This article describes how to configure the Remote Desktop Protocol (RDP) server load balancing by using a Remote Desktop Gateway server on a NetScaler appliance.

Background

A Remote Desktop Gateway server is a gateway that enables authorized users to connect to remote computers on a corporate network from any computer with an Internet connection. Remote Desktop Gateway uses RDP along with the HTTPS to create a secure, encrypted connection. Remote Desktop Gateway server uses port 443, which transmits data through a Secure Sockets Layer (SSL) tunnel.

Instructions

This configuration requires two virtual servers - one virtual server to load balance Remote Desktop Gateway server and the other virtual server to load balance RDP servers. Remote Desktop Gateway server only works with SSL. Therefore, the virtual server for RDP Gateway server can SSL_BRIDGE or SSL offload. The following sample configuration is using SSL_BRIDGE type virtual server:

1. Run the following command to add an SSL_Bridge virtual server:
   add lb vserver RDG-vip1 SSL_BRIDGE 10.217.146.136 443 -persistenceType SOURCEIP - cltTimeout 180 -comment "This VIP is load balancing RD Gateway server"

2. Run the following commands to add a service and bind the virtual server to this SSL_Bridge service:
   add service rdgateway-server 10.217.147.249 SSL_BRIDGE 443 -gslb NONE -maxClient 0 - maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 - CKA NO -TCPB NO -CMP NO
   bind lb vserver RDG-vip1 rdgateway-server

3. Run the following command to add a TCP virtual server on port 3389:
   add lb vserver RDP-vip-tcp TCP 10.217.147.246 3389 -persistenceType NONE -cltTimeout 9000 -comment "This VIP is load balancing RDP server"

4. Run the following commands to add a TCP service on port 3389 and bind it to the virtual server:
   add service rdp-server 10.217.147.247 TCP 3389 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 9000 -svrTimeout 9000 -CKA NO - TCPB NO -CMP NO
   bind lb vserver RDP-vip-tcp rdp-server

   Note: Remote Desktop Gateway server virtual IP address and RDP load balancing virtual IP address can be the same.

Testing

1. Log on to any Windows computer and open Remote Desktop Connection.
2. Select Options.
3. Activate the Advanced tab.
4. Click Settings.
5. Type the Remote Desktop Gateway server details.
6. Click OK.
   • Note: Remote Desktop Gateway server requires a valid SSL certificate. Ensure that the client has root certificate installed. In the following example, win2k8-exch.vpnlab.local is resolving to Remote Desktop Gateway virtual IP address (SSL-Bridge) on the NetScaler appliance.
7. Activate the General tab.
8. Type the RDP server details, such as the TCP Virtual IP address (port 3389) configured on the NetScaler appliance to access RDP servers with logon credentials.
9. Click Connect.

Refer to the following article to set up the Remote Desktop Gateway server:
Deploying Remote Desktop Gateway Step-by-Step Guide

RDP server load balancing is available in NetScaler software release 9.3.

When you use RDP virtual server for load balancing real RDP servers, there is an issue connecting through the Remote Desktop Gateway server. Therefore, use TCP type virtual server on port 3389. But the caveat is, you do not have the RDP token based persistence or user based persistence. Therefore, users always go to different servers when they try to reconnect.
Note: The RDP virtual server type is included in 10.1 versions and later.
Note: RDP Proxy with SSO is not tested / Supported on Win2008.On Windows based OS Win2008R2 / Win 7 / 8 /10 this has been Tested.