credssp help
i'm running remoteapp on windows xp sp3 workstation. connecting w2k8 ts on different domain. in order streamline authentication process i've enabled credssp on work station. want achieve when run remoteapp, authenticate once on client side no further server side authentication prompts. @ present still getting server side logon prompt.
have configured following settings on xp sp3 test machine:
enable credssp:
reg_dword: allowfreshcredentials
value data: 1 (enable)
reg_dword: concatenatedefaults_allowfresh
value data: 1 (enable)
hkey_local_machine\software\policies\microsoft\windows\credentialsdelegation\allowfreshcredentials\allowfreshcredentials
"<serial_no>"="<server spn>"
hkey_local_machine\software\policies\microsoft\windows\credentialsdelegation
reg_dword: allowfreshcredentialswhenntlmonly
value data: 1 (enable)
reg_dword: concatenatedefaults_allowfreshntlmonly
value data: 1 (enable)
hkey_local_machine\software\policies\microsoft\windows\credentialsdelegation\allowfreshcredentialswhenntlmonly
"<serial_no>"="<server spn>"
applied http://support.microsoft.com/kb/953760 hotfix.
can advise on whether have missed here? there else need configure on server side?
thanks.
have configured following settings on xp sp3 test machine:
enable credssp:
hklm\system\currentcontrolset\control\securityproviders\securityproviders
append, don't replace: credssp.dll
hklm\system\currentcontrolset\control\lsa\security packages
append, don't replace: tspkg
configure delegation registry settings:
hkey_local_machine\software\policies\microsoft\windows\credentialsdelegationreg_dword: allowfreshcredentials
value data: 1 (enable)
reg_dword: concatenatedefaults_allowfresh
value data: 1 (enable)
hkey_local_machine\software\policies\microsoft\windows\credentialsdelegation\allowfreshcredentials\allowfreshcredentials
"<serial_no>"="<server spn>"
hkey_local_machine\software\policies\microsoft\windows\credentialsdelegation
reg_dword: allowfreshcredentialswhenntlmonly
value data: 1 (enable)
reg_dword: concatenatedefaults_allowfreshntlmonly
value data: 1 (enable)
hkey_local_machine\software\policies\microsoft\windows\credentialsdelegation\allowfreshcredentialswhenntlmonly
"<serial_no>"="<server spn>"
applied http://support.microsoft.com/kb/953760 hotfix.
can advise on whether have missed here? there else need configure on server side?
thanks.
hi,
response. 1 farm of 2 terminal servers 1 dedicated session broker server performing load balancing.
have done reading on , seems it's not possible achieve in scenario... because client in seperate domain ts farm no trust.
agree conclusion?
thanks
gareth
response. 1 farm of 2 terminal servers 1 dedicated session broker server performing load balancing.
have done reading on , seems it's not possible achieve in scenario... because client in seperate domain ts farm no trust.
agree conclusion?
thanks
gareth
Windows Server > Remote Desktop Services (Terminal Services)
Comments
Post a Comment