Windows Hello causes Rdp access from jump server to windows server takes very long to connect (more than 5 minutes)
Article ID: 420326
Updated On:
Products
Issue/Introduction
Running rdp access to a Windows jump server from PAM Client, on this desktop there is Windows Hello installed
From the jump server you launch mstsc remote windows and it takes 5 minutes or more for the login
Without 'Windows Hello' it works well, immediate connection without delay
Environment
PAM all versions
Target Devices windows 2019, win2016, win2022 (in all windows target devices get same results)
Windows Hello in User laptops and desktops, NOT on jump server NOT on target server.
Cause
Microsoft debugger has identified that the long delay occurred when the Credential UI Manager is trying to authenticate with Windows Hello for Business and smart card service during the RDP connection. These attempts would timeout and failed, and the Credential UI manager would then use passwords to authenticate and connect successfully.
Resolution
Disabling the smart card redirection in the group policy, it resolved the problem. So the following steps can be used as a workaround for this.
This steps to configure the group policy must be done in the jump server :
1. Run gpedit.msc as administrator.
2. Navigate to Local Group Policy, Computer Configuration, Administrative Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Device and Resource Redirection.
3. Double click Do not allow smart card device redirection.
4. Select Enabled. Click OK.
5. Open and run a command window as administrator.
6. Run the command: gpupdate /force
Feedback
