I have the following Windows 2012 R2 RemoteApp Setup
- Server1 - Role (Web Access, connection broker, RD Host) 192.168.100.1
- Server2 - Role (connection broker, RD Host) 192.168.100.2
DNS Entries used for Round Robin
- RDWA 192.168.100.1, 192.168.100.2
- RDCB 192.168.100.1, 192.168.100.2
Connection Broker is setup using HA (Server1, Server2) - it uses the RDCB Alias for DNS Round Robin (ClientAccessName)
Collection Name: "General" and am publishing just Notepad. Applied wildcard Cert.
Configured IIS: Default Website Redirection to /RDWeb/...
, Allowed for single Signon
GPEDIT on Client machines.. To allow for default Credential Delegation and allowed TERMSRV/*
for my testing.
So basically. From a client if I open up my browser and point to RDWA (remote web access)... i get the remote web form.. I can see notepad. When I click on notepad. I get the following prompt:
Your credentials did not work
Your system administrator does not allow the use of default credentials to log onto the remote computer RDCB.TEST.LOCAL because its identity is not fully verified. Please enter new credentials.
Note:
Before I setup Connecton Broker HA, I was not prompted for this message. It would do the single sign-on OK. I was maybe thinking that I needed to setup a Kerberos identity called RDCB like I did in Windows 2008 R2. But this looks different in Windows 2012 and wasn't able to find the Powershell command to do this.