2012 RDS Farm issues

I have some questions about a new 2012 RDS farm. My environment consists of

RDGW - Gateway
RDBR - Broker and Web access
RD1, RD2, RD3 - Session hosts
DC - Licensing server

I have configured all roles and certificates through sever manager. The RD Gateway name (configured from Server Manager -> Remote Desktop Services -> Edit Deployment Properties -> RD Gateway servername) I configured is rds.domainname.com. I have an SSL cert purchased for this domain name, and it has been imported to all of the roles in server manager.

I have configured DNS round robin, with 3 A records, labeled "RDS" to point to the individual session hosts. So internally, RDS.domainname,com resolves to the 3 session host IPs.

Question 1.) From what I read on technet article, the RDP client connects to one of the session host servers, who will contact the session broker before completing the client connection. The broker will then tell the rdp client whether to connect to the session host DNS had resolved it to, or direct the client to a different session host based on number of sessions (it will direct client to the host with the least amount of sessions). Is this correct?

Question 2.) Internally, when I RDP to rds.domainname.com I am directed to one of the 3 session hosts. Internal RDP is working. However, when I try to use the web portal, RDGW.domainname.com/rdweb I can authenticate and am presented with the published apps, but when I click on one and launch the RDP icon that is downloaded, I get an error that "Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to". I am not sure what is causing this issue.

Question 3.) Secondly, I am trying to configure external remote access. I have an A record on web hosting provider configured to point rds.domainname.com to a public IP. This public IP is NAT'd to the internal gateway server (RDGW) IP and port 443 and 3389 are open. On the external RDP client, I know configured the gateway in advanced RDP settings to point to rds.domainname.com. I am assume that for the computer name I will also configure rds.domainname.com, since once it hits the gateway server DNS will resolve internally rds to one of the session hosts. Is this correct? When I set the computername to rds.domainname.com I am connected to the gateway server, not an RDS session host.

Question 4.) I also noticed when I publish remote apps through the collections, I no longer have the remote desktop in rd web access. Is there a way to have both? I have read that 2012 RDS does not support both published apps and remote desktop. I also found some articles on ways around it, such as changing a registry value on the gateway server, but this did not work for me. Is this possible or can I only choose one of the other?
Thanks in advance for the help!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CCtechAuthor Commented:
In regards to connecting remotely via RDP...

 I was told that I should be directing RDP clients to the connection broker and it will redirect the client to one of the three session hosts. When I RDP to the connection broker, I am getting connected to the broker itself, not the session host servers.

I have the public IP set up, so I can set up my RDP client remotely using rds.domainname.com as the gateway and it will connect.

For the computer name I am able to use any of the 3 session host servers and connect to them, but I am not being redirected.

If I use rds.domainname.com as the computername  I am connected to the gateway server.

If i use rdbr for the computer name, I am connected directly to the borker, not the session hosts.

Where is my configuration going wrong? 
Cliff GaliherCommented:
Answer 1:  The behavior you described is how things worked in 2008 R2. This has changed in 2012. Now the initial connection should be to the RDCB directly. Don't use round-robin DNS anymore. That breaks the RDCB functionality.

Answer 2: This is because you've misconfigured things. By having rds.domainname.com point to three machines, RDGW can't connect properly to the RDCB and things are failing. Fixing #1 will fix #2 if you do so properly.

Answer 3: You should not be putting rds.domainname.com into both. But if each machine has its own name (as it should) then you won't have to. You can let the connection broker do its thing *or* you can specify a machine, overriding the RDCB logic. Either route,  you wouldn't use a generic round-robin DNS record.

Answer 4: You cannot have both *in the same collection.*  You can create multiple collections. One collection for remote-apps. One for remote desktops.  This is perfectly supported. Don't go hacking on your RDS server with manual registry changes.


In short, 2012 made significant and fundamental changes to RDS. Most for the better. But there are a lot of people trying to do things the old way. And even a few writing blog posts on how to break RDS in very bad ways.  Remember, not everything you read on the internet is good advice or true. Unless TechNet is absolutely failing you, stick to that. Everything I mentioned above can actually be found on TechNet with not too much searching.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
Gah. Also meant to mention. Don't forward port 3389 from the outside. That defeats the purpose of RDGW and is also a *huge* security risk.  Don't do it.
CCtechAuthor Commented:
Thank Cliff. After working with Microsoft support the issues were resolved by moving connection broker and web access roles both the the gateway server.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.