# [Server 2012] RemoteApp single sign on - login without warnings or messages desired



## CE-MvB (Aug 1, 2013)

Our server 2012 Hyper-v environment is giving some difficult time concerning our RemoteApp setup.

It seems that one of our collections is (almost) working perfectly and we can login without the expectation of several messages or warnings about .local certificates. The other collections seem to differ without giving a indication as to what could be the reason for this unique behaviour. 

First of all, the following situation is aiming at starting RDWEB from a Google Chrome browser instead of Internet Explorer. The biggest difference this gives, is downloading the .rdp connection when you click on a RemoteApp (when logged in RDWEB) as opposed to a seemingly automatic procedure (because of an Active-X plugin) where the rdgateway connection is setup right after logging in with Internet Explorer.
The reason for preferring Chrome, is so we can publish the .rdp files to our clients without having them to take an extra step in the RDWEB before opening the RemoteApp.

Long story short: everything is working pretty okay when using IE (RDWEB). Single Sign on etc, the certificate warnings don't show me a .local certificate (since we have a wildcard certificate on the rdgateway server/connection broker)
For one of the collection we're experiencing no problems or warnings. Not even when I directly open the downloaded .rdp. I get a credential question 1 time, and after this the session broker has been set-up and within 1 minute the application is starting. But this is not the case with the rest of the collections which I start directly from the downloaded .rdp. 
At a certain point I came to the conclusion the difference had to do with the Collection security settings.
I went to 'edit properties' for the collection, and on the security tab "Allow connections only from computers running Remote Desktop with Network Level Authentication" was unticked. Also the Encryption Level has been set to 'low'. At a certain point I thought changing the Encryption Level from 'Client Compatible' to 'Low' was the solution. But this is not clear since at certain point this let's me connect without a problem but most of the time I receive a question to enter the credentials and after this I also receive the following warning "The identity of the remote computer cannot be verified. The problem can occur if the remote computer is running a version of Windows that is earlier than Windows Vista, or if the remote computer is not configured to support server authentication.".

I thought this should actually be surpressed by unticking "Allow connections only from computers running Remote Desktop with Network Level Authentication"

So conclusion is: there is one collection which has not further problems. I would suggest this has to do with the server it is on. I think I can say this for sure since we tried another collection only on this server and this still gives us the result we want. As soon as I create a collection on a different server (even though this server is inside the same OU and receives the same policies), we receive multiple credential questions plus a security warning.


----------

