I had an existing 2012 R2 RDS deployment on a single server with all roles including RDCB. I added an additional 2x hosts to act as desktop session hosts and 1x host to act as the eventual web access, gateway and broker for the farm.
As the only supported method for this was to setup HA for the broker service I went about doing this as per instructions for this - I added the 2x DNS records, added groups and SQL access etc and all appears OK there.
Now when clients try access the session hosts or remoteapp hosts via web access they receive the message "The connection was denied because the user account is not authorized for remote login". Appears the connections are trying to connect to the broker server I have added because if I add the user to the remote desktop users group on the new broker server they can login - but they are logged into the connection broker!
There is a blog from MS advising items to add to RDP file properties but this is not applicable as the issues are happening via web access and the required information is added.
Here are the servers in the deployment and roles
RDS-REMOTEAPP1 (Existing Server)
- Connection Broker (HA)
- Web Access
- Session Host (RemoteApps)
- License Server
- Gateway
RDS03
- Gateway
- Web Access
- License Server
- Connection Broker was added and should be part of HA but is not listed in the Deployment Servers for some reason?
RDS01
- Session Host
RDS02
- Session Host
Here are the contents of the RDP File saved from the web access:
redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
videoplaybackmode:i:1
audiocapturemode:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:0
full address:s:RDSBROKER.DOMAIN.LOCAL
gatewayhostname:s:mail.externaldomain.com.au
workspace id:s:RDSBROKER.DOMAIN.LOCAL
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.Desktop
use multimon:i:1
How do I fix this issue or what is setup incorrectly?
Or should I just blow this all away (how do I do that?) and create a new farm?