I have a four-server Win2k8 Terminal Services Farm, currently utilizing TS Session Broker + DNS Round Robin for load balancing. All servers are 64-bit and have SP2 installed. Our TS Session Broker machine is a 32-bit Windows 2008 (SP2) VM running on VMware ESX Server 3.5.
Whenever our remote users connect from the WAN (via a basic port forwarding rule on the firewall), they will usually get as far as entering their username and password, but then as the server appears to begin logging them in, it will hang at the "Welcome" screen and then disconnect them after about 10-20 seconds.
The problem does not happen every time, but does happen most of the time. Probably about a 70/30 failure/success ratio. Interestingly, the problem _never_ happens when connecting from the LAN. I have tried changing the firewall and I have reviewed the NAT and filtering rules extensively. The firewall is a Snapgear SG580.
The issue has been present for some time now (3 months+). We have involved Microsoft and have tried various potential fixes but none have worked. We are currently at the point where MS has escalated it to their Chinese team but I am yet to see a solution from them.
I have replaced our core switch (HP Procurve) and tried both NLB and DNS Round Robin load balancing solutions. I have tried adding another NIC to one of the Terminal Servers and forwarding RDP requests to this NIC (ruling out TS Session Broker). I have even tried disabling Trend Micro AV, all to no avail.
Interestingly, when we forward port 3389 to a Windows 2003 server on the network, it works perfectly, every time.
I saw this problem once before on a Windows 2008 SBS machine, which leads me to believe that this is a bug in Windows 2008 server. Googling brings up nothing. Surely I'm not the first person to experience this??