Configure RDSH Farm using a KEMP LoadMaster


Point to note:

When installed RDS 2012 using the Default Method, the RDWEB and Connection Broker will be installed. When creating RDSH farms, it is important to configure the Connection Broker to ensure that it does not conflict with the client or load balancer.

You will need to configure the following policy: ‘Use IP Address Redirectionmust be disabled for all RDS in the farm. This policy can be accessed here: Computer Configuration | Administrative Templates | Windows Components | Remote Desktop Services |Remote Desktop Session Host | RD Connection Broker | Use IP Address Redirection

This should be configured either locally per server or by configuring a Group Policy Object and applying this to all servers in the farm.

If you have RDSH and RDWA roles configured on your servers you will need to use sub virtual services (SUBVS) for each service you want to configure.

Configure DNS For the RDSH Farm


Create a A Record for the RDSH FARM, this will be the Virtual IP (VIP) created as a virtual service on the Load Balancer.

Configuring the Kemp Load Balancer

Under the Virtual Services Tab Select Add New.

Enter the IP address for you RDSH Farm, enter the port 3389 for RDP. Enter the Service name to define this service. Select the protocol TCP.



Persistence Options:

Mode: Terminal Service or Source IP

Timeout: 6 Minutes

Scheduling Method: weighted Least Connection

Add the Session servers to the section Real Servers.

Once complete you will see RDSH Farm service under Virtual Services > View/Modify Services.


9 thoughts on “Configure RDSH Farm using a KEMP LoadMaster

Add yours

  1. Question on this setup, how do you install a certificate on the RDSH servers when using the Kemp? If you are using the farm name you will get a certificate error? This is normally done through RDCB, but we are not using that portion. In earlier versions (2008R2) you could do this through session host configuration (which is gone in 2012). I would like to only use RDSH and the Kemps. I have a signed certificate from a trusted CA. I tried putting the certificate on the RDSH using the certificates snap-in, putting it in the personal store and RDP store. Still getting the self signed certificate on the RDSH.

    1. Cool, thanks, that did the trick. I figured it out based on the other article. You might want to add that information into this article.

      1. Josh, I would also recommend using the kemp adaptive agent if you are not using the default rds topology. This will enable you to balance workload properly. Cheers

  2. Hi,
    Why would i need a load balancer to manage rds 2012 sessionhost farm. that is implicitly taken care by the connection broker. am i right ?

    1. DNS round robin is used by default to load balance a session farm. There are a number of factors why it’s better to use windows Nlb or a third party product.

  3. Hello Ryan,

    When You stated:
    “If you have RDSH and RDWA roles configured on your servers you will need to use sub virtual services (SUBVS) for each service you want to configure.”
    Did you mean, if the roles are installed on the same server, or do you need the SUBVs regardless of the roles on individual servers. I have the below farm

    RDS1 – Broker/web
    RDS2 – Broker/web
    RDS3 – Host
    RDS4 – Host
    RDS5 – Host
    RDS6 – Host

    Thank You in advance.

    1. You can use sub virtual services , if you are using web and gateway together, you can use a normal https vs just ensure that persistance is configured for the gateway role. Subvs’s can benifit a solution by saving on the number of ips used but compexity comes at a cost .

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

Up ↑

%d bloggers like this: