How do I set up terminal server session broker?

Posted on 2014-08-20
Last Modified: 2014-09-15
I currently have a terminal server environment that consists of 1 domain controller and 1 terminal server.
All works well.
Now I have added a second terminal server - identical to the first, and a separate server to act as session broker.

I set everything up as per this guide:

MS session broker setup guide

However, once I put both of the servers into the farm, the main one always takes me on to the main one, and the second one refuses the connection.

I think there may be a complicating factor because the servers have local IPs assigned to their NICs, but we access them via public IP which is then NATed by a pfsense firewall - so I am wondering if when I log in to one of the servers, it is querying the session broker, determining that the other server should handle the logon, then redirecting to the local IP, which the "client" cannot access because they are connecting over the WAN..?

Its the first time I have set this up as well, which doesnt help.

Just wondering if anyone has any ideas?
Question by:davids355
    LVL 56

    Expert Comment

    by:Cliff Galiher
    You cannot simply NAT a TS Farm. Microsoft provides the TSGateway role to properly handle external connections.

    Author Comment

    OK, I didnt really mean that, the NAT issue might be completely irrelevent - I just mentioned it because I thoguht it might be an issue.

    Basically, setting session broker completely aside, our system operates as follows:

    1 domain controller.
    1 terminal server.

    they are on the same local network - 1.2.3.x
    all of our users access the terminal server remotely, so they use remote desktop, and the host is a public IP - PFsense then forwards the traffic on 3389 to the local IP of the terminal server.
    I just wondered whether that scenario would work with session broker out of the box?

    The real issue for me is that session broker is not working, Im not sure if the above would make the setup more complex? Or if I am just doing something wrong?
    LVL 56

    Accepted Solution

    If you are forwarding port 3389 then the broker will not work. It cannot tell pfsense to forward traffic to another server. That is why a gateway server is needed, and that doesn't use 3389.

    Author Comment

    ^^Thanks. Is that something to do with the "connect from anywhere" setting in RDP client? I think I have used that before when configuring RDP over SSL.

    Could you point me to a guide or tell me roughly how it should be set up?

    Should my dedicated session broker server be configured as gateway server?
    LVL 56

    Expert Comment

    by:Cliff Galiher
    It os very straightforward, but TechNet has everything you need. As far as location, I don't recommend colocating it with RDCB or RDSH. If you can, a DMZ is best.

    Featured Post

    Do email signature updates give you a headache?

    Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

    Join & Write a Comment

    Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now