Hi everyone,
We recently set up a Windows Server 2008 R2 Remote Desktop environment, with the following setup:
Gateway Server (Both RDC Clients and Web/RemoteApps) -> Broker -> [Server 1, Server 2 Farm]
We did enable Single Sign On to the system. We do have SSL enabled and the certificates appear to be working correctly. All computers that connect to it (that I am concerned with anyway) are Windows 7. They are a mix of Home, Pro and Enterprise if that matters,
32bit and 64bit.
Almost everything works fine - the RDC program connects in, the Gateway website works, you can view and launch RemoteApps as well as the full Remote Desktop.
The problem we are having is that some users are receiving a login prompt for the Broker server whenever they click on a RemoteApp on the Gateway website. It comes up with the Broker server name and wants to the domain username and password again.
If they log into the Broker prompt works fine. But, we don't understand why it is there. We are trying to set up two-factor authentication, so we either need the Broker login to come up for -all- users, or not come up for any so we can add in a plugin for additional authentication. We do not want some users to have an extra prompt at the end of the day.
It does not appear to be user or computer specific. For instance I do not get the popup on my domain computer, but I do on my personal computer which is not on the domain. However, a consultant of ours does not get it on a laptop of his (non-domain) at all.
He did get it on his home PC, but he created a new profile on it and that profile did not get the popup. I created a new profile on my home PC and still got the popup.
Any settings to check or ideas to test would be greatly appreciated. We are pretty confused at this point.
On a side note - it is my understanding that Server 2012 comes with the ability to do two-factor authentication built in, is that correct? If so, is it possible to run a 2012 Gateway and 2012 Broker server and leave the actual Remote Desktop servers as 2008
R2, or does everything have to be 2012?
Thanks in advance everyone!