Load Balance RDS 2012 R2 – RD Gateway and RDWEB Roles configured on the same Server


This post will show you how to configure both RDWEB and Gateway roles on a KEMP Load Master.

Some important info before we start, Before Server 2012, the RD Gateway used a single HTTP Channel. Post Server 2012, the RD Gateway uses two channels (one for Input & one for Output). This means that these channels need to be routed through the same RD Gateway Server. You will need to use a Load balancing mechanism that supports IP affinity, Cookie-based affinity, or SSL ID-based affinity. RD Gateway now uses a new method based on two HTTP channels

For this reason, we need to use a gateway configuration for both RDWeb and the Gateway services as they will be configured on the same virtual service. RDWeb is not affected by this configuration.

Logical Diagram:

RDS Gateway and WEB

This Diagram shows you the two types of traffic which will be load balanced through the load master. The Gateway creates a SSL Tunnel and the RDWEB Site allows users to login to a load a RDP session from the web interface.

Getting Started:

This will be a single Virtual Service that will provide load balanced connections to both RDWEB and the RD Connection Broker Roles.

Create a Virtual Service:

web and Gateway1enter the TCP Port number “443”

web and Gateway2

Ensure that Transparency is un-ticked, set the Persistence to “Source IP Address” and use the default timeout of “6 Minutes”. Set the scheduling method to “Least connection” and ensure that the idle connection time out is set to “blank”.

web and Gateway3

Enable SSL Acceleration

web and Gateway4

Import a new Certificate for RDWEB and the Gateway Roles – as they are on the same servers we can use the same certificate…. that’s if you don’t have a wild card.

web and Gateway5

Assign the Certificate to the RDS Web and Gateway Virtual Service, then go back to the virtual service.

web and Gateway6

Ensure that the re encrypt box is ticked and the certificate is assigned to the virtual service.

web and Gateway7

The final Part is to configure the real servers….

ensure that the health check protocol is set to “HTTPS” and the port is set to “443”

Add the RDweb url “\RDWEB” and ensure that you click “set URL”

then add the real servers ensuring that the port “TCP 443” is set.

web and Gateway8

There you have it RDWEB and Gateway Services load balanced.

4 thoughts on “Load Balance RDS 2012 R2 – RD Gateway and RDWEB Roles configured on the same Server

  1. Is setting the health check to look for the /RDWeb directory really sufficient? If the RD Gateway stops functioning (service crashes or is hung), traffic would still be directed to the real server based on IIS and RDWeb still functioning. Wouldn’t you need another health check to monitor if the gateway itself is functioning?

    1. It is possible, both RDWEB and RDGateway use IIS so you would expect both services to fail but it could be possible for one to fail and the other to carry on working. You can use sub virtual services and content rules, you would need to enable content switching and assign the rule to each service. This would allow you to use two health checks.

  2. Hi Ryan. We are currently trialing this for production in a small data centre. However although we can get Kemp to load balance quite easily if i stop the RDS gateway services the Kemp does not report any failure and continues to forward the traffic over.
    If RDweb and gateway are on the same server how do we differentiate the services on the same port. We’ve tried multiple configuration including SUBVS but nothing appears to be working correctly.

    1. Hi Dan, the health check occurs every 9 seconds so their will be a delay. If you have both services RDWEB and GW on the same server then i would recommend looking at the health check on the gateway role rather than web. You should not have any issues when using SubVS’s. drop me a message under the about > contact me page. Im sure one of our Kemp engineers can help.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s