Jim Kell

Microsoft releases Remote Desktop Connection 6.0 (Download Squad)

Dec 4th 2006 9:40AM DOUBLE LOGON PROMPTS

http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=979744&SiteID=17

I can confirm that the double login occurs; but I believe I know why, as I have tested again two Windows Server 2003 systems: one requiring a "double login" and the other not.

This issue appears to occurs if you have defined the "Always prompt client for password upon connection" via the Group Policy Object Editor. This setting is located under the Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Encryption and Security node.

Normally, this setting would prevent someone from automatically gaining access by launch an RDP profile (pre 6.0) with a saved password. With 6.0, Microsoft eliminated this security hole, but now they've turned the authentication process into two-step process, with the client merely collecting the credentials (prior to connection) and passing it on to the server (upon connection). This is where the problem occurs. That first login prompt is before you even connect -- after which point the above defined policy kicks, the client is not allowed use preestablished credentials, and the server interrogates you for a user name and password.

Note: you can always ignore the first login and simply click "OK", as you will be prompted to login by the target server, provided that you have left the "Server Authentication" option (on the RDP client Advanced tab) at "Always connect, even if authentication fails"

I hope Microsoft does something about this -- especially since the client always adds additional information to the login name (i.e. username becomes server\username) when one goes to connect using the saved user name from the drop-down list, thereby causing authentication to fail.