How to SSO into Microsoft MSTSC Native Client

How to SSO into Microsoft MSTSC Native Client

A few years ago Microsoft changed the RDP client to not allow that native client ( mstsc.exe ) to accept command line parameters for authentication along with removing the same feature from the saved .RDP file. This means that when you use the native client option in webNetwork we could no longer SSO into the back end terminal server.



Option 1

If you are connecting to a Vista, Windows 7, Windows server 2003 (latest service packs) Windows 2008 then you should be able to do the following trick to get the native client to SSO.

The following windows command line utility will store your credentials in your Microsoft Windows Credential Manager storage area. It should ONLY be used on a machine that is not a public machine and that each user has their own login and profile. The username and password is stored encrypted in special files inside the users profile directory. <profile directory>AppDataLocalMicrosoftCredntials directory. 

When logged in as the user who wants to store their username and password type the following at a command prompt: 
cmdkey /add:127.0.0.1 /user:username /pass:password 

This will store the username and password for the address 127.0.0.1 which is what the sslvpn / ts vpn webapp uses. 

If you are using a proxy webapp then you would put: 
cmdkey /add:portal.example-cloud.com /user:username /pass:password 

Replace portal.example-cloud.com with your main portal address. This will then trigger the native client to see that you are trying to connect to portal.company.com and grab your username/password.


Option 2
Use a 3rd Party utility that utilizes mstsc.exe and will pass credentials to the RDS session.

Remote Desktop Plus is a small executable that you can call with parameters.  It then calls mstsc.exe passing your chosen parameters into it.

Remote Desktop Plus can be found here:

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...
      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...
      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...
      • Related Articles

      • Microsoft native client RDP parameters

        What are the common RDP parameters for the Microsoft Native Client. Here is a sample of some RDP parameters, found in an .RDP file. An explanation of these parameters can be found at: ...
      • Launch native RDP client

        How can I have an RDP webapp launch the native client instead of the web client? RDP User Select option:  Selects the type of remote client that will be loaded at the workstation.  Web Client will load the ActiveX (for IE) or Java WebRDP (Firefox, ...
      • Debug Client Side SSO

        The default action is : document.forms[0].submit(); A way to debug is to add an Alert : alert( ’form triggered’ ); document.forms[0].submit(); ---------------------------- If inputs are in script we don’t see them when the page comes through the ...
      • Launching mstsc.exe using Slingshot and Generic TCP Proxy webApps

        Issue: The old SSLVPN RDS webApp to launch mstsc.exe no longer works after upgrading to 6.4, due to the Java plug-in going away with modern browsers, and other security enhancements. Solution: Create a set of webApps that open a TCP proxy port, and ...
      • Client side SSO errors

        The customer is getting the following errors when trying to use the client side SSO features in webNetwork for RDP / Citrix.  The first error:  The relay path of 192.168.9.29/axis/services/WebNetworkPortalService is not a valid format.  The second ...