Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

re: Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

Sergey Kuzin — Mon, 18 Jul 2011 18:03:54 GMT

Lee,

I'd first check that the target name used by your client is the same you created the Kerberos identity for. For example, if you created Kerberos identity for MyFarm.fabricam.com, then the client should use the same name exactly to connect to the farm.

Thx,

Sergey.

re: Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

LeeDnc — Fri, 15 Jul 2011 15:24:46 GMT

I am trying to set up Kerberos in my lab. The server looks fine but I get an error on the client saying the "The remote computer cannot be authenticated due to problems with its security certificate." The only solution I can find ( technet.microsoft.com/.../ee891358(WS.10).aspx ) says to install a cert.

What have I done wrong?

re: Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

Sergey Kuzin — Mon, 21 Jun 2010 17:39:36 GMT

Andrey,

It might happen that your Connection Broker failed to propagate the farm credential to the server. Look for error messages in the Connection Broker event log.

Thx,

Sergey.

re: Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

Andrey — Mon, 21 Jun 2010 11:53:56 GMT

I enabled TS farm identity and had the following error:

"The coonection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name."

I use farm name in the RDP file.

re: Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

Sergey Kuzin — Wed, 31 Mar 2010 17:54:35 GMT

To Mauro:

The account is created automatically when you do Set-Item...

You do not need to configure anything else for authentication to work.

To Sam:

Having Kerberos identity for the farm does not eliminate the need to sign your RDP files.

Thx,

Sergey.

re: Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

Sam — Wed, 31 Mar 2010 14:12:05 GMT

Hi,

I've got the same question as Mauro with the addition of this:

Does this replace the requirement to digitally sign applications with a certificate?

Thanks.

re: Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

Mauro — Fri, 19 Mar 2010 13:05:59 GMT

Hi all,

I have some questions:

- Do I have to use an existing specific user account (anyone is suitable?) or is the account created when I type Set-Item...?

- Do I have to configure some other things on the RD Web Access / RD Connection Broker / RD Session Host for the authentication to work?

Thanks.

re: Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

Sergey Kuzin — Mon, 28 Dec 2009 19:49:08 GMT

Q: Should "allow connections only from computers running Remote Desktop with Network Level Authentication" be selected?

A: You can select it, or you can select "(less secure)". Both options will work. If you are not using legacy RDP clients (versions 5.x and below), I'd recommend the "(more secure)" option.

Q: Which certificate should be selected, the default self-signed or the cert that may have been imported?

A: A self-signed certificate should be good enough for the intranet deployment.

Q: What about the Security layer and encryption level?

A: Security layer set to "Negotiate" or "TLS" will work. Set encryption level to either "Client compatible" or "High".

Thx,

Sergey.

re: Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

Mike — Wed, 16 Dec 2009 00:04:08 GMT

After making the above change, what should the settings be on RDP-Tcp Properties under the general tab? Should "allow connections only from computers running Remote Desktop with Network Level Authentication" be selected? Which certificate should be selected, the default self-signed or the cert that may have been imported? What about the Security layer and encryption level?

Do RemoteApps still need to be signed with a certificate?

I cannot information about this feature anywhere else. It would be nice if there was some documentation outlining how this fits into an RDS deployment and how it affects the other settings.

Thanks

re: Creating Kerberos Identity for RD Session Host Farms Part I: using the Remote Desktop Services provider for Windows PowerShell

ecns.smith01@gmail.com — Sat, 10 Oct 2009 10:31:52 GMT

There are many hosting companies. Search for the best hosting company on the internet. You will come across a lot of hosting companies. Choose the company which provides the best service on your budget. They offer their service in different packages. Choose a package to suit your needs and sign up for an account.