Announcement

Collapse
No announcement yet.

Terminalserver session broker from outside

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Terminalserver session broker from outside

    Hey guys.


    i am hosting a cluster of 3 terminal servers here in this house, and i have a cusotmer who is connectiong to them via the internet (80) users.

    I use the session broker, but i am not using ip address for redirection, because it will use lan ip for redirection, and that will ofcourse not work when they are comming from the internet.

    So, sometimes users have to enter login password serveral times, and sometimes they are not even getting their session again, if they exited without logging off.

    What do others do in this case ?

  • #2
    Re: Terminalserver session broker from outside

    What do you mean "because it will use lan ip for redirection"? Why aren't you using ip address redirection? Ip address redirection is the simplest way to get the Session Broker working in order for users to get connected to their existing sessions? What method are you using to redirect users to their existing sessions?

    Comment


    • #3
      Re: Terminalserver session broker from outside

      Well i use token redirection, because if i use IP address redirection, the users must be able to reach the ip address of the server, but that is a LAN ip (192.168.10.55, 192.168.10.56, 192.168.10.57), and the users are connection from the internet, to one wan ip, witch is natted into the cluster ip of NLB. So if i use ip address redirection, the users must be able to reach the 10.55 10.56 and 10.57 from the internet.. or have i misunderstood ????

      Comment


      • #4
        Re: Terminalserver session broker from outside

        A couple of things:

        1. Does your firewall support token redirection? If not, then that's not going to work for you.

        2. Try putting the internal ip address of each TS into your firewall rule. The incoming session needs to be able to connect directly to the internal ip address in order for ip address redirection to work. The incoming connection will first make a connection to the WAN ip address that's nat'ed to the cluster, then the server that gets the connection will send the internal ip address of the server where the session exists to the incoming connection, then the incoming connection will connect to that ip address. I think this might work as the initial connection is made to the WAN ip address of the cluster first.

        3. Try creating a one-to-one NAT for each TS. Add these ip addresses to the TS rule on the firewall. The incoming connection will make a connection to the cluster WAN ip, then will be redirected to the one-to-one NAT of the TS where the session exists.

        Comment


        • #5
          Re: Terminalserver session broker from outside

          The issue is simple from my point of view: design issue.
          I guess that you may need to use TS Web + TS Gateway for external users access.
          Best Regards,

          Yuval Sinay

          LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

          Comment


          • #6
            Re: Terminalserver session broker from outside

            Originally posted by yuval14 View Post
            The issue is simple from my point of view: design issue.
            I guess that you may need to use TS Web + TS Gateway for external users access.

            How do the companies do it, that is hosting terminal servers for other companies ??

            Comment


            • #7
              Re: Terminalserver session broker from outside

              Originally posted by joeqwerty View Post
              A couple of things:

              1. Does your firewall support token redirection? If not, then that's not going to work for you.

              2. Try putting the internal ip address of each TS into your firewall rule. The incoming session needs to be able to connect directly to the internal ip address in order for ip address redirection to work. The incoming connection will first make a connection to the WAN ip address that's nat'ed to the cluster, then the server that gets the connection will send the internal ip address of the server where the session exists to the incoming connection, then the incoming connection will connect to that ip address. I think this might work as the initial connection is made to the WAN ip address of the cluster first.

              3. Try creating a one-to-one NAT for each TS. Add these ip addresses to the TS rule on the firewall. The incoming connection will make a connection to the cluster WAN ip, then will be redirected to the one-to-one NAT of the TS where the session exists.


              are you sure (in no. 2) that it will work ? because as far as i know, it will still try to connect to the LAN ip of the server, when it is being redirected.. ??

              Comment


              • #8
                Re: Terminalserver session broker from outside

                no firewall does not support token redirection..

                Comment


                • #9
                  Re: Terminalserver session broker from outside

                  I got it wokring, by think of what you guys said.

                  i forwarded 3 different WAN IP's to my 3 TS servers, port 3389, (and a fourth wan ip for the cluster) then i added the wan ip for each server, in network properties, ipv4, so each server have a lan ip, and a wan ip. After that i chose ip based redirection, and chose the WAN ip for redirection. And ofcourse, now it works. Users are being redirected to the wan ip, witch is forwarded to the correct server! AWSOME! Been struggling with this for 6 months.

                  Comment


                  • #10
                    Re: Terminalserver session broker from outside

                    I wasn't sure that option 2 would work but it looks like option 3 did. Good work and glad you got it sorted out.

                    Comment

                    Working...
                    X