RDP with SSO to WinXP client via APM

We found out two things:

 

1. Using APM Webtop via Firefox will not pass anything towards the RDP server. with IE at least username and password are filled in correctly to the logon mask. But as the domain is missing, I got an error message, that I should if check username and domain is correct.

    

2. Then I tried this variable assignment:

    

   session.logon.last.username = [concat "f5-lab.local\[mcget {session.logon.last.username}]" ]

    

   But this is also not working. Is this syntax correct?

    

Or do someone have any other idea, especially how to enable the domain field on the WinXP logon prompt (although the PC is successfully joined to the domain)?

 

Thank you!

 

Ciao Stefan :)

 

Stefan, use IE if this one is able to push username and password. The good method is the first one, not the second with the concat.

 

So, when the webtop is presented, before clicking on the RDP icon, check your session variables. I suppose the session.logon.last.domain is not set correctly.

 

Please check :

 

• In my previous message, that your RDP auto-logon is enable with the 3 session variables
• On the logon page, add the domain field in order to set the session.logon.last.domain variable. Or you can assign the variable manually (see Kevin's message)
• Before clicking on the RDP object, check the session variables (sessiondump --allkeys or in the GUI with the report in APM).

Show me your session variables.

 

Hi Matthieu,

 

I hope this is what you are looking for:

 

Thanks for any additional idea or help!

 

Ciao Stefan :)

 

Hi Matthieu,

 

tried it again with just "f5-lab", but it's still not working :(

 

Anything further I can check?

 

Thank you!

 

Ciao Stefan :)

 

If you disable auto-logon in your RDP APM configuration, you will be prompted for login and password. Check if you are allowed to use RDP :)

 

So disable Auto-logon. Connect to your webtop, click on the RDP object. Try f5-lab\sklotz and enter your password. Let me know if you are able to connect.

 

Doesn't matter if I have auto-logon enabled or not, when I get the logon mask I only can login with "f5-lab\sklotz" or "f5-lab.local\sklotz" as username. That's why I was looking for the correct solution how to rewrite the username variable with "domain\username". I'm pretty sure this will work. So what's the correct syntax for the variable assignment?

 

Thank you!

 

Ciao Stefan :)

 

session.logon.last.usernameconcat = expr { [concat "[mcget {session.logon.last.domain}]\[mcget {session.logon.last.username}]" ] }

 

If I requested you to test without autologon, it was to check with you if you were able to connect anyway.

 

You need to specify the right variable in your RDP object.

 

Ciao Matt

 

Hi Matthieu,

 

that seems to be pretty strange, if I'm using your mentioned expr I'm getting the following filled into the RDP logon mask (also shown this way in the APM report):

 

f5-lab.local[mcget {session.logon.last.username}]

 

So the single "\" needs to be escaped with a second one. But when doing this the variable will be correctly shown in the APM report as "f5-lab.local\sklotz", but on the RDP logon mask it's again just "sklotz". Means using the wrong syntax it will be filled in correctly, but with the correct one, just the username will be filled. That's really annoying. Any more ideas?

 

Thank you!

 

Ciao Stefan :)

 

Hi again,

 

there is also another discussion here in the forum about the same primary question, how to combine to variables within the APM policy editor.

 

Right now I'm using this syntax:

 

session.logon.last.username = expr { "f5-lab.local\[mcget {session.logon.last.username}]" }

 

But it seems there are several other methods out there, which at least fill in the session variable correctly. But NONE of these methods will parse it to the WinXP logon mask. I'm using the following order in the VPE:

 

Logon Page -> LDAP Auth -> Variable Assign -> Resource Assign -> Webtop and Links Assign

 

I hope there isn't a mistake on that level. So please let me know if you have any further idea.

 

Thank you!

 

Ciao Stefan :)