Load Balance an RDS 2012 RDWA Farm Using a KEMP LoadMaster

This Article shows you how to Load Balance RDS 2012 Remote Desktop Web Access services (RDWA) using KEMP’s LoadMaster.

I am using one Kemp VLM 100 in this example.

Configure DNS

Create an A record for the NLB Web Address.


Creating a Virtual service for RDWeb


Select the TCP Port 443

Standard Options:

Persistence options1

Give the service a Name and under scheduling method, select Weighted Least connection.

What is Weighted Least Connection:

“If the servers have different resource capacities the “weighted least connection” method is more
applicable: The number of active connections combined with the various weights defined by the
administrator generally provides a very balanced utilization of the servers, as it employs the advantages
of both worlds.
This is, in general, a very fair distribution method, as it uses the ratio of the number of connections and
the weight of a server. The server in the cluster with the lowest ratio automatically receives the next

persistence Options: Supper HTTP and Source IP

Timeout: 1 Hour

What is Supper HTTP Persistence:

Super HTTP is the recommended method for achieving persistence for HTTP and HTTPS services
. It  creates a unique fingerprint of the client browser and uses
that fingerprint to preserve connectivity to the correct Real Server. The fingerprint is based on
the combined values of the User-Agent field and, if present, the Authorization header.
Connections with the same header combination will be sent back to the same Real Server.”

What is Source IP Persistence:

“Source IP Address persistence uses the source IP address of the incoming request to
differentiate between users. This is the simplest method of persistence, and works for all TCP
protocols, including those that aren’t HTTP related.
Source IP Address persistence is the only persistence option that can be used in conjunction with
Content Switching or Direct Server Return deployments.”

SSL Properties 

Import your RDS Cert (SAN Certificate).


With SSL acceleration, the SSL session is terminated at the LoadMaster.

Why use re-encryption :

  • High security environments Re-encryption means that data is never sent in cleartext.
  • Regulatory requirements HIPAA and financial regulations may require encryption at all times
  • Unsupported Application, Certain applications either require changes or may not support SSL acceleration. Re-encryption avoids changes needed on the application server

Ensure SSL Acceleration and Reencrypt is selected and add the RDWEB SSL Certificate.

ReWrite Rules: None when using the Redirector Feature

Client Certificates: No Client Certificates required

Advanced Properties

Use the default unless using the Port 80 redirector feature.

For more information on the Port 80 Redirector feature:


Real Servers

Real Server checking

Select the HTTPS Protocol from the dropdown.

Real Server Check Parameters URL: /rdweb

Add the RDWA servers.

Real Servers2

Real Servers

There you have it RDS 2012 RDWA Load Balanced using KEMP.


For more information on Kemp load Balancers Please see the link: http://www.kemptechnologies.com/uk or click here to get a quote.

2 thoughts on “Load Balance an RDS 2012 RDWA Farm Using a KEMP LoadMaster

Add yours

  1. Thanks for this article, it helped me with my setup, but I found a couple errors or things you should include in this article that tripped me up for a couple days. First, you must turn on persistence if you have multiple rdweb servers, otherwise connections will continue to get re-balanced and weird things happen, like missing icons and asp errors. Second, if you use the adaptive method, you have to install a client script on each server in order for the loadmaster query the servers and properly know what the load is on each server so it can determine where to send each connection. Round robin works for lightly loaded servers, but it’s possible to get out of balance. Finally SSL certs can be a killer, I downloaded a free cert from https://www.startssl.com to get me started with my pilot and installed it on the loadmaster as your article suggests, once I’m confident in my setup I’ll get a paid cert.

    1. Thanks for the update Brian,

      Best Practice configuration settings are also on the Kemp website . I would use a internal root CA if you have one for testing to save time. I would recommend using least weighted connections rather than round robin for performance reasons, Kemp also recommend this.

      Best Regards,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: