Network Load Balancing Step-by-Step Guide: Configuring Network Load Balancing with Terminal Services
Applies To: Windows Server 2008
This step-by-step guide provides instructions for configuring Network Load Balancing (NLB) with Terminal Services.
Using NLB with Terminal Services offers the benefits of increased availability, scalability, and load-balancing performance, as well as the ability to distribute a large number of Terminal Services clients over a group of terminal servers.
In Windows Server 2008 R2, Terminal Services was renamed Remote Desktop Services. To find out what's new in this version and to find the most up-to-date resources, visit the Remote Desktop Services page on the Windows Server TechCenter.
NLB with Terminal Services overview
NLB distributes traffic across several servers by using the TCP/IP networking protocol. You can use NLB with a terminal server farm to scale the performance of a single terminal server by distributing sessions across multiple servers.
Terminal Services Session Broker (TS Session Broker), included in Windows Server® 2008 Standard, Windows Server 2008 Enterprise, and Windows Server 2008 Datacenter, keeps track of disconnected sessions on the terminal server farm, and ensures that users are reconnected to those sessions. Additionally, TS Session Broker enables you to load balance sessions between terminal servers in a farm. This functionality is provided by the TS Session Broker Load Balancing feature. However, this session-based load balancing feature requires a front-end load balancing mechanism to distribute the initial connection requests to the terminal server farm. You can use a load balancing mechanism such as DNS round robin, NLB or a hardware load balancer to distribute the initial connection requests. By deploying NLB together with TS Session Broker Load Balancing, you can take advantage of both the network-based load balancing and failed server detection of NLB, and the session-based load balancing and per server limit on the number of pending logon requests that is available with TS Session Broker Load Balancing.
To use the TS Session Broker Load Balancing feature, all terminal servers in the farm must be running Windows Server 2008. For more information about the TS Session Broker Load Balancing feature, see the Windows Server 2008 TS Session Broker Load Balancing Step-by-Step Guide.
When deploying a terminal server farm by using NLB, each server needs to serve all users. To facilitate this, you must store per-user information, system information, and common data in an accessible place, such as a back-end file server.
Terminal Services components
Terminal Services has two components that are important for establishing load balancing: the Terminal Services Session Broker service and the Terminal Services Configuration snap-in.
Terminal Services Session Broker service
This service maintains a database that keeps track of terminal server sessions in a load-balanced terminal server farm and provides information to the terminal server, which is used to connect users to existing sessions.
When the Terminal Services Session Broker service starts, it creates the Session Directory Computers local group. By default, this group is not populated. You must choose the individual terminal servers or groups that you want to participate in the Terminal Services Session Broker service, and then manually change group memberships to the Session Directory Computers group.
The Terminal Services Session Broker service starts automatically after you install the TS Session Broker role service on the server that you want to use to track user session information for a load-balanced terminal server farm. You can use a single TS Session Broker server to track user sessions across multiple farms because there is minimal performance overhead.
When you install the TS Session Broker role service, the following changes occur on the local computer:
The Terminal Services Session Broker service is installed. By default, the service is set to Started and to Automatic.
The Session Directory Computers local group is created.
The server where you install the TS Session Broker role service must be a member of a domain.
The Windows Server 2008-based server where you install the TS Session Broker role service does not have to be a terminal server or have Remote Desktop enabled.
If you install the TS Session Broker role service on a domain controller, the Session Directory Computers group will be a domain local group, and it will be available on all domain controllers.
If you do not have any of the Terminal Services role services installed, use the following procedure to install the TS Session Broker role service.
To install the TS Session Broker role service
Click Start, point to Administrative Tools, and then click Server Manager.
Under Roles Summary, click Add Roles.
In the Add Roles Wizard, review the Before You Begin page, and then click Next.
On the Select Server Roles page, select the Terminal Services check box, and then click Next.
On the Terminal Services page, click Next.
On the Select Role Services page, select the TS Session Broker check box, and then click Next.
On the Confirm Installation Selections page, confirm that TS Session Broker is listed, and then click Install.
On the Installation Results page, click Close.
Terminal Services Configuration snap-in
This snap-in is included on each terminal server. Terminal servers that comprise the terminal server farm communicate with TS Session Broker to ensure that users are transparently reconnected to the original server hosting their disconnected sessions. The process is:
When the user logs on to the terminal server farm, the terminal server receiving the initial client logon request sends a query to the TS Session Broker server.
The TS Session Broker server checks the user name against its database and sends the result to the requesting server. One of the following occurs:
If the user has no disconnected sessions, logon continues at the server hosting the initial connection.
If the user has a disconnected session on another server, the client session is passed to that server and logon continues.
Requirements for using NLB with a terminal server
To use NLB, a computer must have:
At least one network adapter for load balancing.
Only TCP/IP used on the adapter for which NLB is enabled. Do not add any other protocols (for example, IPX) to this adapter.
All hosts in the NLB cluster must reside on the same subnet.
Ensure that the cluster's clients are able to access this subnet.
All terminal servers in the terminal server farm should be joined to the same domain.
Steps for configuring NLB with Terminal Services
To configure NLB with Terminal Services, complete the following steps:
Step 1: Set up a terminal server farm with TS Session Broker.
Step 2: Install NLB.
Step 3: Create an NLB cluster.
Step 1: Set up a terminal server farm with TS Session Broker
For a terminal server to use TS Session Broker, you must add the computer account for the terminal server to the Session Directory Computers local group on the TS Session Broker server.
You must perform this procedure on the server where you installed the TS Session Broker role service.
To add a terminal server to the Session Directory Computers local group
On the TS Session Broker server, click Start, point to Administrative Tools, and then click Computer Management.
In the left pane, expand Local Users and Groups, and then click Groups.
In the right pane, right-click the Session Directory Computers group, and then click Properties.
In the Select Users, Computers, or Groups dialog box, click Object Types.
Select the Computers check box, and then click OK.
Locate and then add the computer account for the terminal server that you want to add.
Click OK when finished.
You can configure a terminal server to join a farm in TS Session Broker by using the Terminal Services Configuration snap-in.
The following steps are only applicable if the Terminal Server role service is installed.
To configure TS Session Broker settings
Start the Terminal Services Configuration snap-in. To do this, click Start, point to Administrative Tools, point to Terminal Services, and then click Terminal Services Configuration.
In the Edit settings area, under TS Session Broker, double-click Member of farm in TS Session Broker.
On the TS Session Broker tab, click to select the Join a farm in TS Session Broker check box.
In the TS Session Broker server IP address or name text box, type the name of the TS Session Broker server.
The TS Session Broker server is the server where you installed the TS Session Broker role service.
- In the Farm name in TS Session Broker text box, type the name of the farm that you want to join in TS Session Broker.
TS Session Broker uses a farm name to determine which servers are in the same terminal server farm. You must use the same farm name for all servers that are in the same load-balanced terminal server farm. Although the farm name in TS Session Broker does not have to be registered in Active Directory® Domain Services, it is recommended that you use the same name that you will use in DNS for the terminal server farm. (The terminal server farm name in DNS represents the virtual name that clients will use to connect to the terminal server farm.) If you type a new farm name, a new farm is created in TS Session Broker and the server is joined to the farm. If you type an existing farm name, the server joins the existing farm in TS Session Broker.
To participate in TS Session Broker Load Balancing, do the following:
Select the Participate in Session Broker Load-Balancing check box. Selecting this check box will take advantage of TS Session Broker session-based load balancing, and the per server limit on the number of pending logon requests.
Optionally, in the Relative weight of this server in the farm box, modify the server weight. By assigning a relative weight value, you can help to distribute the load between more powerful and less powerful servers in the farm. By default, the value is 100. The server weight is relative. Therefore, if you assign one server a value of 100, and one a value of 200, the server with a relative weight of 200 will receive twice the number of sessions.
Verify that you want to use IP address redirection. By default, the Use IP address redirection setting is enabled. If you clear the check box, the server switches to token redirection mode.
In the Select IP addresses to be used for reconnection box, select the check box next to each IP address that you want to use. Keep in mind that:
The IP address used for reconnection must not be the same as the cluster IP address. If you select the cluster IP address, you are not assured that you will be reconnected to the same session.
Only the first selected IPv4 address will be used by clients running Remote Desktop Connection 5.2 and earlier.
Using IPv6 addresses is not recommended if the terminal server farm contains servers that are running Windows Server 2003.
Click OK when finished.
Step 2: Install NLB
NLB must be installed on the network adapter that you want to use for the Remote Desktop Protocol (RDP) connection.
To open the Add Features Wizard and install NLB
Click Start, point to Administrative Tools, and then click Server Manager. In the Features Summary area of the Server Manager main window, click Add Features.
-- or --
In the Customize this server area of the Initial Configuration Tasks window, click Add Features.
In the Add Features Wizard, select the checkbox next to Windows Network Load Balancing.
You also have the option to install NLB using the command: Servermanagercmd.exe - install nlb at a command prompt.
Step 3: Create an NLB cluster
To configure the NLB cluster, you must configure three types of the parameters:
Host parameters, which are specific to each host in an NLB cluster.
Cluster parameters, which apply to an NLB cluster as a whole.
Port rules, which control how the cluster functions. By default, a port rule equally balances all TCP/IP traffic across all servers. When using NLB in a Terminal Services environment, you will need to modify these default rules.
When you are using Network Load Balancing Manager, you must be a member of the Administrators group on the host that you are configuring, or you must have been delegated the appropriate authority. If you are configuring a cluster or host by running Network Load Balancing Manager from a computer that is not part of the cluster, you do not have to be a member of the Administrators group on that computer. As a security best practice, consider using Run as to perform this procedure.
To create an NLB cluster
To open Network Load Balancing Manager, click Start, click Administrative Tools, and then click Network Load Balancing Manager. You can also open Network Load Balancing Manager by typing Nlbmgr from a command prompt.
Right-click Network Load Balancing Clusters, and then click New Cluster.
Connect to the host that is to be a part of the new cluster. In Host, enter the name of the host, and then click Connect.
Select the interface that you want to use with the cluster, and then click Next. (The interface hosts the virtual IP address and receives the client traffic to load balance.)
In Host Parameters, select a value in Priority (Unique host identifier). This parameter specifies a unique ID for each host. The host with the lowest numerical priority among the current members of the cluster handles all of the cluster's network traffic that is not covered by a port rule. You can override these priorities or provide load balancing for specific ranges of ports by specifying rules on the Port rules tab of the Network Load Balancing Properties dialog box. Click Next to continue.
In Cluster IP Addresses, click Add to enter the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts chosen to be part of the cluster. NLB doesn't support Dynamic Host Configuration Protocol (DHCP). NLB disables DHCP on each interface it configures, so the IP addresses must be static. Click Next to continue.
In Cluster Parameters, type values in IP Address and Subnet mask (for IPv6 addresses, subnet mask is not needed). A full Internet name is not needed when using NLB with Terminal Services.
In Cluster operation mode, click Unicast to specify that a unicast media access control (MAC) address should be used for cluster operations. In unicast mode, the MAC address of the cluster is assigned to the network adapter of the computer, and the built-in MAC address of the network adapter is not used. It is recommended that you accept the unicast default settings. Click Next to continue.
In Port Rules, click Edit to modify the default port rules. Configure the rules as follows:
In Port Range, specify a range of 3389 to 3389 so that the new rule applies only to RDP traffic.
In Protocols, select TCP as the specific TCP/IP protocol that a port rule should cover. Only the network traffic for the specified protocol is affected by the rule. Traffic not affected by the port rule is handled by the default host.
In Filtering mode, select Multiple host, which specifies that multiple hosts in the cluster handle network traffic for this port rule.
In Affinity (which applies only for the Multiple host filtering mode), select None if you are planning to use TS Session Broker. Select Single if you are not planning to use TS Session Broker.
Click Finish to create the cluster.
To add more hosts to the cluster, right-click the new cluster, and then click Add Host to Cluster. Configure the host parameters (including host priority and dedicated IP addresses) for the additional hosts by following the same instructions that you used to configure the initial host. Since you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same.
Logging bugs and feedback
If you find errors in this document, or you have problems configuring NLB with Terminal Services, please log a bug so that we can correct the problem. When you log bugs, use the instructions on the Microsoft Connect Web site. We are also interested in feature requests and general feedback about NLB.
To provide feedback on this Step-by-Step Guide, follow the instructions Provide Feedback on Windows Server 2008 Content. Please note that in the comment area on the Web site, you will need to provide the name of this Step-by-Step Guide.
The following resources provide additional information about NLB and Terminal Services:
If you need product support, see the Microsoft Connect Web site.
For information about the TS Session Broker Load Balancing feature, see the Windows Server 2008 TS Session Broker Load Balancing Step-by-Step Guide.
For information about Terminal Services Session Directory in Windows Server 2003, see Session Directory and Load Balancing Using Terminal Server.