Passing credentials to host requiring prompt
We are connecting to hosts in a Windows AD where we have the RDP GPO setting configured that requires interactive login ('Always prompt for password upon connection') in order to prevent users from storing passwords in the .rdp files / RDP utility they are using. We are migrating to RDM from another vendor (Visionapp) where we could set up personal credentials with the domain and username, and have these passed into the default Windows authentication dialog.
RDM however seems to use its own custom credential prompt, and the server sees this as 'stored' credentials and fails the auth request regardless of the password validity, and then defaults back to the system default prompt, requiring the user to enter the password again. Is there a way to bypass the RDM built-in credential prompt and pass the domain+username into the system default authentication dialog the way Visionapp does? Changing the GPO on the server side is unfortunately not an option due to security reasons so we need the client to comply, and we would like to prevent the initial failed auth request if possible as this would be annoying to the users.
All Comments (5)
Looks like this is caused by the same issue that's reported here: http://forum.devolutions.net/topic17929-credentials-dialog-not-passing-password.aspx - we will check that post for updates.
Do you use the embedded or external mode? Have you verified the Network Level Authentication?
David Hervieux
Embedded. I've tried enabling/disabling NLA and CredSSP individually and together, no change. If we remove credentials altogether, we get the standard 'Windows authentication' login box, but it looks like the remote server detects the RDM credential as an intermediate party and treats it as a 'saved' password (even if the password was provided interactively), and throws the authentication prompt back. Anyway, seems exactly like the issue reported in the other post, so it's probably the same thing hitting us.
What Windows is used on the destination host?
David Hervieux
Windows Server 2008 R2 and 2012. Passing in credentials to the prompt causes a fallback to the default Windows authentication dialog with a 'The logon attempt failed' message - cancelling out of the authentication prompt makes the Windows authentication dialog come up as well, but without the error message.
