[MS-CSSP] - Remote Credential Guard - How to RPC marshall the KERB_TICKET_LOGON structure RRS feed

  • Question

  • Hi,

    I am implementing the Remote Credential Guard as per the spec [MS-CSSP].

    In TSRequest --> TSCredentials --> TSRemoteGuardCreds --> TSRemoteGuardPackageCred structure, credBuffer should have Kerberos credentials which are RPC marshalled KERB_TICKET_LOGON structure.

    My problem is in marshaling the KERB_TICKET_LOGON structure. When I marshal the structure and pass it to server, Windows server is not accepting the request. The same is documented by Microsoft @ https://docplayer.net/91815662-What-i-expect-you-to-already-know.html

    I would like to know the IDL for KERB_TICKET_LOGON structure so that I can send the data in a correct format.

    I have following questions:

    1. Do I need to call htonl() for Flags, ServiceTicketLength, TicketGrantingTicketLength and then serialize the structure?
    2. Is it required to covert  KERB_LOGON_STRUCTURE to ASN.1 format and send it to server. if that is the case, can you please tell me the ASN.1 types

    Can you please help?



    Friday, March 27, 2020 2:31 AM

All replies

  • Hi Ramanujam,

    Thank you for your question. One of the Open Specifications support team members will reply shortly to assist you with this issue.

    HungChun Yu (MSFT)

    Friday, March 27, 2020 4:55 PM
  • Hi Ramanujam:

    I'll help you with this issue.

    Do you already have a working RDP client implemented that can successfully use CredSSP without Remote Credentials Guard?

    Regards, Obaid Farooqi

    Friday, March 27, 2020 6:42 PM
  • Yes. We already have RDP client without RCG and it works fine.

    We are extending the RDP Client to RCG and Dync VC RDEARP instead of passing UserNAme, PAssword and Domain to achieve Single Sign On.

    We are struck at RCG and Dync VC RDEARP is not invoked. Even though  we pass the RCG as per the spec, Windows login screen is prompting for a password

    Saturday, March 28, 2020 12:51 AM
  • forum update


    I am working with this customer off-line. Resolution will be posted here when reached.

    Regards, Obaid Farooqi

    Tuesday, March 31, 2020 4:48 PM
  • Forum update:

    This issue is resolved. Future releases of MS-CSSP and MS-RDPEAR will be modified to include details that resulted from this issue.

    If anyone is implementing MS-CSSP/MS-RDPEAR or any other open specification found at https://docs.microsoft.com/en-us/openspecs/ please feel free to contact us at dochelp at Microsoft dot com.

    Regards, Obaid Farooqi

    Thursday, May 7, 2020 4:42 PM