RDP Load Balance - Private IP works but not Public

0

Hi,

We are trying out the Kemp Load Balancer on our Azure network.  My plan is to get it working for simple 2 server plan then switch it to a paid plan once these two servers are setup and ready to go.  So far I made it work with a simple internal RDP Load Balancer.

This setup works:

When I RDP to the local ip address below, it connects to one of the real servers.  Perfect.

192.168.2.5  ->  Kemp Load Balancer listening on port 3389

Real servers: 

192.168.2.4

192.168.2.6

-----

This setup does NOT work:

When I RDP to the PUBLIC ip address below, it complains and doesn't connect to the real servers.  I opened 3389 as an Inboud Port Rule for Kemp LoadMaster in Azure.  I've tried to build a Virtual Server listening for the 40.114.x.x address as well as adding it as a secondary IP.  

40.114.x.x  ->  Kemp Load Balancer Public IP Address listening on port 3389

Real servers:  I've tried both private and public addresses and opened 3389 in Inbound Ports.

192.168.2.4

192.168.2.6

Public IP Addresses I tried

23.96.x.x

23.96.x.x

 

I'm trying to do this without running any kind of farm.  I just want this to Load Balance stand alone RDP Servers. I'm not sure what I'm doing wrong.  Any ideas?

 

Henry

 

 

 

3 comments

Avatar
0
Tony Vaughan

Hi Henry

the first thing I suggest is to confirm that traffic is reaching the LoadMaster
if you check the statistics page, do you see any new connections to the virtual service,

to get more detail you can run a tcpdump to confirm three way handshake is complete and that traffic is routing correctly
https://support.kemptechnologies.com/hc/en-us/articles/200539529-TCPdump-Tips

with regards to the routing,
the public client should connect to the public address of the LoadMaster (in my testing it was 40.89.x.x)
this is NAT-ed to an internal address (in my scenario 10.0.1.4)
the VS is on 10.0.1.4:3389 and the real server can be on the local network or a non-local network

the routing to the real server might fail depending on the settings on the virtual service,
such as transparency, SOR, gateway etc

but if you can confirm that traffic is reaching the LoadMaster i can advise you on the next steps

Avatar
0
hsheldon

Tony,

Thank you, you were right on.  The Inbound rules for Azure are a little weird.  I had put 3389 as the incoming port.  As soon as I changed it to * but had the Outgoing port (to the Kemp LB) as 3389, it all started working.  It just wasn't getting to the Load Balancer.  We were able to connect to our Session Hosts.  

 

I did have one more question if possible; if I put the Session Hosts in from our already running farm into the Load Balancer, then only wanted to use Kemp LB to connect to the session hosts, would there be any reason that I have to keep the Microsoft Gateway and Connection Broker running?  Can I have those machines off or would it need the Connection Broker to run for some reason?

 

Avatar
0
Tony Vaughan

Hi Henry,

I am rusty with RDP/RDS but my understanding is that
the Gateway is used for external secure connections and the Connection broker may be needed for persistence,
if it is installed you can manage the service via server manager, if it is not installed you will have the manage the environment via powershell

I will follow up with a colleague just to confirm if i missed anything with this