Connecting to Server 2012 R2 Remote Desktop Services Collection

we are building a Server 2012 R2 Remote Desktop Services Collection, with a single connection broker and two session broker servers. We find that we can only connect to the session brokers if we use the RDP shortcut generated by the Web access component within our deployment. if we try a "normal" RDP connection, it tries to connect to the connection broker only, and fails as the user is not a member of the remote desktop users group. if we try the RDP link generated by the RD Web Access component, it connects as it should do. is there something I am missing that is contained in the generated RDP link that a normal RDP connection doesn't have?
ITPTAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DrDave242Senior Support EngineerCommented:
When you try the "normal" RDP connection, what specific server are you trying to connect to?

Also, when you say session brokers, I'm assuming you mean session hosts. "Session broker" is the old (pre-2012) name for the connection broker. (Microsoft and their ever-changing terminology...)
ITPTAuthor Commented:
when I try the normnal RDP connection, I go to the connection broker (and yes, session hosts :)), this bombs with a message about the user not being in the remote desktop users group. having looked at the connection details in notepad++ they appear quite different:

normal RDP:

use multimon:i:0
desktopwidth:i:1680
desktopheight:i:1050
session bpp:i:32
winposstr:s:0,1,362,94,1386,822
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i:0
disable wallpaper:i:0
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
full address:s:sptcb01.mycompany.DOMAIN
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:gateway.pantek.co.uk
gatewayusagemethod:i:2
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:1
promptcredentialonce:i:0
use redirection server name:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:
gatewaybrokeringtype:i:0
smart sizing:i:1
devicestoredirect:s:*
drivestoredirect:s:


generated RDP (from web access)

redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:1
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:i:0
gatewaycredentialssource:i:0
full address:s:SPTCB01.mycompany.DOMAIN
gatewayhostname:s:gateway.mycompany.co.uk
workspace id:s:SPTCB01.mycompany.domain
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.Pantek_RDP
use multimon:i:1
alternate full address:s:SPTCB01.mycompany.DOMAIN
signscope:s:Full Address,Alternate Full Address,Use Redirection Server Name,Server Port,GatewayHostname,GatewayUsageMethod,GatewayProfileUsageMethod,GatewayCredentialsSource,PromptCredentialOnce,RedirectDrives,RedirectPrinters,RedirectCOMPorts,RedirectSmartCards,RedirectClipboard,DevicesToRedirect,DrivesToRedirect,LoadBalanceInfo
signature:s:AQABAAEAAADXBAAAMIIE0wYJKoZIhvcNAQcCoIIExDCCBMACAQExCzAJBgUrDgMC  GgUAMAsGCSqGSIb3DQEHAaCCA0AwggM8MIICJKADAgECAhA2B0Og1QLLuUcGSnBB  HlnHMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNVBAMMFXNwdGNiMDEucGFudGVrLmRv  bWFpbjAeFw0xNDExMjExNTM1MThaFw0xNTExMjExNTU1MThaMCAxHjAcBgNVBAMM  FXNwdGNiMDEucGFudGVrLmRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC  AQoCggEBAMGBVXeenbJ3hFpAiGHEY6WKKzoWXfefOmwxpSsHvIogiE5psJlxoMxp  iA1wUn6HiwAqB8XUFQGmuRQOBoOluuQZCE/EjLOHDhmAuN3SCTzQ62CvJ2V4Iekz  YavLCUOKO25TtUXSF81kB0MzlqTD1UuaissWo18xcBHN2T3kYUB19WtQPMQ+QkD/  JGZ1diQcYOHSXtI9DX7ryD10iyy5D8ydxISWZ2mLHWSJ9iJ+eWSly9xkXU520YA5  7B7N9iknSHbvBtnz5jNTnVFLZi/F6OV5QrsUXjv81mQNV/VROVYjcqp8ot3mXyUp  RGeBNBPAsME556KWo0PBFY1IU8fcVvMCAwEAAaNyMHAwDgYDVR0PAQH/BAQDAgWg  MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAgBgNVHREEGTAXghVzcHRj  YjAxLnBhbnRlay5kb21haW4wHQYDVR0OBBYEFLGGiohM1bYNY1W8aNMYLkF1lt/v  MA0GCSqGSIb3DQEBCwUAA4IBAQCNhZUVaLKcuShdSkc1f2g0lV4lJrdDfG1lA4Nu  H8RZ03hrVCKF7Xk19Fnc8Q6gW/j/8sX6TG9z0+Bto286Hnv2BZ8G898fHmQb7X6F  olBAl3keekF3KF6MvygKTnyx/Y5cclLU7qnnvdV0Lm9Yoyw6jeM8EhuoJDuDUo7Z  3kFVr/naZ/O8utRNOhsJrmgGR/uulJy4E3oHR8UCQe4btuefd7sv2zSSck+hOA8K  a9epZwkBzGhyhBU2AUpZI/T6elGC3HumPDYuyw5ky+QwRLfm5Ps3RTobqqNN6ZJ1  /5qki/Cek7MePA9NjyLmokESSXP+r5neAwUVKTtdX8BnO6WaMYIBWzCCAVcCAQEw  NDAgMR4wHAYDVQQDDBVzcHRjYjAxLnBhbnRlay5kb21haW4CEDYHQ6DVAsu5RwZK  cEEeWccwCQYFKw4DAhoFADANBgkqhkiG9w0BAQEFAASCAQBOTXXWmUXINPyfdhnN  Lo04tQQ4U2z2/dHb1T6wnx3YnBjLBTHPuRQ0zWvoEAVlFpsnhY5KzFUnPaPtbprv  rZLQfbzQnVTWl1UhykN4dCMPhTaH1j71+kRCYXxslDBlARw7zlCIk57Tz6eMNBOD  8pH+CcxkYMw3OqnIegwARXB5U5mkee4aRNhHUiBjuNKWQAr/9jpUYxzIfUni3lTs  5vB13STvXD7if1x5BREgxdYY7G0LOPuqdYgUEg2zjhMs+/8kw/LnQGznDw8EdvkP  X+wGHN3U+zLSfCTjFzTc+5+atSTwOSremvFUO+/yuUrxXh0SiwNCsb7oIBykApxS  eOh5  
screen mode id:i:2
desktopwidth:i:800
desktopheight:i:600
winposstr:s:0,3,0,0,800,600
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i:0
disable wallpaper:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1


all addresses resolve in DNS. at this point, we're still using self cert SSL in the deployment (no need for remote access outside the domain)
DrDave242Senior Support EngineerCommented:
Have you created DNS records for the session host server farm with the IP addresses of the two session hosts? If so, what happens if you try to connect to the farm name?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ITPTAuthor Commented:
bingo - that's done the trick, many thanks for this :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.