Start a new topic

RDP using Office365 account on AzureAD joined machine

Hello!


As you may know, it is possible to login to a Windows 10 machine using a Microsoft account/Office 365 account. You can also use such an account remotely using RDP.


To be able to do that, you need to:

- Disable Network Level Authentication (NLA)

- Edit your RDP file with notepad and add these two lines:

 

     authentication level:i:2
     enablecredsspsupport:i:0

- Logon using AZUREAD\<Office 365 UPN>, e.g. AZUREAD\[email protected]

This works fine but what are the RoyalTS settings in an RDP connection that correspond with these two lines:

     authentication level:i:2
     enablecredsspsupport:i:0

I would like to do this from RoyalTS.

Thanks!



Hi Vincent,


You can find both settings on the Advanced page:

https://content.royalapplications.com/Help/RoyalTS/V5/index.html?reference_remotedesktop_advanced.htm

Note that enablecredsspsupport is called "Network Level Authentication" (NLA)


In order to make the logon work, you may also need to change the setting called "Set Domain to '.' for Local Accounts" in the plugin configuration:

https://content.royalapplications.com/Help/RoyalTS/V5/index.html?reference_remotedesktop.htm


Regards,
Stefan


1 person likes this

 Since this is the first post that pops up for Royal TS when looking for this, in the Advanced section set authentication level to "Connect, but warn me if server authentication fails" and turn "Network Level Authentication" off.


Keeping "Authentication Level" to the default results in the connection failing.


1 person likes this

Jeroen, you are my hero! It works!


1 person likes this

All of the settings do not seem to work with my setup. No matter what combination of settings i try, it will always throw a login-window at me stating that the provided credentials do not work.


I tried with supplying credentials in the form of AzureAD\<UPN>, and with NLA ON or OFF, i even tried the RoyalTS Setting of "Use Azure AD Authentication" in the Advanced Tab of the connection - with no success at all.

If i invoke a local RDP client(mstsc) and activate the setting "Use a web account to sign in to the remote comuter" in the "Advanced"-Tab, Login works flawless. So it's not an issue of connectivity or access rights. I just cannot get it wo work from inside RoyalTS. (v7)

(and since this is the first post that pops up when you do a web search, a functioning solution might benefit other users as well...)

Hi Fabian,


there are many possible scenarios and environments. Some are supported by mstsc.exe but not by Microsoft's RDP ActiveX control from Windows which Royal TS is using. So there's a good chance that your scenario is not (yet) supported by the ActiveX and therefore not by Royal TS. The best way to find out if Microsoft supports certain scenarios in the ActiveX is to check with their own tool RDCMan (https://learn.microsoft.com/en-us/sysinternals/downloads/rdcman). If you can get it to work there, we should be able to make it work in Royal TS as well.


If features/functionality is missing from the ActiveX (RDCMan), users should let Microsoft know through the Windows Feedback Hub app or, even better, using an Enterprise Agreement if available.


That being said, we implemented the following setting recently:

I'm not sure if this resolves your issue but I thought it's worth a try.

Apologies on replying to such an old thread - I'm not sure if this is the same issue but it sounds similar (if not my same issue). 


I've been struggling for a fairly long time trying to get Royal TS to allow me to auto logon w/saved credentials to an AzureAD account/domain machine. I've tried different combinations of using the [x] Network Level Auth and [x] Azure AD Auth checkboxes (or not) and different combinations of having AzureAD\email@domain vs email@domain as the username ... but no matter what I try the best I can get is:

  1. Royal TS connects to the machine
  2. Machine says "Other User" 
  3. I then add AzureAD\[email protected] as the username to the login
  4. I then type out my full password
  5. ... THEN I can get in.


Screenshots below show the full process.


FWIW I initially imported this connection into Royal TS *from* a notepad-modified RDP connection (where those two fields were added: authentication level::2 and  enablecredsspsupport:i:0, reference). I feel like this used to actually allow auto-login a year or so ago but I'm on a new client PC and whatever magic setting in Royal TS that I may have fussed w/on my previous PC has been lost and I just can not auto logon to my Azure machine anymore. 

Does any of the above make sense and is this the right thread for this? And/or anyone have any suggestions/ideas on what I could try to get auto-logon working with Royal TS and my AzureAD machine again? Any help or advice would be greatly appreciated.

Hi Christopher,

in order to help you with this issue, could you please open a support ticket here:

https://www.royalapps.com/go/support-ticket-new


I believe I will need a little more information to help you with this case.


Kind regards,

Germar 


1 person likes this
Login or Signup to post a comment