10.9. Inband destination selection in RDP connections

To use inband destination selection with RDP connections, it is recommended to use PSM as a Remote Desktop Gateway (or RD Gateway). For details, see Procedure 10.7, Using PSM as a Remote Desktop Gateway.

To use inband destination selection with RDP connections without using PSM as a Remote Desktop Gateway (or RD Gateway), you must use SSL-encrypted RDP connections (see Procedure 10.4, Using SSL-encrypted RDP connections).

In the latter case, perform the following configuration on your clients:

  • On Windows Vista SP1 and newer platforms (Remote Desktop Protocol 6.1 or newer):

    Navigate to Local Group Policy Editor > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client and enable the Prompt for credentials on the client computer option in the clients. For details, see https://technet.microsoft.com/en-us/library/cc753945%28v=ws.10%29.aspx.

  • On Windows Vista and older platforms (Remote Desktop Protocol 6.0 or older):

    Configure your RDP clients to save the credentials, or make sure that the Allow me to save credentials option is selected in the RDP client.

Also, your users have to encode the address of the destination server in the username field in their client application. Since most RDP client applications limit which special characters can be used in usernames, this is not always intuitive. For the Microsoft Remote Desktop application (mstsc), note the following points:

  • Use % character to separate the fields, for example: username%my-targetserver

  • To specify the port number of the server (if it does not use the default port), use the caret ^ character, for example: username%my-targetserver^6464

  • To specify an IPv6 address, replace the colons with carets, and enclose the address in parentheses. For example, to target the ::1 IP address, use username%(^^1). To target port 6464 of the same server, use username%(^^1)^6464.