windows server 2008 ts session broker load balancing step-by-step guide
TRANSCRIPT
TS Session Broker Load Balancing Step-by-Step Guide
Microsoft Corporation
Published: June 2008
Author: Tessa Wooley
Editor: Linda Caputo
AbstractTerminal Services Session Broker (TS Session Broker) is a role service in
Windows Server® 2008 that enables you to load balance sessions in a terminal server farm, and
allows a user to reconnect to an existing session in a load-balanced terminal server farm. The
new TS Session Broker Load Balancing feature enables you to easily distribute the session load
between servers in a load-balanced terminal server farm.
Copyright Information
This document supports a preliminary release of a software product that may be changed
substantially prior to final commercial release, and is the confidential and proprietary information
of Microsoft Corporation. It is disclosed pursuant to a non-disclosure agreement between the
recipient and Microsoft. This document is provided for informational purposes only and Microsoft
makes no warranties, either express or implied, in this document. Information in this document,
including URL and other Internet Web site references, is subject to change without notice. The
entire risk of the use or the results from the use of this document remains with the user. Unless
otherwise noted, the example companies, organizations, products, domain names, e-mail
addresses, logos, people, places, and events depicted herein are fictitious, and no association
with any real company, organization, product, domain name, e-mail address, logo, person, place,
or event is intended or should be inferred. Complying with all applicable copyright laws is the
responsibility of the user. Without limiting the rights under copyright, no part of this document may
be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by
any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose,
without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
© 2007 Microsoft Corporation. All rights reserved.
Active Directory, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, and
Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
All other trademarks are property of their respective owners.
Contents
TS Session Broker Load Balancing Step-by-Step Guide................................................................5
What new functionality does this feature provide?.......................................................................5
About using DNS round robin......................................................................................................6
TS Session Broker Load Balancing system requirements...........................................................8
Checklist: Deploying TS Session Broker Load Balancing............................................................9
Install the TS Session Broker role service...................................................................................9
Installation prerequisites........................................................................................................10
Installation procedure.............................................................................................................10
Add each terminal server in the farm to the Session Directory Computers local group.............11
Configure TS Session Broker settings for terminal servers in the farm......................................11
Configure TS Session Broker settings by using Group Policy................................................12
Configure TS Session Broker settings by using Terminal Services Configuration..................13
Configure DNS for TS Session Broker Load Balancing.............................................................15
Additional information................................................................................................................16
Configure dedicated redirectors (optional).............................................................................16
Deny logons to a terminal server in a load-balanced farm.....................................................18
Additional references..........................................................................................................18
TS Session Broker Load Balancing Step-by-Step Guide
Terminal Services Session Broker (TS Session Broker) is a role service in the
Windows Server® 2008 operating system that enables you to load balance sessions between
terminal servers in a farm, and allows a user to reconnect to an existing session in a load-
balanced terminal server farm. TS Session Broker stores session state information that includes
session IDs, their associated user names, and the name of the server where each session
resides.
This step-by-step guide describes how to configure the new TS Session Broker Load Balancing
feature.
Note
In Windows Server 2008, the name of the Terminal Services Session Directory feature
was changed to TS Session Broker.
What new functionality does this feature provide?The new TS Session Broker Load Balancing feature enables you to evenly distribute the session
load between servers in a load-balanced terminal server farm. With TS Session Broker Load
Balancing, new user sessions are redirected to the terminal server with the fewest sessions.
Using TS Session Broker to load balance sessions involves two phases. In the first phase, initial
connections are distributed by a preliminary load-balancing mechanism, such as Domain Name
System (DNS) round robin. After a user authenticates, the terminal server that accepted the initial
connection queries the TS Session Broker server to determine where to redirect the user.
In the second phase, the terminal server where the initial connection was made redirects the user
to the terminal server that was specified by TS Session Broker. The redirection behavior is as
follows:
A user with an existing session will connect to the server where their session exists.
A user without an existing session will connect to the terminal server that has the fewest
sessions.
TS Session Broker Load Balancing sets a limit of 16 for the maximum number of pending logon
requests to a particular terminal server. This helps to prevent the scenario where a single server
is overwhelmed by new logon requests; for example, if you add a new server to the farm, or if you
enable user logons on a server where they were previously denied.
The TS Session Broker Load Balancing feature also enables you to assign a relative weight value
to each server. By assigning a relative weight value, you can help to distribute the load between
more powerful and less powerful servers in the farm. For more information, see Configure TS
Session Broker settings by using Terminal Services Configuration.
5
Additionally, a new "server draining" mechanism is provided that enables you to prevent new
users from logging on to a terminal server that is scheduled to be taken down for maintenance.
This mechanism provides for the ability to take a server offline without disrupting the user
experience. If new logons are denied on a terminal server in the farm, TS Session Broker will
allow users with existing sessions to reconnect, but will redirect new users to terminal servers that
are configured to allow new logons. For more information, see Deny logons to a terminal server in
a load-balanced farm.
You can enable TS Session Broker Load Balancing through Terminal Services Configuration,
Group Policy, or Windows Management Instrumentation (WMI). If you are using DNS round robin
to distribute initial connections, you must also configure DNS entries for each terminal server in
the farm.
Note
While any load-balancing mechanism can be used to distribute the initial connections,
DNS round robin is the easiest mechanism to deploy. Deploying TS Session Broker Load
Balancing with a network level load-balancing solution such as Network Load Balancing
(NLB) or a hardware load balancer avoids the limitations of DNS, while still taking
advantage of TS Session Broker session-based load balancing, the per server limit on
the number of pending logon requests, and the new "server draining" feature. The
limitations of DNS round robin include the caching of DNS requests on the client, which
can result in clients using the same IP address for each initial connection request, and
the potential for a 30-second timeout delay if a user is redirected to a terminal server that
is offline, but still listed in DNS.
About using DNS round robinTo configure DNS round robin, you must create a host resource record for each terminal server in
the farm that maps to the terminal server farm name in DNS. (The farm name is the virtual name
that clients will use to connect to the terminal server farm.) DNS uses round robin to rotate the
order of the resource records that are returned to the client. This functionality helps to distribute
initial connections across servers in the farm. The initial connection behavior is as follows:
1. An incoming Terminal Services client queries DNS and receives a list of IP addresses for the
farm.
2. The client tries to connect to the first IP address in the list that was returned by DNS.
If the connection fails, the client will automatically try to connect to the next IP address (after
a 30-second timeout delay). This provides a degree of fault tolerance if one of the terminal
servers is unavailable.
The following diagram provides a more detailed representation of the traffic flow. In the
diagrammed scenario, all terminal servers in the farm have host resource records in DNS that
map to the terminal server farm name (“Farm1”). Therefore, any terminal server in the farm can
act as a redirector and process the initial connection requests.
6
1. A user on the client computer starts the Remote Desktop Connection (RDC) client. In the
Computer field, they specify the name of the terminal server farm (in this case, Farm1). The
client contacts the DNS server to resolve the Farm1 name to an IP address.
2. The DNS server, which is configured to use round robin to load balance the initial connection
requests, returns the IP addresses that are registered for Farm1 to the client.
3. The client sends the connection request to the first IP address in the list that is returned by
DNS. In this example, this is the IP address of TerminalServer2 (10.0.0.3).
4. TerminalServer2, acting as the redirector, queries the TS Session Broker server to determine
which terminal server the client should log on to.
5. The TS Session Broker server checks its database and does either of the following:
If the user has an existing session, the TS Session Broker server returns the IP address
of the terminal server where the session exists to the redirector.
If the user does not have an existing session, the TS Session Broker server determines
which terminal server in the farm has the lowest load (based on the number of sessions
and the relative server weight value). The TS Session Broker server returns the IP
address of the terminal server with the lowest load to the redirector.
6. The redirector (TerminalServer2) sends the client the IP address of the terminal server that
the client should connect to (in this example, TerminalServer3).
7. The client sends the connection request to TerminalServer3. TerminalServer3 processes the
logon request and the user starts a Terminal Services session.
7
8. TerminalServer3 notifies the TS Session Broker server of the successful logon.
Note
For information about how to configure dedicated redirectors that redirect user sessions
but do not accept user logons, see Configure dedicated redirectors (optional).
TS Session Broker Load Balancing system requirementsTo participate in TS Session Broker Load Balancing, the following system requirements apply:
The TS Session Broker server and the terminal servers in the farm must be running Windows
Server 2008. TS Session Broker is available in the Windows Server 2008 Standard operating
system, as well as the Windows Server 2008 Enterprise and Windows Server 2008
Datacenter operating systems.
Note
Windows Server 2003-based terminal servers cannot use the TS Session Broker
Load Balancing feature.
You must configure all terminal servers in the load-balanced farm identically, with the same
available programs.
For clients to use TS Session Broker Load Balancing, they must be running Remote Desktop
Connection (RDC) version 5.2 or later.
In addition, we recommend that you configure all terminal servers in the farm to restrict each user
to a single session. To do this, use either of the following methods:
Configure the Restrict Terminal Services users to a single remote session Group Policy
setting. This policy setting is available in the Computer Configuration\Policies\
Administrative Templates\Windows Components\Terminal Services\Terminal Server\
Connections node of the Group Policy Management Console (GPMC) on a Windows
Server 2008-based domain controller. It is a best practice to group the terminal servers that
are in the same terminal server farm into a single organizational unit (OU), and then configure
this policy setting in a Group Policy object (GPO) that applies to the OU.
Note
If you are using the Local Group Policy Editor, Policies is not part of the node path.
Configure the Restrict each user to a single session setting on each terminal server by
using Terminal Services Configuration. This setting appears under Edit settings, in the
General section.
Checklist: Deploying TS Session Broker Load BalancingTo deploy TS Session Broker Load Balancing, you must complete the following tasks.
8
Note
This step-by-step guide describes how to configure TS Session Broker Load Balancing
by using DNS round robin to distribute the initial connections. If you prefer, you can use
NLB or a hardware load balancer to spread the initial connection and authentication load
between multiple terminal servers in the farm.
Task Reference
Install the TS Session Broker role service on
the server that you want to use to track user
sessions for a farm.
Install the TS Session Broker role service
Add the terminal servers in the farm to the
Session Directory Computers local group on
the TS Session Broker server.
Add each terminal server in the farm to the
Session Directory Computers local group
Configure the terminal servers in the farm to
join a farm in TS Session Broker, and to
participate in TS Session Broker Load
Balancing.
Configure TS Session Broker settings for
terminal servers in the farm
Configure DNS round robin entries for terminal
servers in the farm.
Configure DNS for TS Session Broker Load
Balancing
Install the TS Session Broker role serviceYou must install the TS Session Broker role service on the server that you want to use to track
user session information for a load-balanced terminal server farm. You can use a single
TS Session Broker server to track user sessions across multiple farms, as there is minimal
performance overhead.
The Windows Server 2008-based server where you install the TS Session Broker role service
does not have to be a terminal server or have Remote Desktop enabled. It is considered a best
practice to install the TS Session Broker role service on a back-end infrastructure server, such as
a file server. If you install the role service on a server that is not a terminal server, the Terminal
Services Session Broker service will not be affected when you need to perform maintenance on
terminal servers in the farm.
When you install the TS Session Broker role service, the following changes occur on the local
computer:
The Terminal Services Session Broker service is installed. By default, the service is set to
Started and to Automatic.
The Session Directory Computers local group is created.
9
Installation prerequisitesThe server where you install TS Session Broker must be a member of a domain.
Note
If you install the TS Session Broker role service on a domain controller, the Session
Directory Computers group will be a domain local group and will be available on all
domain controllers.
Installation procedureMembership in the local Administrators group is the minimum required to complete this
procedure.
To install TS Session Broker
1. Open Server Manager. To open Server Manager, click Start, point to Administrative
Tools, and then click Server Manager.
2. If the Terminal Services role is already installed:
a. Under Roles Summary, click Terminal Services.
b. Under Role Services, click Add Role Services.
c. On the Select Role Services page, select the TS Session Broker check box, and
then click Next.
If the Terminal Services role is not already installed:
a. Under Roles Summary, click Add Roles.
b. On the Before You Begin page of the Add Roles Wizard, click Next.
c. On the Select Server Roles page, select the Terminal Services check box, and
then click Next.
d. Review the Terminal Services page, and then click Next.
e. On the Select Role Services page, select the TS Session Broker check box, and
then click Next.
3. On the Confirm Installation Selections page, click Install.
4. On the Installation Results page, confirm that the installation succeeded, and then click
Close.
Add each terminal server in the farm to the Session Directory Computers local groupFor terminal servers to use TS Session Broker, you must add the computer account for each
terminal server in the farm to the Session Directory Computers local group on the TS Session
Broker server.
10
Membership in the local Administrators group is the minimum required to complete this
procedure.
Important
You must perform this procedure on the server where you installed the TS Session
Broker role service.
To add terminal servers to the Session Directory Computers local group
1. On the TS Session Broker server, click Start, point to Administrative Tools, and then
click Computer Management.
2. In the left pane, expand Local Users and Groups, and then click Groups.
3. In the right pane, right-click the Session Directory Computers group, and then click
Properties.
4. Click Add.
5. In the Select Users, Computers or Groups dialog box, click Object Types.
6. Select the Computers check box, and then click OK.
7. Locate and then add the computer account for each terminal server that you want to add.
8. When you are finished, click OK.
Configure TS Session Broker settings for terminal servers in the farmYou can configure a terminal server to join a farm in TS Session Broker and to participate in
TS Session Broker Load Balancing by using Group Policy or the Terminal Services Configuration
tool. However, you must use Terminal Services Configuration to configure the following settings:
The IP addresses to be used for reconnection.
The relative weight of the server when using TS Session Broker Load Balancing.
For information about how to configure the settings by using Group Policy, see Configure TS
Session Broker settings by using Group Policy. Configuring the settings by using Group Policy is
a recommended best practice.
For information about how to configure the settings by using Terminal Services Configuration, see
Configure TS Session Broker settings by using Terminal Services Configuration.
Important
Group Policy settings take precedence over configuration settings in the Terminal
Services Configuration snap-in and those that are made by using the Terminal Services
WMI provider.
11
Configure TS Session Broker settings by using Group PolicyTo assign TS Session Broker settings through Group Policy, it is a best practice to group the
terminal servers that are in the same terminal server farm into a single OU in Active Directory
Domain Services (AD DS). Then, configure the TS Session Broker settings in a GPO that applies
to the OU.
Note
For the TS Session Broker settings to be effective on a server, the server must have the
Terminal Server role service installed.
The following procedure describes how to configure TS Session Broker Group Policy settings by
using the Group Policy Management Console (GPMC) on a Windows Server 2008-based domain
controller.
To change Group Policy settings for a domain or an OU, you must be logged on as a member of
the Domain Admins, Enterprise Admins, or the Group Policy Creator Owners group, or have
been delegated the appropriate control over Group Policy to complete this procedure.
To apply TS Session Broker settings to an Active Directory OU
1. To start the GPMC, click Start, point to Administrative Tools, and then click Group
Policy Management.
2. In the left pane, locate the OU that contains the terminal servers.
3. To modify an existing GPO for the OU, expand the OU, and then click the GPO.
To create a new GPO, follow these steps:
a. Right-click the OU, and then click Create a GPO in this domain, and link it here.
b. In the Name box, type a name for the GPO, and then click OK.
c. In the left pane, click the new GPO.
4. In the right pane, click the Settings tab.
5. Right-click Computer Configuration, and then click Edit.
6. In the left pane, under Computer Configuration, expand Policies, expand
Administrative Templates, Windows Components, Terminal Services, and Terminal
Server, and then click TS Session Broker.
7. In the right pane, double-click the Join TS Session Broker policy setting, click Enabled,
and then click OK.
8. Double-click the Configure TS Session Broker farm name policy setting, and then do
the following:
a. Click Enabled.
b. In the TS Session Broker farm name box, type the name of the farm in TS Session
Broker that you want to join, and then click OK.
Important
TS Session Broker uses a farm name to determine which servers are in the
12
same terminal server farm. You must use the same farm name for all servers
that are in the same load-balanced terminal server farm. Although the farm
name in TS Session Broker does not have to be registered in AD DS, it is
recommended that you use the same name that you will use in DNS for the
terminal server farm. (The terminal server farm name in DNS represents the
virtual name that clients will use to connect to the terminal server farm.) If
you type a new farm name, a new farm is created in TS Session Broker and
the server is joined to the farm. If you type an existing farm name, the server
joins the existing farm in TS Session Broker.
9. Double-click the Configure TS Session Broker server name policy setting, and then do
the following:
a. Click Enabled.
b. In the TS Session Broker server name box, type the name of the server where you
installed the TS Session Broker role service, and then click OK.
10. Double-click the Use TS Session Broker load balancing policy setting, click Enabled,
and then click OK.
11. Optionally, if you are using a hardware load balancer that supports token redirection,
double-click Use IP Address Redirection and configure the setting. See the Group
Policy Explain text for more information.
Note
To configure TS Session Broker settings by using local Group Policy, use the Local Group
Policy Editor. To start the Local Group Policy Editor, click Start, click Run, type
gpedit.msc, and then click OK. To configure local Group Policy settings, you must be a
member of the Administrators group on the local computer or you must have been
delegated the appropriate authority.
Configure TS Session Broker settings by using Terminal Services ConfigurationYou can configure a terminal server to join a farm in TS Session Broker and to participate in
TS Session Broker Load Balancing by using Terminal Services Configuration.
Note
The following steps are only applicable if the Terminal Server role service is installed.
Membership in the local Administrators group is the minimum required to complete this
procedure.
To configure TS Session Broker settings by using Terminal Services Configuration
1. Start Terminal Services Configuration. To do this, click Start, point to Administrative
Tools, point to Terminal Services, and then click Terminal Services Configuration.
2. In the Edit settings area, under TS Session Broker, double-click Member of farm in
13
TS Session Broker.
3. On the TS Session Broker tab, click to select the Join a farm in TS Session Broker
check box.
4. In the TS Session Broker server name or IP address box, type the name or the IP
address of the TS Session Broker server.
Note
The TS Session Broker server is the server where you installed the TS Session
Broker role service.
5. In the Farm name in TS Session Broker box, type the name of the farm that you want
to join in TS Session Broker.
Important
TS Session Broker uses a farm name to determine which servers are in the
same terminal server farm. You must use the same farm name for all servers that
are in the same load-balanced terminal server farm. Although the farm name in
TS Session Broker does not have to be registered in AD DS, it is recommended
that you use the same name that you will use in DNS for the terminal server
farm. (The terminal server farm name in DNS represents the virtual name that
clients will use to connect to the terminal server farm.) If you type a new farm
name, a new farm is created in TS Session Broker and the server is joined to the
farm. If you type an existing farm name, the server joins the existing farm in
TS Session Broker.
6. To participate in TS Session Broker Load Balancing, select the Participate in Session
Broker Load-Balancing check box.
7. Optionally, in the Relative weight of this server in the farm box, modify the server
weight. By default, the value is 100. The server weight is relative. Therefore, if you assign
one server a value of 100, and one a value of 200, the server with a relative weight of
200 will receive twice the number of sessions.
8. Verify that you want to use IP address redirection. By default, the Use IP address
redirection (recommended) setting is enabled. If you clear the check box, the server
switches to token redirection mode.
9. In the Select IP addresses to be used for reconnection box, click to select the check
box next to each IP address that you want to use. When you select the IP addresses to
use, consider the following:
Only the first selected IPv4 address will be used by clients that are running RDC 5.2
and earlier.
Using IPv6 addresses is not recommended if the terminal server farm contains
servers that are running Windows Server 2003.
10. When you are finished, click OK.
14
Configure DNS for TS Session Broker Load BalancingTo configure DNS round robin for TS Session Broker Load Balancing, you must map the IP
address of each terminal server in the farm to the terminal server farm name in DNS.
The following procedure provides the steps to configure DNS on a Windows Server 2008-based
domain controller.
You must be a member of the Domain Admins, Enterprise Admins, or the DnsAdmins group
to complete this procedure.
To add DNS entries for each terminal server in the farm
1. Click Start, point to Administrative Tools, and then click DNS.
2. Expand the server name, expand Forward Lookup Zones, expand the domain name,
and then click the appropriate zone.
3. Right-click the zone, and then click New Host (A or AAAA).
4. In the Name (uses parent domain name if blank) box, type the terminal server farm
name.
The farm name is the virtual name that clients will use to connect to the terminal server
farm. For management purposes, it is recommended that you use the same farm name
that you specified when you configured the terminal servers to join a farm in TS Session
Broker.
Important
Do not use the name of an existing server for the farm name.
5. In the IP address box, type the IP address of a terminal server in the farm.
6. Click Add Host, and then click OK when you receive the message that the host record
was successfully created.
7. Repeat steps four through six for each terminal server in the farm. For each DNS entry,
ensure that you specify the same farm name in the Name (uses parent domain name if
blank) box. For example, if you have three terminal servers in a farm named FARM1,
with IP addresses of 192.168.1.20, 192.168.1.21, and 192.168.1.22, the entries would
look similar to the following:
Farm1 Host(A) 192.168.1.20
Farm1 Host(A) 192.168.1.21
Farm1 Host(A) 192.168.1.22
8. When you are finished, click Done.
15
Additional information
Configure dedicated redirectors (optional)When you register the IP address of each terminal server in the farm to a single terminal server
farm name in DNS, incoming Terminal Services clients will try to connect to the first IP address for
the farm name that is returned by DNS. The terminal server that receives this initial connection
request acts as the redirector.
To increase session redirection performance in a large terminal server farm, you can configure
terminal servers to be dedicated redirectors. These servers will process incoming requests, but
will not accept user sessions. To configure dedicated redirectors, you must do the following:
1. Create DNS round robin entries for the terminal servers that you want to use as dedicated
redirectors. When you do so, you must map the IP address of each terminal server that you
are using as a dedicated redirector to the terminal server farm name in DNS. (The farm name
is the virtual name that clients will use to connect to the terminal server farm.) The farm name
must not match an existing server name in AD DS.
2. Configure the servers to deny new user logons. For more information about how to deny new
user logons, see Deny logons to a terminal server in a load-balanced farm.
Because these dedicated redirectors have no user sessions, they do not require roaming profiles
or any installed programs. This enables a faster logon experience, and makes the server easier
to manage and more reliable.
The following diagram provides a more detailed representation of the traffic flow. In the
diagrammed scenario, two terminal servers are deployed as dedicated redirectors. (In a large
terminal server farm, you may want to have more than two dedicated redirectors.) The terminal
servers will redirect initial connection requests, but will not host any sessions (that is, they are
configured to deny new user logons). Only the two redirectors have host resource records in DNS
that map to the terminal server farm name. All terminal servers in the farm (including the
redirectors) are configured to use the same farm in TS Session Broker (in the Terminal Services
Configuration settings).
16
1. A user on the client computer starts the RDC client. In the Computer field, they specify the
name of the terminal server farm (in this case, Farm1). The client contacts the DNS server to
resolve the Farm1 name to an IP address.
2. The DNS server, which is configured to use round robin to load balance the initial connection
requests, returns the IP addresses that are registered for Farm1 (in this case, the IP
addresses of the two redirectors).
3. The client sends the connection request to the first IP address in the list that is returned by
DNS. In this example, this is the IP address of Redirector2 (10.0.0.3).
4. The redirector (Redirector2) queries the TS Session Broker server to determine which
terminal server the client should log on to.
5. The TS Session Broker server checks its database and does either of the following:
If the user has an existing session, the TS Session Broker server returns the IP address
of the terminal server where the session exists to the redirector.
If the user does not have an existing session, the TS Session Broker server determines
which terminal server in the farm has the lowest load (based on the number of sessions
and the relative server weight value). The TS Session Broker server returns the IP
address of the terminal server with the lowest load to the redirector.
6. Redirector2 sends the client the IP address of the terminal server that the client should
connect to (in this example, TerminalServer5).
17
7. The client sends the connection request to TerminalServer5. TerminalServer5 processes the
logon request and the user starts a Terminal Services session.
8. TerminalServer5 notifies the TS Session Broker server of the successful logon.
Note
In the diagram, TS Session Broker is installed on a separate server. You can install
TS Session Broker on one of the terminal servers that will act as a dedicated redirector.
Deny logons to a terminal server in a load-balanced farmIn Windows Server 2008, you can configure a terminal server to deny logon requests from new
users. With the ability to deny logons from new users to specific servers in a farm, you can
maintain your terminal server environment without disrupting end-user service. If you configure a
terminal server to deny new logons, the following behavior occurs:
Users with existing sessions can still reconnect to the server. Only new logons to that server
are denied. However, an administrator can still log on to the server locally to perform
maintenance on the server.
Note
An administrator can also connect remotely by starting the RDC client from the
command line with the /admin option (mstsc /admin).
If you are using TS Session Broker Load Balancing, TS Session Broker will redirect new
users to other servers in the farm, where new user logons are enabled.
Before you take a server down for maintenance, you can notify users with existing sessions to log
off from the server by using Terminal Services Manager to send a message.
To deny new user logons
1. Click Start, point to Administrative Tools, point to Terminal Services, and then click
Terminal Services Configuration.
2. In the Edit settings area, double-click User logon mode under General.
3. On the General tab, click either of the following:
Allow reconnections, but prevent new logons
Allow reconnections, but prevent new logons until the server is restarted
4. Click OK.
When you are finished doing maintenance, ensure that Allow all connections is
selected.
Additional references
For information about how to configure a load-balanced terminal server farm by using
TS Session Broker and NLB, see the Step-by-Step Guide for Configuring Network Load
18
Balancing with Terminal Services in Windows Server 2008 (http://go.microsoft.com/fwlink/?
LinkID=80406).
For information about Terminal Services Session Directory in Windows Server 2003, see
Session Directory and Load Balancing Using Terminal Server (http://go.microsoft.com/fwlink/?
LinkID=80740).
19