Local domain name and Office 365 UPN problem

Discussion in 'Parallels Remote Application Server' started by BenM99, Feb 11, 2021.

  1. BenM99

    BenM99 Bit poster

    Good afternoon
    I am trialling Parallels RAS at the moment, but have hit a bit of a roadblock within our environment and have been beating my head against a brick wall trying to solve it, so I'm wondering if someone could give some help or advice.

    The problem is very similar to this old thread that I found whilst googling: https://forum.parallels.com/threads/cannot-access-app-when-upn-different-to-domain-name.346128/

    Basically - I have a number of legacy on premise apps as well as Microsoft Office (we are a Microsoft 365 site, with AD synced between our on prem AD and Microsoft; our mail is hosted off-premise) published for users. I've also published a standard desktop. Users can login to the client using their localdomain user name and password with no issues.

    Once logged into the client, those legacy apps use the users Windows login to authenticate the user. This all works fine and users can run the apps without any problems. The problem is with Outlook - when users first run Outlook as a published app, their user profile will not configure automatically so they can't use email (autoconfigure / DNS is all working correctly, I've tested that using testexchangeconnectivity.com and I have no problems autoconfiguring on staff desktops).

    If users login to the full desktop I've published, Outlook configures a profile no problem. Great, I thought, I will just have to get them to do that once and then they can use Outlook as a published app - but no. If the user logs off the full desktop and tries to run Outlook as a published app, it doesn't connect to the Microsoft 365 servers and the connectivity indicator in the bottom right of Outlook just says 'need password'.

    I theorise that the problem is related to the credentials that the Parallels gateway is passing to the RD session host. Because the credentials required for Microsoft 365 are slightly different (username@ourfqdn vs username@localdomain) authentication is failing and communications are failing.

    I don't seem to have this issue if users connect to the RD Host using direct mode, but I would much rather tunnel the connection over port 443 using Gateway SSL mode for security reasons, I'd much prefer not to open up port 3389 to the outside world.

    For reference, I've tried connecting to the RAS server in a bunch of different ways - if I use anything other than our localdomain, I can connect to the server but can't run apps (the client complains that the username and password is incorrect).

    Any ideas/suggestions?
  2. BenM99

    BenM99 Bit poster

    Forgot to mention, I've tried turning on (and off) the 'Force clients to use NetBIOS credentials' option as well as the 'use client domain if specified' and neither seems to make any difference....
  3. LGedson

    LGedson Bit poster

    You have to clear out your ambiguities in a very simple way that everyone can understand that what you want to say?
  4. BenM99

    BenM99 Bit poster

    What part of my post was ambiguous?

    Outlook works fine as part of a published desktop.
    Outlook doesn't autoconfigure a profile, and won't connect to Microsoft 365, when run as a published app.

    I realise there was a lot of background there, but thought it would save some questions.

Share This Page