Jay Schwegler
asked on
RDS Farm Confusion
I have an odd situation that I can't explain and wanted to pick a few brains. I'm building a new large Server 2016 Terminal Server Farm with the following specs. I only have 1 Session host because I'm testing right now.
3x Gateways
2x Connection Brokers in HA with SQL
1x Session Host
The gateway resource policy allows the dns names for both connection brokers and the cluster/HA name for the HA Connection Brokers
If I try to login, the gateway properly sends it to the CB, the CB proxies it properly to the session host, but then the connection stops and you get the typical "Can't connect to <HA Address> because of gateway reasons. So the CB is sending it to the session host, but the login to the actual session host isn't being allowed and/or timing out as the log on the CB supports.
If I look at the log on the gateway, it indicates 2 pairs of successes for the authorization polices out to the CB which all work, then a deny saying it failed the resource policy.
If I add the session host FQDN to the gateway resource policy, then the entire connection works and the login works fine.
I've made plenty of Terminal Server farms in the past and I'm pretty sure I never needed to add the actual session host to the resource policy, but just the CB FQDN and the HA name if there is one.
Is this actually required for some reason?
3x Gateways
2x Connection Brokers in HA with SQL
1x Session Host
The gateway resource policy allows the dns names for both connection brokers and the cluster/HA name for the HA Connection Brokers
If I try to login, the gateway properly sends it to the CB, the CB proxies it properly to the session host, but then the connection stops and you get the typical "Can't connect to <HA Address> because of gateway reasons. So the CB is sending it to the session host, but the login to the actual session host isn't being allowed and/or timing out as the log on the CB supports.
If I look at the log on the gateway, it indicates 2 pairs of successes for the authorization polices out to the CB which all work, then a deny saying it failed the resource policy.
If I add the session host FQDN to the gateway resource policy, then the entire connection works and the login works fine.
I've made plenty of Terminal Server farms in the past and I'm pretty sure I never needed to add the actual session host to the resource policy, but just the CB FQDN and the HA name if there is one.
Is this actually required for some reason?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.