We have an RDWeb server setup with SSO and are able to connect and get the menu of options to pick. We have Calculator setup as a test along with another company app. When you click on either one the RDP file downloads and when you open you get the “Start your app” screen and then a pop-up saying “Your credentials did not work”.<\/p>\n

Advertisement

Close

If you enter your network password, it goes right in. If you click either app after that, it connects right in. Close the browser and go back in and you get the prompt again.<\/p>","upvoteCount":3,"answerCount":7,"datePublished":"2025-05-08T18:36:52.946Z","author":{"@type":"Person","name":"itbymiket","url":"https://community.spiceworks.com/u/itbymiket"},"acceptedAnswer":{"@type":"Answer","text":"

Advertisement

Close

I’ve ended up finding a few GPOs that need set and some config files in IIS that needed modified. Here’s all my notes:<\/p>\n

Computer Configuration → Policies → Administrative Templates ->System->Credentials Delegation ->Allow delegating default credentials
\nComputer Configuration → Policies → Administrative Templates ->System->Credentials Delegation ->Allow delegating default credentials with NTLM-only server authentication<\/p>\n

Under both keys, add your servers the list. Either individually or with a wild card for the domain:
\nTERMSRV/*.domain.net
\nTERMSRV/server.domain.net<\/p>\n

User and Computer Configuration → Administrative Tools → Windows Components → Internet Explorer → Internet Control Panel → Security Page → Trusted Sites Zone → Logon Options and in the dropdown list select “Automatic logon with current username and password”.<\/p>\n

C:\\Windows\\Web\\RDWeb\\Pages \nEdit: Web.config\nRemove comment marks and add comment marks\n\nBefore\n      <!--\n      <authentication mode=\"Windows\"/>\n      -->\n      <authentication mode=\"Forms\">\n          <forms loginUrl=\"default.aspx\" name=\"TSWAAuthHttpOnlyCookie\" protection=\"All\" requireSSL=\"true\" />\n      </authentication>\n\nAfter\n      <authentication mode=\"Windows\"/>\n\n      <!--      <authentication mode=\"Forms\">\n          <forms loginUrl=\"default.aspx\" name=\"TSWAAuthHttpOnlyCookie\" protection=\"All\" requireSSL=\"true\" />\n      </authentication>\n      -->\n\nBefore\n  <system.webServer>\n    <handlers>\n        <add name=\"PagesWebFeedHandler\" path=\"WebFeed.aspx\" verb=\"*\" type=\"Microsoft.TerminalServices.Publishing.Portal.PagesWebFeedHandler\" preCondition=\"integratedMode\"/>\n    </handlers>\n    <modules runAllManagedModulesForAllRequests=\"true\">\n      <remove name=\"FormsAuthentication\" />\n      <add name=\"RDWAFormsAuthenticationModule\" type=\"Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSDomainFormsAuthentication\" />\n    </modules>\n\n    <security>\n        <authentication>\n            <windowsAuthentication enabled=\"false\" />\n            <anonymousAuthentication enabled=\"true\" />\n        </authentication>\n    </security>\n    <httpRedirect enabled=\"false\" />\n  </system.webServer>\n\nAfter\n  <system.webServer>\n    <handlers>\n        <add name=\"PagesWebFeedHandler\" path=\"WebFeed.aspx\" verb=\"*\" type=\"Microsoft.TerminalServices.Publishing.Portal.PagesWebFeedHandler\" preCondition=\"integratedMode\"/>\n    </handlers>\n    <!--\n    <modules runAllManagedModulesForAllRequests=\"true\">\n      <remove name=\"FormsAuthentication\" />\n      <add name=\"RDWAFormsAuthenticationModule\" type=\"Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSDomainFormsAuthentication\" />\n    </modules>\n\n    <security>\n        <authentication>\n            <windowsAuthentication enabled=\"false\" />\n            <anonymousAuthentication enabled=\"true\" />\n        </authentication>\n    </security>\n    -->\n    <httpRedirect enabled=\"false\" />\n  </system.webServer>\n\nC:\\Windows\\Web\\RDWeb\\Pages\\en-US\\\nEdit: Default.aspx\n\nBefore\n    public bool bShowPublicCheckBox = false, bPrivateMode = false, bRTL = false;\n\nAfter\n    public bool bShowPublicCheckBox = false, bPrivateMode = true, bRTL = false;\n\n<\/code><\/pre>","upvoteCount":0,"datePublished":"2025-05-09T14:10:22.515Z","url":"https://community.spiceworks.com/t/remoteapp-for-rds-with-sso-your-credentials-did-not-work/1203973/6","author":{"@type":"Person","name":"itbymiket","url":"https://community.spiceworks.com/u/itbymiket"}},"suggestedAnswer":[{"@type":"Answer","text":"
We have an RDWeb server setup with SSO and are able to connect and get the menu of options to pick.  We have Calculator setup as a test along with another company app.  When you click on either one the RDP file downloads and when you open you get the “Start your app” screen and then a pop-up saying “Your credentials did not work”.<\/p>\n
If you enter your network password, it goes right in.  If you click either app after that, it connects right in.  Close the browser and go back in and you get the prompt again.<\/p>","upvoteCount":3,"datePublished":"2025-05-08T18:36:53.009Z","url":"https://community.spiceworks.com/t/remoteapp-for-rds-with-sso-your-credentials-did-not-work/1203973/1","author":{"@type":"Person","name":"itbymiket","url":"https://community.spiceworks.com/u/itbymiket"}},{"@type":"Answer","text":"
Need a lot more details. How is this SSO setup?<\/p>","upvoteCount":0,"datePublished":"2025-05-08T19:12:41.461Z","url":"https://community.spiceworks.com/t/remoteapp-for-rds-with-sso-your-credentials-did-not-work/1203973/2","author":{"@type":"Person","name":"rwtaylor","url":"https://community.spiceworks.com/u/rwtaylor"}},{"@type":"Answer","text":"