Double login with Microsoft account locked pc.

[redpoisonv3]

Found a bug? - We would like to help you and smash the bug away.

1. Please don't "report" questions as bugs. For these (questions/build instructions/...) please use one of the following means of contact:
   • We are reachable via:
   • Matrix room : #FreeRDP:matrix.org (main)
   • XMPP channel: #FreeRDP#matrix.org@matrix.org (bridged)
   • IRC channel : #freerdp @ irc.oftc.net (bridged)
   • We are reachable via mailing list freerdp-devel@lists.sourceforge.net
   • Try our mailing list for discussions/questions
2. Before reporting a bug have a look into our issue tracker to see if the bug was already reported and you can add some additional information.
3. If it's a new bug - create a new issue.
4. For more details see https://github.com/FreeRDP/FreeRDP/wiki/BugReporting

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:
Login to a pc via RDP that has a Microsoft account (email address), note there are two user names, one says Microsoft account name, second is other user that it attempts to login to, click on the Microsoft account name, then type in the account password to get to the windows desktop.
If the Microsoft account password is used on other user account, login will fail, due to the password being rejected.

Expected behavior
Once Microsoft email (hotmail, outlook, etc) and password login credentials are provided, during login process it should automatically select, the Microsoft account instead of other user account, which RDP uses by default when logging into a local account on windows.

Screenshots
Ill, take add attach some, when i have the chance to.

Application details

• FreeRDP version (xfreerdp /version): freerdp-1.1hp18 for ThinPro 7.1 and derivatives & Thin Linx (tlxos) FreeRDP 2.4.1
• HP T520 & HP T620 thin clients
• OS version connecting to (server side): WIndows 10/11

Environment (please complete the following information):
HP T620 & HP T520 thin clients running TLXOS (Thin Linx) 4.10.0 & HP Thin Pro 7.1.0 respectively

[akallabeth]

Ok, could you add a bit of context here?

1. Are you using xfreerdp /v:<host> ... command line or something else?
2. Are you trying to do a domain logon (e.g. Azure or however your derivative is called)
3. Does No RDP connection to WIndows 10 laptop with Office 365 credentials #5972 describe what you´re looking for?

[redpoisonv3]

so im using thin clients to connect to one headless pc with a local account and my main desktop pc which has my Microsoft account logged in, when using hp's thin pro which uses free rdp 1.1 or thin linux which uses the latest version of free rdp, when i login through wither software gui im met with a lock screen of sorts in windows, by default, on the pc that i use that has just a local account it will automatically login as other user.

When i rdp in via the thin clients into my main pc, instead of rdp using my Microsoft account login details it seems to attempt to still login as other user which seems to be some sort of default behavior for free rdp, instead of directly logging into my pc using my Microsoft account which i use by default to login to the pc, this results in me having to manually chose the Microsoft account and then typing in my password a second time in order to reach the desktop.

in other words i use my Microsoft email address and password to login then, free rdp attempts to use the default account it seems to login with to a local account called other user it fails to login, i have to hit ok on the prompt at the login screen, then i have to choose the account that has the first part of my Microsoft email address, then type my Microsoft password in that box as if im login to windows after it boots to the login screen.

[akallabeth]

can you recreate this with xfreerdp nightlies / builds from our sources, if possible form a normal debian/ubuntu/fedora machine or VM?
the thin client vendors ship modified versions and I don´t have them ready to easily test such setups (without first having to set these up).
Also, #5972 describes some things to take care of when using such accounts, did you check that?

[redpoisonv3]

see where he has other user, i have two accounts listed, for example if my email is JohnWatson@outlook.com, when i rdp in i see:

JohnwWatson
Other User

and if i click JohnWatson it will ask me for my password once i enter it then im able to reach the desktop, and use it as normal.

[akallabeth]

ok, so you are already connected via TLS?
then the client has no longer control over anything you see, everything is the remote machine doing its magic.

Do you want the correct user/domain preselected? -> #5972 lists the necessary settings/domain/...

[redpoisonv3]

im in contact with the tlxos developer team i can shoot them an email with the details and see if that works.
yes via tls which is extremely high in latency and makes it harder to use.

i noticed the thread about udp support who do i have to message to ask about the required funding so i can possibly donate for it to be implemented or has that funding goal been reached?

so the double login issue is a client side one your saying, im just trying to understand it correctly before attempting to trouble shoot, and its because its set to the wrong domain?

[redpoisonv3]

im not sure as to how its a domain issue, once ive logged in with the ms credentials in the thin client, i then have to choose the account that says (the username of the Microsoft email) when i do i then have to use my Microsoft password then im in.
unless you mean i have to set the domain to outlook.com or hotmail.com etc in order for it to reach the desktop right away?

ill try that tomorrow and see if it works, and ill read the thread.

Thank you

[akallabeth]

@redpoisonv3 the TLS connection mode does log you in straight to the desktop if the credentials are correct, but if they are wrong you get to the windows logon screen.
The referenced issue illustrates how to use the AzureAD (office 365, outlook, ...) domain credentials with freerdp.

[redpoisonv3]

Thats the first screen i get I've even set the domain to login as hotmail.com

this is the second screen when i use my Microsoft password it keeps having a fit, in not sure if the issue is because i converted the pc from a local account to a Microsoft one, originally my pc was using a local account.

the account above other user is the one i have to choose, the one with the pic to login windows, thats the new local account or the one that works with my ms password

this is what happens when i select the account with my profile pic, this is the one my ms account password works with to login

ill see if i can get some sort of output log to attach to see what's going on

[redpoisonv3]

So the issue is the only account that works is the one with my profile pic that has my full name using the methods in the thread that you linked do not work nor apply to my issue, because i cant login to other user.

Secondly the AzureAD\email@org.com with any variation doesn't work, ill attempt to disable nla to see if it works

[redpoisonv3]

with nla disabled makes no difference, is there a way to force it to login directly via the Hotmail account versus logging in via the other user account?

[akallabeth]

@redpoisonv3 did you properly escape the \ character on your command line?
the whole point is that if the credentials are correct you get logged in straight away.
(you never used NLA, you don´t get any login screen with NLA at all)

[redpoisonv3]

i haven't tested command line yet I've followed the gui based attempts first, and im just in the middle or trying terminal, azure doesn't work since im trying to connect directly to my windows based pc, ill have to double check that a pin isn't enabled for login

[redpoisonv3]

i tested command line getting a bash error event not found, so far no luck, ill have to open a separate vm on ubuntu and test that

[akallabeth]

closing this as we´ve reworked AzuerAD support. (now basics work)