Point to note:
When installed RDS 2012 using the Default Method, the RDWEB and Connection Broker will be installed. When creating RDSH farms, it is important to configure the Connection Broker to ensure that it does not conflict with the client or load balancer.
You will need to configure the following policy: ‘Use IP Address Redirection‘ must be disabled for all RDS in the farm. This policy can be accessed here: Computer Configuration | Administrative Templates | Windows Components | Remote Desktop Services |Remote Desktop Session Host | RD Connection Broker | Use IP Address Redirection
This should be configured either locally per server or by configuring a Group Policy Object and applying this to all servers in the farm.
If you have RDSH and RDWA roles configured on your servers you will need to use sub virtual services (SUBVS) for each service you want to configure.
Configure DNS For the RDSH Farm
Create a A Record for the RDSH FARM, this will be the Virtual IP (VIP) created as a virtual service on the Load Balancer.
Configuring the Kemp Load Balancer
Under the Virtual Services Tab Select Add New.
Enter the IP address for you RDSH Farm, enter the port 3389 for RDP. Enter the Service name to define this service. Select the protocol TCP.
Mode: Terminal Service or Source IP
Timeout: 6 Minutes
Scheduling Method: weighted Least Connection
Add the Session servers to the section Real Servers.
Once complete you will see RDSH Farm service under Virtual Services > View/Modify Services.
Question on this setup, how do you install a certificate on the RDSH servers when using the Kemp? If you are using the farm name you will get a certificate error? This is normally done through RDCB, but we are not using that portion. In earlier versions (2008R2) you could do this through session host configuration (which is gone in 2012). I would like to only use RDSH and the Kemps. I have a signed certificate from a trusted CA. I tried putting the certificate on the RDSH using the certificates snap-in, putting it in the personal store and RDP store. Still getting the self signed certificate on the RDSH.
Have a look at my article on Sso and certificates. There is a section on rdsh hosts.
Cool, thanks, that did the trick. I figured it out based on the other article. You might want to add that information into this article.
To be honest , the certificates should be configured before load balancing . Cheers
Josh, I would also recommend using the kemp adaptive agent if you are not using the default rds topology. This will enable you to balance workload properly. Cheers
Why would i need a load balancer to manage rds 2012 sessionhost farm. that is implicitly taken care by the connection broker. am i right ?
DNS round robin is used by default to load balance a session farm. There are a number of factors why it’s better to use windows Nlb or a third party product.
When You stated:
“If you have RDSH and RDWA roles configured on your servers you will need to use sub virtual services (SUBVS) for each service you want to configure.”
Did you mean, if the roles are installed on the same server, or do you need the SUBVs regardless of the roles on individual servers. I have the below farm
RDS1 – Broker/web
RDS2 – Broker/web
RDS3 – Host
RDS4 – Host
RDS5 – Host
RDS6 – Host
Thank You in advance.
You can use sub virtual services , if you are using web and gateway together, you can use a normal https vs just ensure that persistance is configured for the gateway role. Subvs’s can benifit a solution by saving on the number of ips used but compexity comes at a cost .