MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically.
Hi I am having a problem with implmenting Network level authentication with Windows 2008 R2. For use with RDS load balancing I have a simple setup. 2 servers, which i want to load balance in an RDS farm I've setup 1 of these servers as the RDS connection broker, joined them both to a farm and then setup DNS round robin for the two servers. All works fine, connection to the farm points to either of the servers, then the load balancer kicks in and balances to the least loaded of the 2 servers. The only problem being that Network level authentication does not work, so I get prompted for a password when starting the RDP connection, then the connection hits the load balancer and i need to login to this, then when pushed to the target server I again have to login. I assume if NLA is working, it takes my first login and uses that through the chain. I have enabled the option 'Allow connection only from computers running Remote Desktop with NEtwork Level Authentication' From the RDP-Tcp Listener properties I'm using the RDP client from a 2008 server (so its a verison with NLA enabled) I've set the policy options Prompt for credentials on client computer - enabled Copnfigure server authentication for client - enabled The other policy options in remote desktop section are all set to unconfigured I do have two issues which may be effecting this I have not yet installed the licenses/license server. This is part of a larger environment build, so this will turn up in due course, would this cause it to fail ? I am having a problem with the cert part of the process, I have a CA and have created the certificate on each server, btu the certificate name matches the server, not the farm name, so it gives and error on connection. Again, would this stop the NLA, or is ti just a warning. This is very annoying as the loadbalancing part works great, but its not usable with having to do mutiple logins to get in. Any suggestions would be greatly appreciated Thanks