RemoteApp 2012 R2 Restrict Access to Session Host Desktop

Similar Messages

• RDS 2012 External access for Session Hosts over different port to default 443

  Hello there
  I am having problems solving this problem as you may see on other posts, so I am going to try again.
  I have two Server 2012 machines for RDS. Server 1 one with all roles (Gateway, Broker, Session host etc.) and second machine, Server 2 as a session host only. I am running RDWeb Apps, with CA certificate installed and
  everything works fine internally.
  Due to limitations on the router I had to change the default SSL port on the gateway (Server 1) to 4043. I have this and 3391 for UDP open to Server 1 from the router.
  Working externally, I can login to the RDS site and open apps form Server 1, but when I try to open an app installed on Server 2, I get a certificate error.  The error is:
  “Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address
  and the certificate subject name do not match. Contact your network administrator for assistance". 
  The certificate address the error points to is referring to is an SBS 2011 cert for RWW and email. Experimenting, if I use 443 on the Server 1
  gateway instead of 4043 and change the router accordingly, it then works. I can open apps form both session hosts externally . But not if is set to 4043. 
  For the record Server 2 session host also gives this error:
  Event ID: 1280 Warning Microsoft Windows TerminalServcies-session broker client 
  Remote Desktop Services failed to join the Connection Broker on server sever-vm1.local.
  Error: Current async message was dropped by async dispatcher, because there is a new message which will override the current one.
  Because everything works fine using default 443, I figure this is a communication or firewall issue between the gateway and the session host on Server 2.  
  Can anyone help here? 
  Many Thanks 
  MIS5000

  Hi,
  Thanks for your comment.
  Have you check the connection on your second server?
  Can you ping the server 2 from server 1?
  As from the event ID 1280 it seems there is some network connectivity to RDCB server. Also please “Add the RD Session Host server to the Session Broker Computers group” & RDWeb server's computer account needs to be a member of the local TS Web Access Computers
  group on your RDSH server.  You can get the detailed information from this article.
  In addition, do you have certificate purchased and install from trusted root authority. There is some requirement to use certificate for RDS environment, please consider following points.
  1. The certificate is installed into computer’s “Personal” certificate store. 
  2. The certificate has a corresponding private key. 
  3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
  You can get more details regarding certificatehere.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Remote desktop connections not showing in server manager 2012 for one of the session hosts

  This is a three server deployment with one server being the connection broker, gateway, licensing, etc with two session host only servers.
  rdmgr
  rd1
  rd2
  Using the server manager on the rdmgr connection broker (or any other server for that matter) yields only connections from rd2 with nothing from rd1 displaying.  
  Users can connect to rd1 without issue.
  At one point rd1 had the connection broker role installed also but high availability was not setup.  I removed the role hoping it would correct the problem but no luck.
  Any help would be appreciated.  Thanks.

  Hi,
  1. Is rd1 part of a collection?
  2. On rd1, in Computer Management, is the broker's computer account a member of the local RDS Management Servers group?
  3. If you run the below command do you get a list of sessions:
  query user /server:rd1
  4. Any errors/warnings in either the broker's or rd1's event log?
  Broker: Event Viewer\ Applications and Services Logs\ Microsoft\ Windows\ TerminalServices-SessionBroker
  rd1: Event Viewer\ Applications and Services Logs\ Microsoft\ Windows\ TerminalServices-SessionBroker-Client
  Both: System and other logs
  -TP

• Using Windows 2008 R2 RD Session Hosts in Windows 2012 RD Deployments

  Just a couple of observations from our attempt to deploy Windows 2008 R2 RD Session Hosts as part of a Windows 2012 RD Deployment. Hopefully these save someone the angst of not finding answers in other documentation.
  1. Our first hurdle was trying to add a Windows 2008 R2 server (RD02) as a Session Host in the Remote Desktop Services area in Server Manager on our Windows 2012 RD Deployment server (RDCB01), which had the Connection Broker, Web Access and Session
  Host role services installed. After some side-tracking through AD issues, we eventually discovered that we had to manually add RD02 to the list of servers to manage in Server Manager on RDCB01. Then it was visible and could be selected.
  2. Now that we could, we tried to actually add the RD02 Windows 2008 R2 Session Host to the 2012 Deployment. This failed the previously unheard of compatibility tests with the error "Compatibility check failed" "The server is not running at least {0}". A
  list of requirements is shown:
  You will not be able to proceed with the installation unless ALL the following criteria are met:
  The server must be available by using Windows PowerShell remotely.
  The server must be running at least Windows Server 2012.
  The currently logged on user must be a member of the local Administrators group on the server.
  The server must not have a pending start.
  We were also concerned that we could not change many of the properties of Published Applications on our 2012 Publishing server. In our case changing an icon was critical for user acceptance to distinguish between application functions.
  It seems RDS is an all or nothing approach between 208 R2 and 2012 versions. The only thing we were able to get going in time was some limited Published Application capability.
  I agree with other posters in their assessments of wholesale changes to RDS in 2012, and a lack of readily available definitive information. 

  Hi,
  It seems that no official documents suggest that 2008 r2 could be involved with the 2012 rds infra.Even on the server 08 and 08r2,i don't suggest mixing them for potential incompatibility.
  Any further discussions about this issue are welcomed here for all of you.
  Regards,
  Clarence
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Windows 2012 Remote desktop session host server not detecting RD licensing server

  Hi,
  We have a customer server which is Windows 2012. We installed RDS session host server role and configured it to use RD licensing server as per the
  https://support.microsoft.com/kb/2833839?wa=wsignin1.0
  After configuring, when I open RD license diagonser tool, it says, RD license server is not available. Also shows, credential not available. When I enter the credential by clicking, provide credentials, it does not get applied. I see no event logs related
  to RD service. However, I see the below event log which points to RD licensing server.
  DCOM was unable to communicate with the computer <RD license server> using any of the configured protocols; requested by PID     273c (C:\Windows\system32\mmc.exe).
  Please help in fixing the issue.
  Thanks,
  Umesh

  Hi Umesh,
  Thanks for your comment.
  During your configuration, have you specified RD License server for RDSH to use?
  You can also specify a license server for the RD Session Host server to use by applying the Group Policy under below path.
  Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing 
  Use the specified Remote Desktop license servers – Provide the FQDN of the license servers to use
  Also this setting can be specified by below method.
  To configure the license server on RDSH/RDVH:
  $obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
  $obj.SetSpecifiedLicenseServerList("License.contoso.com")
  Note “License” is the name of the License Server in the environment
  To verify the license server configuration on RDSH/RDVH:
  $obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
  $obj.GetSpecifiedLicenseServerList()
  More information.
  RD Licensing Configuration on Windows Server 2012
  http://blogs.technet.com/b/askperf/archive/2013/09/20/rd-licensing-configuration-on-windows-server-2012.aspx
  In addition you can refer this article for reference.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Changing RemoteApp Session Host connection name in 2012

  I am looking for a way to change the server name you connect to (on the Session Host), like you could in 2008 R2. Pictures a worth a thousand words, so I've attached a picture of exactly what I am looking for:
  The servers are setup so their names are servername.domain.local, but since they will be facing outwards (with a RD Gateway between them, of course) and non-domain members will be accessing them, we need a way to change the "server name" to servername.domain.com
  (.dk actually, but you get the point), so the certificate applies to it.
  Currently, connecting looks like this:
  We don't want our customers getting this dialog box. Any help is appreciated.

  Hi,
  The architecture is changed.We don't use the DNS RR or NLB to redirect the initial connection any more.We just need the RDCB database to redirect the connection.The process is simplified.In short, there is no need to change the server name like the above.All
  the changeable settings are on the RDCB.To get dialog box disappeared,you need to change the cert name to match the destination computer.
  Regards,
  Clarence
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Server 2012 R2 RDS- Only want the Session Host, Connection Broker and Licensing Server!

  Hi all,
  Wondering if anyone has experience with implementing Remote Desktop Services (RDS) on Windows Server 2012 R2.
  I am doing an RDS design for a platform where we only need an RDS Session Host, Licensing Server and Connection Broker. We do not need web access as these servers will simply be jump boxes internally!
  However, implementing this correctly in our test environment has proved to be tricky. The options are:
  Use the Server Manager and do a traditional install via Roles and Features ( specifically add the Session Host, Licensing Server and Connection Broker). The installation process seems to go through ok in this scenario but when I head over to the Remote
  Desktop Services section of the Server Manager I simply get the message 'An RDS Deployment does not exist in the server pool. To create a deployment head to Roles and Features'.
  Use the specific ‘Remote Desktop Services installation’ option on the Server Manager and do a Session Based Desktop deployment and Quick Start. This installation process seems to go through correctly and the Remote Desktop Section seems to be working
  correctly via the Server Manager. However this process is ‘hard locked’ i.e. it installs the session host, web access and connection broker. I can then remove the web access component later from Roles/ Features.
  Is there a best practice (if any) for installation? i.e. Will there be any issues down the line if I remove RDS Web Access from my server while following method 2?
  There is a complete lack of documentation from Microsoft here so not sure what to do! Just need a basic RDS session based deployment.

  Hi,
  As I know from server 2012\R2 the best deployment skill is to perform via “Remote Desktop Services” installation mode with Standard deployment and don’t let single role to install. Because when we install through RDS mode, there are specific extra tools and
  services activated along with that deployment which you can’t find with single role installation. And that is for sure, when we install RDS role as of this, by default we will get install RDCB, RDSH and RDWA role installed.
  Sorry don’t have any option to try to remove that role as that role basically needed for RemoteApp and Desktop purpose. But if you want then you can try it with help of “Remove-RDServer”Powershell command.
  https://technet.microsoft.com/en-us/library/jj215506.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• RemoteApp and Session Host on same servers?

  I have been asked to architected a new deployment of our RDS server with Windows 2012. I have identified that we are standing up a Gateway, Web access, RemoteApp and session host. VDI is a pain point for us so that will not be in this implementation.
  My question is right now we have several RDS servers some performing the role of Session host and some as dedicate RemoteAppp servers. I am being told that the recommended way is to create one farm and have all the servers setup to support both
  roles. Is this the best way to provide these services? Are there any gotchas with this approach?

  Hello one and all : Fixed. You can. Im not a Microsoft Agent or other, Im often called an IT Fireman.
  Anyhow, I Googled a lot and found how to "fix" this issue. This article...
  http://support.microsoft.com/kb/2833839
  ...describes the process.
  But in short:
  1) You must make this a basic domain server, all be it self contained.
  2) Use a bit of PowerShell to make the same server recognise the local
  Remote Desktop Licensing server.
  3) Reboot a few times and use the Install Rolles and Features to do the Quick RDS install. Let it choose all the options. It was at this point that I stopped writing down what I was doing, but I simply followed the error messages and recommended solutions.
  Eventually, everything works. I have my 2008R2 looking RemoteApp and Remote Desktops on my wizzy new server with better WAN compression.
  QED.
  But I have to say, I needed no Googling nor two days to get this working on Server 2008, and no need for Linux style command line interface options either. Comme on guys... Even if someone makes a "PowerToy" to do all this... can someone please make it easier,
  not harder ? I hate to think whats next... compile your own PowerShell before you can use it (and maybe write it in VI before you can compile it ... ?)
  But its now working... so the little companies I help will be happy again.
  Cymon

• Relation between RD Connection broker and RD session host farm in 2012 R2

  Good Day
  I have configured standard RDS session based deployment recently on 2012 R2 servers
  Everything is working as expected
  The setup has TWO RD Session host, 1 Session Broker, one RD Web access and one RD Gateway
  I have created 2 DNS records named Rdsfarm.domain.com for my RDS1 and RDS2 session host servers and if I connect to this
  rdsfarm.domain.com with RDP from TS clients, i am able to connect to any one of TWO rds servers without any problem
  However some part is not clear to me
  I have not added rdsfarm.domain.com any where except my RD Gateway server RAP policy
  Also I have added my RD Broker server in RAP allowed group above.
  I don't see any config where this farm name is associated with my RD Broker server
  I have tried to connect to RD broker server from client, but it didn't redirect me to RD session host servers
  If I try to connect to my RDS servers with their FQDN , it gives me error that I must connect thru farm name
  Can you please help me to understand relation between RD session host servers farm and RD broker server ?
  Also I would like to know what exactly happens in background when user start RDP session by entering RDS farm name
  Note that RDS farm name is generic DNS Host(A) record pointing to my both RD session host servers
  I wanted to know is there any command or configuration I missed out as I don't see any config where Generic RD Session Host Farm name (DNS Host(A) record) is associated with my RD Broker server ?
  Thanks
  Best Regards
  Mahesh

  Hi,
  If you are opening Remote Desktop Connection and manually connecting to the broker then it will not work properly because you have no way of specifying the target collection in the user interface.  If manually using the RD Client to connect is a requirement
  what you can do is set the default collection in the RD Connection Broker server's registry.
  To specify the default collection, please create the registry setting below in the broker's registry:
  HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings
  DefaultTsvUrl     REG_SZ     tsv://vmresource.1.<VDI pool ID>
  To determine the correct value for DefaultTsvUrl please open RDWeb in a non-IE web browser and click on the icon for the collection you would like to be the default, then edit the downloaded rdp file with Notepad and copy the portion of the loadbalanceinfo
  setting that is similar to the above.
  An alternative would be to download the .rdp file from RD Web Access and double-click it to connect.
  As I mentioned above it is generally intended to have users connect via RD Web Access or RemoteApp and Desktop Connections feed or Remote Resources (uses the feed) so that the client will obtain the proper .rdp file from the server.
  To configure the FQDN that is published in the .rdp files you can use the cmdlet below:
  Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
  http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
  Below is a sample configuration based on what you have written:
  1. Published FQDN (using cmdlet above):  rdsfarm.domain.com  --> points to ip address of RDCB server.  When launching a RemoteApp or Full Desktop connection from RD Web Access, the prompt window will show this FQDN next to Remote computer.
  2. Gateway FQDN:  gateway.domain.com --> externally points to public ip address of your RD Gateway server.  TCP port 443 and UDP port 3391 need to be forwarded to the RDG's internal ip address.  When launching a RemoteApp or Full Desktop
  connection from RD Web Access, the prompt window will show this FQDN next to Gateway server.  This FQDN is set in Server Manager -- RDS -- Overview -- Deployment Properties -- RD Gateway tab.
  In RD Gateway Manager -- Properties of RD RAP -- Network Resources tab you should select Allow user to connect to any network resource or define a RD Gateway-managed group that has all of the FQDNs that the user will need to connect to.
  3. RD Web Access FQDN:  remote.domain.com --> internally points to the ip address of your RDWeb server, externally points to the public ip address of your RDWeb server.  This is the name you give users if they want to use RD Web, for example,
  https://remote.domain.com/rdweb
  If you want users to manually connect using Remote Desktop Client as well as use RDWeb it will be a bit confusing to them since they will need to use one FQDN when manually using the client and a different FQDN when using RDWeb.  You could fix this
  by having them only use one method or run RDWeb directly on the RDCB server, that way users would only need to know a single FQDN for both RDWeb and manual connections.
  4. You should have a wildcard certificate with subject of *.domain.com set for all RDS purposes in Deployment Properties.
  Thanks.
  -TP

• Event ID: 1280 Server 2012 RDS - web app fail on second session host

  Hello there
  Topography
  SBS 2011 (domain controller)
  Two VM’s:
  VM1 – All RDS rolls: RD Gateway , Connection broker, Licensing and RD access installed and acting as a session host with an active collection for RD web apps. A CA trusted certificate is installed.
  VM2 – Session host with a second collection for RD web apps
  Problem
  I have a single app installed on both session hosts (the apps require their own servers). Both appear on the RDWeb site available for use.  I can run the app hosted on VM1 no problem, but when I try to open the second app hosted on VM2 I get
  two issues:
  An error is returned
  “Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address and the certificate subject name do not match. Contact your network administrator for assistance".
  When viewing the certificate, it actually shows the CA cert installed on the
  SBS server for RWW, not the cert on VM1. This has me puzzled
  Secondly on VM 2, I get
  Event ID: 1280 Warning Microsoft Windows TerminalServcies-session broker client
  Remote Desktop Services failed to join the Connection Broker on server sever-vm1.local.
  Error: Current async message was dropped by async dispatcher, because there is a new message which will override the current one.
  When I run the app internally it seems to load but then disappears.
  Some further config info if it is relevant:
  I have port 4043 (443 used) as the only port directed to the gateway
  Am I missing something simple? DNS? Port forwarding issue on the router?  Its my first deployment of this nature with RDS 2012
  Regards
  MIS5000

  Hi,
  Thank you for posting in Windows Server Forum.
  Firstly please check the RDP version you are using. I suggest you to update to RDP 8.1 for better feature and functionality. Now other thing verify that you have the RD Gateway certificate name matches the external FQDN of the RD Gateway Server. Also please
  check that certificate is added under local computer\personal store and must be signed by trusted root authority. 
  Please check below article for more detail.
  TS Gateway Certificates Part III: Connection Time Issues related to TS Gateway Certificates
  http://blogs.msdn.com/b/rds/archive/2008/12/18/ts-gateway-certificates-part-iii-connection-time-issues-related-to-ts-gateway-certificates.aspx
  In regards to resolve other issue (Event ID 1280), identify and fix any connectivity problems between the RD Session Host server and the RD Connection Broker by doing the following:
  • Check network connectivity to the RD Connection Broker.
  • Start the Remote Desktop Connection Broker service. 
  • Add the RD Session Host server to the Session Broker Computers group.
  More information.
  Event ID 1280 — RD Connection Broker Communication
  http://technet.microsoft.com/en-us/library/ee890889(v=ws.10).aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Restricting access to the Admin WebConsole of WebAccess 2012

  Hi,
  With the new WebAccess 2012 web application, the console is now a WebConsole that can be accessed by the URL http://<server>/gw/webacc?action=Admin.Open
  I search the KB, the documentation and now this forum, looking for a way to restrict access to my precious WebAccess Console. No luck! (Only one thread ask for a similar solution restrict admin tool based on ip with no solution provided so far)
  Humm So we are only 2 guys in the Groupwise community concern with security in those days? No engineer at Novell ask himself if exposing an Admin console to the Whole Internet is a good idea?
  Furthermore, login (successes and failures) to the Webconsole are not written to log files. So I cannot even monitor if my WebConsole is under a brute force attack!
  Here some technical information to consider:
  1) I have Groupwise 2012 SP2 running under Windows 2008 R2
  2) Since the Admin Webconsole is hosted under the same web site as WebAccess, I cannot restrict access to the URL http://<server>/gw/webacc?action=Admin.Open without blocking at the same time access to WebAccess using firewall or IIS rule.
  3) I do not want to use IPS to restrict access to this URL
  Truly

  Francois, Just FYI the "green dots" are only accumulated by forum users taking the time to rate Laura's answers. She has no control over them and they speak for themselves. I've asked Knowledge partners to put the bit about rating in their signatures, it wasn't Laura's idea. Just FYI Laura also has the highest feedback scores out of all her peers in the program which also says something about her interactions here in the forums. As was pointed out, Laura is not a Novell employee, just another Novell user trying her best to stay on top of the issues and taking time out of her busy day to try to help other forum users. Nobody is going to be right 100% of the time. Please refrain from petty personal attacks in the future.
  I suggest you take the time to read the forum Terms of Service: https://forums.novell.com/faq.php?faq=novfor#faq_rules where it states clearly:
  Offensive Messages: Messages personally attacking, calling names, or otherwise harassing or being condescending to another forum member or any ethnic or religious group will be deleted. Offensive and/or vulgar language is not appropriate for Novell sponsored forums.
  Your message was offensive, personally attacking, condescending and was deleted as per the forum terms and conditions. I wouldn't be surprised if the volunteers around here were a bit slower to respond to any issue you may post here in the future.

• Windows 2012 RDS - Session Host servers High Availability

  Hello Windows/Terminal server Champs,
  I am new middle of implementing RDS environment for one of my customer, Hope you could help me out.
  My customer has asked for HA for RDS session host where applications are published, and i have prepared below plan for server point of view.
   2 Session Host server, 1 webaccess, 1 License/connection
  Broker & 1 Gateway (DMZ).
   In first Phase, we are planning to target internal user
  who connect to Session host HA where these 2 servers will have application installed and internal user will use RDP to access these application.
  In second Phase we will be dealing with external Party who connect from external network where we are planning to integrate with NetIQ => gateway
  => Webaccess/Session host
   I have successfully installed and configured 2 Session
  Host, 1 license/Broker. 1 webAccess & 1 Gateway. But my main concern to have session Host High Available as it is hosting the application and most of the internal user going to use it. to configure it i am following http://technet.microsoft.com/en-us/library/cc753891.aspx  
  However most of the Architecture is change in RDS 2012. can you please help me out to setup the Session Host HA.
  Note: we can have only 1 Connection broker /Licensing server , 1 webacess server & 1 Gateway server, we cannot increase more server due to cost
  factor.
   thanks in advance.

  Yes, absolutely no problem in just using one connection broker in your environment as long as your customer understands the SPOF.
  the session hosts however aren't really what you would class HA - but to set them up so youhave reduancy you would use either Windows NLB, an external NLB device or windows dns round robin. My preferred option when using the connection broker is DNS round
  robin - where you give each server in the farm the same farm name dns entry - the connection broker then decides which server to allocate the session too.
  You must ensure your session host servers are identical in terms of software though - same software installed in the same paths on all the session host servers.
  if you use the 2012 deployment wizard through server manager roles the majority of the config is done for you.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• Load Balancing 2012 R2 Session Host Collection with External Network Load Balancer

  Hi,
  We are moving from a 2008 R2 Remote Desktop session host deployment to 2012 R2. Previously, we used our Kemp hardware load balancer to distribute load between RDSH servers. We had a connection broker deployed so that if an existing disconnected session was
  detected during the initial connection, the user was directed back to that session.  
  In 2012 R2, we planned to again used the Kemp load balancer to main high availability for our RDSH collection, but are experiencing strange issues. It seems that the RD Connection Broker is also performing load balancing--the result being that initial connections
  to the RDSH collection may go to one RDSH server with the least connections through the Kemp, but then be redirected to a different RDSH server by the broker, even when there is no existing session for the user on that second server.
  Our question is: Should we not be using the Kemp balancer at all (how would this work)? Or should we disable load balancing by the connection broker (if so...how)?
  Further complicating our redirection issue with that the RDSH servers have multiple interfaces--one with public addresses and others with private. The connection broker seems to abritrarily pick among the destination RDSH server's available IP addresses
  for the redirection and trying to redirect to a private address will fail. We think we have worked around this by connecting to each RDSH server from a 2008 R2 server's RDSH Configuration console and choosing just the public adapter under the Network Adapters
  tab--is there no way to access this setting in 2012 R2?
  Thanks in advance!   
  Matthew

  Hi Matthew,
   As you are most likely already aware, inn Remote Desktop Services 2012 / R2 the Connection broker uses round robin DNS to load balance.
  To simplify things I would recommend that you let the connection broker load balance the sessions and use the KEMP to Load balance the RDweb and Gateway servers.
  Have a look at the following articles:
  http://ryanmangansitblog.wordpress.com/2013/03/11/create-a-rdwa-farm-using-a-kemp-load-balancer/
  http://ryanmangansitblog.wordpress.com/2013/03/31/rds-2012-configuring-a-rd-gateway-farm/
  http://ryanmangansitblog.wordpress.com/2013/09/05/load-balance-rds2012-rdwa-and-rdgw-using-sub-interfaces-on-kemps-loadmaster/
  As you have mentioned that you are migrating from a 2008R2 configuration, have a look at the following article:
  http://ryanmangansitblog.wordpress.com/2014/01/05/publish-rds-2008r2-desktop-on-rds-2012/
  Ryan Mangan | [email protected] | Help keep the forums tidy, if this has helped please mark it as an answer

• Can I use System Center 2012 Endpoint Protection in "Windows Server Remote Desktop Session Host" without buy the license ?

  Can I use System Center 2012 Endpoint Protection in Azure Virtual Machine Gallary's "Windows Server Remote Desktop Session Host" without buy the System Center 2012 Endpoint Protection license ?
  I want to protect my Azure RemoteApp against the malware.
  System Center 2012 Endpoint Protection installed Azure Virtual Machine Gallary's "Windows Server Remote Desktop Session Host".
  Now, I try to build Azure RemoteApp template by using the  Azure Virtual Machine Gallary's "Windows Server Remote Desktop Session Host" .
  Regards,
  Yoshihiro Kawabata

  Hi Yoshihiro,
  Unless and until Microsoft modifies the license terms for System Center 2012 Endpoint Protection and/or modifies the Online Services Terms (OST) and/or other document explicitly saying that use is included with the Azure RemoteApp (ARA) monthly
  fee I recommend you assume as that it is
  not included and license it separately for ARA if that is even possible, which is a separate question.
  For licensing it is best to be cautious and make decisions based on the official documents that are available that govern use of the software and services involved.  At this moment I'm not able to find a Microsoft document that grants use of System
  Center 2012 Endpoint Protection with Azure RemoteApp.
  When I first used the gallery template and noticed that Endpoint Protection was installed within it I had the same question as you.  I will update this thread if/when I obtain more information.
  -TP

• Can't add own application to RemoteApps - "You must specify a file from the RD Session Host server SERVERNAME by using the UNC path....

  Hi, there
  I'm not really pro- at RDS in server 2012 (r1), but I have a problem and don't find anything suitable on internet:
  I'm trying to publish one of my own, unlisted programs to rdweb, but it keeps saying "You must specify a file from the RD Session Host server SERVERNAME by using the UNC path...."
  1) I provided the path in the unc name - when I click "Add.." then i browse the the .exe file via network share, not via local path. So that should be OK
  2) Firewall is turned off and eventhough the exeptions are enabled, both of then, checked
  What else should I do to make this work?

  Okej, I found the sollution:
  You have to specify the path like \\hostname\drive_letter$\path-to-the-program.
  I was doing wrong because i wrote it like \\hostname\ShareName\path-to-the-program.
  I was misleded because the wizard wants me to find the program by clicking, and not by entring the path manualy.