Cell PhonesComputersConsumer ElectronicsGraphic Design & Video EditingHome Theater & AudioIndustrial TechnologyInternet

Remote Desktop Session Broker Load Balancing

Updated on December 12, 2016

Introduction

This article will talk about load balancing terminal servers with relation to Windows Server 2008 R2 servers.
Normally, load balancing is a technique for distributing load over a number of servers.
In the Microsoft Remote Desktop or Terminal Services world, load balancing is really about managing the number of sessions being distributed over a number of terminal servers. For example, if one server has two remote desktop sessions and each session is running high-cpu intensive applications, and a second server has 20 remote desktop sessions with each session running "notepad", the next connection to the Remote Desktop (terminal services) load balancing farm will be re-directed to the first server because it has less connections (regardless of actual load on the server). This load balancing mechanism is called Remote Desktop Connection Broker.

Remote Desktop Connection Broker

The RD Connection Broker does more than just distribute the number of remote desktop connections. If you accidentally disconnect from a session, and you reconnect
again, it will put you back to your original disconnected session regardless of the number of connections on that server.

To use the RD Connection Broker, you must install the RD Connection Broker role on a server which is part of the same domain as your terminal servers (Remote Desktop Servers).

There will be a group called Session Broker Computers on the server that is running the RD Connection Broker role, or in Active Directory if the RD Connection Broker role is installed on a domain controller. You need to add the terminal servers which will be part of the RD Connection Broker farm as members of this group.

Configuring the terminal servers to connect to the RD Connection Broker

In order for the terminal servers to be part of the Connection Broker farm, you need to make a few changes to the Remote Desktop Session Host Configuration.

To configure the terminal servers to talk to an RD Connection Broker server:

1. Open up Remote Desktop Session Host Configuration
2. Double click on Member of farm in RD Connection Broker

Remote Desktop Session Host Configuration

RD Connection Broker settings

The Relative weight of this server in the farm setting determines the number of sessions that should connect to this server. The minimum setting is 1. You can use this value to “drain” users over a period of time so that all users connections go to other terminal servers in the Connection Broker farm. This will then make this server have no user connections (except yourself). This server is then available for maintenance.

You also need to select the “IP Address redirection (recommended)” setting and your clients must be able to access ALL the terminal servers in the RD Connection Broker farm directly or through the firewall.

The other option is “Use Token Redirection”. It is good in theory, but doesn’t work with most load balancers. The Token Redirection option allows Connection Broker to be used in conjunction with another load balancer which supports Connection Broker’s Token Redirection, and this allows access to the other terminal servers in the Connection Broker farm by clients whose firewall may not permit access to all of the terminal servers in the farm directly.

Check/Tick Farm member.

The RD Connection Broker server name is the FQDN (fully qualified domain name of the server with the Connection Broker service). This name can be an internal FQDN hostname which gets resolved by the local DNS server.

The Farm Name is the FQDN of the terminal server farm. The farm name can either be setup on and internal DNS server or an external DNS server. The farm name has multiple entries in the DNS server with multiple IP address assignments. These IP addresses are of the terminal servers in the terminal server farm. For example, let's say MyFarm1 is the name of terminal server farm. There are 2 terminal servers with IP addresses of 192.168.1.5, and 192.168.1.6 respectively. There would be the following entries in the DNS server:

MyFarm1 Host(A) 192.168.1.5
MyFarm1 Host(A) 192.168.1.6

Obviously the DNS server has to support DNS Round Robin.

Round Robin DNS Load balancing

RD Connection Broker requires the use of another load balancing mechanism to distribute the initial load from the client to the terminal servers.

For this article, I will describe the use of DNS Load Balancing. With DNS load balancing, you need to host your domain names with a Domain Name registrar which supports Round Robin DNS if the servers are to be accessed by external clients. Otherwise, Windows own DNS servers support Round Robin DNS.

With Round Robin DNS, you can set up multiple identical hostnames that have different IP addresses. The round robin DNS mechanism allows clients which request an IP address from a host name to get all the IP addresses, or just one of the IP addresses that was assigned to the host. If only one IP address is returned, subsequent requests by clients will result in other IP addresses being returned in a “round robin” fashion.

So for our terminal servers which are part of the connection broker farm, you need to create identical host entries (identical host records) for the farm name with the corresponding IP address of each terminal server in the farm. These identical host records are actually the DNS name for the RD Connection Broker Farm .e.g. rdfarm.mydomain.com .

When a user runs the Remote Desktop client, it should be configured to connect to the fully qualified domain name (FQDN) of the farm name e.g rdfarm.mydomain.com. The RD client first tries to resolve the farm name ( rdfarm.mydomain.com ) to a DNS server. If it resolves, it will either return one IP address, or all of the addresses for the hostname. This is called DNS load balancing, as the IP address that is returned first is not necessary the same one the subsequent times. This is called Round Robin DNS Load Balancing.

RD Connection Broker in Action

When the RD Client connects to the terminal server by way of the IP address that it was given from the round robin DNS server, the terminal server authenticates the user via Active Directory, and then checks with the server that has the Remote Desktop Connection Broker role as to whether the user connection should stay on the original server, or be redirected to another server in the farm.

If the Connection Broker says redirect to another server, the terminal server sends a message back to the RD Client with the IP address of the server that it needs to connect to. Therefore, if the client is on an external network, the client's outbound firewall rules need to open up port 3389 for all the IP addresses of the terminal servers. Likewise, the firewall on the network for which the terminal servers belong to need to allow inbound connections to the terminal servers.

NOTE: Even though Token Redirection in theory should be used if clients cannot open up the ports for all the IP addresses, IT WILL NOT WORK unless you are running a Load Balancer which supports token redirection. The Microsoft’s Network Load Balancing feature (NLB) does not seem to support Token Redirection. It will seem to work, but it does not return you to your disconnected session sometimes. So be warned!

Logging in twice - double Windows logon screen

If an older version of the RD client is used to connect to the terminal server farm, it may prompt for the user to enter the username and password again as you get “redirected” to another server.

You can just re-enter the username and password, or upgrade your Remote Desktop Client which will make it support Network Level Authentication (NLA), which does the authentication behind the scenes to prevent this double logon screen. The Remote Desktop Session Host Configuration must have it’s RDP-TCP properties configured so that the Security Layer setting is either Negotiate or SSL (TLS1.0).

Conclusion

Setting up terminal services load balancing requires adding the right roles to the right servers and making a few configurations to the servers and DNS. It does not cost any extra money to have it all set up and functioning correctly.

NOTE: Terminal Services is a terminology used for Windows 2008 and earlier. With Windows Server 2008R2, Microsoft changed the terminology to Remote Desktop Services. I used both names in my article as many people still refer to the technology as terminal services.

Comments

    0 of 8192 characters used
    Post Comment

    • profile image

      Gareth 4 years ago

      Quick question, I have 12 rds servers in a farm using rds apps, this works perfectly, there is a need for the web based apps. do I need to install Network load balancing or will the broker balance the rdweb connections as well. im trying to figure this one out. yes im using round robin dns entry's as well.

      let me know thanks a mil

    • sengstar2005 profile image
      Author

      sengstar2005 4 years ago from Sydney

      Hi Gareth, when you mentioned web based apps I am assuming you meant the "Apps" which you normally run from the RDS server which is published on the RemoteApp and RD web page.

      When you click on a published App it launches the RD client locally, which connects to the RDS server to run the app. The session broker will balance these RD sessions launched from the RD web page also.

    • profile image

      Noel-R 3 years ago

      If the RDP-TCP properties configured so that the Security Layer setting is either Negotiate or SSL (TLS1.0). Users who must change their passwords are prompted with this message.

      "You must change your password before logging on the first time. Please update your password or contact your system administrator or technical support."

      And given no opportunity to log into the network to change their password. Is there a workaround for this issue? It can be hard to manage if home based users passwords expire.

      This change did indeed fixed the issue where clients that are directed to one of the two servers we have in the farm must log in a second time.

    • profile image

      PatOC 3 years ago

      I have 4 RDSH servers in the farm. The connection broker is allowing multiple sessions for a user if those users get connected to different servers. Is this a known problem or do I have a configuration issue? RDSH Connection Broker settings are set to restrict each user to a single session as is the restriction on the session host.

    • sengstar2005 profile image
      Author

      sengstar2005 3 years ago from Sydney

      It shouldn't let the same account log into different servers in the RDS farm. I think there's probably a config problem.

    • profile image

      TPWinn 3 years ago

      Are there any tools (MS or external) that allow an admin to create reports across the entire farm? We are trying to isolate some RD refresh and freezing issues across a 5 server farm and the problems may or may not be tied to a specific server in the farm or a specific remote site connecting in. I can go into the 'Remote Desktop Services Manager' and add all servers to a group and visually see the information I need in the 3 tabs 'User, Sessions and Processes' but I can see no way to export or report this information for historical analysis.

      Any insight would be greatly appreciated.

    • sengstar2005 profile image
      Author

      sengstar2005 3 years ago from Sydney

      Hi,

      We are currently looking at seeing if Splunk (www.splunk.com) will be able to manage logs and identify issues across multiple servers. I would suggest you look at Splunk to see if it does what you need.

    • profile image

      Jay 10 months ago

      Hey great article :) thanks for sharing ,i just want to clarify something i have configured RDS farm in my environment there are 3 servers and i have 5 terminal license on each server ,when i am taking rdp it connects priority1 server ,and same as for every other user till terminal limit is full den only it connects to 2nd priority here my question is how can divides the user session ,because i don't want to give full load on server,i want to divide the traffic parallely plz suggest

    • sengstar2005 profile image
      Author

      sengstar2005 10 months ago from Sydney

      Hi Jay, check your relative weight setting. If you make them the same value on each RDS server in the farm it should distribute the connections evenly. Since you have 5 terminal server licenses per server, perhaps try using a value of 5 for each server.

    • sengstar2005 profile image
      Author

      sengstar2005 10 months ago from Sydney

      Hi Jay, Have you tried making the relative weight the same value ie. 5 , across all your RDS servers in the farm?

    Click to Rate This Article