question

PetRich avatar image
0 Votes"
PetRich asked ·

Windows Defender Remote Credential Guard - SSO on client machine not remote host not working when credential guard on remote client is active

Surface 4 Pro Client (machine A) can connect via mstsc /remoteguard to (machine B) without entering passwords (SSO).

Inside of machine the file shares of Machine C should be accessed:

  1. Secure Boot disabled (meaning Credential Guard disabled) on machine A --> Successfully SSO connect via mstsc /remoteguard to (machine B) and inside machine B successfully opening of file shares.

  2. Secure Boot enabled (meaning Credential Guard enabled) on machine A --> Successfully SSO connect via mstsc /remoteguard to (machine B) BUT inside machine B error messages opening of file shares. "No domain controller found" (misleading) error message.

Any helpful ideas or troubleshooting steps out there?

I'm collecting experiences for an greater rollout here.






windows-10-security
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
 
Just want to confirm the current situations.
 
Please feel free to let us know if you need further assistance.
 
Best Regards,
Sunny

0 Votes 0 ·
SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered ·

Hi,

Thanks for posting in Q&A platform.

Before we go further, could you please help to describe and provide more details about your environment?

Is there any related error message or event log on DC or server? If yes, please help provide for further troubleshooting.

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PetRich avatar image
0 Votes"
PetRich answered ·

Hi Sunny,

I described as much needed to make the environment as simple as possible to avoid wrong directions.

So I would need a starting point for troubleshooting or at least a known bug report, because "Connect to other systems using SSO" isn't working in "Windows Defender Remote Credential Guard" in combination with "Device Guard enabled".

SSO works, when "Device Guard" = disabled.
SSO doesn't work, when "Device Guard" = enabled.


https://docs.microsoft.com/en-us/windows/security/identity-protection/remote-credential-guard

It is documented in this picture:

72522-image.png



image.png (42.1 KiB)
· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This is a quick note to let you know that I am currently performing research on this issue and will get back to you as soon as possible. I appreciate your patience.
If you have any updates during this process, please feel free to let me know.

0 Votes 0 ·