Windows 2008 Server R2 Auto Logon

Topics: User Forum
Sep 10, 2011 at 5:46 AM

guys,

Is there anyway to get a round being prompted your password everytime before connecting to Windows 2008 Server R2? I realize much of this is because the RDP Host Config Security is set to "Negoiate" by default and this can be changed to "RDP Security" to get rid of that, but a major main, especially in a larger environment. And even then when I connect I must select my user account and type in my passwored to logon. Any thoughts?

Robert

 

Coordinator
Sep 11, 2011 at 11:09 PM

Go to the connection options and select credentials. Or refer online documentation how to use stored credentials. If you define credentials in connection options, the you are automatically logged in.

Sep 13, 2011 at 1:20 PM

There seems to have been some changes made with how the RDP server works for Windows 2008 R2. I have the same issue, when I try to use stored credentials for some R2 based machine, it fails, and I need to manually enter the password to log into the machine. This is the same domain based credentials that works just fine, when logging into other machines. My logs are showing the following error on connections to an R2 machine, which failed:

ERROR 2011-09-13 12:49:53,906 607382ms Terminals              DecryptPassword    - Error Decrypting Password
System.Exception: Error while writing encrypted data to the stream:
Length of the data to decrypt is invalid.
   at Unified.Encryption.Decryptor.Decrypt(Byte[] bytesData, Byte[] bytesKey)
   at Terminals.Functions.DecryptPassword(String encryptedPassword)

Again, I want to point out that the stored credentials work just fine, this is only isolated to some Windows 2008 R2 machines. I have been unable to figure out exactly why there seem to be differences between some R2 installations, my best guess is probably a Windows Security Update, but I haven't had time to sit down and debug which updates may be causing it.

Sep 13, 2011 at 2:05 PM

Thanks jirkapok. That seems to of addressed my issue. Please also note that by default Windows 2008 Server uses the "Negotiate" Security setting. If you wish to bypass that you can load up your Termnal Services Host Configuartiuon and change that to "RDP Security", that will keep you from getting a username/password befre your connection. You also need to go into the RDP | Extended settings in Terminals and enable the checkbox labled "NLA Authentication". Alternative to that would be to disable NLA Authenication on each Windows 2008 Server you are connectng to. I find it easier to configure Terminals. We currently have 5000_ servers in our environment and although I do not manage all of them on a given week I'm sure I log into at least15-20 different servers.

Hope that helps.

Robert

 

Sep 13, 2011 at 8:37 PM

I'm also interested whether it is possible to use saved credentials to log on to win 2008 r2 servers using terminals. Many of our clients have set up their servers in a way so I can't automatically log on to their servers (I can't ask them to change their security settings). But if I save a connection in MSTSC into a *.rdp file and set the checkbox to "remember my credentials" then this connection connects without prompting for the password. So I think this should be possible in terminals.

Sep 13, 2011 at 9:27 PM
prejudiced wrote:

I'm also interested whether it is possible to use saved credentials to log on to win 2008 r2 servers using terminals. Many of our clients have set up their servers in a way so I can't automatically log on to their servers (I can't ask them to change their security settings). But if I save a connection in MSTSC into a *.rdp file and set the checkbox to "remember my credentials" then this connection connects without prompting for the password. So I think this should be possible in terminals.


You might double check that you enabled "NLA Authentication", but if NLA Authentication is being forced, you will have to enter your password everytime you connect. The purpose behind this is force user authentication before you even get to a RDP session. The two options your admins ahve are to change RDP to allow any connection or edit the Security Setting for RDP as I mentioned above. I know that sucks

 

Robert

Sep 13, 2011 at 9:54 PM
jirkapok wrote:

Go to the connection options and select credentials. Or refer online documentation how to use stored credentials. If you define credentials in connection options, the you are automatically logged in.

With all these issues that seem to be coming because of NLA, is it possible to allow saving of your credential to Terminals? The Windows RDP client has that, but for whatever reason the save option is not available in the Dialog box from Terminals.

 

Robert

Sep 14, 2011 at 9:07 PM

I can confirm that credentials do not save when connecting to windows 7 or server 2008, however those same connection credentials save in the MS RDP client just fine.

I think the connection manager in Terminals is so much better then in "Remote Desktop", I just wish this one thing worked out of the box!

Coordinator
Sep 18, 2011 at 7:55 PM
Edited Apr 14, 2013 at 4:13 PM
Hi all, thank your for your tip with th NLA. I created an issue request for it 31467. Concerning the troubles with the stored credentials, there is a bug in Terminals security, which causes that the application isn't able to correctly decrypt stored credentials. This was corrected in patch during last week. Note, that the fix isn't present in current download.
Edit: Fix is present in v2.0.