waveslesno.blogg.se - Windows 10 sign in twice

I have everything set up from the article you posted except the Trusted Zones stuff and the Cert Thumbprints. Happy to post logs (ran out of time for now) Ideas would be greatly appreciated!!!! I'm certain it's something to do with (NULL)\DOMAIN\username. So has to be something the gateway is doing. It prompts the second time for direct auth to the session host as expected, and DOMAIN\username works.

Turned off "Use my RD Gateway credentials for the remote computer" in the app from remote access.

And checked that the client computer has this set to "Not defined".

Set "NTLMv2 only" in LAN manager authentication level across the domain.

Set "always prompt for password" to disabled on session host.

(will tighten security on this once works)

Add TERMSRV/*.domain.local and TERMSRV/*.uk in "allow delegating default credentials" and the NTLM-only version in the local policy on the gateway.

Built a new session host and connection as different session collection.

I might be looking at the wrong thing, but I've tried everything else I can think of, including: The Security log seems to state A logon was attempted using explicit credentials"in relation to the successful login but nothing about the first unsuccessful. Using the email address, not much is in the netlogon.log. The event logs and netlogon.log, when enabled, on the session host show that when logging in with DOMAIN\username the username is (NULL)\DOMAIN\username the first two times then changes to DOMAIN\username for the third. The event logs on the gateway state that the user is successfully redirected to the session host. So two prompts with an email address and three with DOMAIN\username. In the email address and run with DOMAIN\username you will get one more credential request which, once details are entered, will let you in, although sometimes it doesn't. If you type in the email address again it will often go straight in. When they run the connection app from webaccess it will prompt a second time for credentials.

Clients can log into webaccess with their email address (account in DC).