As the title says, Remote Desktop Services works great internally but fails to broker sessions externally. I setup a three-server RDS farm with Windows Server 2008 R2, two servers are identically configured Session Hosts (RD1a and RD1b), the other is a Session Broker with RD Web Access (RDBroker1) with an HTTPS certificate. My attached diagram shows the setup we have internally and externally and what I believe should be happening.
What is happening is when the end user connects via the RDP client, the RDBroker server begins to connect, but then freezes as it's trying to redirect the connection to either RD1a or RD1b for a session. Eventually the RDP client closes. From the web, users can successfully get to and log into the web site. Once in, sometimes connecting to RDP via the web or to a Remote App works externally, but oftentimes it too will fail to direct the connection to one of the session hosts and fail to connect to the app or RDP session. My guess is that is has something to do with DNS. The RDBroker server is a dedicated session broker, and it along with the session hosts are using IP address redirection.
We have DNS round robin setup on our external DNS with the farm name "RDF1.company.com" along with external URLs for RD1a and RD1b:
We also have our internal DNS setup the same way with the 10.XX.XX. series of addresses. It seems that when the broker is trying to redirect a session it may be trying to send the external client to an internal 10.XX.XX.XX address, which is why it's not connecting. Internally everything works perfectly, but not from outside. Should we add the external DNS addresses to our internal DNS somehow, or are there any other suggestions? We also have the RD Gateway installed on the RDBroker1 server. Can we configure that to tunnel RDP traffic through HTTPS somehow? I look forward to your assistance.