none
Relation between RD Connection broker and RD session host farm in 2012 R2

    Question

  • Good Day

    I have configured standard RDS session based deployment recently on 2012 R2 servers
    Everything is working as expected
    The setup has TWO RD Session host, 1 Session Broker, one RD Web access and one RD Gateway
    I have created 2 DNS records named Rdsfarm.domain.com for my RDS1 and RDS2 session host servers and if I connect to this rdsfarm.domain.com with RDP from TS clients, i am able to connect to any one of TWO rds servers without any problem
    However some part is not clear to me
    I have not added rdsfarm.domain.com any where except my RD Gateway server RAP policy
    Also I have added my RD Broker server in RAP allowed group above.
    I don't see any config where this farm name is associated with my RD Broker server

    I have tried to connect to RD broker server from client, but it didn't redirect me to RD session host servers
    If I try to connect to my RDS servers with their FQDN , it gives me error that I must connect thru farm name

    Can you please help me to understand relation between RD session host servers farm and RD broker server ?
    Also I would like to know what exactly happens in background when user start RDP session by entering RDS farm name

    Note that RDS farm name is generic DNS Host(A) record pointing to my both RD session host servers

    I wanted to know is there any command or configuration I missed out as I don't see any config where Generic RD Session Host Farm name (DNS Host(A) record) is associated with my RD Broker server ?

    Thanks

    Best Regards
    Mahesh

    • Edited by Mahesh_TS Saturday, July 5, 2014 6:25 PM
    Saturday, July 5, 2014 6:18 PM

Answers

  • Hi,

    If you are opening Remote Desktop Connection and manually connecting to the broker then it will not work properly because you have no way of specifying the target collection in the user interface.  If manually using the RD Client to connect is a requirement what you can do is set the default collection in the RD Connection Broker server's registry.

    To specify the default collection, please create the registry setting below in the broker's registry:

    HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings

    DefaultTsvUrl     REG_SZ     tsv://vmresource.1.<VDI pool ID>

    To determine the correct value for DefaultTsvUrl please open RDWeb in a non-IE web browser and click on the icon for the collection you would like to be the default, then edit the downloaded rdp file with Notepad and copy the portion of the loadbalanceinfo setting that is similar to the above.

    An alternative would be to download the .rdp file from RD Web Access and double-click it to connect.

    As I mentioned above it is generally intended to have users connect via RD Web Access or RemoteApp and Desktop Connections feed or Remote Resources (uses the feed) so that the client will obtain the proper .rdp file from the server.

    To configure the FQDN that is published in the .rdp files you can use the cmdlet below:

    Change published FQDN for Server 2012 or 2012 R2 RDS Deployment

    http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80

    Below is a sample configuration based on what you have written:

    1. Published FQDN (using cmdlet above):  rdsfarm.domain.com  --> points to ip address of RDCB server.  When launching a RemoteApp or Full Desktop connection from RD Web Access, the prompt window will show this FQDN next to Remote computer.

    2. Gateway FQDN:  gateway.domain.com --> externally points to public ip address of your RD Gateway server.  TCP port 443 and UDP port 3391 need to be forwarded to the RDG's internal ip address.  When launching a RemoteApp or Full Desktop connection from RD Web Access, the prompt window will show this FQDN next to Gateway server.  This FQDN is set in Server Manager -- RDS -- Overview -- Deployment Properties -- RD Gateway tab.

    In RD Gateway Manager -- Properties of RD RAP -- Network Resources tab you should select Allow user to connect to any network resource or define a RD Gateway-managed group that has all of the FQDNs that the user will need to connect to.

    3. RD Web Access FQDN:  remote.domain.com --> internally points to the ip address of your RDWeb server, externally points to the public ip address of your RDWeb server.  This is the name you give users if they want to use RD Web, for example, https://remote.domain.com/rdweb

    If you want users to manually connect using Remote Desktop Client as well as use RDWeb it will be a bit confusing to them since they will need to use one FQDN when manually using the client and a different FQDN when using RDWeb.  You could fix this by having them only use one method or run RDWeb directly on the RDCB server, that way users would only need to know a single FQDN for both RDWeb and manual connections.

    4. You should have a wildcard certificate with subject of *.domain.com set for all RDS purposes in Deployment Properties.

    Thanks.

    -TP

    Wednesday, July 9, 2014 2:01 AM
    Moderator
  • Hi Mahesh,

    In Server 2012/2012 R2 you would normally have the users make their initial connection to the broker and then be redirected to one of the RDSH servers.  For example, if you want end users to connect to rdsfarm.domain.com then you would have a DNS entry pointing to the ip address of the broker.

    When connecting to the broker it is intended that the target collection be sent from the client to the broker so that the broker knows which collection to route the user to.  If the user uses RD Web Access or RemoteApp and Desktop Connections or Remote Resources to connect and/or launch RemoteApps then this will happen automatically via the loadbalanceinfo setting in the .rdp file.

    For cases where the user manually uses the Remote Desktop Client to connect to the broker you can specify the default collection in the broker's registry.  There can only be one default collection.

    -TP

    Tuesday, July 8, 2014 8:08 PM
    Moderator
  • Hi,

    If the configuration you have now meets your needs then keep it.  If you add another collection in the future you will need to follow the same pattern (create a separate FQDN) in order for it to work.  Additionally keep in mind that some changes that you make to the RDS deployment that affect the .rdp files will only apply to users that connect via RDWeb or RemoteApp and Desktop Connections.

    -TP

    • Marked as answer by Mahesh_TS Tuesday, July 15, 2014 8:14 PM
    Monday, July 14, 2014 6:12 PM
    Moderator

All replies

  • Hi Mahesh,

    Thank you for posting in Windows Server Forum.

    Do you have certificate name matching the server name? Also the certificate must be signed by trusted root authority. Please check below article for information.
    1. Step by Step Windows 2012 R2 Remote Desktop Services – Part 2 \ Part 3
    2. Deploying a 2012 / 2012R2 Remote Desktop Services (RDS) farm

    Hope it helps!

    Thanks.

    Dharmesh Solanki

    Monday, July 7, 2014 6:10 AM
    Moderator
  • Hi Dharmesh,

    I have already gone through all posts above

    I am using wildcard certificate from public CA because my external and internal name space is same.

    Also I have already configured RD Session Host farm with generic name in DNS

    (For Ex: RDSFarm.domain.com)

    But none of above posts mentioned where I need to configure above farm name with session\connection broker server?

    How come RDS farm knows that this is connection broker server and how connection broker server know that this generic RDS farm name belongs to RD session hosts ?

    There must be some configuration, if anybody can help me to find out this configuration please?


    Thanks

    Best Regards

    Mahesh



    • Edited by Mahesh_TS Monday, July 7, 2014 6:37 AM
    Monday, July 7, 2014 6:35 AM
  • Is there any body can please help?

    Thanks Best Regards Mahesh

    Tuesday, July 8, 2014 7:21 PM
  • Hi Mahesh,

    In Server 2012/2012 R2 you would normally have the users make their initial connection to the broker and then be redirected to one of the RDSH servers.  For example, if you want end users to connect to rdsfarm.domain.com then you would have a DNS entry pointing to the ip address of the broker.

    When connecting to the broker it is intended that the target collection be sent from the client to the broker so that the broker knows which collection to route the user to.  If the user uses RD Web Access or RemoteApp and Desktop Connections or Remote Resources to connect and/or launch RemoteApps then this will happen automatically via the loadbalanceinfo setting in the .rdp file.

    For cases where the user manually uses the Remote Desktop Client to connect to the broker you can specify the default collection in the broker's registry.  There can only be one default collection.

    -TP

    Tuesday, July 8, 2014 8:08 PM
    Moderator
  • Thanks for reply

    If I point my Rdsfarm.domain.com to Broker server, it is not able to redirect client connection to any RD Session host

    However, if I point Rdsfarm.domain.com to IP addresses of RD session Host servers (RDS1 and RDS2 for Example), I am able to connect to RDS1 or RDS 2

    I don't see any config which binds Rdsfarm.domain.com to Broker server..

    Am I missing something ?


    Thanks Best Regards Mahesh


    • Edited by Mahesh_TS Tuesday, July 8, 2014 8:52 PM
    Tuesday, July 8, 2014 8:51 PM
  • Hi,

    If you are opening Remote Desktop Connection and manually connecting to the broker then it will not work properly because you have no way of specifying the target collection in the user interface.  If manually using the RD Client to connect is a requirement what you can do is set the default collection in the RD Connection Broker server's registry.

    To specify the default collection, please create the registry setting below in the broker's registry:

    HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings

    DefaultTsvUrl     REG_SZ     tsv://vmresource.1.<VDI pool ID>

    To determine the correct value for DefaultTsvUrl please open RDWeb in a non-IE web browser and click on the icon for the collection you would like to be the default, then edit the downloaded rdp file with Notepad and copy the portion of the loadbalanceinfo setting that is similar to the above.

    An alternative would be to download the .rdp file from RD Web Access and double-click it to connect.

    As I mentioned above it is generally intended to have users connect via RD Web Access or RemoteApp and Desktop Connections feed or Remote Resources (uses the feed) so that the client will obtain the proper .rdp file from the server.

    To configure the FQDN that is published in the .rdp files you can use the cmdlet below:

    Change published FQDN for Server 2012 or 2012 R2 RDS Deployment

    http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80

    Below is a sample configuration based on what you have written:

    1. Published FQDN (using cmdlet above):  rdsfarm.domain.com  --> points to ip address of RDCB server.  When launching a RemoteApp or Full Desktop connection from RD Web Access, the prompt window will show this FQDN next to Remote computer.

    2. Gateway FQDN:  gateway.domain.com --> externally points to public ip address of your RD Gateway server.  TCP port 443 and UDP port 3391 need to be forwarded to the RDG's internal ip address.  When launching a RemoteApp or Full Desktop connection from RD Web Access, the prompt window will show this FQDN next to Gateway server.  This FQDN is set in Server Manager -- RDS -- Overview -- Deployment Properties -- RD Gateway tab.

    In RD Gateway Manager -- Properties of RD RAP -- Network Resources tab you should select Allow user to connect to any network resource or define a RD Gateway-managed group that has all of the FQDNs that the user will need to connect to.

    3. RD Web Access FQDN:  remote.domain.com --> internally points to the ip address of your RDWeb server, externally points to the public ip address of your RDWeb server.  This is the name you give users if they want to use RD Web, for example, https://remote.domain.com/rdweb

    If you want users to manually connect using Remote Desktop Client as well as use RDWeb it will be a bit confusing to them since they will need to use one FQDN when manually using the client and a different FQDN when using RDWeb.  You could fix this by having them only use one method or run RDWeb directly on the RDCB server, that way users would only need to know a single FQDN for both RDWeb and manual connections.

    4. You should have a wildcard certificate with subject of *.domain.com set for all RDS purposes in Deployment Properties.

    Thanks.

    -TP

    Wednesday, July 9, 2014 2:01 AM
    Moderator
  • Thanks for great response

    You have explained exactly the way I looking for. Many thanks.

    I will try adding registry key on RD Broker server

    It seems that while accessing applications through RDWebAccess server \ remote App or through .RDP file from feed, it s always connecting to Broker server 1st which in turn redirects it to appropriate RD session host \ RD virtualization host.

    However, currently I am able to connect to RD session host servers by entering Rdsfarm.domain.com in standard mstsc connection on client computers. Also even if I disconnect the sessions from client machines, am able to reconnect to same session due to Session broker.

    Rdsfarm.domain.com is currently pointing to IP addresses of RDS1 and RDS 2 (RD Session Hosts). it seems that still RDP session requests are going to session broker server 1st and then redirected back to appropriate RD Session Host servers just like previous version of RDS

    The steps 2 to 4 is already been taken care as I have same name space internally and externally with wild card certificate.

    If I keep this setup as it is without making changes as mentioned in step 1, will it create any problem? Because currently i am not facing any issues no matter how I connect to RDS servers, either through standard mstsc with Rdsfarm.domain.com \ OR Remote apps from RD Web Access Server.


    Thanks

    Best Regards

    Mahesh

    • Edited by Mahesh_TS Wednesday, July 9, 2014 8:31 PM
    Wednesday, July 9, 2014 8:24 PM
  • Any inputs please on my last comment ?


    Thanks Best Regards Mahesh

    Monday, July 14, 2014 4:07 PM
  • Hi,

    If the configuration you have now meets your needs then keep it.  If you add another collection in the future you will need to follow the same pattern (create a separate FQDN) in order for it to work.  Additionally keep in mind that some changes that you make to the RDS deployment that affect the .rdp files will only apply to users that connect via RDWeb or RemoteApp and Desktop Connections.

    -TP

    • Marked as answer by Mahesh_TS Tuesday, July 15, 2014 8:14 PM
    Monday, July 14, 2014 6:12 PM
    Moderator
  • Many Thanks for all your help and prompt reply


    Thanks Best Regards Mahesh

    Tuesday, July 15, 2014 8:22 PM