Configure the LoadMaster settings by following the steps below in the LoadMaster WUI:

  1. In the main menu, select Virtual Services and Add New.

  2. Enter the relevant IP address in the Virtual Address text box.
  3. Enter 443 as the Port.
  4. Enter a recognizable Service Name, such as RD Gateway.
  5. Click Add this Virtual Service.

    Section

    Option

    Value

    Comment

    Standard Options

    Transparency

    Disabled

    Persistence Mode

    Source IP Address

    Persistence Timeout 1 Hour

    Scheduling Method

    least connection

    Idle Connection Timeout

    28800

    8 hours

    SSL Properties

    SSL Acceleration

    Enabled

    A wildcard certificate allows secure connections to be established with a request URL in the format of *.example.com. With this approach, a single certificate secures traffic for all clients in a multi-tenant environment.
    Reencrypt Enabled

    Supported Protocols

    TLS1.0

    TLS1.1

    TLS1.2

    TLS1.3

    		 While this workload may not support TLS1.3 yet, we recommend enabling it for future proofing.

    Cipher Set

    Best Practices

    For further information on cipher sets, refer to the SSL Accelerated Services Feature Description.

    Advanced Properties

    Content Switching

    Disabled

    Real Servers

    Real Server Check Method

    HTTPS Protocol

    Checked Port

    443

    URL

    /rpc

    HTTP Method

    HEAD

    Note: If you are running Remote Desktop Services in the cloud, you must configure the Remote Desktop Gateway to be at Layer 7. In the Standard Options section, disable Layer 4 and ensure Transparency is disabled. When you disable Layer 4 it should set the Real Server Forwarding method to NAT. These settings are required because the Microsoft Azure or Amazon Web Services (AWS) firewall blocks the traffic when it is directly returned to the client.
  6. Enter the settings based on the recommended values above.

    RDP version 8 and above contains new features that use UDP as well as TCP to increase performance over networks with low bandwidth, high latency, or high packet loss. The UDP protocol is also used by the RD Gateway. To allow usage of these protocol enhancements, you must configure the RD Gateway to allow load balancing of UDP traffic. To do this, follow the steps below:

  7. In the main menu of the LoadMaster WUI, select Virtual Services > Add New.

  8. In the Virtual Address text box, enter the same IP address that was used in the previous TCP Gateway configuration, for example, 10.154.11.52.
  9. Enter 3391 as the Port.
  10. Select udp as the Protocol.
  11. Click Add this Virtual Service.

    Section

    Option

    Value

    Comment
    Standard Options Transparency Enabled

    Persistence Mode

    Source IP Address

    Persistence Timeout 1 Hour

    Scheduling Method

    least connection

    In most RD Gateway environments, configuring Least Connection is the most suitable option. However, any option can be selected. For example, if a relative weight is configured to an RD Gateway Server, selecting weighted least connection here would also add the configured weight as a factor in calculating the schedule.

    Real Servers

    Real Server Check Method

    ICMP Ping

    Port

    3391

    Forwarding Method

    Direct return

  12. Enter the settings based on the recommended values above.

Cloud Deployments – The UDP traffic for RDP version 8 must be set to use Layer 7 when deployed in cloud environments. In the Standard Options section, disable Transparency and ensure that the forwarding method is set to NAT. These settings are required because the Microsoft Azure or Amazon Web Services (AWS) firewall blocks traffic that is directly returned to the client.

Non-Cloud Deployments -The UDP traffic for RDP version 8 can be configured to use Direct Server Return (DSR). Therefore, you must make some changes to the RD Gateway Servers to make the setup work. To make these changes, follow the steps below:

  1. Open the Device Manager on both RD Gateway Servers.

  2. Right-click the computer name and select Add legacy hardware.

  3. Select Install the hardware that I manually select from a list (Advanced).
  4. Click Next.

  5. Select Network adapters.
  6. Click Next.

  7. Select the Microsoft KM-TEST Loopback Adapter.
  8. Click Next.

  9. This creates a new network adapter. To make it easier to identify, rename it, for example to LoadMaster LoopBack.
  10. Open the TCP/IP properties.

  11. In the IP address text box, enter the IP address that matches the Virtual Service address.
  12. Enter 255.255.255.255 in the Subnet mask text box.
  13. Click the Advanced button.

  14. Enter 254 in the Interface metric text box.
  15. Click OK.
  16. Click OK again.
  17. Run the following three commands (using elevated permissions) in the console. Enter the name of the loopback adapter where <loopback> is mentioned. Enter the name of the primary network adapter where <net> is mentioned.

netsh interface ipv4 set interface <net> weakhostreceive=enabled

netsh interface ipv4 set interface <loopback> weakhostreceive=enabled

netsh interface ipv4 set interface <loopback> weakhostsend=enabled