Thin Client and Virtual Machines Thread, SSO for VDI on Server 2012 in Technical; Hi All,
I've been spending a lot of time recently on Microsoft's Virtual Desktop Infrastructure (VDI). The last little bit ...
1st July 2013, 04:05 PM #1
- Rep Power
SSO for VDI on Server 2012
I've been spending a lot of time recently on Microsoft's Virtual Desktop Infrastructure (VDI). The last little bit I've been pulling my hair out with is enabling Single Sign On (SSO) over the internet.
The web is filled with articles and step-by-step guides on how to set it up... but most seem to be focused on internal VDI setups (e.g. clients connected to your domain).
Has anyone managed to get SSO working over the internet when accessing a VDI pool via RD Web Access? Here is what I have done so far:
- Upgraded our RDS server to Server 2012 - I read that it simplifies the whole process
- Our VDI pool contains only Windows 7 virtual machines
- Installed a trusted wildcard certificate from GoDaddy and assigned it to each of the 3 main VDI services (Connection Broker, RD Web Access and Gateway)
- Ticked the box for 'use RD Gateway credentials for remote computers'
Everything works fine.... I just would love to get rid of the 2nd login prompt after loggin into RD Web Access....... has anyone managed it?
15th July 2013, 05:03 PM #2
- Rep Power
.... I still haven't managed to solve this one. The more I search, the more I'm convinced it is an SSL cert issue.
As mentioned in my initial post, I have a wildcard certificate from GoDaddy. The domain registered on it matches the public name of the RDS server but not the internal one. When I connect through to the RDWeb access site, we don't get any errors. However, when we click on the VDI pool we then get the dreaded 2nd login followed by two certificate warnings (one for the internal name of the server and one for the name of the virtual machine in the pool).
I've read that one solution may be to install a SAN/UCC certificate - this would allow me to list both the public and internal domain names on the certificate (though I also read that this will no longer be supported from November 2015). Another solution is to match our internal domain name with our public one...... won't be doing that one!!
By synaesthesia in forum MIS Systems
Last Post: 14th August 2013, 12:59 PM
By kirks in forum Thin Client and Virtual Machines
Last Post: 12th June 2013, 08:39 AM
By Gongalong in forum Network and Classroom Management
Last Post: 31st May 2013, 12:59 PM
By Tall_Paul in forum Enterprise Software
Last Post: 26th February 2013, 10:43 AM
By ronnoco in forum Home Access Plus+
Last Post: 25th January 2013, 03:39 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)