"Remember me" feature does not work when RD getaway is used

2

0

The "remember me" feature does not work for me when I use RD gateway to connect to my workstation. Something forces me to explicitly type the credentials every time - I need to figure out what this something is.

I have the following scenario: There is workstation that is behind NAT and inaccessible from outside our company network.

  1. I can connect my my workstation from inside the network and Windows does save the credentials after changing the Credentials Delegation Group Policy.

    Local Computer Policy\Computer Configuration\Administrative Templates\System\Credentials Delegation\

    Allow Delegating Saved Credentials with NTLM-only Server Authentication

  2. Credentials saving also works when I connected to my company's network via VPN and then connect to workstation.

  3. Credential saving does not work when I connect to my workstation via RD gateway -- it says "The logon attempt failed" and forces manual credentials entering

The 3rd scenario is the one I'm interested in figuring out - the error that occurs is shown below. When I manually put the same (as saved) credentials it connects just fine. The credentials to access the gateway are the same as the credentials to access my workstation.

Any suggestions on what can disrupt "remember me" feature?

screenshot scenarios

Eugene D. Gubenkov

Posted 2016-10-18T18:53:11.773

Reputation: 137

Allow Delegating Saved Credentials with NTLM-only Server Authentication with that bit my assumption would be that the Remember Me feature uses some form of cached auth token or similar and as you're not part of domain in the last example that token becomes invalid. – Seth – 2016-10-21T07:05:54.297

@Seth, if I got you right it means that "remember me" would never work in such setup? – Eugene D. Gubenkov – 2016-10-21T07:13:55.397

If my assumption is right than yes, it wouldn't work. But it's just that: An assumption. You'd probably have to figure out how saved credentials are actually handled. But if you look at this I'm probably wrong and there might be a way: Enable or Disable Credential Sharing for Connections Through Remote Desktop Gateway

– Seth – 2016-10-21T07:18:21.320

Answers

1

Try this. On the RD Gateway computer :

Change the default to be “This is a private computer”

  1. Backup C:\Windows\Web\RDWeb\Pages\en-US\Default.aspx
  2. Edit C:\Windows\Web\RDWeb\Pages\en-US\Default.aspx
  3. Find bPrivateMode = false and change the false to true

Change the setting so that the RDP credentials will only be prompted once

  1. Backup C:\Windows\Web\RDWeb\Pages\en-US\Desktops.aspx
  2. Edit Backup C:\Windows\Web\RDWeb\Pages\en-US\Desktops.aspx
  3. Find the line RDPstr += ""; and add the following line under it RDPstr += “promptcredentialonce:i:1\n”;

When you are finished the section of the file should look similar to this:

RDPstr += getUserNameProperty();
RDPstr += "";
RDPstr += "promptcredentialonce:i:1\n";

Source : RDP Gateway Customisation

harrymc

Posted 2016-10-18T18:53:11.773

Reputation: 306 093

Thank you -- I have no access to gateway itself, but I will try to get in touch with responsible peoples. Any references to sources of information would be extremely helpful! – Eugene D. Gubenkov – 2016-10-23T12:54:39.603

Oh yes, I forgot to add the source. Done. – harrymc – 2016-10-23T14:58:06.353

Although my second part is written a bit differently from the linked article, the one in the article should also work. – harrymc – 2016-10-24T10:31:53.873

Thanks! I've sent a link to your answer to responsible guys that can check out gateway configuration -- not sure how fast I can come back to you with result though. To the best of your knowledge, can something be not configured properly on Client (my) side in described situation (I suppose that if it works w/o gateway, then something wrong with gateway)? – Eugene D. Gubenkov – 2016-10-24T13:39:08.850

Everything is possible. The above answer might (or might not) be the solution to your problem - only trying it out will tell. – harrymc – 2016-10-24T14:22:07.107

Any news regarding the problem? – harrymc – 2016-10-27T06:02:51.770

Not yet... Our administrators are working on it. Sadly, I can not check your suggestion myself... – Eugene D. Gubenkov – 2016-10-27T06:16:06.407

Asked: 2016-10-18T18:53:11.773

Viewed: 1 186 times

Active: 2018-10-07T11:34:16.190