TS connection experience improvements based on RDP 6.0 client customer feedback

TS connection experience improvements based on RDP 6.0 client customer feedback

Many users have downloaded the RDP 6.0 TS client through Windows update since it was released. We have received significant feedback on the RDP 6.0 client -- both on what you liked and what you disliked. In this post we want to let you know that we heard you and show you how your continued feedback helped us to improve the TS client connection experience for all of our users.

The improvements discussed in the post will be available to the public as part of the next planned TS client update. I will update this blog with a link to the new beta client download page once it is released. In the meantime, I thought I would provide an update to our TS user community that we heard your feedback, and we have made improvements in the next beta of the RDP client.

The improvements we made in the beta RDP client are discussed and organized by feedback topics. I have grouped your most common feedback into one of these seven buckets. Of course, additional comments/feedback is appreciated.

Feedback #1:  When using Remote Desktop Client 6.0 to connect to a computer running Windows 2003 Windows 2000, some users are forced to enter credentials (user name and password) twice in a row - once at the TS client, and again at TS server.

This blog post provides details on cause for these problems and possible workarounds.  To better address the problems mitigated by these workarounds, we changed the design for the next version as summarized by the following table:

Client OS with RDP 6.1

Target TS Server OS

Prompt for credentials

Windows Vista and Windows Longhorn

Windows Longhorn and Windows Vista

Always at TS client side

Windows XP, Windows 2003, and Windows 2000

Windows Longhorn and Windows Vista

Always at TS Server side

Windows Vista, Windows XP, Windows 2003, and Windows 2000

Windows XP, Windows 2003, and Windows 2000

Always at TS server side

With this design change, users will not be prompted for credentials twice anymore, provided they have installed the latest RDP client.

Feedback #2:  Saved credentials (user name, password) do not work. I don't know how to edit or delete my saved credentials.

This blog post provides details on the cause of these problems and possible workarounds.  In the new beta RDP client, we have bubbled up the "save" and "edit" options to the top-level UI by showing the logon settings on the TS client UI as shown below. If you need to edit or delete the saved credentials, you can do it directly from this UI instead of clicking the "Options" button and then editing them at the TS client expanded UI.  Remember that saved credentials are per target computer name. This means whenever you select a different computer name, it will tell you which user name and credentials it is going to use for the remote connection.

Whenever you or your administrator enable group policy (GP) settings to use the currently logged on Windows credentials to provide a single sign-on experience for a given terminal server, you will see this status as shown below.

When TS client has no saved credentials for the selected target computer, it will show the appropriate status as shown below.

Feedback #3: RDP 6.0 client provides no easy way to save credentials for the target server similar to what we had in RDP 5.0 client.

In the RDP 6.0 client, we removed the option to save credentials (user name and password) in the RDP file. If you need your RDP 6.0 client to remember your logon credentials, when you connect to Windows Longhorn TS server or Windows Vista, select the "Remember my credentials" checkbox in the credential prompt UI shown below.

 

This will store the credentials in Windows credential manager. Next time, when you connect to the same TS server, your saved credentials will be used automatically, and you will not be prompted for credentials. 

 

What about storing credentials for Windows Server 2003 or Windows 2000 Server TS connections?  In the new beta RDP client, we have provided an "Allow me to save credentials" checkbox at the TS client for pre-Longhorn terminal servers. This checkbox will be visible to you only when the TS client doesn't have saved credentials for the target computer. When you select this checkbox, you will be prompted for credentials at the TS client side once, even though your target computer is Windows 2000 or 2003 server, but when you enter the credentials, it will automatically save the credentials for you at the TS client computer. Next time, when you connect to a Windows 2000 or 2003 server, your saved credentials will be used automatically.

 

To see this checkbox, you need to click on the "Options" buttons in the TS client. Here is the expanded TS client UI with the "Allow me to save credentials" checkbox.

Important note:  Whenever your saved credentials (user name and password) have expired for a target TS server running Windows 2003 or Windows 2000, the target TS server will prompt for credentials again using Winlogon UI but the TS client will not be automatically updated with your newly entered credentials. When this happens, you need to manually edit the saved credentials on the TS client. Note that this is the same behavior as when connecting to a Windows 2000 or Windows 2003 Server from a pre-RDP 6.0 client.

Feedback #4:  Credentials entered in TS client get rejected when connecting to Windows Server 2003.

With the design in the new beta RDP client, you will not see this problem anymore because when you connect to Windows Server 2003 or Windows 2000 Server, TS client will not ask for credentials. Refer to Feedback #1 section for more details.

Feedback #5: When connecting to Windows Server 2003 or Windows Server 2000 using RDP 6.0, I am seeing a new credential UI prompt which I don't like.

If you always connect to Windows Server 2003 or Windows Server 2000 using the new beta RDP client, you will not see the new credential prompt anymore, and you will see the typical remote TS server logon screen (Winlogon) as it was in RDP 5.0.

 

 

But if you are connecting to Windows Vista or Windows Longhorn Server using the new beta RDP client from Windows Vista, you will see the new credential prompt at the client side as shown below.

We are showing this new credential UI prompt at the client because we want to do network level authentication for all TS connections to Windows Vista or Windows Longhorn Server. The new CredSSP (Credential Security Service Provider) used in Longhorn TS server provides benefits like RDP data stream protection, RDP port attack surface reduction, and server authentication by default.

Feedback #6:  The pre-populated user name in the credentials dialog does not match the user name that is in the RDP file.

Most users make a TS connection in one of two ways:

  • Style #1 by double-clicking a custom RDP icon published by your admin or a custom RDP file authored by you.
  • Style #2 by launching the "Remote Desktop Connection" icon in the Accessories folder on the Windows Start menu and typing in the remote computer name and user name and then clicking the "Connect" button, or by typing mstsc.exe from a command prompt. Whenever you use this style, TS client uses the default.RDP file.

 

With the RDP 5.0 client, when you use a custom RDP file, it always reads the user name from the file. It is optimized for users following connection style #1. The downside with the RDP 5.0 client is that if your connection style is #2, and you connect to five different TS servers in a day, you will be required to enter the user name again and again because it shows only the most recently used computer name and user name.

 

In RDP 6.0 client, we have optimized it for connection style #2 users but we understand that this approach breaks the "TS Remote Admin" scenario with connection style #1 where two different RDP files with two different user names are used for the same TS server, or where you want to use a custom RDP file with the user name pre-filled for you by your administrator.

 

Here is a proposed new solution to address both these cases. Whenever the TS client uses the default RDP file (this is the case for connection style #2), it will always use the user name hint from the registry. Whenever you use a custom RDP file (this is the case for connection style #1), it will read from the RDP file if it is available, or else it will read the user name hint from the registry. With this proposed solution, we think we'll be able to address both connection styles that customers use and all possible edge scenarios supported by RDP 5.0 clients. Please let us know your feedback.

Feedback #7: How to suppress the ‘Remote Desktop cannot verify the identity of the computer you want to connect to..." security warning message?

This blog post provides details on cause for this problem and possible solution. We are investigating how to make this security warning message valuable while still making it easy for customers to suppress it when it is not needed. We are considering is to provide a checkbox called "Don't ask me again for remote connections to this computer."  If the user selects this checkbox, it will be remembered and will automatically ignore this warning the next time.

 

If the user clicks on this checkbox to suppress the security warning on server authentication failure, and one year later the TS server admin has changed the server certificate or a bad TS server sends an incorrect server certificate, we will show this security warning again until user click again to suppress it. This way, it is suppressed for the same server certificate error messages only. Here is the proposed UI mockup.

 

 

 

 

 

Leave a Comment
  • Please add 4 and 3 and type the answer here:
  • Post
  • Simple solution to this problem.  Build the RDP file with the old v.5 application then save the file to any location you want.  Open the RDP file with the v.6 application and you will have your credentials all saved.  It was an initial hangup for us, and I had started to get crap from everyone for implementing WSUS, but this has been a decent "fix" for us.  

    Just build the RDP for whatever users you need or want to using the older version 5 then save it and open with the version 6.  Life will be blissful once again.  email me if you find an easier way or 6.2 fixes what 6.1 does not. 8-P

  • Looking forward to the 6.1 changes. these changes have cost me lot of hours of support problems.

    BTW - I had a problem earlier this year with machines that did no have the DST patch, It would be helpful if there was an option on the RDP client to Use the Server time for the RDP session. I was told at the time that there is no Group Policy setting that could force the RDP client to use the Server time and that the time was controlled by the settings on the RDP client. Please look into this. All i need is a checkbox that forces them to use the server time for the server sessions they are starting.

    -- thanks

  • It's starting to look like by the time the 6.1 client is available, it'll be obsoleted and we'll be looking at Vista clients connecting to Longhorn servers.

    I'm impressed by the fact MS is actually listening to our needs.  I unimpressed it's taking the better part of year to update a few minor UI issues in a program whose MSI package still fits on a floppy disk.  Not to denigrate the skills of the dev(s) working on this package, but it seems obvious you're only being assigned a fraction of a day to work on this product module.  MS needs to take this seriously.  Terminal Services and remote desktop are massive selling points these days and it's long, long past time the annoyances and backwards-advancements are dealt with.

    Hell, I'd be happier if 5.2 was re-released as 6.1 and placed on MS Update.  I'm getting tired of tagging 6.0 out on individual PC updates and  not-approving on WSUS.

    I fully expect we're not going to see 6.1 until  Longhorn server ships.  I heartily invite the respected devs to disabuse me of this cynical viewpoint.

  • I'm having such headaches with 6.0..

    Does anybody know how I can obtain 5.2 to replace this?

  • how to pin the connection bar PERMANENTLY!!

    6.0 seems to exhibit strange behaviour with pinning the connection bar in full-screen mode. it looks as if when you edit or create another RDP file then this reg setting is reset. hard to imagine that something so small could be so annoying!

    I seem to remember seeing comments on this when i looked a while ago, but this seems the best place to rasie the question for an accurate response. i have a shortcut to a .reg file to reset it but this would be naff for general users.

    [HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client] "PinConnectionBar"=dword:00000001

    Will this be addressed in future release and does anyone know of a fix for 6.0

    glad i have at least found the workaround for different credentials to the same host by adding new entry to hosts file (after wasting a good few hours) - yet to see how much of a headache it will be to apply/administer. This really needs to be fixed in future release, and would second the view that it needs to work as you would expect - opening different files takes you straight in.

  • Hello there!

    What I am experiencing is that I connect to my Win2003 SBS with a VPN connection. After it has been set up, I go with RDP (from Windows Vista client) to my server and it gives me 3 choices:

    1) 192.168.1.4\USER

    2) use another account

    3) reading smartcard...

    On the laptop with Vista I'm using a local account.

    I choose selection 1 and get not logged in because "Username" appears to be "192.168.1.4\USER". Therefore, I have to wait the timeout to expire and then I can delete and type my username.

    Is there any solution to this?

    Thanks...

  • TS Client 6.1 coming with Vista SP1 will not have this problem.

    Meanwhile you can choose selection 2) and enter correct domain\user name (if you are using a local account then domain should be your server's name).

    After a successful logon TS Client will remember your user name and will use it next time.

    Thx,

    Sergey.

  • Hy Sergey.

    Thanks for your suggestion, but I already tried it. If I type "DOMAIN\Username" I get to the server login screen and see "Username: DOMAIN\Username", which of course is wrong and cannot be accepted for logging in.

    Is it already possible to get TS Client 6.1 "standalone"?

    Regards...

  • User name in the form "DOMAIN\Username" is perfectly valid and should be accepted by your server.

    Please, make sure that you are using correct domain and user names.

    For example, if you are connecting to "MyServer" and using local Administrator account then the name you type in should be "MyServer\Administrator".

    TS Client 6.1 is not yet available to the public.

    Thanks,

    Sergey.

  • The problem with controlling the RDP options via the default.rdp file, e.g. to turn off the double logon prompt, is that after installing the client, you now have to touch the default.rdp file for every user on every PC or server they use, no an elegant solution. Why in the world don't you have global setiings, or use a GPO?

    Another problem is that the Windows key now no longer works on the remote desktop, when you press the Windows key, it brings up the start menu, on the local desktop.

    Could you please fix these issue ASAP?

    Thanks,

    Chuck Hallback

    P.S>. This web site is SO slow it is almost unusable.

  • Is there a way to permanently disable the "Do you trust this connection" dialog when a local hard drive is connected in the session? Its nice that a button exists to "Dont ask again for this server", but there needs to be a button that says "Dont prompt ever again".

    GOBS of helpdesk calls would go away.

    Thanks,

    Paul Peterson

  • Will the problem with the Windows key combos, and alt-tab, not working on the remote desktop also be fixed? For us this is the biggest show stopper on deploying the 6.0 client.

    I didn't see this mentioned on your list of issues, or feedback,  for the 6.0 version.

    I would hate to have to use a premier support call to find out the answer to this

    Thanks,

    Chuck

  • About a month ago (and before, off and on) my RDP 6 client would be blocked from a remote session with a 2003 Server (running the updated RDP 6).  I have a workstation and a laptop, both running Vista Bus and virtually identical software with some difference in hardware, of course.  My primary client is a big firm that I VPN to with a custom citrix setup, and when this was changed in Sept, it knocked both machines off (I wasn't able to connect to the VPN, nor using RDP).  I deleted the new OCX file from the client, and used System Restore on the workstation/Desktop, and that fixed that box.  I tried the same with the laptop, but didn't have the success.

    When connecting to the remote host via a web-based RDP client, I get the dreaded Runtime Error 217, which apparently know one knows how to fix. So how do I reinstall RDP?  Is there a registry flag I can set to false so that Windows' reinstalls?  Similar to the old IE 6?

    Thanks,

  • I had the problem where RDP to win 2000 SRV would not save password, we fixed this by following the advice of a Microsoft employee (another page, cannot remember where) who pretty much said, user better software like:

    Visionapp's Remote decktop (http://www.visionapp.com/111.0.html) which worked great, apart from we could not find the lauch the following program (in our case the business system) but this can be done in the user management of TS on the win 2000 server.  Nice!

  • Does anyone have a fix to the issue - when using RDC 6 to connect remotely to a Windows 2003 server, the SHIFT key no longer works?  If I uninstall RDC 6 - it works fine.  We have hundreds of users with the same problem.  Thanks!

Page 4 of 8 (112 items) «23456»