0

I am using HAProxy to load-balance RDP connections between clients and RD Gateway server.
There are two RD Gateway servers(192.168.0.10/192.168.0.5) behind HAProxy, the balance method is ROUND_ROBIN, and stick session by SOURCE_IP.

Here is my config:

global
    daemon
    user nobody
    group haproxy
    log /dev/log local0 debug alert
    log /dev/log local1 notice alert
    maxconn 2500
    stats socket /var/lib/neutron/lbaas/v2/7ee12684-c45d-4af4-8ae7-381743beb78e/haproxy_stats.sock mode 0666 level user

defaults
    log global
    retries 3
    option redispatch
    timeout connect 5000
    timeout client 50000
    timeout server 50000

frontend 377c24a1-1735-4947-a854-0d1fb8d0cd97
    option tcplog
    maxconn 2500
    bind 192.168.0.7:443
    mode tcp
    default_backend 51d6cead-368e-45a3-bcda-b1fb8cd5f2dd

backend 51d6cead-368e-45a3-bcda-b1fb8cd5f2dd
    mode tcp
    balance roundrobin
    stick-table type ip size 10k
    stick on src
    timeout check 5s
    server 3ccbdfa9-fa69-4388-ad1b-046731825659 192.168.0.10:443 weight 1 check inter 5s fall 3
    server 7dde5bd2-ad90-4668-9642-466446646948 192.168.0.5:443 weight 1 check inter 5s fall 3

It works but I found that when the backends RDP session is disconnected from RD Gateway(I can see the disconnected logs from Event Viewer), clients connection doesn't stop, I still can see the VM's screen(but can't do anything), it means that the session still keeps connected, why?

What I expect is the frontend should get disconnected info from the backend and try to re-establish the connection again(cause the session has already disconnected from the RD Gateway server).

Is there any miss-configuration? I have no idea about this issue, any help is appreciated.

Corey
  • 103
  • 4

1 Answers1

1

Strange, The client should get a popup asking to reconnect from the connection broker. Your timeouts are very small, this blog recommends tcp keepalive aswell :

clitimeout 1h
srvtimeout 1h
option tcpka

I do vaguely recall someone saying RDS had an option to enable/disable the reconnect option?

For more background information and to review the other deployment options you have, take a look at this RDS deployment guide.

Malcolm turnbull
  • 827
  • 6
  • 6
  • Thanks, I increase the timeout to 1h. However, `option tcpka` doesn't work in my case, and I notice that you mentioned about `connection broker`, I only run `terminal service` as my RD Gateway, is that the keypoint causes the issue? – Corey Sep 23 '20 at 08:55