[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 229
  • Last Modified:

How do I set up terminal server session broker?

I currently have a terminal server environment that consists of 1 domain controller and 1 terminal server.
All works well.
Now I have added a second terminal server - identical to the first, and a separate server to act as session broker.

I set everything up as per this guide:

MS session broker setup guide

However, once I put both of the servers into the farm, the main one always takes me on to the main one, and the second one refuses the connection.

I think there may be a complicating factor because the servers have local IPs assigned to their NICs, but we access them via public IP which is then NATed by a pfsense firewall - so I am wondering if when I log in to one of the servers, it is querying the session broker, determining that the other server should handle the logon, then redirecting to the local IP, which the "client" cannot access because they are connecting over the WAN..?

Its the first time I have set this up as well, which doesnt help.

Just wondering if anyone has any ideas?
0
davids355
Asked:
davids355
  • 3
  • 2
1 Solution
 
Cliff GaliherCommented:
You cannot simply NAT a TS Farm. Microsoft provides the TSGateway role to properly handle external connections.
0
 
davids355Author Commented:
OK, I didnt really mean that, the NAT issue might be completely irrelevent - I just mentioned it because I thoguht it might be an issue.

Basically, setting session broker completely aside, our system operates as follows:

1 domain controller.
1 terminal server.

they are on the same local network - 1.2.3.x
all of our users access the terminal server remotely, so they use remote desktop, and the host is a public IP - PFsense then forwards the traffic on 3389 to the local IP of the terminal server.
I just wondered whether that scenario would work with session broker out of the box?

The real issue for me is that session broker is not working, Im not sure if the above would make the setup more complex? Or if I am just doing something wrong?
0
 
Cliff GaliherCommented:
If you are forwarding port 3389 then the broker will not work. It cannot tell pfsense to forward traffic to another server. That is why a gateway server is needed, and that doesn't use 3389.
0
 
davids355Author Commented:
^^Thanks. Is that something to do with the "connect from anywhere" setting in RDP client? I think I have used that before when configuring RDP over SSL.

Could you point me to a guide or tell me roughly how it should be set up?

Should my dedicated session broker server be configured as gateway server?
0
 
Cliff GaliherCommented:
It os very straightforward, but TechNet has everything you need. As far as location, I don't recommend colocating it with RDCB or RDSH. If you can, a DMZ is best.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now