Announcement

Collapse
No announcement yet.

2008 Terminal Services session broker - Have to login twice...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2008 Terminal Services session broker - Have to login twice...

    Hi,

    I want to load balance TS sessions across multiple TS 2008 servers.

    Users are on a variety of clients including Mac.

    I'm using NLB and Session Broker which will do the load balancing & handle session disconnects but have an issue where I am being being promted twice for login details before the session connects.

    Here is what happens:

    1. I RDP to the terminal server via the NLB cluster public IP address.
    2. It presents me with the logon screen.
    3. It starts logging in and then goes back to the login screen.
    4. I enter my credentials again.
    5. It logins to the desktop successfully.

    Can anyone advise why I am having to login twice & how I get around this?

    Thanks

  • #2
    Re: 2008 Terminal Services session broker - Have to login twice...

    A couple of questions:

    Are you using dedicated redirectors for the Session Broker?

    Do you have all the NLB ip addresses of the servers published in your firewall or does the firewall support session tokens?

    Is the Session Broker setting in TS Configuration on each server configured to use the NIC that NLB is bound to?

    Do you have users restricted to one TS session?

    Comment


    • #3
      Re: 2008 Terminal Services session broker - Have to login twice...

      I haven't been using dedicated redirectors - may be a solution? I have been using NLB rather than DNS round robin for load balancing up to now

      The NLB cluster IP address is published in the firewall, not the member servers that are part of the NLB cluster,

      Session broker is configured to use the NIC dedicated to NLB

      Users are restricted to 1 TS session
      Last edited by RichParkie; 26th August 2009, 03:41.

      Comment


      • #4
        Re: 2008 Terminal Services session broker - Have to login twice...

        I'm guessing that two things are happening:

        1. The incoming connection is being sent to the "next" server by NLB (at the network layer) and presenting one logon dialog box.

        2. That server then queries the Session Broker service which sends the incoming connection to the least busy server (at the application layer) and presents the second logon dialog box.

        I've tested the Session Broker service using DNS round robin but not with NLB. My guess is that NLB and Session Broker are competing with and in conflict with each other as they both provide load balancing, but at different OSI layers.

        How difficult would it be to set up a test by setting up DNS round robin and disabling NLB?

        The other thing I would look at is publishing all of the TS server ip addresses in your firewall's incoming RDP rule. The reason for this is that in order to connect to existing sessions the incoming connection either needs to get the session info from a session token or it needs "direct" access to the ip of the server where the session exists. If the firewall doesn't support session tokens then you need to publish all the TS server ip addresses. This is what we do with our W2K3 TS farm. This may not sound like it's directly related to your problem but you never know. If you can test this it will be easier than setting up DNS round robin and disabling NLB.

        Comment


        • #5
          Re: 2008 Terminal Services session broker - Have to login twice...

          I've cracked it.

          Am using NLB & Session Broker, no DNS round robin.

          I have the TS boxes in the TS Session Broker farm but have configured not to participate in session broker load balancing.

          No double login on initial sign-on, load balancing & session reconnects all working...

          Only issue is with session reconnects - can be promted for 2nd login if you don't hit the correct TS box that your session is open on so not perfect but acceptable.

          Comment


          • #6
            Re: 2008 Terminal Services session broker - Have to login twice...

            As you probably know, you will need to use DNS Round Robin for the sessions broker to remember the terminal server a user has an open session on. The MCITP course for Server Administrator touches on this subject; exam 70-646.

            Comment


            • #7
              Re: 2008 Terminal Services session broker - Have to login twice...

              So, was my assumption correct then? NLB and Session Broker were in "conflict" in the sense that they were both performing load balancing and sending the incoming connection to different servers?

              Comment


              • #8
                Re: 2008 Terminal Services session broker - Have to login twice...

                Originally posted by joeqwerty View Post
                So, was my assumption correct then? NLB and Session Broker were in "conflict" in the sense that they were both performing load balancing and sending the incoming connection to different servers?
                Yes, you're right.

                Comment


                • #9
                  Re: 2008 Terminal Services session broker - Have to login twice...

                  I realize this is not my thread but this leads me to another question:

                  I have found Technet articles on using the Session Broker service with both NLB and DNS round robin. So which way is the preferred or recommended way?

                  Personally I think DNS round robin is a better choice (possibly using dedicated redirectors) because the incoming connection is going to be load balanced by the Session Broker, so it doesn't matter that DNS round robin doesn't load balance and it doesn't matter which server the incoming connection initially connects to.

                  Getting rid of NLB would be a big plus in my book as it will allow me to simplify my network (currently 2 subnets, due to needing a separate subnet for the TS servers to keep the NLB traffic off of the main LAN segment) and would allow me to reduce the complexity of the environment as well (less services and components to break).

                  Comment


                  • #10
                    Re: 2008 Terminal Services session broker - Have to login twice...

                    Originally posted by joeqwerty View Post
                    I realize this is not my thread but this leads me to another question:

                    I have found Technet articles on using the Session Broker service with both NLB and DNS round robin. So which way is the preferred or recommended way?

                    Personally I think DNS round robin is a better choice (possibly using dedicated redirectors) because the incoming connection is going to be load balanced by the Session Broker, so it doesn't matter that DNS round robin doesn't load balance and it doesn't matter which server the incoming connection initially connects to.

                    Getting rid of NLB would be a big plus in my book as it will allow me to simplify my network (currently 2 subnets, due to needing a separate subnet for the TS servers to keep the NLB traffic off of the main LAN segment) and would allow me to reduce the complexity of the environment as well (less services and components to break).
                    I am sure nobody would mind. You help enough people out.

                    This is worth reviewing.

                    http://en.wikipedia.org/wiki/Round_robin_DNS

                    My intial thought was how the load balancing solution detects if one of the terminal services fails. Also, there may be the possibility that specific IPs may be cached. However, used with the session broker service, that may negate the prior concerns. They are probably concerns for web servers etc or other services. I know you can also apply different weights to specific servers as well, should your servers not be indentical.

                    Comment


                    • #11
                      Re: 2008 Terminal Services session broker - Have to login twice...

                      Thanks much.

                      Comment

                      Working...
                      X