question

Mattias-9157 avatar image
0 Votes"
Mattias-9157 asked LeilaKong-MSFT answered

RDP logon smart card requires two pin codes with enablecredsspsupport:i:0

Hello forums!
We are working with a IT partner that have troubles on solving our RDP issue as an cry out for help i've turned to the forums.

We are looking into incorporating thin clients with smart cards into our environment.

Thin clients will start an RDP connection to our setup with no credentials supplied.
Logon window on connection broker asks for smart card pin code.
User supplies pin code.
User is routed to best terminal server.
Termanial server is now asking for the same smart card pin code.
User supplies pin code.
Logged on.

When user disconnects the session they can re-logon to the rdp without supplying double smart card pin codes.
However, when the user logged off they will get double pin codes.

I have also tested this on a PC, added enablecredsspsupport:i:0 to the rdp file. Same issue.

Our environment is:
1 RDP gateway (not used when using this as clients will be on network, no change if we enable it)
1 Connection broker
3 terminal servers.

All of them running 2019.

Any idéas?

Thanks
Best regards
Mattias




windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeilaKong-MSFT avatar image
0 Votes"
LeilaKong-MSFT answered

Hello @Mattias-9157 ,

How are things going there on this issue?
Please let me know if you would like further assistance.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeilaKong-MSFT avatar image
0 Votes"
LeilaKong-MSFT answered

Hello @Mattias-9157 ,

Is there any progress on your side? You may also open a ticket to Microsoft for further professional help:
https://support.microsoft.com/en-us/help/4341255/support-for-busines

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Mattias-9157 avatar image
0 Votes"
Mattias-9157 answered
  1. Never worked.

  2. See above.

  3. Still exists.

  4. Many certs, need to check them. Will get back on this matter.

Also did try and logon using username and password. Get the same issue. Double logon, only when i use the enablecredsspsupport:i:0. If you remove this and connect it gets passed.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeilaKong-MSFT avatar image
0 Votes"
LeilaKong-MSFT answered

Hello @Mattias-9157 ,

1.When did this issue occur?
2.Please enter command "get-hotfix" in Powershell to check if any patch is installed before the issue occurs;
3.If trying to connect to the session host from internal network without rdcb and rdgateway, will the issue still exist?
4.Check if the personal certificate expires in rdcb and rdgateway:

90171-personal-certificate.png



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Mattias-9157 avatar image
0 Votes"
Mattias-9157 answered

Thank you for the links. I've already read them but i can't find any topics on this particular issue.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeilaKong-MSFT avatar image
0 Votes"
LeilaKong-MSFT answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.