In part 7 we will extend our deployment and add second Session Host server but before we configure and extend our farm we need to make some clarifications about how connection broker will balance sessions between session host servers and what we need to think about when we have users that are using built-in RDP to connect to the farm, as well as remoteapps and full desktop access on the same session host.
-
Connection Broker vs Round Robin
As we know, from server 2012 we should use connection broker to balance sessions between session host servers. Many are still using DNS Round Robin. If you have a special reason to configure it this way you can still do it, but it is not the preferred method. Round robin won’t dynamically route new connections if a host goes down. What we need to do is to create a new A record and point it to connection broker and not session host servers. If manually using the RDP Client to connect is a requirement what you need to do is set the default collection in the RD Connection Broker server’s registry. You can only specify one Default collection. Without this, when you RDP to the FARM name (which is pointing to RD broker) RDP will send you to the Connection Broker itself and you will get access denied because you have no way of specifying the target collection in the user interface. Another thing about 2012/2012R2/2016 is users are normally expected to launch a connection via RD Web Access or RemoteApp. The reason for this is to provide them with an up to date, correctly configured .rdp file to use based on your deployment and collection settings that has the target collection embedded within it.
When you launch a connection from RD Web Access, the prompt that comes up should show the FQDN of your broker for Remote computer. For multiple brokers this FQDN would point to a NLB cluster of your brokers, or hardware load balancer for your brokers, or DNS RR for your brokers.
-
Does RD Connection Broker balance sessions based on CPU or Memory
Another question that came up is does broker balance sessions based on resources on the session hosts and the answer is no. The broker will balance the load based on number of active and pending connections. New sessions are created on the session host with the least number of sessions. It does not consider RDSH RAM usage, CPU %, Disk IO, or other resource metric when making its decisions. For that you would need to write a custom plugin for the broker or use third-party software.
-
Can we use same RD Session Host server for both RemoteApps and Full Desktop?
By default this cannot be done, but there is a workaround. When we are configuring our Collection we have 2 options. We can configure it as Remote Desktop or RemoteApp so when you publish your first RemoteApp, the collection resource type is set to “RemoteApp”. When you publish your first Remote Desktop, the collection resource type is set to “Remote Desktop”. If you specify RemoteApp you will not be able to see RDP icon in RD Web Access and Show the session collection in RD Web Access option will be grayed out. (We will configure this later)
-
I got many questions regarding RemoteApp not logging users off
By default RemoteApp sessions will remain in disconnected state after a user ends their RemoteApp(s) or disconnects from their RemoteApp session. This setting can be changed in GPO. (We will configure this later)
Let’s see how we can configure all of this. I will be doing everything from RD Connection Broker
First step is to add second RD Session Host server. Open powershell as admin and run
Add-RDServer -Server rdsh02.nm.com -Role RDS-RD-SERVER -ConnectionBroker rdcb01.nm.com
Once done, we can verify it on RDS node.
Let’s add our new RDSH to the collection. Click on your Collection name and scroll down to the Host Servers. Click on Tasks –> Add RD Session Host Servers
Add your second RDSH and click on Next and ADD
Once done, we will be able to see it under the Host Servers.
We can access Load Balancing settings under Collection Properties
In this load balancing setup both servers are equally weighted for sessions. You could re-balance this if hardware resources are not the same across all servers in the collection. In this example we load balanced a Full Desktop session collection, but the steps to take for doing so is exactly the same for load balancing a RemoteApp collection.
Now if we try to login with different users using RD Web Access we will be able to see that connection broker is doing its job and load balancing users.
Now comes the question, what if we have users that need to connect to RDS farm using built-in RDP client? That what we need to do first is to create a new A record and specify connection broker IP address.
Next step is to use .rdp file that we manually download from RDWeb and then we need to edit the downloaded rdp file with Notepad and copy the portion of the loadbalanceinfo setting. We will need that info to configure default collection on connection broker server.
Copy the loadbalanceinfo setting
Next open the regedit on the RD Broker and browse to
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings and create a new registry setting Name: DefaultTsvUrl
REG_SZ and paste in the value from rdp file
Now we can open built-in RDP client and type in the collection name and that’s it.
Next thing we need to configure is the RemoteApps and Full Desktop on the same session host. Let’s publish one RemoteApp and see how it looks like next time we login to RD Web Access. I will publish Calculator and login as rdsuser2. We can see that RDP icon disappeared.
If you go under collection properties you will notice that Show the session collection in RD Web Access option is grayed out which means that we cannot have both Full Desktop and Remote Apps by default.
To fix this we have 2 options. First one is to publish Remote Desktop Connection app and specify /v:fqdn_sessionhostserver under properties or we can configure this editing registry settings.
Let’s first publish RDP icon in Remote Apps. Click on Tasks (Under RemoteApp Programs) and select Publish RemoteApp Programs
Select Remote Desktop Connection and click on Next and Publish
Once done, right click on the RDP and select Edit Properties
Click on Parameters and select Always use the following command-line parameters and type in /v:<rdsh.domainname> and click OK.
Browse to the RD Web Access and login. You will see RDP icon and if you click on it you will be able to access both session host full desktop and remote apps on the same server.
Second option is to edit registry and configure it that way. Let’s see how this will work.
On your connection broker run regedit and browse to HKLM\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Terminal Server\ CentralPublishedResources\ PublishedFarms\ collection\ RemoteDesktops\ collection
Change registry setting ShowInPortal from 0 to 1
Please note that the configuration with both RemoteApps and Full Desktop on the same server is not officially supported by Microsoft, if you configure User Profile Disk in the future, you will not be able to mount UPD in second remote desktop session.
The last thing we need to configure is the RemoteApp log off settings. You will notice that if a user click on log off in rd web access he/she will be disconnected instead of logged off and it is because there is no log off option within RemoteApp session. Users can press ctrl+alt+end to sign out but let’s be honest 99,9 % of all users will never do it. To accomplish this we need to configure session time limit GP setting on the Session Host server, which is under Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
That’s it. I hope this has been informative for you. Next part will focus on RD Gateway. We will discuss about RD CAPs and RD RAPs, protocols, ports, certificate etc.
Thanks for reading!
Cheers,
Nedim
Nedim's IT CORNER 
Thanks you again Medim for this post,
I have a permanant problem on my RDS Farm.
Each time I restart RDSSH and RDSCB servers, I get the following error:
“”The server pool does not match the servers in the Broker service for Remote Desktop Connections that it contains. errors:
Cannot connect to any of the Broker servers for the specified Remote Desktop connections. Make sure no servers are available and Remote Desktop Management Services (rdms) Service Broker for Desktop Connections (tssdi). Administration of connections to RemoteApp programs and Remote Desktop Services (tscpubrpc) are running.””
To resolve this issue, i restart services, but in production environnement, it’ll not possible to restart service.
Is there a way to fix it?
Thank you for your reply.
LikeLike
Hello,
Are you running RDCB HA?
LikeLike
Yes Nedim,
We are running RDCB HA.
I found the problem, the database was unmounted, i mounted the database and restart all the servers.
But this problem often occur even if the database is mounted.
I need a way to definitively resolve this issue.
LikeLike
Yes, I am
LikeLike
Even the database is well mounted, i encounter this issue, i always need to restart rds services.
Is there a way to fix it ??
LikeLike
Thank you for this one, specially for explaining what is the default collection and how to do with when user are using default rdp client instead of rd web access.
LikeLike
Do you think it would be bad practice to have only 2 servers? One being the Connection Broker and Session Host and then also a second Session Host for load balancing? Thanks for all these posts, quickly became my go-to for beginning deployment and testing. HUGE help.
LikeLike
Hi,
I have a RDS 2012 platform with 2 brokers, 2 UPD servers and 3 RDSH.
My problems are:
– When i configured registry on broker servers, i continue received access denied, i install now Broker on 2 RDSH servers and now i can connect directly with Dell wyse clients.
-But i recently get this error (connexion denied, broker failed to redirect the client), i change client settings by choosing RDP client only in place of Negociate.
– when i restart two broker(whic is also RDSH), active session do not show anything and i’m obliged to remove a broker and add again
– i encountered random temporaly profiles, delete registry key do not fixed the problem
I have 2 questions:
1) Is the registry modification is compatible with 2012 server ?
2) How can i fixed active session permanently?
3) How can i fixed temp profiles?
thanks in advance, i should go i production this week so i need to fix all those issues.
LikeLike
Hello,
I fix the 1) after reinstalling broker server and reconfigure registry.
For 2) and 3), i’m still waiting your comment.
Thanks for your future help.
LikeLike
Is there a way to publish Remote app and Desktop on RD Web to show respective users only as I am able to publish to both Remote App & Desktop but it’s showing to everyone. My question is how we can publish for few users to Remote App only and for the rest of the user can see Remote Desktop.
LikeLike
Hi,
You will need to create a new group for those users and edit the remote app properties. There you have field User Assignment. We can limit the particular RemoteApp to specific users, so only those users that are allowed to use the application will see it. This is done per – remoteApp basis, so we have to do this for each and every specific RemoteApp
LikeLiked by 1 person
Thanks, It’s really appreciated….
LikeLike
I would still like to be able to set the default to Log off/Sign out for connected users, instead of the Disconnected. I’ve set the GP “Add Logoff to the Start Menu” in [User Configuration>Administrative Templates>Start Menu and Taskbar] to Enabled, but it only works for the classic Start menu. I can’t seem to figure it out…
LikeLike
Hi,
Are you talking about Remote Apps here? If you are talking about session host then users have the sign out option when they right click on the start menu under shutdown or sign out. If you would like to configure sign out option to remote apps, that what you can do is to publish logoff.exe as a remote app and you are good to go.
Just be sure to change icon to something that represents log off. Browse to c:\windows\system32. Select shell32.dll and select the Windows Update icon. The IconIndex for interface works top to bottom -1 so if you want to use shutdown icon then it is 27
Get-RDRemoteApp -Alias “logoff” | Set-RDRemoteApp -IconPath “c:\windows\system32\shell32.dll” -IconIndex 27
LikeLike
Hello,
On the Connection broker versus DNS RR, you said ” What we need to do is to create a new A record and point it to connection broker and not session host servers. ”
I want to know if Broker verifiy avaibility of a session host before redirect user to him?
Thanks for your reply.
LikeLike