Hi All I am in need of some help please with Remote Desktop Services & Single Sign On - Both Web Access & Remote Desktop - Certificates
My knowledge of certificate services is very poor This is my setup Enviornment is as follows Active Directory root Domain - xyz.local - No Clients devices present in the root all client devices are in child domains across multiple sites Child Domains - child.xyz.local I have my Enterprise CA on - DC03.xyz.local which is in the root All Servers are Server 2008 R2 All Remote Desktop Services Servers are on the same Vlan & behind a Kemp LoadMaster The Session Host Servers are using a VIP The Remote Desktop Gateway Servers are using a VIP Session Broker is not using VIP (but might do in the future - I have not worked this out yet & would like to keep things simple for now & not use MNLB) Servers are a. 4 Remote Desktop Session Host Servers hosting all apps - in a FARM configuration Farm Name = xyzFARM.xyz.com b. 1 Session Broker Servers c. 2 Remote Desktop Gateway Servers So coming to my problem 1. I would like my users to have the following user experience - When they logon to using https://gateway.xyx.com/rdweb I would like them to sign on with their child domain credentials (using either a domain device or home device) and then once they sign on click on a Remote app (i.e. Excel which is hosted on Remote Desktop Host server) which should not prompt for any further authentication 2. When a user logs on using MSTSC assuming the MSTSC client is configured for the correct gateway address I would like them to logon to the Farm without any further prompts or warning. I have one certificate purchased from Verisign for my Gateway servers & this seems to be working fine without any issues across both Gateway servers which will be using TMG once the solution is stable after testing I am not sure what to do internally & how the whole sigle sign on process should work - currently my Host servers are using Self Signed Certs - which we know causes issues http://blogs.msdn.com/b/rds/archive/2010/04/09/configuring-remote-desktop-certificates.aspx & http://blogs.msdn.com/b/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx I am attempting to follow these but not sure how this will impact my child domains devices. The first article talks about user policies & I am not hot with certificates by any means but maybe client devices might be a better option. Can someone please assist me I am going a bit bananas with all of this & cant seem to find any "Idiots" guide to this scenario Thanks all Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
