Forum Discussion

Jlee_106250's avatar
Jlee_106250
Icon for Nimbostratus rankNimbostratus
Jun 17, 2014

Configuring Remote Desktop Services 2012 R2 according to the F5 deployment guide

We are using Remote Desktop Services on Server 2012 R2, and we intend to deploy all RDS roles (Gateway, Web Access, Connection Broker, and Session Host) in a high-availability configuration. We are able to follow the F5 (LTM only) deployment guide through Scenarios 1 and 2. We can create virtual servers on the F5 for the RD Gateway, RD Connection Broker, and RD Session Host roles. However, there is some confusion about how all of these VIPs interact to form the complete system and how the end user connects to the RDS deployment from the outside.

 

Specifically, we are confused about how the RD Connection Broker VIP/virtual server is used, particularly when RD Connection Broker load balancing is disabled via Group Policy as suggested by the F5 deployment guide. Once we disable RDCB load balancing, connectivity to the RDS deployment through the RDCB VIP no longer functions. We are still able to connect to the deployment via the RDSH VIP, but we are unsure if that is the proper configuration or which VIP F5 intends us to provide for end-user connectivity.

 

Further, we are having an issue with Scenario 4 in the F5 deployment guide, which deals with RD Web Access. This section instructs the RDS administrator to configure a RemoteApp source matching the RDSH VIP, which seems to be an important configuration step. However, this option is no longer available in RDS 2012 R2. How should this version be configured to achieve the same result?

 

Any assistance would be appreciated.

 

10 Replies

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Hi Jlee, in our testing, the RDCB VIP is only used in combination with Remote Desktop Gateway. When using RDSH, the Session Host servers contact the Connection Broker servers directly. When using RD Gateway servers, those servers will use the RDCB HA FQDN to communicate with the Connection Broker.

     

    I'm not sure what you mean by the option not being available in 2012 R2. Do you mean that configuring RemoteApp sources is no longer an option?

     

    thanks

     

    Mike

     

  • Thanks for the quick response.

     

    I'm not aware of any configuration on the RDGW for the RDCB HA FQDN - can you specify where this is configured?

     

    That's correct; there is no longer an option to configure a RemoteApp source in RDWA. There is an option to set the client access FQDN for the RDS deployment using the Set-RDClientAccessName PowerShell cmdlet, but this also changes the RDCB HA FQDN in the deployment's configuration, which is a bit confusing.

     

    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      I'll check this in the lab and update the guide if necessary. IIRC, you just need to set the HA FQDN in the Remote Desktop deployment properties in Server Manager and it will pick it up automatically.
    • Brendan_Fusco_1's avatar
      Brendan_Fusco_1
      Icon for Nimbostratus rankNimbostratus
      Hi Mike - I'm a colleague of jlee's jumping into the discussion here. Thanks for your responses - looking forward to the results of your lab testing. Are you referring to the "DNS round robin name" setting for the Connection Broker high availability in Server Manager? This is the property set by the Set-RDClientAccessName PS cmdlet as well. Whichever FQDN is set here also becomes the farm FQDN provided in the .RDP files generated by RDWA, which is the issue that we face. Setting the RDSH VIP FQDN here makes everything work but raises the question of where the RDCB VIP FQDN is used at all in the configuration. If the RDCB VIP FQDN is set here, clients are unable to connect into the environment as long as we have RDCB load balancing disabled in Group Policy, which is recommended by the F5 deployment guide.
    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      Hi Brendan, you are using RD Gateway, correct? When I connect to a published session host collection through RDWA, the client connects to the RD Gateway FQDN on 443. The gateway servers use the RDCB FQDN to locate the user's session on the broker and then they proxy the client through to the RDSH servers. The client sees the RDCB FQDN as the host name in the RD client, even though it's connected to a session host server. When you say that you set the RDSH VIP FQDN in the RDCB HA config, where are you getting that FQDN? I guess I mean that there should only be 2 FQDNs that you need in this case-one for RD Gateway and another for RDCB. Mike
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    I think I'm starting to see the confusion. I do NOT have "Use RD Connection Broker load balancing" configured in Group Policy, which means (according to the GP help) that "you can configure the RD Session Host server to participate in RD Connection Broker load balancing by using the Remote Desktop Session Host Configuration tool".

     

    However, this tool no longer exists in Windows 2012! Supposedly the setting to enable RDCB LB is now part of the Session Collection properties, but I don't see anything there about RDCB. The "Load Balancing" widget in the collection properties only contains the server names, which I think are added by default when you create the collection. So I think with High Availability RDCB enabled, we must be participating in RDCB LB by default unless we explicitly disable it (as you did).

     

    That bit about not using RDCB LB was carried over from the 2008 section. I think we'll need to update the guide, but I will do some more research on it first.

     

    The answer to your second question is "it depends". For example, if I point my RDP desktop client at the FQDN for the RDSH virtual server and specify the RD Gateway in the "Connect from anywhere" settings, the gateway servers will connect via that virtual and then find the correct RDSH server. You can also point at an individual RDSH server via the gateway and it will work.

     

    • Brendan_Fusco_1's avatar
      Brendan_Fusco_1
      Icon for Nimbostratus rankNimbostratus
      Thanks for your continued work on this, Mike - it's much appreciated! That makes sense, as it was only when we disabled the "Use RD Connection Broker load balancing" setting that connectivity ceased to function. We assumed that was the appropriate setting as it's the only way to disable RDCB load balancing in 2012 since (as you mentioned) the RDSH configuration tool no longer exists. I think what we'll do is have F5 virtual servers for the RDCB, RDGW, and RDWA roles, but not for the RDSH servers. We'll have the RDCB load-balancing enabled to direct users to the RDSH servers, and we'll publish the RDCB HA FQDN as the address to connect to the farm. Let us know if you have any additional findings or if you're planning to update the F5 deployment guide. Thanks again!
    • dzedler's avatar
      dzedler
      Icon for Nimbostratus rankNimbostratus
      Just stumbled across this post. First of all, RDS with Server 2012 R2 is very poorly documented by Microsoft as if no one would implement on-premise solutions nowadays. The F5 deployment guide and iApp just continue to deploy RDS as if it still were 2008 or 2012 R1. We ended up doing exactly what you wrote. TCP 3389 load balancing for RDCB HA, which should be an option in the iApp, HTTPS and UDP 3391 balancing for the RDGW as configured by the iApp, and HTTPS load balancing for the RDWA, which should also be available in the iApp. You do not need anything else, running RDS without RDCB is not possible in 2012 R2, therefore load balancing the RDSH farm (which now is a collection) with F5 is no longer possible. RDWA is also necessary for seemless integration into Windows 8.1 or higher to be able to configure work resources which integrate with the start menu.
  • I am also facing the problem of RDP via F5 and raised concern in another que but didn't get response..