Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Network Level Authentication

  • Please log in to reply
1 reply to this topic


  • Member
  • 1 posts
  • Joined 07-February 13
  • OS:none specified
  • Country: Country Flag

I am having a problem with implmenting Network level authentication with Windows 2008 R2. For use with RDS load balancing

I have a simple setup. 2 servers, which i want to load balance in an RDS farm
I've setup 1 of these servers as the RDS connection broker, joined them both to a farm and then setup DNS round robin for the two servers.

All works fine, connection to the farm points to either of the servers, then the load balancer kicks in and balances to the least loaded of the 2 servers.

The only problem being that Network level authentication does not work, so I get prompted for a password when starting the RDP connection, then the connection hits the load balancer and i need to login to this, then when pushed to the target server I again have to login. I assume if NLA is working, it takes my first login and uses that through the chain.

I have enabled the option
'Allow connection only from computers running Remote Desktop with NEtwork Level Authentication'
From the RDP-Tcp Listener properties
I'm using the RDP client from a 2008 server (so its a verison with NLA enabled)

I've set the policy options
Prompt for credentials on client computer - enabled
Copnfigure server authentication for client - enabled
The other policy options in remote desktop section are all set to unconfigured

I do have two issues which may be effecting this
I have not yet installed the licenses/license server. This is part of a larger environment build, so this will turn up in due course, would this cause it to fail ?
I am having a problem with the cert part of the process, I have a CA and have created the certificate on each server, btu the certificate name matches the server, not the farm name, so it gives and error on connection. Again, would this stop the NLA, or is ti just a warning.

This is very annoying as the loadbalancing part works great, but its not usable with having to do mutiple logins to get in. Any suggestions would be greatly appreciated


How to remove advertisement from MSFN



    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,804 posts
  • Joined 13-January 06
As i understood you used tree loadbalancing methods:
- the round robin functionality of the DNS.
- the NLB functionality of windows.
- the RDS connection broker.
You should not use all those at the same time. You shouldn't use NLB if you're using the RDS connection broker (which is the right method to allow users to get their session back if they get disconnected).
The Round Robin won't help load balancing that much.
Most likely you'll need a real load balancer replacing the dns round robin if you want the same number of user on both servers. Forget about a Microsoft load balancer, you'll have to look for either open source (yes there are some open source load balancer) or a network appliance solution (cisco content switch, F5....).
The licensing issue shouldn't be a problem if you're within the 120 days.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users