locked
Terminal Services + Session Broker + TS Web Access RRS feed

  • Question

  • Hi every one, I have four servers that are distributed like this, one server over a dmz for TS Gateway and TS Web Access, two terminal servers over the lan and one more for TS Session Broker and TS Licensing Server. All of them are in W2K8.

    Well this configuration is also with NLB over the two terminal servers. Everything is working really fine except for the load balancing for the users that i need to configure by web access, because in the TS Web Access Server i just can pick one server to launch the applications (cant pick or choose the virtual server name i have for the virtul NLB ip, neither ips).

    I mean if my clients connect trough the  lan using rdp , they are being balanced by the NLB and TS Session Broker, but when they connect by using internet they are always using the same server and they are not being balanced.

    Ive been reading and i havent found much information about if there is a way to configure this to balance the internet users through TS Web Access. Is this possible?
    Tuesday, March 3, 2009 7:05 AM

Answers

  • Hi, Bob,

    Regarding this statement: "NLB is necesary cause Session Broker only makes users to connect to old opened sessions but it doesnt load balanced the sessions, so NLB is needed." This is only true for WS03 terminal servers; WS08 terminal servers participate in load balancing from the TS Session Broker. A TSSB can reconnect users to disconnected sessions on WS03 terminal servers but they do not participate in load balancing. Check out page 316-318 of the W2K8 TS Resource Kit for more details about how the SB brokers session connections.

    Now, SB still needs a load balancing mechanism (either Round Robin, NLB or some other load balancing device) to make the initial connection to a terminal server.  This terminal server sends the connection to Session Broker, which will then make the ultimate choice of which terminal server should ultimately get the connection (load balanced based on number of connections the terminal servers in the farm have).

    As far as connections that were housed on a server that goes down, Session Broker has a database that contains connection information. So it will try to reconnect the user to their previous session. If TSSB is attempting to send connections to a terminal server and it's not responding, it will keep track of the attempts.  After about 2-3 minutes it will determine that the terminal server that is down is not responding and it will create a new connection on another farm member. The old session will be gone and a new session will be established. Sessions from a downed server don't migrate to another server. Page 321 of the W2K8 TS Resource Kit explains how this timeout process works and how you can quickly remove a TS from the database if you know it's offline.


    Hope this helps,

    Kristin L. Griffin

    Co-Author of the Windows Server 2008 Terminal Services Resource Kit (and a SUPER BIG fan of the Microsoft RDV Team!!!)
    Monday, August 3, 2009 7:50 PM
  • Bob_P,

    As far as know TS Web in Win2k8 should not point to the farm but to an individual ts.  In R2 its possible to point to a farm...

    Try to use NLB as your initial connection to SB instead of Round Robin DNS. With Round Robin, if you take a server down, round robin does not account for this.  You would have to remove the DNS entry for every server that dies.  RR is not that smart. Make sense?

    If you need more help. contact me at kristin.l.griffin@gmail.com and we can set up a time for me to remote in.


    Hope this helps,

    Kristin L. Griffin

    Co-Author of the Windows Server 2008 Terminal Services Resource Kit (and a SUPER BIG fan of the Microsoft RDV Team!!!) 
    Tuesday, August 4, 2009 6:18 PM

All replies

  • Pedro,

    I can take a look at your setup if you wish and try to help you here. Email me at kristin.l.griffin@gmail.com if you would like me to take a look.

    Best,

    Kristin L. Griffin
    Wednesday, March 4, 2009 4:13 PM
  • Hi Pedro,
    we ran exactly into the same issue, from the TS Gateway i am not able to let users connect to the virtual TS NLB name. did you solve this issue?

    Kind regards,
    Haroun Debbabi.
    Hosted OCS
    Monday, March 30, 2009 9:22 AM
  • What error do you get when you connect to the TS Farm through a TS Gateway? Thanks Vikash
    Monday, March 30, 2009 10:46 AM
  • Thanks Kristin, in fact as needed to run into production as fast as possible, i just leave it for internal users and without broker , just two different ts servers. Ill try to setup it in two weeks again. Could i ask your help that time?
    Tuesday, March 31, 2009 4:46 PM
  • Pedro, I will be happy to help.  Please email me outside this forum to setup a date and time to connect. (kristin.l.griffin@gmail.com). Once we get you fixed up, I will post the solution to this thread.

    Best,

    Kristin
    Tuesday, March 31, 2009 6:47 PM
  • Same problem here.  Did anyone come up with a solution?

    Thanks
    Bob
    Thursday, July 30, 2009 2:27 PM
  • Hello,

    First of all I don't think you need to create a NLB for the terminal servers. The session broker is your NLB. Next to that you need to configure you TS WebAccess to look at the created farm..... Then it'll work.

    Robert
    Thursday, July 30, 2009 2:37 PM
  • Hi,

    You have to specify the dns name which points to the Virtual IP of NLB farm in TS Web Access settings.

    Regarding load balancing -

    what is the affinity setting in NLB farm.  If the IP affinity settings is single and if you have the gateway server in the middle then all the connections will go to same terminal server ( by definition of IP affinity ). So if gateway is in middle please set IP affinity for TS NLB farm o to None. 


    Thanks.


    Regards, Rajesh.
    Thursday, July 30, 2009 4:02 PM
  • If you have a TS Gateway server in the middle, then this blog post is worth reading http://blogs.msdn.com/rds/archive/2009/03/24/improving-ts-gateway-availability-using-nlb.aspx

    Thanks
    Vikash
    Thursday, July 30, 2009 4:07 PM
  • Hi hdebbabi,

    First, Robert is right - if a user clicks on a TS Web Access application then the load balancing is going to happen via Session broker. 

    But, TS Web access should not point to the farm name.  It should point to one terminal server.  The terminal server set in TS Web merely acts as the "master" for telling TS Web what applications are available (and it could be either server as they should be identically configured). When the connection actually goes through, it will be to the farm name, and therefore load balanced by Session Broker, because the RemoteApps that TS Web serves up are configured in RemoteApp Manager to look at the farm. Make sense?

    Pedro's problem is most likely that users were coming in through TS Gateway and they were on the outside of the firewall so when the firewall passes connections to TS Gateway, the IP addresses all appear to be the same.  And he was using IP Affinity in NLB. 

    In order to get around this, try turning off affinity, and see if that helps. 
    Hope this helps,

    Kristin L. Griffin

    Co-Author of the Windows Server 2008 Terminal Services Resource Kit (and a SUPER BIG fan of the Microsoft RDV Team!!!) 
    Thursday, July 30, 2009 4:33 PM
  • Hope this helps. Ive been trying for long time with a friend to solution this troubles and i got this information:

    First of all it was very necessary to apply service pack 2 to all the windows 2008 to make this work (some issues with previous versions), second is that NLB is necesary cause Session Broker only makes users to connect to old opened sessions but it doesnt load balanced the sessions, so NLB is needed.

    When i applied the sp2 the farm name could be pointed into the TS Web Access but some times it loads balanced and sometimes it does not, im checking this.

    Also i got troubles to make my internet users to connect to the Farm through the gateway and firewall, i have check the configuration and my clients connects to the TS web Access and everything, also they get the main windown with the applicattions, but, when they want to use the applicantions they can not. It just says time expired. Internally in my lan it works fine even using a autogenerate certificate from TS Gateway.

    Told you more if get the final solution.

    Thursday, July 30, 2009 5:33 PM
  • Unfortunately that is incorrect Pedro.  Session broker does the load balancing of sessions now.  what you are referring to was absolutely true in win2k3 but in win2k8 it has changed.
    Thursday, July 30, 2009 5:44 PM
  • As I understand it the Session Broker reconnects users to existing connections and load balances between servers in the farm but I didnt think it would detect a failed server.  For example if the farm has two TS (server1 and server2) and server1 goes down does the session broker detect this and rout all new connections to server2?  My thought was to use NLB to handle the fault detection and Session Broker to handle the load balancing/session reconnect.

    Thanks
    Bob

    Monday, August 3, 2009 1:42 PM
  • Hi, Bob,

    Regarding this statement: "NLB is necesary cause Session Broker only makes users to connect to old opened sessions but it doesnt load balanced the sessions, so NLB is needed." This is only true for WS03 terminal servers; WS08 terminal servers participate in load balancing from the TS Session Broker. A TSSB can reconnect users to disconnected sessions on WS03 terminal servers but they do not participate in load balancing. Check out page 316-318 of the W2K8 TS Resource Kit for more details about how the SB brokers session connections.

    Now, SB still needs a load balancing mechanism (either Round Robin, NLB or some other load balancing device) to make the initial connection to a terminal server.  This terminal server sends the connection to Session Broker, which will then make the ultimate choice of which terminal server should ultimately get the connection (load balanced based on number of connections the terminal servers in the farm have).

    As far as connections that were housed on a server that goes down, Session Broker has a database that contains connection information. So it will try to reconnect the user to their previous session. If TSSB is attempting to send connections to a terminal server and it's not responding, it will keep track of the attempts.  After about 2-3 minutes it will determine that the terminal server that is down is not responding and it will create a new connection on another farm member. The old session will be gone and a new session will be established. Sessions from a downed server don't migrate to another server. Page 321 of the W2K8 TS Resource Kit explains how this timeout process works and how you can quickly remove a TS from the database if you know it's offline.


    Hope this helps,

    Kristin L. Griffin

    Co-Author of the Windows Server 2008 Terminal Services Resource Kit (and a SUPER BIG fan of the Microsoft RDV Team!!!)
    Monday, August 3, 2009 7:50 PM
  • Great.  Thanks for the info Kristin, I really appreciate it!
    Tuesday, August 4, 2009 1:02 PM
  • Hi Kristin,

    Still having a problem with TSSB.  Here is what I have:

    TS1    Terminal Server
    TS2    Terminal Server
    TSG    Gateway/SB
    TSFARM   Terminal Server Farm

    I have the TSWEB Access on the TSG server configured to point to TSFARM.  In DNS I have two A records for TSFARM with TS1 and TS2 ip addresses.  Session Directory Group on TSG has both TS1 and TS2 in it.  I'm also coming through a front end ISA server but I dont think that is affecting this.  The problem is if I take TS1 or TS2 offline when I try to launch one of the apps it comes back saying it cant connect to the remote computer.  Is there something else I'm missing.   

    ps. I just ordered Windows Server 2008 Terminal Services Resource Kit so once it comes in hopefully it will also help in getting everyting working properly.

    Tuesday, August 4, 2009 6:09 PM
  • Bob_P,

    As far as know TS Web in Win2k8 should not point to the farm but to an individual ts.  In R2 its possible to point to a farm...

    Try to use NLB as your initial connection to SB instead of Round Robin DNS. With Round Robin, if you take a server down, round robin does not account for this.  You would have to remove the DNS entry for every server that dies.  RR is not that smart. Make sense?

    If you need more help. contact me at kristin.l.griffin@gmail.com and we can set up a time for me to remote in.


    Hope this helps,

    Kristin L. Griffin

    Co-Author of the Windows Server 2008 Terminal Services Resource Kit (and a SUPER BIG fan of the Microsoft RDV Team!!!) 
    Tuesday, August 4, 2009 6:18 PM
  • With a patch, you can point the Web Access server to a DNS farm name.  Can you please explain what you mean?

    Thanks,

    Mike
    Thursday, October 8, 2009 10:14 PM
  • Mniccum, the patch is windows 2008 SP2, also if you use W2k8 R2 you wont need to apply the patch since it comes with the OS.
    Tuesday, October 13, 2009 3:23 PM
  • Actually I was referring to the following hotfix in case your environment hasn't moved to Windows 2008 SP2 or Windows 2008 R2.

    "The query fails when you enter the terminal server farm name in the TS Web Access Administration window to query remote program information in Windows Server 2008"

    http://support.microsoft.com/kb/957081


    Thanks,

    Mike
    Saturday, October 17, 2009 2:25 PM