Share via

Remote Desktop Gateway credential repeatedly deleted

Brian Hart 296 Reputation points
2021-02-04T19:14:25.873+00:00

I have been running RD Gateway connections to multiple clients for years. I always check the box to save credentials, and there has always been a persistent entry for gateway.MyCustomerDomain.com in Windows Credentials. I upgraded from Windows 7 to Windows 10 last week, and the saved credentials continued to work until there was a network interruption--and then it deleted those credentials.

I live in a rural area and lose my connection periodically when DSL renegotiates and IP address or otherwise has a hiccup. Things have always reconnected smoothly, though, until a couple of days ago.

Now, as soon as I am disconnected, the system still attempts to auto-reconnect, but if that fails because the connection is out long enough for it to time out, the next time i try to logon, the RD Gateway prompts me for credentials--with no option to save them. This has happened a half-dozen times since my upgrade to Windows 10 (and all post-upgrade updates) last week

So I went directly into the credential manager, and entered the gateway address and credentials. That worked for a day; I was no longer prompted for RDG credentials. But upon the next interrupted network connection, it again deleted the entry.

What in the world is auto-deleting credentials here? That should never happen. How can I prevent those credentials from being deleted like this?

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,694 questions

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jenny Yan-MSFT 9,341 Reputation points
    2021-02-05T05:46:21.27+00:00

    Hi,
    1.the other RDG credentials for my other clients show Persistence: Local Computer, but this one shows Persistence: Enterprise
    Could you please share the screenshot of the mentioned properties? Please also confirm how did you start the remote connection with RD gateway.

    2.Please also check if the "RD Gateway authentication method" has been well configured.
    User Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ RD Gateway

    Set RD Gateway authentication method Enabled
    Use locally logged-on credentials

    Supposed to have screenshot like this if GPO has successfully applied when you open advanced via mstsc.
    64403-image.png

    3.Please also confirm if other credentials works well, otherwise check the suggestion below for credential manager doesn't save passwords.
    https://social.technet.microsoft.com/Forums/azure/en-US/4cd4b767-416d-4268-aae9-a891f50e591d/credential-manager-wont-store-password-after-reboot?forum=w7itproui

    Hope this helps and please help to accept as Answer if the response is useful.

    Thanks,
    Jenny

    0 comments
  2. Brian Hart 296 Reputation points
    2021-02-05T07:05:26.793+00:00

    I should have clarified that I have been managing small business corporate networks for the last 20+ years, including ActiveDirectory domains and Remote Desktop (including Gateway) as those features became available. So my computer is not a member of any of my client's AD domains to which I am connecting, and I must use credentials of an AD account on the target domain (an account that I created but that does not exist on my computer). I have no option to use currently logged-on credentials, only "Ask for password" , "Allow me to select later", and "Smart Card or Windows Hello for Business". I have always used "Ask for password" for all my clients. See attached screen shot of how they look.

    64289-rdg.png

    The problem is not that the credential manager does not save passwords. It has been saving them for years. The credentials for each of the several RDGs at different domains were saved when I first logged onto the RD station via the RDG, some of them years ago. I was prompted for RDG credentials, I entered them, they were saved, and I have never had to enter them again. They all continued to work even after my upgrade from Windows 7 to Windows 10. And all the previously-saved ones indicate "Persistence: Local computer" in my Credential Manager.

    64416-windowscredential.png

    The problem began when I had a short internet outage that caused me to lose an open RDG connection after my Windows 7→10 upgrade. When I attempted to reconnect to that particular RDG, I was prompted to enter RDG credentials, with no option to save. I entered the credentials and connected.

    But that made me curious, and I went here: Control Panel → User Accounts → Manage Your Credentials → Windows Credentials. For the record, I have never had to go here in all the years I used Windows 7 to manage these RDG connections; as noted above, I just ticked the box to save the password when I logged in the first time, and I never had to enter them again.

    But this time, I could see that the particular domain RDG was no longer there, whereas the other domain RDGs were still there. So I added the missing one manually here. That is when I saw that the others all say Persistence: Local computer, but the newly-manually-recreated one shows Persistence: Enterprise. Then I have had inconsistent results the last couple of days. Sometimes, the saved credential allows me to connect to a computer/server behind the RDG without a problem, and sometimes I am prompted--and then find that the credential is one again missing from the Credential Manager.

    So I tested my theory with one of my other clients. I had existing RDG credentials stored that looked like this:

    Internet or network address: gateway.Client#1Domain.com
    User name: MyClientADDomain\MyClientADUsername
    Password: ****** (password of AD user above)
    Persistence: Local computer

    I was connecting simply by double-clicking my .rdp file that also has a TERMSRV/ADComputerName credential saved for the AD workstation logon behind the RDG. I then deleted the credential for this domain. On next connection attempt, I was prompted for RDG credentials. After supplying them (no option to save), I was connected. I logged back off, then went and added it manually as above, except that Windows 10 automatically set Persistence: to Enterprise instead of Local computer. Next logon worked without asking for credentials, but after logoff, Windows deleted the just-entered saved credentials.

    How do I get back my pre-Windows 10 ability to store domain-based RDG credentials on my non-domain computer? This is fairly critical, since I log on and off these systems all day every day, and it has already taken me several hours lost work time just trying to troubleshoot this and get it working properly again.

    0 comments
  3. Andy YOU 3,076 Reputation points
    2021-02-08T03:43:04.533+00:00

    HI

    1. did you try to use "StoredCredential" related powershell command to change the "persist" type from enterprise to localmachine ?
      we need to run powershell as admin and enter below powershell command.
      for example:
      (1)
      Install-Module -Name CredentialManager
      (2)
      New-StoredCredential -Target Test -UserName u1 -Password u123456! -Comment "test" -Persist localmachine
      the result picture like below

    65119-9.png

    0 comments
  4. Brian Hart 296 Reputation points
    2021-02-08T12:35:24.543+00:00

    I did try many different permutations of New-StoredCredential in PowerShell for several different servers, using both LocalComputer & Enterprise persistence. There is no difference; in each case, the newly-created credential does not allow me to log onto the Remote Desktop Gateway without manually entering my credentials at connection time, and the credential entered through PowerShell does not show up in the Credential Manager

    I thought at first that it was simply failing to create the new credential, so I ran Remove-StoredCredential. That gave no error message, so I ran it again, and this time it notified me that I was trying to remove nonexistent credential.

    So I know three things regarding creating credentials via PowerShell

    1. It does save credentials somewhere
    2. They do not work to avoid realtime manual entry
    3. They do not show up in the Credential Manager

    The only way I can get this to work is to add the credential manually in the Credential Manager, and that is always Enterprise persistence. Then the credentials work, allowing me to log on via RD Gateway without entering credentials, but the credentials are being auto-deleted under some circumstance; I think it may be when I lose my connection to to internet interruption.

    I never had a credential be automatically deleted in the five or six years I have been using this computer on Windows 7; it is only upon upgrade to Windows 10 that this became a problem, and the problem appeared within two or three days of the time I upgraded. I have noticed before that at least some of my clients' various Windows 10 computers do not offer to save RD Gateway credentials when entered while connecting, but I have never tried to figure out why, and I am not sure if it is all or just some of them.

    But I desperately need this to work correctly; I am losing too much work time trying to fix this, and it interferes heavily with my ability to do tech support for my clients when they call by slowing me down as I have to look up and re-enter credentials.

    0 comments
  5. Brian Hart 296 Reputation points
    2021-02-13T23:41:54.217+00:00

    Well, at least I have a bit more information now. I had been using .rdp files that were in existence from when this computer was a Windows 7 computer before upgrading to Windows 10. I started from scratch by running mstsc, then entering all the information. Oddly enough, it seemed that my RD Gateway credentials were still stored, and I eventually found another RD Gateway credential, along with a few others, under "Generic Credentials" when I scrolled down past my 100+ Windows Credentials to the Generic Credentials section. This one was marked persistence Local computer, not Enterprise

    After some further experimentation, including comparing old & new .rdp files in a text editor, I found two things:

    1. RDP continued to recognize stored RD Gateway credentials even after Advanced → Settings and deleting the RD Gateway credentials until I deleted the Generic credential. Then Advanced → Settings showed no saved RD Gateway credentials. I still got no checkbox to save RD Gateway credentials, but when I re-entered them as Generic Credentials, I can at least connect without any prompt. It remains to be seen whether this credential also will be auto-deleted.
    2. The old .rdp file stores a line item with the RD workstation/server name, but the new one does not, and when I edited a copy of the old .rdp file to remove this, then it worked without prompting. The RD server credentials are stored in their own TERMSRV/ServerName generic credential.

    I am not yet confident that I have found the complete answer, but I may have a workaround that will work for me by re-creating all my .rdp files manually in Windows 10.

    However, the biggest question on behalf of my users still remains: why, unlike Windows 7, are they not presented with a checkbox to save RD Gateway credentials in Windows 10? If that is just Windows 10 behavior by design, it is a bad idea, but at least I can quit trying to fix it. If it takes some complex GPO, that is also a bad idea, since I have to explain this to 50+ remote users that all use RD Gateway connections from their non-domain home computers to office computers.

    that the old .rdp file stores the

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.