Hello,
We are in the process of designing a remote desktop farm:
1 RDweb server in DMZ
1 RDGateway Server in DMZ
3 RD Session Hosts in the internal network
1 Connection Broker in the internal network.
All separate machines (VM's).
Question is about the way traffic flows when a client logs on and resume an existing session:
In Windows 2008R2 the traffic works like show in the picture following this link:http://technet.microsoft.com/en-us/library/cc772418(v=ws.10).aspx
In this case the user gets an initial connection to a random Session Host, then connects to the Broker. If the user has an existing session on another Session Host, the client is redirected to that Session host.
In my case we have a 2FA authentication agent installed on the Session hosts. This results in the user having to logon twice because the Redirection to the other session host does not include the 2nd factor authentication.
Does Windows 2012R2 behave the same way? I cannot find how this process works in 2012R2. possibly the gateway in 2012R2 contacts the broker first to see if the user has an existing session and will point the user to the correct Session host which results in a single sign-on experience for the user.
Any info would be appreciated.