In part 7 we will extend our deployment and add second Session Host server but before we configure and extend our farm we need to make some clarifications about how connection broker will balance sessions between session host servers and what we need to think about when we have users that are using built-in RDP to connect to the farm, as well as remoteapps and full desktop access on the same session host.
Connection Broker vs Round Robin
As we know, from server 2012 we should use connection broker to balance sessions between session host servers. Many are still using DNS Round Robin. If you have a special reason to configure it this way you can still do it, but it is not the preferred method. Round robin won’t dynamically route new connections if a host goes down. What we need to do is to create a new A record and point it to connection broker and not session host servers. If manually using the RDP Client to connect is a requirement what you need to do is set the default collection in the RD Connection Broker server’s registry. You can only specify one Default collection. Without this, when you RDP to the FARM name (which is pointing to RD broker) RDP will send you to the Connection Broker itself and you will get access denied because you have no way of specifying the target collection in the user interface. Another thing about 2012/2012R2/2016 is users are normally expected to launch a connection via RD Web Access or RemoteApp. The reason for this is to provide them with an up to date, correctly configured .rdp file to use based on your deployment and collection settings that has the target collection embedded within it.
When you launch a connection from RD Web Access, the prompt that comes up should show the FQDN of your broker for Remote computer. For multiple brokers this FQDN would point to a NLB cluster of your brokers, or hardware load balancer for your brokers, or DNS RR for your brokers.
Does RD Connection Broker balance sessions based on CPU or Memory
Another question that came up is does broker balance sessions based on resources on the session hosts and the answer is no. The broker will balance the load based on number of active and pending connections. New sessions are created on the session host with the least number of sessions. It does not consider RDSH RAM usage, CPU %, Disk IO, or other resource metric when making its decisions. For that you would need to write a custom plugin for the broker or use third-party software.
Can we use same RD Session Host server for both RemoteApps and Full Desktop?
By default this cannot be done, but there is a workaround. When we are configuring our Collection we have 2 options. We can configure it as Remote Desktop or RemoteApp so when you publish your first RemoteApp, the collection resource type is set to “RemoteApp”. When you publish your first Remote Desktop, the collection resource type is set to “Remote Desktop”. If you specify RemoteApp you will not be able to see RDP icon in RD Web Access and Show the session collection in RD Web Access option will be grayed out. (We will configure this later)
I got many questions regarding RemoteApp not logging users off
By default RemoteApp sessions will remain in disconnected state after a user ends their RemoteApp(s) or disconnects from their RemoteApp session. This setting can be changed in GPO. (We will configure this later)
Let’s see how we can configure all of this. I will be doing everything from RD Connection Broker
First step is to add second RD Session Host server. Open powershell as admin and run
Add-RDServer -Server rdsh02.nm.com -Role RDS-RD-SERVER -ConnectionBroker rdcb01.nm.com
Once done, we can verify it on RDS node.
Let’s add our new RDSH to the collection. Click on your Collection name and scroll down to the Host Servers. Click on Tasks –> Add RD Session Host Servers
Add your second RDSH and click on Next and ADD
Once done, we will be able to see it under the Host Servers.
We can access Load Balancing settings under Collection Properties
In this load balancing setup both servers are equally weighted for sessions. You could re-balance this if hardware resources are not the same across all servers in the collection. In this example we load balanced a Full Desktop session collection, but the steps to take for doing so is exactly the same for load balancing a RemoteApp collection.
Now if we try to login with different users using RD Web Access we will be able to see that connection broker is doing its job and load balancing users.
Now comes the question, what if we have users that need to connect to RDS farm using built-in RDP client? That what we need to do first is to create a new A record and specify connection broker IP address.
Next step is to use .rdp file that we manually download from RDWeb and then we need to edit the downloaded rdp file with Notepad and copy the portion of the loadbalanceinfo setting. We will need that info to configure default collection on connection broker server.
Copy the loadbalanceinfo setting
Next open the regedit on the RD Broker and browse to
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings and create a new registry setting Name: DefaultTsvUrl
REG_SZ and paste in the value from rdp file
Now we can open built-in RDP client and type in the collection name and that’s it.
Next thing we need to configure is the RemoteApps and Full Desktop on the same session host. Let’s publish one RemoteApp and see how it looks like next time we login to RD Web Access. I will publish Calculator and login as rdsuser2. We can see that RDP icon disappeared.
If you go under collection properties you will notice that Show the session collection in RD Web Access option is grayed out which means that we cannot have both Full Desktop and Remote Apps by default.
To fix this we have 2 options. First one is to publish Remote Desktop Connection app and specify /v:fqdn_sessionhostserver under properties or we can configure this editing registry settings.
Let’s first publish RDP icon in Remote Apps. Click on Tasks (Under RemoteApp Programs) and select Publish RemoteApp Programs
Select Remote Desktop Connection and click on Next and Publish
Once done, right click on the RDP and select Edit Properties
Click on Parameters and select Always use the following command-line parameters and type in /v:<rdsh.domainname> and click OK.
Browse to the RD Web Access and login. You will see RDP icon and if you click on it you will be able to access both session host full desktop and remote apps on the same server.
Second option is to edit registry and configure it that way. Let’s see how this will work.
On your connection broker run regedit and browse to HKLM\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Terminal Server\ CentralPublishedResources\ PublishedFarms\ collection\ RemoteDesktops\ collection
Change registry setting ShowInPortal from 0 to 1
Please note that the configuration with both RemoteApps and Full Desktop on the same server is not officially supported by Microsoft, if you configure User Profile Disk in the future, you will not be able to mount UPD in second remote desktop session.
The last thing we need to configure is the RemoteApp log off settings. You will notice that if a user click on log off in rd web access he/she will be disconnected instead of logged off and it is because there is no log off option within RemoteApp session. Users can press ctrl+alt+end to sign out but let’s be honest 99,9 % of all users will never do it. To accomplish this we need to configure session time limit GP setting on the Session Host server, which is under Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
That’s it. I hope this has been informative for you. Next part will focus on RD Gateway. We will discuss about RD CAPs and RD RAPs, protocols, ports, certificate etc.
Thanks for reading!