Setup:
2 x 2012 Datacenter Hyper V Virtual Hosts
2 x 2012 Standard RDS Connection Broker Virtual
2 x 2012 Standard RDS Web Access Virtual
4 x 2012 Standard RDS Session Host Virtual
All setup on the same network subnet (/24).
2 x Windows 8 desktops for testing Web Access and SSO - Virtual
2012 domain/forest current functional level – came from a 2000 domain initially
Functional:
Prior to configuring the connections brokers in HA mode, the RDS environment works very well. I have SSO functioning so that our users do not need to enter credentials. This was a key factor in our deployment.
Also functional is allowing the single connection broker to be in HA mode. SSO works perfectly, no prompts for security.
Non-Functional:
After adding CB2 & the required DNS records, windows security prompts would show for 1 connection broker, but not for the other. I would switch from CB to CB by flushing dns. I would also pause CB2 by using hyper v and not receive security prompts. Un-pause CB2, pause cb1, and the security prompts would happen every time.
Things that I have tried in order:
Scenario 1(functional)
- CB1 – Active Connection Broker – Online
- CB2 – Paused via Hyper V
Scenario 2(nonfunctional)
- CB1 – Paused via Hyper V
- CB2 – Active – Online
- This did not work after the transfer of the active CB role
- CB2 began to function properly after rebooting. CB1 was still paused.
Scenario 3(nonfunctional)
- CB1 – Online – not the active CB
- CB2 – Paused via Hyper V – Active
- Same situation as Scenario 2. Rebooting CB1 makes it functional.
- CB1 assumed RDCB – still functional
Summary:
Immediately after adding another connection broker server to the deployment and setting another DNS resource record to HARDCB.domain.local, I began to notice random windows security prompts. What I found is that after doing a flushdns from cmd that the windows security prompt would show every time. Then again, another flushdns and the applications, like calculator, show up perfectly. I would then log off the test user from server managers remote connections on the RDS session host server. Another flushdns, and the windows security prompts would show each and every time. Now, if I were to put the credentials for the test user in, the application would successfully launch. If I did not put the credentials in and hit cancel, nothing would happen. The user would not login. I have 3 test users, and several other IT personnel trying this, all with the same results.
When I realized that it was just one server doing this, I decided to flatten and reload. So I removed the connection broker from the RDS deployment. Created a new virtual machine and added the newly created virtual to the RDS connection brokers HA. Same issue.