TS Double login from thinclients

[dtwell99]

Hi
Currently having issues with double authentication when using wyse thin clients and ts 2008. Current setup as follows:
2 x TS Servers
1 x 2008 session broker

When session broker load balancing is enabled I always have to authenticate twice before the desktop is loaded. If I disable load balancing I only have to authenticate once to open a desktop session. I don't have any issues with vista or XP SP3 clients as they are using Single Sign On. I have spent quite a long time looking into this issue, only solution I have found is to turn of load balancing.
The wyse terminals I am using are S10's with the latest firmware which includes RDP 6.0. Has anyone come across this issue before? Is there any fix or workaround to stop the double authentication?

 

[bobej]

Hi

From what I have read the session broker should have been installed on your terminal servers having it on a seperate box even if this was a gateway would cause double logons

 

[w33mhz]

I know your exact problem. When you make a connection to a TS server (or dedicated redirector) and you are using a session broker, the server will pass your security token on to the session broker, the broker will look to see if there is a current session for that user in the database. What happens is that you get redirected with the security token, the RDP Client on the wyse doesn't know how to handle that so the token gets dropped. Very annoying issue. The work around I have found is to not use a the session broker and use a load balancing device that will handle the redirection for you.
Now it might not be the client version but something else on the thin client you state that you have version 6.0, I have found that 6.1 is needed. Even though on Microsoft's website they state that 5.2 or higher, I think they are wrong on that.

http://technet.microsoft.com/en-us/library/cc731045(WS.10).aspx

I was having the issue on my XP desktop with the 5.2 client and my thin clients with the 5.2 client will just drop the connection rather than do a double authentication.

 

[jcgmk]

Hi,

I have been having the exact same problem for ages.

After alot of research i found what w33mhz said to be true.

The Wyse thin OS doesn't actually use RDP 6 it only "Supports RDP 6 features" therefore doesn't allow the first authentication to pass through correctly.

I contacted Wyse regarding this back in April, this was their response:

"The built in session broker you are using relies on a capability that ThinOS does not currently have.

This means it is currently not supported in this configuration. I will be passing this on to product development to see If there are plans to include support for this feature."

I find it hard to believe that they would not offer such capabilities for such a standard setup of terminal services.

The way I have got round it for now is to disable the session broker but leave load balancing running. I use DNS round robin to point the farm name to each server. The only problem with that is you may get orphaned sessions. The way i got round that was to set a rule in group policy to disconnect unused sessions nearly immediately.

 

[dtwell99]

Many thanks for the replies, glad I am not the only one having this problem. Hopefully Wyse will come up with a solution for this problem soon. In the meantime I will be using NLB along with the session broker.