Confused by RDS Connection Broker and DNS

Similar Messages

• RDS 2012 Connection Broker and round robin DNS?

  Hi,
  I have a set-up with three session host servers and one of them is also a connection broker. Round robin DNS is configured for the three servers and the clients, who are all on our internal networks, can connect just fine to the farm name. My
  questions is, is there any point in having round robin configured since the connections still need to go through the CB? Could i just have one DNS-record for the farm name pointing to the CB? My initial though was that round robin would add
  redundancy, but does it realy? I've tried to find answers on this but none of the articles and posts i've found are realy clear to me.
  Quite often the initial connection for clients is slow and my theory is that it's caused by the RR DNS records.

  Hi,
  Thank you for posting in Windows Server Forum.
  I think we need to have DNS RR entries for our RDS environment because DNS RR will be used by RDP clients to connect to the RD Connection Broker servers. Once when we allowed the entries of all server to DNS RR, when there is alternate connection need to capture
  for following server it will provided by DNS RR. 
  During the connection process, the end nodes (RDVH, RDSH, RDWA) will get configured with all the RD Connection Broker server names, and they will randomly choose one to connect to. The RDP clients will use the DNS Round Robin name configured to connect to the
  RD Connection Broker servers randomly.
  More information.
  RD Connection Broker High Availability in Windows Server 2012
  http://blogs.msdn.com/b/rds/archive/2012/06/27/rd-connection-broker-high-availability-in-windows-server-2012.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• RDS 2012 Connection Broker HA - DNS RR or NLB?

  I'm setting up a new RDS 2012 farm and I need very high availability. I'm deciding on how to configure the connection broker HA. I have 2 server VMs that will be the gateway, rdweb, and conn brokers. The Microsoft article you have probably seen
  RD Connection Broker High Availability in Windows Server 2012  recommends using DNS RR. And the standard
  recommendation for the rd gateway is to use Windows NLB.
  I'm a little perplexed as to why you would use DNS RR when you have a much more robust solution available with NLB. You are already setting up NLB for the gateway, so why would you use what I would say is an inferior choice with dns rr for the conn broker?
  The main issue I see is that if one of the cluster servers is offline, dns rr will at least 50% of the time point clients to a broker that's not available. With NLB, it's aware of the server being down and will point all clients to the one that's online.
  Am I missing something? Does anyone using NLB for conn broker have any input good or bad? Thanks much in advance...

  You need to read that:
  http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/remote-desktop-server-farms-explained-part1.html
  And when you said  "at least 50% of the time" don't forget the client DNS cache.

• Server 2012 R2 RDS- Only want the Session Host, Connection Broker and Licensing Server!

  Hi all,
  Wondering if anyone has experience with implementing Remote Desktop Services (RDS) on Windows Server 2012 R2.
  I am doing an RDS design for a platform where we only need an RDS Session Host, Licensing Server and Connection Broker. We do not need web access as these servers will simply be jump boxes internally!
  However, implementing this correctly in our test environment has proved to be tricky. The options are:
  Use the Server Manager and do a traditional install via Roles and Features ( specifically add the Session Host, Licensing Server and Connection Broker). The installation process seems to go through ok in this scenario but when I head over to the Remote
  Desktop Services section of the Server Manager I simply get the message 'An RDS Deployment does not exist in the server pool. To create a deployment head to Roles and Features'.
  Use the specific ‘Remote Desktop Services installation’ option on the Server Manager and do a Session Based Desktop deployment and Quick Start. This installation process seems to go through correctly and the Remote Desktop Section seems to be working
  correctly via the Server Manager. However this process is ‘hard locked’ i.e. it installs the session host, web access and connection broker. I can then remove the web access component later from Roles/ Features.
  Is there a best practice (if any) for installation? i.e. Will there be any issues down the line if I remove RDS Web Access from my server while following method 2?
  There is a complete lack of documentation from Microsoft here so not sure what to do! Just need a basic RDS session based deployment.

  Hi,
  As I know from server 2012\R2 the best deployment skill is to perform via “Remote Desktop Services” installation mode with Standard deployment and don’t let single role to install. Because when we install through RDS mode, there are specific extra tools and
  services activated along with that deployment which you can’t find with single role installation. And that is for sure, when we install RDS role as of this, by default we will get install RDCB, RDSH and RDWA role installed.
  Sorry don’t have any option to try to remove that role as that role basically needed for RemoteApp and Desktop purpose. But if you want then you can try it with help of “Remove-RDServer”Powershell command.
  https://technet.microsoft.com/en-us/library/jj215506.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• RDS 2012 Connection Broker and Web Access in different domains

  Hello!
  I'm trying to add Web Access (WA) server to RDS 2012 Deployment. WA server and other servers in Deployment are in different domains (in different forests with 2-way forest trust).
  WA server was added to Deployment
  successfully without any warnings.
  We have many applications published but in this new WA server there are no application icons in Rdweb page at all.
  There is nothing interesting in logs on WA server as well as on Connection broker servers. 
  Is this design
  acceptable? Which additional actions are needed to make application icons visible?

  Hi,
  Please refer below links and cross verify the Web Acess server settings.
  http://blog.kristinlgriffin.com/2010/03/rd-web-access-is-emply.html
  http://social.technet.microsoft.com/wiki/contents/articles/5974.the-case-of-invisible-remoteapp-programs-a-k-a-no-remoteapp-programs-listed-on-rd-web-access-site.aspx
  Regards,
  Manjunath Sullad

• Relation between RD Connection broker and RD session host farm in 2012 R2

  Good Day
  I have configured standard RDS session based deployment recently on 2012 R2 servers
  Everything is working as expected
  The setup has TWO RD Session host, 1 Session Broker, one RD Web access and one RD Gateway
  I have created 2 DNS records named Rdsfarm.domain.com for my RDS1 and RDS2 session host servers and if I connect to this
  rdsfarm.domain.com with RDP from TS clients, i am able to connect to any one of TWO rds servers without any problem
  However some part is not clear to me
  I have not added rdsfarm.domain.com any where except my RD Gateway server RAP policy
  Also I have added my RD Broker server in RAP allowed group above.
  I don't see any config where this farm name is associated with my RD Broker server
  I have tried to connect to RD broker server from client, but it didn't redirect me to RD session host servers
  If I try to connect to my RDS servers with their FQDN , it gives me error that I must connect thru farm name
  Can you please help me to understand relation between RD session host servers farm and RD broker server ?
  Also I would like to know what exactly happens in background when user start RDP session by entering RDS farm name
  Note that RDS farm name is generic DNS Host(A) record pointing to my both RD session host servers
  I wanted to know is there any command or configuration I missed out as I don't see any config where Generic RD Session Host Farm name (DNS Host(A) record) is associated with my RD Broker server ?
  Thanks
  Best Regards
  Mahesh

  Hi,
  If you are opening Remote Desktop Connection and manually connecting to the broker then it will not work properly because you have no way of specifying the target collection in the user interface.  If manually using the RD Client to connect is a requirement
  what you can do is set the default collection in the RD Connection Broker server's registry.
  To specify the default collection, please create the registry setting below in the broker's registry:
  HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings
  DefaultTsvUrl     REG_SZ     tsv://vmresource.1.<VDI pool ID>
  To determine the correct value for DefaultTsvUrl please open RDWeb in a non-IE web browser and click on the icon for the collection you would like to be the default, then edit the downloaded rdp file with Notepad and copy the portion of the loadbalanceinfo
  setting that is similar to the above.
  An alternative would be to download the .rdp file from RD Web Access and double-click it to connect.
  As I mentioned above it is generally intended to have users connect via RD Web Access or RemoteApp and Desktop Connections feed or Remote Resources (uses the feed) so that the client will obtain the proper .rdp file from the server.
  To configure the FQDN that is published in the .rdp files you can use the cmdlet below:
  Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
  http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
  Below is a sample configuration based on what you have written:
  1. Published FQDN (using cmdlet above):  rdsfarm.domain.com  --> points to ip address of RDCB server.  When launching a RemoteApp or Full Desktop connection from RD Web Access, the prompt window will show this FQDN next to Remote computer.
  2. Gateway FQDN:  gateway.domain.com --> externally points to public ip address of your RD Gateway server.  TCP port 443 and UDP port 3391 need to be forwarded to the RDG's internal ip address.  When launching a RemoteApp or Full Desktop
  connection from RD Web Access, the prompt window will show this FQDN next to Gateway server.  This FQDN is set in Server Manager -- RDS -- Overview -- Deployment Properties -- RD Gateway tab.
  In RD Gateway Manager -- Properties of RD RAP -- Network Resources tab you should select Allow user to connect to any network resource or define a RD Gateway-managed group that has all of the FQDNs that the user will need to connect to.
  3. RD Web Access FQDN:  remote.domain.com --> internally points to the ip address of your RDWeb server, externally points to the public ip address of your RDWeb server.  This is the name you give users if they want to use RD Web, for example,
  https://remote.domain.com/rdweb
  If you want users to manually connect using Remote Desktop Client as well as use RDWeb it will be a bit confusing to them since they will need to use one FQDN when manually using the client and a different FQDN when using RDWeb.  You could fix this
  by having them only use one method or run RDWeb directly on the RDCB server, that way users would only need to know a single FQDN for both RDWeb and manual connections.
  4. You should have a wildcard certificate with subject of *.domain.com set for all RDS purposes in Deployment Properties.
  Thanks.
  -TP

• Connection broker and RemoteApp manager role on the same server OK?

  Hello. I may have what seems to be a strange request here. I have a currently working 3 node TS farm consisting of 2 Terminal Servers with the RemoteApp role on them and 1 server running the connection broker. All is running fine but the RemoteApps I have
  published are prohibited to have the clipboard enabled for them due to PCI DSS compliance. I wanted to install some other apps and have the clipboard enabled but since it seems that the clipboard is a server setting and not a per app setting, I was hoping
  to just install these apps right on the server running the connection broker vs building a separate new TS server to host them. These other apps do not need to be in the load balanced environment.
  Can I just install the RemoteApp role on the CB server without any interruption to the farm?
  Thanks,
  Joe

  Hi Joe,
  Thank you for your comment.
  Can you let me the OS version of RDS Server?
  For better understanding, I can explain you that; RemoteApp is not a role which you need to install. But you need to install RD Web access role and then you can publish RemoteApp through that. For eg. If you are using Server 2012\R2 then you need to create
  a collection and after that you can publish the RemoteApp feature which you or your user can use through RD Web Access. 
  As per your comment you have already TS role installed, then you can install RD Web access through role based installation, select the role and server on which you want to install it. Please refer beneath article if you have server 2008 r2.
  Remote Desktop Web Access (RD Web Access)
  http://technet.microsoft.com/en-us/library/cc731923.aspx
  Hope it helps!
  Thanks,
  Dharmesh

• What ports to open between Connection broker and Web access hosts

  I have setup a 4 node 2008 R2 RDS farm (1 connection broker, 1 Web access, and 2 session hosts.) They were all built from the same image, but the web access and connection broker will not talk to each other. They are all on the same subnet, and ips are x.x.x.200-203 The Web access server can ping the Sesions hosts, the session hosts can ping each other, web access and the connection broker. But the Web access and Connection broker cant ping each other. I turned off the windows firewall and they can ping, and connect... So whats ports does it need open?
   Thanks!
  ~M

  Hello,
  Do you need any further helps? Please let us know it. Thanks.
  ·        Lionel Chen
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please [email protected]
  This posting is provided "AS IS" with no warranties, and confers no rights.

• RDS Connection Broker does not distribute the load among Session Hosts

  Hello Folks,
  I have a three server RDS setup in which the roles are distributed as follows:
  S1 -> RD Web Acc / RD Gateway / RD Connection Broker /Session Host
  S2 -> Licensing Server / Session Host
  S3 -> Session Host (and most powerful server)
  I would like the load to be distributed among the session hosts, depending on the resources of the servers. But in my setup, all the apps launched by the users are ran on S1 for some reason.
  Also, when I disable S1 from the list of session hosts that accept new connections, and start a new app from the conseole, I get an error saying: " An authentication error has occurred (Code0x607)"
  Any tips? 
  Edit: I had a workaround for Code 0x607 but I still get an error saying that "Couldn't open this program or file. Either there was a problem with <appname> or the file you're trying to open couldn't be accessed" 

  Hi,
  Thanks for your comment.
  Yes, we can deploy RDSH on all 3 servers and use as session host and that is a normal scenario for RDS Farm. You can refer following article for reference.
  Checklist: Create a Load-Balanced RD Session Host Server Farm by Using RD Connection Broker
  http://technet.microsoft.com/en-in/library/cc753891.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• AEBS and internet connection errors and dns errors.

  AEBS 7.3.2
  It was running fine until I turned on my mybook one day like I had done several times before.
  I received an error regarding a disk error with it. I could not find any problems though. But since then my AEBS has been having difficulty connecting to the internet. I can download via bit torrent, but not be able to surf the internet. I restart my internet connection, which involves turning off the power supply and restarting it, and I can surf the internet again. However, I receive a DNS server error, but everything seems to be fine, and I can surf the internet.
  If I restart the AEBS it will not allow me to surf the internet, even though it says everything is fine. I can actually manage to go to google and do google searches, cant navigate away from there, but none the less new content. I have managed to download via Itunes and bit torrent but not surf to hot mail.com etc.
  I know I can ignore it and the flashing amber light will go away, but that ignores the problem and doesn't fix anything. besides it still says I have an Internet connection error from day one. I dont't know why, and no ones been able to help with that.
  more info:
  My isp uses a dynamic IP, so I have to use the automatic dhcp setting.
  AEBS uses to go back to green light and automatically resolve the dns error, now not at all.
  Please help, this is very frustrating.
  thanks

  Bump, and of course I have set the message to ignore, which created a green light and now have 2 unresolved problem and internet works.
  Still have the DNS server error, despite manually putting it in.
  Still have internet connection error despite having a connection.
  If I restart my airport extreme, the DNS message goes away, but does not allow me to access the internet through any web browser, but it works through one of my computers via bit torrent, but nothing else.
  If I rest my internet connection I can access the internet, but recieve the DNS error. The internet connection error I have always had, for reasons unknown.
  Is the extreme broken?
  I have done a factory reset on the airport and hard reset on the internet complete with the unplugging everything. My connection is stable according to my ISP, and I agree with them.
  This seems to be a Airport extreme problem.
  Message was edited by: Ertman

• Rds 2012 r2 - Connection Broker - Round Robin DNS

  I am working on building a 2012 r2 RDS setup with 2 session hosts, a web app, and a CB.   We are currently using 2008 r2 in a rds farm setup that is working perfectly, but wanted to get some of the enhancements in 2012 r2.. so that is why i am going
  down this path. 
  It sounds like when doing reading, is that we can no longer just drop the fqdn of the dns rr of the session hosts in the RDP client and it will connect.  Instead we need to log onto the web access portal and connect that way?  I tried the DNS RR
  to point to the session hosts, and that seemed to work, but had issues when disconnecting and reconnecting it  would push me to another session host.
  Is there a way to get it back to using DNS RR and the session broker work like it did in 2008 r2? I feel like end users are going to struggle when working from home and setting up a RDP client.  Or do i just not use the connection broker and use a Load
  Balancer like HA PRoxy?
  The documentation is very lacking on RDS on the new os... 
  Thanks in advance for any advice

  Hi James,
  Thank you for posting in Windows Server Forum.
  From Server 2012\R2 we normally have initial connections going to the broker and not to our RDSH server directly as previously for server 2008 R2. Yeah we can use DNS RR for your RDS environment but with DNS RR is that it is unaware if the server is online
  or offline while my load balancer is service aware. So in case of a problem with a connection broker the request will be redirected to the active connection broker thanks to my load balancer. DNS RR does not have this feature. So it’s good idea if you can
  use NLB or any 3rd party Load balancer for web and gateway services. You can refer
  this thread for information.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• 2008R2 Connection Broker internal vs external name and UCC Certificates

  I have a RD Farm, all in 2008R2.  Consisting of Gateway, Connection Broker, multiple Session Hosts.  They belong to an AD Domain, xyz.local.  The machines have AD names, CB.xyx.local, GW.xyz.local, SH1.xyz.local, SH2.xyz.local.
  The internal DNS system has a Zone for the External Domain, MyDomain.com.  There are host records for the farm, rdpfarm.mydomain.com pointing to the Internal IP of the farm.
  The farm is accessible on the Internet at rdpfarm.mydomain.com via Public DNS.
  We have a VeriSign Public UCC Certificate, that has the public MyDomain.com SAN's for the hostnames for all the machines,  CB.MyDomain.com, GW.MyDomain.com, SH1.MyDomain.com, SH2.MyDomain.com, and the farm name is the Common Name rdpfarm.MyDomain.com. 
  (Note, as of soon, internal Domain names are no longer allowed on UCC Certificates)
  I have tried everything I can find to get the Gateway and/or the Connection Broker to answer using the rdpfarm.MyDomain.com name and match the Certificate, without success.
  As I recall in Exchange Server we face a similar problem, but there is a method in Exchange to cover this.  If there is one for an RD farm, I cannot find it.
  Any help here would be greatly appreciated.

  Hi,
  Thank you for posting in Windows Server Forum.
  Did you receive any particular error during\event id this issue?
  For certificate, here is requirement for RDS server which need to have for successful configuration.
  Basic requirements for Remote Desktop certificates:
  1. The certificate is installed into computer’s “Personal” certificate store. 
  2. The certificate has a corresponding private key. 
  3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
  In Windows 2008/2008 R2, you connect to the farm name, which as per DNS round robin, gets first directed to the redirector, next to the connection broker and finally to the server that will host your session.
  Please check below article for information.
  a. Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  b. Configuring Remote Desktop certificates
  c. Dealing to the annoying certificate errors and multiple credential
  requests in Remote Desktop Services 2008 R2
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Connection Broker (Server 2012) what server to connect to ?

  I have setup 3 Windows Server 2012 servers.
  Server A running:
  Remote Desktop Services Licensing
  Remote Desktop Web Access
  Remote Desktop Connection Broker
  Server B running:
  Remote Desktop Services Session Host
  Server C running:
  Remote Desktop Services Session Host
  In old days you had to connect (with your RDP client) to the server running Session Directory, then you was redirected to one of the Terminal Service servers.
  What about now ?
  Does clients have to connect to the Connection Broker server to be directed to right session host ?
  Should I create a DNS record that points to the Connection Broker and let RDP clients connect to that DNS address ?
  Or should I create a round robin DNS address consisting of server B and server C ?
  I'm a little confused on that matter, so hope anyone can help :-)
  This is my first Remote Desktop Services setup on Server 2012

  Hi,
  In Server 2012/2012 R2 the initial connection goes to the RD Connection Broker.  Yes, if necessary you would create a DNS record that points to the broker.
  Also in 2012 a user would normally connect via RD Web Access, or RemoteApp and Desktop Connections (RADC), or Remote Resources instead of manually opening the Remote Desktop client and connecting that way.  If they connect using the above methods they
  will use a pre-configured .rdp file that has the target collection contained within it.  The broker needs this target collection so that it knows where to send the user.
  If you want users to manually launch a connection (without RDWeb, RADC, etc.) then you can use a non-IE web browser to download the .rdp files from RDWeb and give them to your users.  Another alternative is to set the default collection in the broker's
  registry so that if someone connects to the broker without specifying the target collection it will know to automatically send them to the default collection.
  -TP

• Windows 2008 R2 with Connection Broker

  Hi
  Ive been trying to add windows 2008 r2 farm to vdi.
  Ive done the steps to install the certificate etc on RDS hosts. I can add either one of the hosts as a desktop provider. But when i want to add 2 or more hosts to one desktop provider VDI complains the host belongs to a different farm. Although i've checked the farm names and loadballancing works.
  whats the problem here ?

  The name defaults to the hostname. it doesnt pull the farm name from the winrm if you mean that.
  That command says it can not find resource.
  C:\Users\Administrator>winrm e wmi/root/MicrosoftNLB/* -filter:"select ClusterNa
  me from MicrosoftNLB_ClusterSetting"
  WSManFault
  Message
  ProviderFault
  WSManFault
  Message = The WS-Management service cannot process the request.
  The service cannot find the resource identified by the resource URI and selector
  s.
  Error number: -2144108544 0x80338000
  The WS-Management service cannot process the request. The service cannot find th
  e resource identified by the resource URI and selectors.
  Basicly what i did.
  Install RDS Host on 2 servers.
  Install RDS Connection broker on 1 server
  Add RDS hosts to Connection broker local secuirty group
  Joined 2 RDS hosts to the connection broker and same farm. Enabled RDS Load balancing.
  added DNS entries for farm name.
  Installed selfssl certificate ect... for WinRM.
  Here the steps were a bit different than in the docs. 2008 r2 is a bit different.
  1. Cant install resource kit 6.0. but i got arround that no problem. I think i saw some IIS resource kit allready available in the Windows "Features" but nevermind. Selfssl worked.
  2. I couldnt do the winrrm crate/config/listener.... command. I had to run winrm qc (quickconfig) first. And then it worked.
  rest of the story u allready know :)
  regards

• Remote Desktop Connection Broker role fails to install

  Hi,
  I am having a situation where I cannot install the RDS Connection Broker on a Windows 2012 R2 that also has AD DS installed.  I understand with Windows 2012 R2, you should be able to do this.
  I suspect that the Default Domain Controller Policy might be a factor in this, but I have modified the "Log on as a Service" right to include the "NT SERVICE\ALL SERVICES" user as directed in article
  2832204. The issue persists.
  I have reviewed the event logs and the Windows Internal Database logs, and it appears the hang up is with the installation of the Windows Internal Database.  The C:\windows\wid\log\error.log file shows the following line just before the installation
  fails:
  2014-12-12 11:05:32.54 Logon       Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Could not find a login matching the name provided. [CLIENT: <named pipe>]
  I am unsure where to go from here, but I tried renaming the C:\Windows\WID folder after a reboot to see if a clean install of the Windows Internal Database would fix it, but it still has the same issue.
  Some more information on the environment:
  Recently added this Windows 2012 R2 DC to a domain that previously only had a Windows 2003 domain controller. There were no errors with the DC promotion.  Windows 2003 domain controller still resides on the network as a DC (for now).
  Planning to install RD Connection Broker and RD Web Access role services to the new Windows 2012 R2 AD DS server. 
  Thank you for any assistance you can provide to resolve this issue.
  Tim

  Hi Tim,
  Thank you for posting in Windows Server Forum.
  Initially would like to say that it’s not best practice to have RDS and AD DS role on same server (Not recommended). There are various safety reason for this case.  Instead you can do one thing, install Hyper-v on physical server and then create 2 VM (one
  for AD DS and other for RDS) in this way you can achieve your goal. Please try to install as the mentioned way and verify whether you resolved you issue. For more information you can refer following article.
  Step by Step Windows 2012 R2 Remote Desktop Services – Part 1
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]