F5 RDS2016 via WAP/ADFS

Hi guys,

 

First post as normally I find any issues already answered on the forum due to this amazing community - this one however is proving to be a pain.

 

We are installing RDS2016 using WAP servers to authenticate through the ADFS. The F5 serves as a reverse proxy between all this - the high level flow looks like:

 

External Clients -> Firewall -> F5 (URL Rewrite) -> WAP Pool -> F5 (VIP for RDS)

 

The issue is mobile clients. They use a full HOST and URI instead of just the URI which desktop machines use. For instance:

 

(logs from IIS) Successful connection from desktop ----

 

RPC_IN_DATA /rpc/rpcproxy.dll localhost:3388 443

 

RPC_OUT_DATA /rpc/rpcproxy.dll localhost:3388 443

 

Unsuccessful connection from mobile ----

 

RPC_IN_DATA /https:/emea-remote.simmons-simmons.com/rpc/rpcproxy.dll localhost:3388 443

 

RPC_OUT_DATA /https:/emea-remote.simmons-simmons.com /rpc/rpcproxy.dll localhost:3388 443

 

This as it turns out is a well known issue that Microsoft know about and did not exist in RDS2012. They just haven't issued a fix....or an ETA...

 

So - i'm attempting a re-write with the following iRule:

 

when HTTP_REQUEST { if { !([string tolower [HTTP::host]] equals "emea-remote.simmons-simmons.com") } { HTTP::header replace Host "/rpc/rpcproxy.dll"

 

This works for one of the RPC packets, but not the rest. Looking for help on two fronts:

 

a) Has anyone had these issues putting in RDS2016 via WAP/ADFS? b) Can anyone see anything wrong / incorrect in my re-write string?

 

Appreciate any help in advance - please let me know if you would like to see any logs etc to help.

 

Regards Gareth