03-03-2009 07:23 AM
Hello,
I am loadbalancing Terminal Server Windows 2008 sessions with an ACE4710.
I am trying to establish a Terminal Server session with Single Sign-On (SSO), but without success. Normal login with Username and Password on the TS are functionning, but never SSO session.
Does anyone have an idea how to configure the ACE to allow SSO session to be established.
Thanks
François
Solved! Go to Solution.
03-05-2009 02:39 AM
Indeed, if the problem is the name sent by the server, you're only solution is to change the server name if possible.
See if you can maybe configure loopback on all servers with the vip address and use transparent loadbalancing.
Only possible if your servers are adjacent to the appliance (share a vlan between ace and servers).
Gilles.
03-04-2009 07:10 AM
Do you have stickyness configured ?
Sniffer trace ?
G.
03-04-2009 07:33 AM
Hello,
Yes I have "sticky source IP" configured.
Some explanation about the situation.
I have 3 Windows 2008 Terminal Servers (for example: TS1, TS2 and TS3). On the ACE4710 I have a VIP address (DNS name = TSserver.mydomain.ch) which load balance the sessions between the servers and does source-IP sticky.
The problem I see is that the client PC opens a TS session to "TSserver.mydomain.ch". This session is for example sent to the server TS1. Then client PC refuse the Single Signon because the remote Terminal Server responds with "TS1.mydomain.ch" during the SSO.
At this point the user is prompted for "user name" and "password". If we log in normally the TS session is working fine.
But what we wanted is SSO !
I am not sur if we can do something on the ACE because I think this is a name problem between the PC, which connects to the VIP's DNS name and the real server responding with it's real host name!
But, I am open to any suggestion...
Thanks
03-05-2009 02:39 AM
Indeed, if the problem is the name sent by the server, you're only solution is to change the server name if possible.
See if you can maybe configure loopback on all servers with the vip address and use transparent loadbalancing.
Only possible if your servers are adjacent to the appliance (share a vlan between ace and servers).
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide