Forum Discussion

socvirgin23's avatar
socvirgin23
Icon for Altostratus rankAltostratus
Jun 21, 2023

Users having to manually reconnect RDP sessions

Hi there,

A customer of ours has just migrated their remote RDP Gateway solution over to a new F5 solution installed by us. During failover testing they rebooted one of the 2 RDP Gateway servers that the F5s loadbalance sessions to.

On their old RDP solution the session used to reconnect automatically when the session was passed over to the other RDP Gateway server (or when the rebooted server came back online). Now when the traffic is flowing through the F5s a user has to open a new RDP session.

I have a virtual server set up for https 443 RDP traffic and a virtual server set up for Remote FX on udp port 3391. The health monitor timers for the https pool are interval 5 timeout 16 but the timers on the UDP3391 pool are interval 31 timeout 90 but there were the F5 recommended settings.

Are these timers ok and if so is there a setting I am missing on the F5s to fail sessions over automatially?

Regards

socvirgin23

  • Hi socvirgin23 , 

    Could you please try the reselect option at ( Action on service down Feature ) on Pool settings. 
    Go to ( Local traffic >>> Pools >>> Select your RDP-gateway pool >> Switch from " Basic to Advanced " under configuration settings , and choose  Action on service down >> reselect ) 

    https://my.f5.com/manage/s/article/K15095#:~:text=The%20Action%20On%20Service%20Down%20feature%20specifies%20how%20the%20system,fails%20the%20monitor%20health%20check.

    try this and give your feedback. 

    • whisperer's avatar
      whisperer
      Icon for MVP rankMVP

      That sounds like it should work. In the case of HA, I would also make sure that a) MAC masquerade is used and b) persistence mirroring. These may be other considerations about from how pool member failure is handled in terms of connections.

       

      • socvirgin23's avatar
        socvirgin23
        Icon for Altostratus rankAltostratus

        Thanks for your response. I'm gonna add these features in as well as the above 'Action on service down' feature.

    • socvirgin23's avatar
      socvirgin23
      Icon for Altostratus rankAltostratus

      Thanks for the response MVP I'm going to implement this for the customer next week so I'll let you know how it goes 🙂

       

  • The 'Action on Service Down - Reselect' did not work. When the customer reloaded one of the RDP Gateway servers remote RDP users were disconnected and had to reconnect and sign in again. Looking at the article below is says that the 'reselect' option is only appropriate for 'transparent pool members, such as firewalls, routers, proxy servers, and cache servers'. My pool members are RDP Gateway servers of which a TCP 3-way-handshake needs to be established.

    https://my.f5.com/manage/s/article/K15095

    These RDP sessions use https/http and udp connections. The article says the below about failing over http sessions to another pool member so I'm not sure http sessions can be failed over to another pool member without the TCP session having to be re-created?

    Note: Services such as HTTP require that the system establish a transport layer connection before transmitting HTTP messages. This is commonly referred to as a 3-way handshake, and is used by the client or server to establish communication options and to track requests or responses. When a server receives a request from a client without having established the transport layer connection, normal behavior is for the server to reject the connection by sending a TCP response with the RST flag set. 

     

     

  • I have implemented SSL Bridging in the hope that the 'Server SSL' connection between the F5 and the backend RDP Gateway will be re-established with the other Gateway in the pool by the F5 when the current RDP Gateway connection fails. I am testing this with the customer tonight so will update this post later.