Connection Broker Redirection – RDS 2012


In the previous version of RDS 2008 R2 the redirection servers were RDSH servers. In server 2012 this has now changed from RDSH to the RDCB servers.

To configure Redirection you need to add the following Registry key to the connection broker.

HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\ClusterSettings
DefaultTsvUrl  tsv://VMResource.1.Virtualpool1

Redirection RDS2012

Once you configure the RDCB server or Cluster, you would need to use the following to connect to the server. Otherwise the server will redirect you to the configured VDI pool.

MSTSC

MSTSC /admin

49 thoughts on “Connection Broker Redirection – RDS 2012

    1. MS do not support this. You would need to look at using RDP files to Redirect to multiple pools. There are few articles on TechNet surrounding redirection.

      I have only tested this on a highly available connection broker Farm, but I am currently looking into ways round this.

  1. Most of the articles I’ve found are on Server 2008 r2. We’re getting setup for RDS 2012 and want to have thin clients redirected to different pools depending on department. Because they are thin clients the RDWeb isn’t an option.
    Is this even an option with RDS 2012 or should we look at other solutions?

      1. “You can use redirection using a Connection Broker but there are limitations: you can only redirect to one VDI pool if you have a Highly Available Connection Broker configuration.”
        What if we’re not using HA?

      2. you could try and create a connection broker per VDI pool but then you would be wasting Resources, Storage and licensing.

        VDI pool RDP files can be used on Thin clients to achieve the same end result as Redirection.

        “Removal of a dedicated RD Session Host server running in redirection mode. We have removed the RD Session Host server running in Redirection mode which was a required component in previous versions. This functionality is now incorporated into the RD Connection Broker. This reduces the number of components to deploy and manage.” http://blogs.technet.com/b/windowsserver/archive/2012/05/09/windows-server-2012-remote-desktop-services-rds.aspx?PageIndex=2

      1. Very well,
        Is it possible to have a VM use more than one audio source from the connecting computer?
        For example. Have most sounds go to a headset, but a few specific sounds use the speakers. The software can select different devices but in the VM it only shows the “remote audio device”

      2. Hi,

        Just to confirm, You have a VM that your client PC connects to. Once you connect to the VM sound is redirected from the VM to the clients audio interface. If i am correct in what you are asking, are you wanting to use multiple audio devices through the VM ?

        I have seen a P&P audio device connect to RDS using remote FX.

        Best Regards,

  2. Hi Ryan Mangan,
    I have a demo with a customer, they have the Zero client with RDP7 support. I have installed successfully Virtual Desktop pool and I could remote the virtual desktop through Web access. But in Windows 2012 i can’t find the redirection mode for RDP. So i just do what you said in this post but i cannot remote to the Virtual Desktop, also with the RDCB server. Can you explain for me the regestry key parameter: tsv://VMResource.1.Virtualpool1 with my pool name is HiPT-Win7 and the server host name is web.testmedia.com

    Thanks and best regard!
    Hiep-TH

    1. Hi,

      you need to configure redirection mode from the registry on the connection brokers to allow the redirection of clients to Desktop pools.Configure the client device with the FQDN of the connection broker (configured with redirection).

      Point to note: once configured you will need to access the connection broker via mstsc /admin otherwise you will be redirected to a Virtual desktop.

      how it works:

      Client connects to the FQDN of the connection broker
      Connection broker is configured with redirection — redirects to the pool name of the Desktop Pool
      Client is then presented with a Virtual desktop.

      Best Regards,

      1. Do we need DNS records for the pool name? Was thinking broker could send to different rdsh servers in the one pool.

  3. Hi, I have a multi homed RDS server that has the connection broker installed. Is there a way to configure which interface IP the connection broker uses to request the clinet to conect to a specific RDSH machine?

    Thanks
    Ian..

      1. H Ryan,

        We have a firewall management system, that is a pair of 2012 RDSH servers that engineers run firefox as a remote app from, which is also the NPS server that the firewall radius authentication is performed on. Not all users have windows machine and therefore some users need to RDP directly to the boxes. These servers are on our management network and also have a FE nic that the inbound RDS traffic comes from. Because the servers are behind a nat firewall, I have the public IP as a secondary IP on the FE nic. Therefore the servers have 10.20.nn.nn and 62.nn.nn.nn on the fe nic and 172.20.nn.nn on the backend nic. When I look at the connection broker logs in the event viewer, it show all 3 IPs in the connection IP list. I was looking for a way of telling the connection broker to only worry about the IPs on the FE nic.

        Thanks
        Ian…

      2. I will need to look into this as its an unusual request, Are you saying that you only want the RDCB to listen on the 62.and 10.20 ip ranges.

        I would say that you would need to create ACLs or routes if I understand you correctly.

        I will get back you shortly.

        Best Regards,

      3. Hi Ryan, Thats what i am after. On server 2008 R2 you could specify which interface that the connection broker should broker connections on, so it would only give out the addresses on that interface. It still did not fix the issue with having to put the servers public address on the interface as an additional IP address because of the nat firewall, but thats another story.

        Thanks
        Ian…

  4. Hello Ryan,

    I hope you can help me in this “Redirect Topic” too.
    My Environment is based on a VMWare Cluster.
    Server 1: RDS Connection Broker
    Server 2: Collection with Remotedesktop – Session Host
    Server 3: Collection with RemoteApp – Session Host.

    I can only connect to the remote Desktop via https://…./rdweb when I try to open a Remote Desktop Session via MSTSC to Server 1 a Remote Desktop Session is created on Server on but not redirected to Server 2.

    Will your solution help in here?
    Thank you very much for your help, as I am tying to find a solution for Long..

    Sebastian

    1. Hi Sebastian,

      Can you connect to host directly ?

      Download the RDP file from the rdweb site and try this.

      the redirection shown in this article is for VDI pools as you can connect to session servers directly.

      Can you provide some more detail on what you want to achieve

      Best Regards,

      1. Hi Ryan,
        as I understand the connection broker should manage the connection between clients and multiple session hosts.
        I would like my users to use a one click single sign on icon on their desktop they can use to connect to their remote desktop or use the RDWeb if they are out of the office. I do not want to create a customized RDP file for each user where I decide which Session Host has to be used, as there is the possiblity of maintenance work on a session host and in this case the connection broker should choose another server (here in my lab I use only one for testing) session host.
        I hope I explained this good now?

        Connecting the Session Host for Remote Desktop directly is working fine as well – sorry, did not mentioned that in my previous post but as explained above I want the connection broker to decide which Session Host is available.

        Thanks again.
        Sebastian

      2. Hi Sebastian,

        I would recommend using the RDS RSS Feed: https://ryanmangansitblog.wordpress.com/?s=rds+feed for what you are trying to achieve, or point your users to the Session server. You can deploy the RDP file via Group policy. I would recommend using group policy preferences (Deploying Shortcuts, Files and Folders) or if you use SCCM, this is also a great way of updating the RDP file. if you are wanting a RDSH HA create a Farm and this will resolve your issue with regards to down time.

        Best Regards,

  5. Hi Ryan,
    thank you for your advice which I will consider.
    But I can still not understand why RemoteApp works fine, Remotedeskop not. Maybe you will find time to explain that to me?
    Best regards.

    1. Dear Sebastian,

      can you launch a remote desktop from the RDWeb site ? If So Remote sessions work. Is there a problem when you open a remote session from RDweb and it fails to redirect to to the session server ? You dont need to point the clients towards the connection broker to establish sessions, this is only when you have a VDI redirection. Have you tried to connect using test clients to the session host directly. From the sounds of things you need to use a RDP file.

      How are you connecting to the RemoteApp’s ?

      I am having difficulty understanding what your issue is. Are you saying that you cannot connect to the remote session server at all or are you wanting to know how the connection broker works ? Please can you provide some clear details.

      1. Hi Ryan,

        seems like my way of thinking was a little bit old.
        Still when I use Remote Desktop Connections are opend on the Connection Broker.
        But using the RDWeb or RDWeb/Feed everything is fine and actually much more comfortable for the users and Administrators.
        Thank you for opening my eyes.

        Best regards,
        Sebastian

  6. Hi Ryan,

    I have a VDI pool setup working great however I am confused about the SSL certificates required. It looks like when I connect to my RD connection broker using either mstsc or a thin client, it warns about the certificate for the RDS server (rds.ad.domainname.org) and then after I continue it also warns me about the actual virtual machine (I.e. VM-0.ad.domainname.org). Other than the warnings about not having a trusted certificate, I can connect to the virtual desktops just fine.

    Does a wildcard cert solve this issue? I find no place to install the certificate for the actual virtual machines, only the RDCB, RDWA, etc.

    Great stuff. I always seem to find your articles in Google searches.

    Thanks,

    Mike

    1. Hi mike,

      You could import a wild card onto the gold master. You would need to import the certificate into the local computer container and I would also recommend running the wmi script to change the computer default certificate. Like you would on a rdsh server.

      You could also use custom rdp properties to remove the warning, and you can also disable warnings using but it could be considered a security risk.

      Best regards

      1. Oh so import a wildcard cert into the Windows 7 master gold image? I never thought of that! Will that get rid of the actual VM warning?

        I was also toying with that idea to remove the warning checkbox, but not a good idea from a security standpoint.

        Thanks again!

  7. Hi Ryan,

    I have read most of your posts related to RDS configurations.

    I have configured standard RDS session based deployment recently on 2012 R2 servers
    Everything is working as expected
    The setup has TWO RD Session host, 1 Session Broker, one RD Web access and one RD Gateway
    I have created 2 DNS records named Rdsfarm.domain.com for my RDS1 and RDS2 servers and if I connect to this rdsfarm.domain.com with RDP from TS clients, i am able to connect to any one of TWO rds servers without any problem
    However some part is not clear to me
    I have not added rdsfarm.domain.com any where except my RD Gateway server RAP
    Also I have added my RD Broker server in RAP allowed group above.
    I don’t see any config where this farm name is associated with my RD Broker server

    I have tried to connect to RD broker server from client, but it didn’t redirect me to RD session host servers
    If I try to connect to my RDS servers with their FQDN , it gives me error that I must connect thru farm name

    Can you please help me to understand relation between RD session host servers farm and RD broker server ?
    Also I would like to know what exactly happens in background when user start RDP session by entering RDS farm name

    Thanks

    Best Regards
    Mahesh

  8. Hi Ryan,

    I have read most of your posts related to RDS configurations.

    I have configured standard RDS session based deployment recently on 2012 R2 servers
    Everything is working as expected
    The setup has TWO RD Session host, 1 Session Broker, one RD Web access and one RD Gateway
    I have created 2 DNS records named Rdsfarm.domain.com for my RDS1 and RDS2 servers and if I connect to this rdsfarm.domain.com with RDP from TS clients, i am able to connect to any one of TWO rds servers without any problem
    However some part is not clear to me
    I have not added rdsfarm.domain.com any where except my RD Gateway server RAP policy
    Also I have added my RD Broker server in RAP allowed group above.
    I don’t see any config where this farm name is associated with my RD Broker server

    I have tried to connect to RD broker server from client, but it didn’t redirect me to RD session host servers
    If I try to connect to my RDS servers with their FQDN , it gives me error that I must connect thru farm name

    Can you please help me to understand relation between RD session host servers farm and RD broker server ?
    Also I would like to know what exactly happens in background when user start RDP session by entering RDS farm name

    Thanks

    Best Regards
    Mahesh

  9. Hello Ryan!

    Thank you for this great blog!

    Please let me ask about this deployment:

    After setting DefaultTsvUrl reg setting I have got an error message:

    The remote computer rdcb3.localnet.local that you are trying to connect to is redirecting you to another remote computer named vdipool-12.localnet.local,. Remote Desktop Connection cannot verify that the computers belong to the same RD Session Host server farm. You must use the farm name, not the computer name, when you connect to an RD Session Host server farm.

    About the farm:
    -rdcb1,rdcb2, rdcb3 -> connection brokers, HA, SQL db, common name configured with Round RObin: rdcb.localnet.local, round robin A records only set up to rdcb1, rdcb2, but not set rdcb3
    – rdgw1,rdgw2 -> remote desktop gateway, remote desktop web access
    – rds1,rds2,rds3 -> remote desktop session hosts
    – rdvh1, rdvh2 -> hyper-v cluster with Virtualization Host role
    – rdls -> licensing

    RDCB1 DefaultTsvUrl : points to session host collection
    RDCB2 DefaultTsvUrl : points to session host collection
    RDCB3 DefaultTsvUrl : points to VDI pool collection (automatically managed desktops, VM-s are not assigned personally)

    I want to achive this:
    – I would like to use existing cheap thin clients without ability of using rdp file, without NLA. I would like to connect them to the VDI pool.
    – I would like to use NLA for Windows 7/8 clients. Windows 7/8 clients connects to session host pool.

    I love your post about thin client, thank you for your shares! Unfortunatly I cannot use rdp files on Share Thin Client.

    Do you have any suggestions?

    Thank you!

    Mike

  10. Hi Ryan,

    I’ve configured a HA remote desktop setup with HA connection broker and gateway etc.
    I can connect to the remote desktop session host using Windows 7 and Windows 8 but cannot connect using Windows XP. I’ve installed RDP 7.0 and CredSSP fix on the XP machines and have tried using both web access and the RDP file from web access but it asks me to enter my credentials for the connection broken HA DNS name, I enter the credentials and it does not accept them. Any thoughts on where to begin?
    I’ve tried disabling NLA and allowing access to all resources on the gateway. I will have multiple pools so redirect mode is probably not an option.

    Kind regards,
    David

      1. Indeed, everything is patched and I’ve successfully tested it since in two other similar setups but without the HA connection broker, just a single broker, and it connects as expected. It’s a workaround for now but would have been a good selling point to use old XP machines as thin clients until they are replaced with new ones.

      2. Sure did. Added the FQDN and the short name for good measure. Even made a rule to allow access to all resources for testing purposes. Works fine in Windows 7 and 8. Even tried capturing packets but nothing too helpful as everything is encrypted and the trail ends with a couple of packets going to the gateway and nothing coming back. A similar capture from Windows 8 gets a response at the same stage.

      3. Hi Ryan, I had another look at this today and got a working solution by choosing not to use the gateway in the rdp file and instead connect directly to the broker over a VPN. This allowed me to connect to the farm but gave me an error saying:

        “An authentication error has occured.
        The specified target is unknown or unreachable.”

        Google this and installed hotfix at http://support.microsoft.com/kb/953760
        This got me connected and only one password prompt now as I don’t have to authenticate at the gateway.

        I also gave the gateway another try with this and it has worked for me a few times but if I disconnect and then try reconnect it gives me the password login loop again. A reboot seems to get it going again but I haven’t tested this extensively.

        The solution isn’t ideal for remote users but nothing a remote VPN client couldn’t fix.
        Still no problems when not using a HA broker configuration except.

  11. Hi Ryan, I am setting up a new Test RDS 2012 R2 environment with 1 x Web Access, 2 x Connection Broker (HA Mode), 2 x Session Hosts with published RemoteApps. The environment a IAAS Hosted, and each VM is configured with two nics (Corp LAN, Cloud Service Provider) on separate subnets. I’m facing problems with the Connection Brokers redirecting to the Cloud Service Provider nic IP Address. Consequently, the connections to the Session Hosts are failing.

    I’ve looked at the PowerShell cmdlets on http://technet.microsoft.com/en-us/library/jj215451.aspx and don’t see anything which I could use to force the Connection Brokers to use the Corporate LAN IP’s.

    Any suggestions would be gratefully received.

  12. Silly question: The publicly available address to the session broker server can be remoted into directly from the outside. i.e. mstsc /v:fake.domain.com – How do I restrict direct access to the session broker through external RDP without breaking it’s functionality? Currently we use it to serve third-party companies remoteapps on our servers and want them to use the RemoteApp only. Unfortunately, a rather curious person (who has remoteapp rights) can also rdp directly to the web address that points to our SB.

    Thanks!

  13. Brilliant!

    I have been trying for weeks messing around with policies and scripts to get RDS to work with our HP thin clients using RDWeb but couldn’t find a way of logging off the device when a user had disconnected their session.
    This is just what i need as i can now use the RDP connection and configure this to do what i need.

    Cheers Ryan.. Great work!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s