Forum Discussion
JRahm
Mar 23, 2007Admin
When enabling session directory on the Terminal Server, it will send the cookie, and the string that the F5 is looking for is msts=. When session directory is NOT enabled on the Terminal Server, and the F5 msrdp profile checkbox is disabled, it is looking for the string mstshash=. Here is an exerpt from my sniffer capture when utilizing the rdp profile with session directory disabled on the server and the BigIP:
0x0030 0000 0043 6f6f 6b69 653a 206d 7374 7368 ...Cookie:.mstsh
0x0040 6173 683d 6534 3838 6263 4065 720d 0a ash=testusr@te..
And here is the persistence entry in my F5:
PERSISTENT CONNECTIONS --
Mode: msrdp Value: testusr@te
Virtual: 10.1.1.10:3389 Node: 10.10.10.10:3389 Age: 260sec
The key to using the msrdp persistence without session directory is that the user credentials need to be supplied UP FRONT with the client request. If they are supplied AFTER the Terminal Server has painted a page for you, persistence will not work. This is because once the session has begun, the F5 no longer has visibility into the stream since there isn't a published decode for the rdp protocol. The first data packet after the TCP handshake, however, is where the cookie is supplied (either the routing token or the username) A couple notes from my experience:
1) If no credentials are supplied, the cookie isn't sent. Therefore, msrdp persistence without session directory is useless
2) If using the RDP client on a desktop, your credentials from your local PC login are sent by default. This is OK if the terminal server you are logging into is in the same domain as your PC, but it's something to be aware of.
3) Our thin clients are all built with a default credential (I'm not sure why or if that's configurable, I don't work on that side of the house) so if we used msrdp persistence without session directory we'd not achieve loadbalancing. We use session directory for thin clients because of this.
HTH....Jason