vWorkspace

Last reply by 05-22-2013 Solved
Start a Discussion
2 Bronze
2 Bronze
197185

Kerberos Ticket Error in vWorkspace 8

Hello,

I'm doing several test in order to test vWorkspace 8 with VDI guest running Win 7 SP1 with RDP8 support and connector is running on Thinclients Wyse with Win7 SP1 Embedded joined to domain. Connector is also in v8.

When I create manually the farm, I set Kerberos authentication, but when I connect to VDI desktop, appears a dialog box saying NLA is required and don't connect. If I check Initial Only in Kerberos, connection to farm is ok and asme for the credentials. Enter credentials and connection to VDI desktop is ok.

Same configuration with vWorkspace 7.6 runs smoothly. Templates are identical, except Instant Provisioning and PNTools version.

Solution (1)

Accepted Solutions
1122

Hi Carlos,

On your Client machine, open up your Local Group Policy (GPEDIT.MSC) and navigate to “Computer Configuration\Administrative Templates\System\Credentials Delegation” node.  The specific policies are as follows:

Enable

    “Allow Delegating Default Credentials”

 

This policy needs to be enabled and a server list needs to be defined.  The server list can contain wildcards and each entry takes the form of “TERMSRV/server”.  Examples would include “TERMSRV/*” to allow everything or “TERMSRV/*.provisionnetworks.net” to allow a specific domain.

This should be all you need. If it doesn't work, also add the following two in the same way.

“Allow Default Credentials with NTLM-only Server Authentication”

“Allow Saved Credentials with NTLM-only Server Authentication”

Thanks, Andrew

View solution in original post

Replies (5)
3 Argentum
1122

Hi Carlos,

I am not aware of any changes in vWorkspace 8.0 that would cause this issue when version 7.6 is working well. Does the connection work on the same Wyse device when you remove the v8.0 Connector and go back to 7.6?

Also are you using RDP8 when testing with the v7.6 Connector?

Please take a look at our Kerberos Authentication Best Practice document to see if this provides a solution https://support.quest.com/SolutionDetail.aspx?id=SOL104116&pr=vWorkspace

Thanks

David

2 Bronze
2 Bronze
1122

Hi David,

More tests. With same client connecting to VDI desktop with Win7 SP1 Template with RDP8 activated, kerberos fails with NLA error or asking for credentials. When I connect to VDI Desktop with RDP8 deactivated it works.

1123

Hi Carlos,

On your Client machine, open up your Local Group Policy (GPEDIT.MSC) and navigate to “Computer Configuration\Administrative Templates\System\Credentials Delegation” node.  The specific policies are as follows:

Enable

    “Allow Delegating Default Credentials”

 

This policy needs to be enabled and a server list needs to be defined.  The server list can contain wildcards and each entry takes the form of “TERMSRV/server”.  Examples would include “TERMSRV/*” to allow everything or “TERMSRV/*.provisionnetworks.net” to allow a specific domain.

This should be all you need. If it doesn't work, also add the following two in the same way.

“Allow Default Credentials with NTLM-only Server Authentication”

“Allow Saved Credentials with NTLM-only Server Authentication”

Thanks, Andrew

2 Bronze
2 Bronze
1122

Ok. Same as SSO for standard Windows RDP.

With Allow Default Credentials it's working. Set up the other 2 values is not needed

1122

Latest Solutions
Top Contributor