MSRDP - Persistence behind NAT

Hi folks, It should be easy to you to solve that.

 

Scenario:

 

LTM Only

 

VS: 10.10.10.1:3389

 

Persistence: MSRDP

 

Pool: 20.20.20.1:3389, 20.20.20.2:3389, 20.20.20.3:3389

 

LB: Round Robin.

 

So, the logic is:

 

1. Client do request 10.10.10.1:3389 and is balanced to 20.20.20.1:3389

 

2. Server responds "Hello, I'm hostname with cert server1"

 

3. Client says: "OK", do request 10.10.10.1:3389 with username: "devcentral" and pass "1234"

 

4. LTM persist connection session msrdp to "devcentral" username

 

5. Client starts to work on desktop

 

Issue:

 

MSTSC trying two connections, but, the second one is that have the mstshash cookie with user name.

 

On step 3, since the request comes from a new request port, it will be directed to the member 20.20.20.2:3389, because the persistence occurs on step 4.

 

So, an error was triggered:

 

Connection has been terminated because an unexpected server authentication certificate received from the remote computer

 

So, the temporary solution was to change the persistence to source address.

 

But, because of the customer topology, multiple clients arrives from the same source address, causing wrong distribution to that servers.

 

What the right way to persist MSRDP on topologies behind a NAT?

 

There are something I should set on the virtual server or persistence?

 

There are something I should set on windows server ?

 

Thank you in advance.