Couple things. If the client is XP:
- Windows XP Service Pack 3.
- .NET Framework 3.5 SP1.
http://download.microsoft.com/download/2/0/e/20e90413-712f-438c-988efdaa79a8ac3d/dotnetfx35.exe
- Remote Desktop Connection 7.0 Client Update.
http://support.microsoft.com/kb/969084- Single Sign-on Hotfix for Windows XP SP3 clients.
http://support.microsoft.com/kb/953760/en-us- The registry files SSO.reg, Thumbprints.reg and CredSSP.reg. These are mandatory in order to guarantee the Single Sign-on (SSO) functionality.
SSO.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWA
RE\Policie
s\Microsof
t\Windows\
Credential
sDelegatio
n]
"AllowDefaultCredentials"=
dword:0000
0001
"ConcatenateDefaults_Allow
Default"=d
word:00000
001
"AllowDefCredentialsWhenNT
LMOnly"=dw
ord:000000
01
"ConcatenateDefaults_Allow
DefNTLMOnl
y"=dword:0
0000001
[HKEY_LOCAL_MACHINE\SOFTWA
RE\Policie
s\Microsof
t\Windows\
Credential
sDelegatio
n\AllowDef
aultCreden
tials]
"1"="TERMSRV/*"
[HKEY_LOCAL_MACHINE\SOFTWA
RE\Policie
s\Microsof
t\Windows\
Credential
sDelegatio
n\AllowDef
Credential
sWhenNTLMO
nly]
"1"="TERMSRV/*"
CredSSP.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM
\CurrentCo
ntrolSet\C
ontrol\Lsa
]
"Security Packages"=hex(7):6b,00,65,
00,72,00,6
2,00,65,00
,72,00,6f,
00,73,00,0
0,\
00,6d,00,73,00,76,00,31,00
,5f,00,30,
00,00,00,7
3,00,63,00
,68,00,61,
00,6e,00,\
6e,00,65,00,6c,00,00,00,77
,00,64,00,
69,00,67,0
0,65,00,73
,00,74,00,
00,00,74,\
00,73,00,70,00,6b,00,67,00
,00,00,00,
00
[HKEY_LOCAL_MACHINE\SYSTEM
\CurrentCo
ntrolSet\C
ontrol\Sec
urityProvi
ders]
"SecurityProviders"="msaps
spc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll"
(take a look at
http://blog.ressoftware.com/index.php/2009/12/21/terminal-service-remote-app-single-sign-on/)
The Thumbprints.reg you must get the thumbprint from the certificate and dump it on
[HKEY_LOCAL_MACHINE\SOFTWA
RE\Policie
s\Microsof
t\Windows NT\Terminal Services]
"TrustedCertThumbprints". This will do it for you.
Cláudio Rodrigues
Citrix CTP
