Hello,

we have a 2012R2 TS Farm with Connetion Broker and no GW host (DNS RR)

If i try to connect from the web Portal to a single RDP session it works without Problems. If i try to connect to our farm remote.xxx.local it works sometimes (one of 20 maybe) Using tunnel mode with a Client to our TS Farm works too.

I have a testfarm with 2 TS and if i make a ping from the fw to the farm Name to see which IP is uséd by the dns and disable "accept connections" on the other I can Login with the farm names 10 times without Problems.

I think the Problem is the redirection from the Initial host to the next host in the farm. The times it is working the user logs in on the same host (no redirection like a single Server) Our old FW a sonicwall had a Checkbox for "TS is part of a TS farm" and with this the Sonicwall works.

My question is - is it possible to connect to a RDP Farm with the 5.4.5 Web Portal and if yes is there a guide ?

This is the debug from a not working try, there is no redirection to the next TS

2017-07-24 12:08:22 [3926:root:ce]allocSSLConn:264 sconn 0x34643000 (0:root) 2017-07-24 12:08:22 [3926:root:ce]SSL state:before/accept initialization (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 read client hello A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 write server hello A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 write certificate A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 write key exchange A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 write server done A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 flush data (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 read client certificate A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 read client key exchange A:system lib(80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 read client key exchange A:system lib(80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 read client key exchange A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 read certificate verify A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 read finished A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 write session ticket A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 write change cipher spec A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 write finished A (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSLv3 flush data (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL state:SSL negotiation finished successfully (80.137.69.63) 2017-07-24 12:08:22 [3926:root:ce]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 2017-07-24 12:08:22 [3926:root:ce]req: /remote/rds?connection=%7B%22name%22%3A%22%22%2C%22q_origin_key%22%3A%22%22%2C%22apptype%22%3A%22rdp%22%2C%22url%22%3A%22%22%2C%22host%22%3A%22remote.sirl.net%22%2C%22folder%22%3A%22%22%2C%22additional-params%22%3A%22%22%2C%22listening-port%22%3A0%2C%22remote-port%22%3A0%2C%22show-status-window%22%3A%22disable%22%2C%22description%22%3A%22%22%2C%22server-layout%22%3A%22de-de-qwertz%22%2C%22security%22%3A%22tls%22%2C%22port%22%3A3389%2C%22logon-user%22%3A%22sirl%5C%5Cmweise%22%2C%22logon-password%22%3A%22leopard%231%22%2C%22sso%22%3A%22disable%22%2C%22form-data%22%3A%5B%5D%2C%22sso-credential%22%3A%22sslvpn-login%22%2C%22sso-username%22%3A%22%22%2C%22sso-password%22%3A%22%22%7D&width=1751&height=822?undefined 2017-07-24 12:08:22 [3926:root:ce]deconstruct_session_id:363 decode session id ok, user=[smusterfrau],group=[Web-Portal],portal=[Web-Access],host=[80.137.69.63],realm=[],idx=0,auth=16,sid=703da3d3, login=1500889960, access=1500889960 2017-07-24 12:08:22 [3926:root:ce]rmt_sslvpn_rds_handler:56 Enter. 2017-07-24 12:08:22 [3926:root:ce]rmt_sslvpn_rds_handler:129 going into websocket state for remote.xxx.local:3389. 2017-07-24 12:08:22 [3926:root:ce]ws_enter:156 sslvpn user[smusterfrau], type 16 vd 0 2017-07-24 12:08:22 [3926:root:ce]dns_query():177 tried 1 remote.xxx.local 2017-07-24 12:08:22 [3926:root:ce]dns_on_read():156 got result 2017-07-24 12:08:22 [3926:root:ce]sslvpn_policy_match:1974 checking web session 2017-07-24 12:08:22 [3926:root:ce]remote_ip=[80.137.69.63], user=[smusterfrau], iif=24, auth=16, dsthost=[remote.xxx.local], portal=[Web-Access] realm=[(null)], dst=10.200.55.53, dport=3389, service=[rdp] 2017-07-24 12:08:22 [3926:root:ce]sslvpn_policy_match:2005 policy check cache found 2017-07-24 12:08:22 [3926:root:ce]connect_guacd_server:402 policy check pass 2017-07-24 12:08:22 [3926:root:ce]deconstruct_session_id:363 decode session id ok, user=[smusterfrau],group=[Web-Portal],portal=[Web-Access],host=[80.137.69.63],realm=[],idx=0,auth=16,sid=703da3d3, login=1500889960, access=1500889960 2017-07-24 12:08:24 [3926:root:ce]epollFdHandler,568, sconn=0x34643000[12,33,-1,-1,-1], fd=33, event=25. 2017-07-24 12:08:24 [3926:root:ce]sslConnGotoNextState:297 error (last state: 1, closeOp: 0) 2017-07-24 12:08:24 [3926:root:ce]Destroy sconn 0x34643000, connSize=0. (root) 2017-07-24 12:08:27 [3927:root:cb]req: /remote/portal?action=2 2017-07-24 12:08:27 [3927:root:cb]deconstruct_session_id:363 decode session id ok,