Hot!SSL VPN Portal - HTML5 RDP Broker Connection

Author
elcotrade
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/11/02 04:16:15
  • Status: offline
2018/10/25 06:35:20 (permalink)
0

SSL VPN Portal - HTML5 RDP Broker Connection

Hy Guys,
 
i have a server 2016 remotedesktopserverfarm with 2 RemoteDesktopServers and one Windows-RemoteDesktopBroker, which redirects the user to the correct RemoteDesktopServer.
 
When i create SSL VPN bookmarks (RDP - Port 3389) to both terminalserver directly, it works - but it's a 50:50 chance to get the server where the user is loaded. When I create a bookmark to the broker, it don't work -> Connection refused.
 
Any idea?
 
Thanks!
Manuel Wagner
#1

12 Replies Related Threads

    Philippe Gagne
    Bronze Member
    • Total Posts : 45
    • Scores: 4
    • Reward points: 0
    • Joined: 2015/06/25 17:55:25
    • Location: Trois-Rivieres
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2018/11/22 08:07:43 (permalink)
    0
    Hi,
     
    I confirmed yesterday with product manager that this feature is not currently implemented. NFR (New Feature Request) have been asked to support RDS farm. Cross fingers! :-)
     
    Philippe 
     
    post edited by Philippe Gagne - 2018/11/22 08:08:44
    #2
    elcotrade
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/11/02 04:16:15
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2018/11/23 00:10:03 (permalink)
    0
    hi,
     
    that would be great! Thanks for the reply!
     
    Manuel
    #3
    Bert Mulder
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/01/03 01:49:26
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2019/01/03 01:56:26 (permalink)
    0
    Isn't this the way the Connection Broker is supposed to work? I mean, even without the SSL VPN you would have the same result because of load balancing?
    #4
    srevol
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/02/26 01:23:42
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2019/02/26 01:33:17 (permalink)
    0
    Hello
    Any news on this NFR ? 
    I have a farm with 3 RDP servers and will upgrade to 4 soon, the propability to reach the good server is now 33% and will descrease !
     
    @Bert : you right , the windows broker load balacing  do its job and loadbalance server-1 and server-2 :-) 
    but in the SSL VPN portal case :
    - you reach server-1
    - broker redirect you to server-2 if needed
    - it seems that the SSL VPN portal does not understand the redirect and stop the connexion.
     
    so clearly, we need this NFR
     
    BR
    Stéphane
    #5
    kubimike
    Bronze Member
    • Total Posts : 24
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/29 14:02:41
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2020/01/22 08:08:44 (permalink)
    0
    Hi where are we on this NFR ? I am on 2008 R2 with a 9 server farm and can't get connected either. Same issues as described above. We were about to buy Fortitokens, thankfully I tested this first. Its a show stopper. Support ticket #3801604
    post edited by kubimike - 2020/01/22 08:10:22
    #6
    kubimike
    Bronze Member
    • Total Posts : 24
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/29 14:02:41
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2020/01/23 07:43:16 (permalink)
    0
    More info anyone have a clue ? Fortigate Bug ID #444410
     
    post edited by kubimike - 2020/01/23 07:46:17

    Attached Image(s)

    #7
    kubimike
    Bronze Member
    • Total Posts : 24
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/29 14:02:41
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2020/01/23 13:50:45 (permalink)
    0
    For anyone watching, Tier 2 support was very helpful in finding the issue. It lays with GUACD. Anyone else having this issue could you dump your output here to confirm? 
     
    commands used to find the problem
    diag debug console timestamp enable
    diag debug duration 0
    diag debug application sslvpn -1
    diag debug application guacd -1
     
     
     
    post edited by kubimike - 2020/01/23 13:54:41

    Attached Image(s)

    #8
    MoparRob
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/13 09:05:45
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2020/02/13 09:12:39 (permalink)
    0
    I'm working on the same issue and I think I figured it out.

    What you need to do is as follows:
    1) Create a common internal DNS record for each RDSH server. eg:
        farm1.corp.com - <internal IP of RDSH server 1>
        farm1.corp.com - <internal IP of RDSH server 2>
     
    2) Configure your SSL VPN bookmark to point to farm1.corp.com
     
    From here, the system should handle the load balancing automatically and connect you to the RDS servers every time.
     
     
    #9
    kubimike
    Bronze Member
    • Total Posts : 24
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/29 14:02:41
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2020/02/13 09:49:19 (permalink)
    0
    Interesting, well I can go to the terminal and use the ping command from my FG against my farm and it works. Do you have your FG connected to your DNS server? Also take one of the RDS offline with the drain command. see if the loadbalancing truly works. What version of Windows server?
    #10
    MoparRob
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/13 09:05:45
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2020/02/13 13:35:38 (permalink)
    0
    kubimike, I found after some more testing that what I said earlier wasn't working with a strong success rate so I did some more digging and found a route that's getting me closer to the end goal.

    I stumbled across this video (https://www.youtube.com/watch?v=nMcwdOyXO5U) where they used the Fortigate's LB functionality to establish connection to the RDS environment. I set it up and modified as needed to use the SSL VPN portal and it's half way to working. I can successfully connect to the RDS environment however I do find that I have to hit the Reconnect button up to 3 times to get connected (I have 4x RDSH servers)
     
    I'm going to look into seeing what I can do about eliminating the Reconnect issue but I do feel I am getting close.
    #11
    kubimike
    Bronze Member
    • Total Posts : 24
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/29 14:02:41
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2020/02/17 06:10:56 (permalink)
    0
    Do you have a 100e ?
    #12
    MoparRob
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/13 09:05:45
    • Status: offline
    Re: SSL VPN Portal - HTML5 RDP Broker Connection 2020/02/18 07:06:44 (permalink)
    0
    I am running the 500e with firmware 6.0.7 currently. My RDS farm is currently a 2012R2 based farm. It uses the RD Connection Broker for handling connections.
     
    I am also building a new 2019 farm at the moment so I am going to see if there is a way eliminate the reconnect prompts that are occurring with the current 2012R2 farm and the Fortigate.
    #13
    Jump to:
    © 2020 APG vNext Commercial Version 5.5