How to disable Single Sign On(SSO) while using RDP Proxy feature of Netscaler Gateway.
Article ID: CTX208324
Updated On:
Description
By default, the Netscaler tries to do SSO to RDP server. If the backend RDP server is in different domain, then the Single Sign On(SSO) credentials won't work.
In such cases, the Netscaler doesn't send a prompt to user for entering the credentials manually, due to which the RDP connection fails.
Resolution
The SSO to RDP server can be disabled, so that the user is prompted for credentials. This can be achieved by adding the following policy and binding it to the Netscaler gateway.
Once configured, the SSO will be disabled and the user will be prompted for authentication.
Cli Command :
add vpn trafficAction t_act1 http -SSO OFF
add vpn trafficPolicy t_pol1 "REQ.HTTP.URL CONTAINS rdpproxy" t_act1
bind vpn vs -policy t_pol1
Note - Netscaler firmware must be running 11.0-64.34 and above to support the above configuration
Problem Cause
By default, Netscaler attempts to do the SSO for the RDP Servers with the cached credentials.
Issue/Introduction
While doing the RDP via Netscaler Gateway, it fails with the error "Remote Desktop can't connect to remote desktop"
Additional Information
Customer's might run into one more issue if they disable SSO as mentioned in article above. Please refer the below article for further confirmation and troubleshooting:
http://support.citrix.com/article/CTX207025
Note: RDP Proxy with SSO is not tested / Supported on Win2008.On Windows based OS Win2008R2 / Win 7 / 8 /10 this has been Tested.
RDP Proxy - https://docs.netscaler.com/en-us/netscaler-gateway/current-release/rdp-proxy.html
