Remote Desktop Services - SSO Problems

[ginge]

Morning all,

Has anybody deployed Remote Desktop Services along with an RD Gateway for access to resources from outside of the LAN?

I've got an RD Session Host on one machine and an RD Gateway on another. All machines have valid and tristed certificates installed. I have enabled the group policies for credential delegation for Kerberos and NTLM so a domain machine will automatically pass the logged on users credentials to the RDS servers. When inside the LAN this works perfectly and RemoteApp connections from a Windows 7 machine work seamlessly.

The problem occurs when testing with a laptop from outside of the LAN. I understand this will fall back to NTLM authentication because it can't communicate with a DC to user Kerberos but no matter what I try I get prompted for my password when connecting to a RemoteApp. I get an error message telling me that my credentials did not work and asking for me to re-enter my password. Once I type that in it connects no problem. I really want to get this SSO working so staff can access specific programs from outside of the firewall without having to enter credentials multiple times.

 

Any thoughts would be appreciated!

 

Paul