I've been spending a lot of time recently on Microsoft's Virtual Desktop Infrastructure (VDI). The last little bit I've been pulling my hair out with is enabling Single Sign On (SSO) over the internet.
The web is filled with articles and step-by-step guides on how to set it up... but most seem to be focused on internal VDI setups (e.g. clients connected to your domain).
Has anyone managed to get SSO working over the internet when accessing a VDI pool via RD Web Access? Here is what I have done so far:
- Upgraded our RDS server to Server 2012 - I read that it simplifies the whole process
- Our VDI pool contains only Windows 7 virtual machines
- Installed a trusted wildcard certificate from GoDaddy and assigned it to each of the 3 main VDI services (Connection Broker, RD Web Access and Gateway)
- Ticked the box for 'use RD Gateway credentials for remote computers'
Everything works fine.... I just would love to get rid of the 2nd login prompt after loggin into RD Web Access....... has anyone managed it?
.... I still haven't managed to solve this one. The more I search, the more I'm convinced it is an SSL cert issue.
As mentioned in my initial post, I have a wildcard certificate from GoDaddy. The domain registered on it matches the public name of the RDS server but not the internal one. When I connect through to the RDWeb access site, we don't get any errors. However, when we click on the VDI pool we then get the dreaded 2nd login followed by two certificate warnings (one for the internal name of the server and one for the name of the virtual machine in the pool).
I've read that one solution may be to install a SAN/UCC certificate - this would allow me to list both the public and internal domain names on the certificate (though I also read that this will no longer be supported from November 2015). Another solution is to match our internal domain name with our public one...... won't be doing that one!!
There are currently 1 users browsing this thread. (0 members and 1 guests)