Hello Willy, I believe the client (mstsc.exe) connects to the Gateway server via RPC over HTTPS (443), the gateway then terminates this, and makes a new normal RDP connection to haproxy, and then onwards to the Real servers, so in this case the Gateway is the client to haproxy.
However what seams to be happening is that the loadbalancer then balances the connections as normal but does not seam to honor the MSTS cookie at all. its there in the packet capture and its encoded IP match the correct server but it seams haproxy ignores it. My haproxy configuration is still the same as in the previous issue and works fine if the mstsc client connects directly. its only when it goes via the Terminal Server Gateway server it breaks. The odd thing is other Session Broker enabled loadbalancers work, its just haproxy that seams to ignore the cookie in this configuration. Kind Regards, On 14 August 2013 19:35, Willy Tarreau <w...@1wt.eu> wrote: > Hi Mathew, > > On Wed, Aug 14, 2013 at 05:05:17PM +0100, Mathew Levett wrote: > > Hi Willy, > > > > Thanks for the patch and the clarification. That makes total sense now > and > > seams to work perfectly.....Untill you add a Remote Desktop Gateway > server > > into the mix. when I then add that I go back to the same issue of > sessions > > not being reconnected when going via the gateway server. however direct > > connections to the TS farm VIP are fine. its only when going though the > > Gateway server first that it breaks. > > > > Packet captures on the loadbalancer show the same traffic for working and > > non working and they all include the token as expected but i just can not > > get the sessions that come in via the gateway to reconnect to existing > > sessions. Anyone have any ideas or seen this before? > > Just to be sure to understand, a first connection goes from the client to > the gateway, then a new connection goes from the client to haproxy hoping > to reach the correct server and it fails, that's it ? Or does the gateway > forward the connections to haproxy ? That part is not clear to me, so I'm > not sure I understand what the issue can be. > > Regards, > Willy > >
