I was setting up a Remote Desktop Web Access environment on Windows 2008 R2 and was getting a prompt for login to the RD Session Host, even though I was using certs the whole way through and had configured it to pass through credentials. I finally found where the missing setting was. If you pull up the RD Session Host configuration on the RD Session Host, right click RDP-TCP and select properties you’ll see an option where you can select a certificate. Note that this pulls from certificates stored in the local computer certificate store, so you’ll need to ensure it’s imported there if it’s not already. Once set, and provided you have all other SSL settings properly set up, you can use the credentials used at the Remote Desktop Web Access site to get on to your RD Session Host servers, allowing a single logon for users.