Then you must change the default authentication from Anonymous Authentication to Windows Authentication.
If you are not using a wildcard certificate, make sure to include the DNS names from your RD Web Access FQDN and your RD Connection Broker FQDN. In my case I use a wildcard certificate from the internal company CA (PKI/ADCS), therefore the certificates are trusted on all clients from the company as they will enrolled automatically to all domain members. Now let’s start with the setup for SSO to RDS!įirst check that you use a trusted certificate for the Role Services: Today I wanna go step by step through the points, to enable SSO Single-Sign-ON and passing your local windows credentials through the Remote Desktop Services RDS. If you want to access and open these programms, you will be prompted a second time with an annoying logon dialog to enter your username and password. These are the programms, published on the RD Session Host. Users would connect to "farm" and the ensuing connection would be directed to one of the RDS servers based on the DNS round robin, which would then query the Session Broker server, which would then direct the connection to one of the servers (as described above).Normally, if you want to access a remote desktop services environement, first you have to logon to the RD Web Access Page, therefore you will be prompted with a logon dialog where you have to enter your username and password.Īfter that logon, you will see depending on the deployment, more or less remoteapp programms. So if you use DNS round robin, for instance, and your Session Broker farm name is "Farm", then you'd create two A records for farm with the ip address of each RDS server: If you use DNS round robin then you'd create a dns A record for every TS server, using the Session Broker farm name for the A record. That's what DNS round robin or NLB is for. Session Broker load balances the sessions, but it doesn't load balance the incoming connections. An incoming connection will be routed to one of the servers (based on whatever mechanism you choose), the server receiving the incoming connection will query the Session Broker server to find out if the user has a disconnected session and will direct the connection to that server, or if no disconnected session exists the connection will be directed to the least loaded server.
You'll need to use DNS round robin or NLB to distribute the incoming connections.
0 kommentar(er)
