Boundary
RDP credential injection compatibility
Beta feature
Beta functionality is stable, but possibly incomplete and subject to change. We strongly discourage using beta features in production deployments of Boundary.
RDP credential injection is currently in beta. This feature is under active development and testing.
Important considerations:
- The compatibility matrix below reflects currently tested configurations.
- Additional client/target combinations are being validated and will be added regularly.
- Some functionality may change before general availability.
- Please report any issues or untested combinations through official support channels.
- Create an issue to send the Boundary team feedback about the beta.
This documentation will be updated frequently as new combinations are tested and validated.
Key takeaways for the RDP credential injection beta:
- Credential source: The initial beta only supports static credentials from Boundary's built-in static credential store or Vault's Key Value store.
- Supported authentication: Only Kerberos and NTLMv2 are supported.
- Unsupported authentication: Microsoft Entra ID, passwordless methods (Windows Hello, FIDO2), and Smart Cards are not supported.
- Transparent sessions: RDP transparent sessions on Windows clients require a custom port configuration due to a conflict with the default port
3389. Refer to Using transparent sessions with RDP on Windows for two possible workarounds. - Initial connection: Users must manually accept a self-signed certificate on their first connection to a target. Some clients prompt users for a username and password even when credential injection is in use, but Boundary ignores the entries. You can enter anything and Boundary uses the configured injected credential to authenticate to the target.
- Important configuration note: If you use the Windows RDP client and set the
connection limitto1for RDP targets it will cause all RDP connections to fail. You can leave the connection limit unset or configure a limit of 2 or higher to account for the multiple connections used by the RDP client.
How credential injection works
When users connect to RDP targets, Boundary can automatically inject credentials, preventing exposure to the end-user. This is the most secure workflow, providing a passwordless experience within the supported authentication frameworks.
Boundary retrieves credentials from a supported credential store and injects them directly into the RDP session on behalf of the user. The initial beta release only supports static credentials from Boundary's built-in static credential store or Vault's KV store. Support for the Vault LDAP Secrets Engine, is planned as a fast-follow release.
Refer to Credential injection for more information about how credential injection works in Boundary.
Supported authentication methods
As of Boundary 0.20, we only support the following traditional authentication methods for RDP targets:
- Kerberos authentication - The primary method for domain-joined Windows servers.
- NTLMv2 authentication - Used for standalone servers or as a fallback.
Note
Modern and cloud-based authentication methods are not supported at this time. This includes, but is not limited to:
- Microsoft Entra ID (formerly Azure Active Directory)
- Passwordless methods (Windows Hello, FIDO2 keys)
- Certificate-based authentication (including Smart Cards)
Known limitations
The following issues may affect RDP connections, particularly when using transparent sessions:
Concurrent transparent sessions hanging: Attempting to launch more than one concurrent transparent session for RDP will cause the Boundary desktop client to hang silently. You must fully terminate the first session before starting another.
Improper session termination: Closing the RDP client window does not always properly terminate the underlying Boundary session. This can prevent new connections and contributes to the hanging issue described above.
Transparent sessions on Windows: Transparent sessions for RDP do not work out-of-the-box on modern Windows clients (Windows 11+, Windows Server 2025) due to a port conflict. Refer to Using transparent sessions with RDP on Windows for two possible workarounds.
Error during basic settings exchange: When you connect to an RDP target using the built-in Windows Remote Desktop Connection app, it creates the following error:
rdp.handleProxy:error during basic settings exchangeThe error has no impact on the connection, it is a known issue.
Configuration requirements
Refer to the following sections for specific configuration requirements for the RDP credential injection beta.
Using transparent sessions with RDP on Windows
Due to a port conflict with the Windows Remote Desktop Connection app on modern Windows operating systems (Windows 11+, Windows Server 2025), transparent sessions fail when you use the default port (3389) to establish an RDP connection.
The port conflict is an issue even if you enable Remote Desktop.
This issue prevents users from establishing transparent sessions by entering a target alias in their RDP client.
To connect to an RDP target using a transparent session from a Windows client, you must use a custom port. Two primary workarounds are available:
- Configure a default client port: Set a custom port (e.g.,
83389) in the target's configuration within Boundary. The user must then connect by specifying this port in their RDP client (for example,my-server:83389). - Use
.rdpbookmark files: Create and distribute an.rdpfile that contains the full connection string, including the custom port for the localhost listener (for example,full address:s:localhost:51129). Bookmark files allow users to connect by simply opening the file.
Certificate handling
Boundary generates self-signed certificates for each RDP target. When users first connect to a target, they must manually accept the certificate. This is a one-time action per target for most clients, though behavior varies:
- Windows clients remember certificates across sessions.
- macOS clients require accepting certificates per alias or endpoint.
- Custom listen addresses generate certificate mismatch warnings.
Future releases may support enterprise certificate authorities for trusted certificates.
Connection limits
The Windows Remote Desktop Connection application consumes multiple connections when initiating a session.
If you set the connection limit to 1 for RDP targets it will cause all RDP connections using this client to fail. You can leave the connection limit unset or configure a limit of 2 or higher to account for the multiple connections used by the RDP client.
Network configuration
RDP credential injection has specific network requirements:
- UDP transport is disabled.
- Server redirection is not supported.
- The maximum TLS version is 1.2. TLS 1.3 is incompatible with Windows Server 2025.
Client behavior
Different RDP clients exhibit unique behaviors:
Windows Remote Desktop Connection:
- Does not prompt for credentials when Boundary injects them.
- Requires manual certificate acceptance per endpoint.
macOS Windows App:
- Prompts for credentials, but Boundary ignores the entries. Boundary uses the configured injected credential to authenticate to the target.
- Requires manual certificate acceptance per endpoint.
Compatibility status
Refer to the following sections for information about which Windows versions the beta RDP credential injection feature is compatible with.
The tables below use the following to indicate compatiblity:
- ✅: Tested and verified to be compatible.
- Pending: Validation is planned but not yet complete.
Windows Server 2025
| Client OS | Kerberos only | Kerberos + NTLMv2 (domain-joined worker) | Kerberos + NTLMv2 (non-domain worker) |
|---|---|---|---|
| Windows 11 | Pending | ✅ | Pending |
| Windows 10 | ✅ | Pending | Pending |
| macOS 15 | Pending | Pending | Pending |
| macOS 14 | Pending | Pending | Pending |
| macOS 13 | Pending | Pending | Pending |
Windows Server 2022
| Client OS | Kerberos only | Kerberos + NTLMv2 (domain-joined worker) | Kerberos + NTLMv2 (non-domain worker) |
|---|---|---|---|
| Windows 11 | ✅ | ✅ | ✅ |
| Windows 10 | ✅ | ✅ | ✅ |
| macOS 15 | Pending | ✅ | ✅ |
| macOS 14 | Pending | Pending | Pending |
| macOS 13 | Pending | Pending | Pending |
Windows Server 2019
| Client OS | Kerberos only | Kerberos + NTLMv2 (domain-joined worker) | Kerberos + NTLMv2 (non-domain worker) |
|---|---|---|---|
| Windows 11 | ✅ | ✅ | ✅ |
| Windows 10 | ✅ | ✅ | ✅ |
| macOS 15 | ✅ | ✅ | ✅ |
| macOS 14 | Pending | Pending | Pending |
| macOS 13 | Pending | Pending | Pending |
Windows Server 2016
| Client OS | Kerberos only | Kerberos + NTLMv2 (domain-joined worker) | Kerberos + NTLMv2 (non-domain worker) |
|---|---|---|---|
| Windows 11 | Pending | ✅ | ✅ |
| Windows 10 | ✅ | ✅ | Pending |
| macOS 15 | ✅ | ✅ | ✅ |
| macOS 14 | Pending | Pending | Pending |
| macOS 13 | Pending | Pending | Pending |
Quick troubleshooting and FAQ
Q: Can I use credentials from my Vault LDAP engine or Active Directory for this feature?
A: Not yet. The initial beta only supports credentials stored in Boundary's static credential store and the Vault K/V store. Support for the Vault LDAP Secrets Engine is a high-priority addition planned for a fast-follow release.
Q: Why am I getting a certificate warning when I connect?
A: This is expected behavior. Boundary generates a self-signed certificate for each RDP target. You must accept this certificate on your first connection.
Q: My connection is failing immediately. What should I check first?
A: Check the connection limit on your target. It cannot be set to 1. Leave it unset, or set it to 2 or higher.
Q: Why can't I connect to my RDP transparent session on Windows by just using its name?
A: Modern Windows versions block local applications from using the default RDP port (3389). You must use a workaround, such as connecting to a custom port or using a pre-configured .rdp file. Refer to Using transparent sessions with RDP on Windows.
Q: My desktop client hung after I tried to open a second RDP session. What do I do?
A: This is a known issue. The client currently does not support more than one concurrent RDP transparent session. You must ensure your first session is completely terminated before starting a new one.
Q: Does this work with servers that require Entra ID login?
A: No. At this time, only servers using traditional Kerberos or NTLMv2 authentication are supported.
Q: The macOS RDP client is asking for a password. Is injection not working?
A: This is a known behavior of the macOS client. You can leave the password field blank and proceed; Boundary will still inject the correct credentials in the background.
More information
For more information about how Boundary manages credentials, refer to Credentials in Boundary.