->run-->mstsc.exe, then edit the
default.rdp file instead. The default.rdp file is located in each
user's My Documents folder.
-TP
Cafetom
Rich Raffenetti
entry. Is there a document for the rdp 6 product which documents the
entries and values?
"TP" <tperson....@mailandnews.com> wrote in message
news:ebcXgBUF...@TK2MSFTNGP02.phx.gbl...
Steve Stuart
userid@servername - since this is authenticating to the local account, rather
then the domain.
I presume theres a way to control this via GP? Sure not feasible to have to
update every file, nor would I want to just deploy a new "default.rdp" file.
Thanks in advance...
Steve
Richard Tubb
I second that - we've experienced the same issues as others have described
here, with authentication problems using the new 6.0 client.
I understand the reasoning behind the change in authentication method - but
the facility to turn this upgrade "off" via Group Policy for 6.0 clients
would be welcome.
Of course, ideally you wouldn't release any update until it's tested in your
own environment - but it's all too simple for an administrator to click
"Approve and Install" in WSUS and then be faced with this sort of situation!
:-o
Regards,
Richard Tubb.
"Steve Stuart" <Steve...@discussions.microsoft.com> wrote in message
news:15175A0F-E92B-4E45...@microsoft.com...
Austin
users default.rdp... Real fun when the dumb terminals are not on the domain
because you do not want them to be.
What was the thinking behind this one MS?
Also how about making auto-login MUCH easier.. you know like it was in V5..
now it's a greyed out item that says "User (none)" with no option to add
anything.
And one last thing.. connection time was almost instant.. now it's 5 - 10
seconds... are we moving back in time?
Josh Rosenberg [MSFT]
some info here: http://dev.remotenetworktechnology.com/ts/rdpfile.htm [Note:
This site is not endorsed by or affiliated with Microsoft, use at your own
risk, etc.]
Since CredSSP only exists as of Vista and RDP 6.0, you probably won't find
much about it online. I'll talk to the PMs and see if I can come up with a
complete list of the supported options for power users (read: People who
muck with RDP files manually).
Josh Rosenberg [MSFT]
SDE - Terminal Services
"Rich Raffenetti" <raffe...@comcast.net> wrote in message
news:%232JT9di...@TK2MSFTNGP02.phx.gbl...
Vera Noest [MVP]
here:
885187 - Remote Desktop Protocol settings in Windows Server 2003
and in Windows XP
http://support.microsoft.com/?kbid=885187
Let's hope that this KB article will be updated soon with the
settings that are added in the rdp 6.0 client.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"Josh Rosenberg [MSFT]" <josh...@online.microsoft.com> wrote on
05 dec 2006 in microsoft.public.windows.terminal_services:
Josh Rosenberg [MSFT]
to the MS support page until we have an updated list of settings.
Josh Rosenberg [MSFT]
SDE - Terminal Services
"Vera Noest [MVP]" <vera....@remove-this.hem.utfors.se> wrote in message
news:Xns9890EB3D4B11Dve...@207.46.248.16...
Rich Raffenetti
KB925876 - click to remove
This is for XP at least, probably W2K3 Server too.
"Steve Stuart" <Steve...@discussions.microsoft.com> wrote in message
news:03719ED5-8A6E-4702...@microsoft.com...
> Definately a step back. Fortunately, I only installed it on a couple
> machines. I thought I saw that you can remove it from add/remove -- no
> such
> luck! Anyone know how to roll this back and remove it???
TP
The document Vera provided is a good reference for most
of the settings, although it does not include all of them, even
for the 5.x client version. While waiting for MS to update the
docs, is there a specific setting you are curious about?
Also, you can read the interface documentation for more
information on client Properties (many map to a setting in
the .rdp file):
Remote Desktop Web Connection Reference
http://msdn2.microsoft.com/en-us/library/aa383022.aspx
EnableCredSspSupport Property of IMsRdpClientNonScriptable3
http://msdn2.microsoft.com/en-gb/library/aa381272.aspx
-TP
TP
There is a bug in the UsernameHint functionality of the new
client. UsernameHint pre-fills the user name field when
the *client* prompts the user for credentials in the case
where no previously-saved credentials exist for the server
name specified.
This bug will cause the user to send an incorrect value for
their user name when connecting to a legacy server (2003,
XP, 2000, etc.). It appears to not be applicable when
connecting to Vista or Longhorn, although I am *not*
certain becuase I have not done extensive testing againis
them. (Connecting to Longhorn without using Network
Level Authentication has its own user-confusion relating
to usernames/domains--not related to UsernameHint)
You can work around the bug by having your users
save credentials when connecting. They don't have to
save both user name and password, simply saving their
username with an empty password is enough. Then
make sure that "Always ask for credentials" is
unchecked so that they will not be prompted each
time.
Naturally, if they save a blank password they will have
to enter their password at the server logon screen. Also,
you can set the server to "Always prompt for password"
which will cause them to stop and enter their password
at the server logon screen or you can set the server so that
they will have to enter both.
Disabling CredSSP is not required for the above.
-TP
TP
The new client can auto-login similar to the old client. When
connecting, enter the username/password for the server,
and check the Remember my password box. Next time
you connect to the same server, it will use the saved credentials
automatically (make sure that "Always ask for credentials" is
unchecked.).
Also, if you double-click a saved .rdp file that connects to the
same server as above, it will connect without prompting (assuming
you do not force prompting via file setting or GPO).
You will need to remove enablecredsspsupport:i:0 from the
default.rdp file for the above to work properly, if you added
it.
The new client is slower establishing the initial connection. :-(
-TP
TP
There is a bug in the new client--please see my other reply to
you in this thread.
The *primary* purpose of the new client is to allow you to
take advantage of new features when connecting to Vista
and Longhorn server. It is an *optional* update.
If your users are not connecting to Vista/Longhorn or you
are not using one of the few new features that are applicable
to 2003/XP, then it is probably best to stick with the old
version. You can also run the old version alongside the
new version without problems.
Thanks.
-TP
Steve Stuart
deployment just yet. I've always stressed to folks to NOT check the save
password checkboxes, as they are generally a security risk. Nice to know
it'll still save it with out a password though!
Thanks again - appreciate the workaround!
Steve
TP
I agree with you regarding the security risk, that is my
general stand as well.
The thing is, saving the username with a blank password
is the way to duplicate the functionality of the old client
because of the UsernameHint bug.
With the old client, when not using a custom .rdp file
the last successful username is stored automatically for
use with the next connection. In essence, this is saving
the username without a password.
I think your decision to hold off on deployment is wise, I
just wanted to give you more information about the issue.
-TP
Vera Noest [MVP]
Seems like this is going to be the number 1 FAQ for the next couple
of weeks/months/..
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"TP" <tperson....@mailandnews.com> wrote on 07 dec 2006 in
microsoft.public.windows.terminal_services:
> The new client can auto-login similar to the old client. When
> connecting, enter the username/password for the server,
> and check the Remember my password box. Next time
> you connect to the same server, it will use the saved
> credentials automatically (make sure that "Always ask for
> credentials" is unchecked.).
>
> Also, if you double-click a saved .rdp file that connects to the
> same server as above, it will connect without prompting
> (assuming you do not force prompting via file setting or GPO).
>
> -TP
TP
will be a FAQ.
I think maybe we could try and word it better if it
will be a standard response.
I am drafting a response to Rob Leitman where I
want to ask that 1.) They fix the UsernameHint
bug ASAP, and 2.) They should consider making
some small usability enhancements to the v6 client
as it relates to credential save/edit.
For example, they could have the text there with a
hyperlink allowing the user to create a saved
credential, instead of simply saying that they will be
asked for credentials when they connect.
The code for creating, editing, and deleting the
credentials is already present, all they need to do
is allow the create function to be called directly
from the general tab.
I wanted to take my time with the wording though
because in the past what I thought was a relatively
simple suggestion was not understood immediately
by members of the TS team (I am not referring to
Rob). I need to do a better job communicating.
In the end I don't expect them to do anything but
the bug fix, but there are surprises in this world.
-TP
TP
prompt will be a popular one too.
Vera Noest [MVP]
"TP" <tperson....@mailandnews.com> wrote on 07 dec 2006 in
microsoft.public.windows.terminal_services:
> I forgot...for the TSWeb users the Clipboard security
Kar725
with this?
C:\
Windows\system32\credssp.dll is either not designed to run on Windows or it
contains an error. Try installing the program again using the original
installation media or contact your system administrator or the software
vendor for support
--
kar
Vera Noest [MVP]
Check here if the file version is the correct one:
http://www.programchecker.com/file/32625.aspx
You might need to repair your installation.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
=?Utf-8?B?S2FyNzI1?= <Kar...@discussions.microsoft.com> wrote on
25 nov 2007 in microsoft.public.windows.terminal_services:
Kar725
--
kar
Vera Noest [MVP]
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
=?Utf-8?B?S2FyNzI1?= <Kar...@discussions.microsoft.com> wrote on 26
nov 2007 in microsoft.public.windows.terminal_services: