New Member

Question

SSL VPN Portal - HTML5 RDP Broker Connection

Forum|Forum|7 years ago
October 25, 2018
4 replies
26765 views

Hy Guys,

i have a server 2016 remotedesktopserverfarm with 2 RemoteDesktopServers and one Windows-RemoteDesktopBroker, which redirects the user to the correct RemoteDesktopServer.

When i create SSL VPN bookmarks (RDP - Port 3389) to both terminalserver directly, it works - but it's a 50:50 chance to get the server where the user is loaded. When I create a bookmark to the broker, it don't work -> Connection refused.

Any idea?

Thanks!

Manuel Wagner

Philippe_Gagne

New Member

Hi,

I confirmed yesterday with product manager that this feature is not currently implemented. NFR (New Feature Request) have been asked to support RDS farm. Cross fingers! :)

Philippe

elcotradeAuthor

New Member

hi,

that would be great! Thanks for the reply!

Manuel

Bert_Mulder

New Member

Isn't this the way the Connection Broker is supposed to work? I mean, even without the SSL VPN you would have the same result because of load balancing?

kubimike

New Member

More info anyone have a clue ? Fortigate Bug ID #444410

fg-cap3.png

kubimike

New Member

For anyone watching, Tier 2 support was very helpful in finding the issue. It lays with GUACD. Anyone else having this issue could you dump your output here to confirm?

commands used to find the problem

diag debug console timestamp enable

diag debug duration 0

diag debug application sslvpn -1

diag debug application guacd -1

guacd.png

MoparRob

New Member

I'm working on the same issue and I think I figured it out.

What you need to do is as follows:

1) Create a common internal DNS record for each RDSH server. eg:

farm1.corp.com - <internal IP of RDSH server 1>

farm1.corp.com - <internal IP of RDSH server 2>

2) Configure your SSL VPN bookmark to point to farm1.corp.com

From here, the system should handle the load balancing automatically and connect you to the RDS servers every time.

kubimike

New Member

I have the Hotfix for 100e, I don't have it for 500e :(

MoparRob

New Member

Can you provide the fix here? The OS is the same so it should be similar

cyrebre

New Member

Hi all,

We have the same problem there: 4 servers farm, 2 HA connection Broker.

Tried a lot of things:

- Upgraded to 6.0.7 and then to 6.0.10

- Set the load-balancing-info to the same string than internal one (tsv://MS Terminal Services Plugin.1.COLLECTIONNAME)

- Tried with rdweb

- Tried with webclient

- Tried to create as many DNS records as RDSH servers (with the same name)

The only connection I can get is a direct connection to one of our broker...

Does anybody have some updates ? or mybe a Hotfix ?

Thanks

fl0at0xff

New Member

Hello ! I noticed the same problem using Fortigate VM01V.

I tried all release from 6.0.9 to 6.4.1 but we are unable to correctly bookmark a RDS farm with a broker.

My workaround is to use a HAproxy in front of RDS then create the RDP bookmark to HAproxy only.

Below the configuration of HA proxy to perform the correct load balancing between the RDS.

frontend Proxy3389
        mode tcp
        bind haproxy.dev.local:3389 name rdp
        timeout client 1h
        log global
        option tcplog
        tcp-request inspect-delay 2s
        tcp-request content accept if RDP_COOKIE
        default_backend IPETS

backend IPETS
        mode tcp
        balance leastconn
        persist rdp-cookie
        timeout server 1h
        timeout connect 4s
        log global
        option tcp-check
        tcp-check connect port 3389 ssl
        default-server inter 3s rise 2 fall 3
        server RDS1 rds1.dev.local:3389 weight 10 check
        server RDS2 rds2.dev.local:3389 weight 10 check

All seems working for me with this solution

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded