How to Configure Network Load Balancing for Terminal Services

NLB distributes traffic across several servers by using the TCP/IP networking protocol. You can use NLB with a terminal server farm to scale the performance of a single terminal server by distributing sessions across multiple servers.
Terminal Services Session Broker (TS Session Broker) keeps track of disconnected sessions on the terminal server farm, and ensures that users are reconnected to those sessions. Additionally, TS Session Broker enables you to load balance sessions between terminal servers in a farm. This functionality is provided by the TS Session Broker Load Balancing feature. However, this session-based load balancing feature requires a front-end load balancing mechanism to distribute the initial connection requests to the terminal server farm. You can use a load balancing mechanism such as DNS round robin and NLB to distribute the initial connection requests. By deploying NLB together with TS Session Broker Load Balancing, you can take advantage of both the network based load balancing and failed server detection of NLB, and the session-based load balancing and per server limit on the number of pending logon requests that is available with TS Session Broker Load Balancing.

To configure DNS round robin, you must create a host resource record for each terminal server in the farm that maps to the terminal server farm name in DNS. (The farm name is the virtual name that clients will use to connect to the terminal server farm.) DNS uses round robin to rotate the order of the resource records that are returned to the client. This functionality helps to distribute initial connections across servers in the farm. The initial connection behaviour is as follows:

Install the TS Session Broker role service

The server where you install the TS Session Broker role service must be a member of a domain.
The Windows Server 2008-based server where you install the TS Session Broker role service does not have to be a terminal server or have Remote Desktop enabled.
If you install the TS Session Broker role service on a domain controller, the Session Directory Computers group will be a domain local group, and it will be available on all domain controllers
Add a terminal server to the Session Directory Computers local group
If Ts session controller installed on member server run compmgmt.msc > open session directory computers group and add terminal server computers in to it.(In my case I had installed Ts Session Broker on Domain controller)

Deny logons to a terminal server in a load-balanced farm

It is good practice to configure all terminal servers in the farm to restrict each user to a single session. To do this, use either of the following methods:
•Configure the Restrict Terminal Services users to a single remote session Group Policy setting. This policy setting is available in the Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections node of the Group Policy Management Console (GPMC) on a Windows Server 2008-based domain controller. It is a best practice to group the terminal servers that are in the same terminal server farm into a single organizational unit (OU), and then configure this policy setting in a Group Policy object (GPO) that applies to the OU.

•Configure User Logon Mode setting. This setting available in terminal server configuration, Under the Edit settings area. On the General tab, click either of the following:
oAllow reconnections, but prevent new logons
oAllow reconnections, but prevent new logons until the server is restarted

Configure DNS for TS Session Broker Load Balancing
Configure host (A) Record for each Node to map the IP address of each terminal server in the farm to the terminal server farm name in DNS.
For example, if you have two terminal servers in a farm named FARM1, with IP addresses of 10.10.10.20 and 10.10.10.21, the entries would look similar to the following:
Farm1 Host(A) 10.10.10.20
Farm1 Host(A) 10.10.10.21
Configure TS Session Broker settings by using Group Policy (If NLB note present)
Open GPMC and create a new policy or edit existing policy: Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Ts session Broker
•In the right pane, double-click the Join TS Session Broker policy setting, click Enabled, and then click OK.
•Double-click the Configure TS Session Broker farm name policy setting, and then do the following:
a.Click Enabled.
b.In the TS Session Broker farm name box, type the name of the farm in TS Session Broker that you want to join, and then click OK.
•Double-click the Configure TS Session Broker server name policy setting, and then do the following:
a.Click Enabled.
b.In the TS Session Broker server name box, type the name of the server where you installed the TS Session Broker role service, and then click OK.
•Double-click the Use TS Session Broker load balancing policy setting, click Enabled, and then click OK.
•Optionally, if you are using a hardware load balancer that supports token redirection, double-click Use IP Address Redirection and configure the setting. See the Group Policy Explain text for more information.
Install the Terminal Server role service

Install programs on the terminal server:
You must configure all terminal servers in the load-balanced farm identically, with the same available programs.

Configure RemteApp Manager Properties:
To add programs to Remote App go to Start> Admin Tool> terminal services>Ts RemoteApp manager> in right pane select Add RemoteApp programs.

To configure terminal server settings go to Start> Admin Tool> terminal services>Ts RemoteApp manager> in right pane select Terminal server settings

To Configure Digital Signature Settings go to Start> Admin Tool> terminal services>Ts RemoteApp manager> in right pane select Digital Signature Settings and add check mark on sign with a digital certificate and add a certificate.

To Configure RDP settings go to Start> Admin Tool> terminal services>Ts RemoteApp manager> under Overview pane click on change in RDP settings Row.

After configuring TS RemoteApp manager Properties will look like this.

Configure TS Session Broker settings
TS Session Broker uses a farm name to determine which servers are in the same terminal server farm. You must use the same farm name for all servers that are in the same load-balanced terminal server farm. Although the farm name in TS Session Broker does not have to be registered in Active Directory Domain Services, it is recommended that you use the same name that you will use in DNS for the terminal server farm. (The terminal server farm name in DNS represents the virtual name that clients will use to connect to the terminal server farm.) If you type a new farm name, a new farm is created in TS Session Broker and the server is joined to the farm. If you type an existing farm name, the server joins the existing farm in TS Session Broker.
To do this go to Start> Admin Tool> terminal services> Terminal Services configurations.

Install and Create an NLB Cluster
To install and create an NLB cluster please go to how to create NLB cluster.In Cluster Parameters, A full Internet name is not needed when using NLB with Terminal Services.

Verify remote connection settings
1.Back to terminal server go to Run> control system> Under Tasks, click Remote settings> You can select either of the following options:
oAllow connections from computers running any version of Remote Desktop (less secure)
oAllow connections only from computers running Remote Desktop with Network Level Authentication (more secure)
2.To add the users and groups that need to connect to the terminal server by using Remote Desktop, click Select Users, and then click Add.
The users and groups that you add are added to the Remote Desktop Users group.
Note that you must enable widows firewall exception for remote desktop.
Populate the TS Web Access Computers security group (Optional)
If the TS Web Access server and the terminal server that hosts the RemoteApp programs are separate servers, you must add the computer account of the TS Web Access server to the TS Web Access Computers security group on the terminal server.

Connect to TS Web Access
By default, you can access the TS Web Access Web site at the following location, where server_name is the NetBIOS name or the fully qualified domain name of the Web server where you installed TS Web Access:
http://server_name/ts
Enable ActiveX Control Add ins in web browser and Log on to the site.


Click on a remote application program and log on to access an program.

You can select the Remote Desktop tab to access a user desktop on the web.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s