I deployed a RDS Farm with Windows 2012 R2 (with Add Roles and Features, Remote Desktop Service Installation, Standard Deployment, ...)
Server 1 -> Session Host + Web Access
Server 2 -> Session Host + Web Access
Server 3 -> Connection Broker
I configured a session collection and authorized the users for it. The users connect to the web access (using IE), they see the remote apps.
The problem begins after the selection of a remote app (clicking on the icon). A rdp client window pops up, containing the connection broker as target – which is fine I guess, as the initial connection is supposed to target the CB – this rdp connection ends with the error “The connection was denied because the user account is not authorized for remote login”
The rdp connection tried to connect to Server 3 (connection broker), the users are not member of the remote desktop user group on the connection broker, therefore the error.
To avoid this error I can include the users in the remote desktop users group on the connection broker. Then it works fine: the connection broker redirects the session to one of the session hosts, where the desired remote app is executed.
But do the rds users have to be a member of the remote desktop users group on the connection broker?! I can’t belive that, then the users could use a rdp connection to connect directly to the connection broker – that doesn’t sound right to me…
Does anybody know how I get a redirection to a session host using web access WITHOUT tampering with the remote desktop users group of the connection broker?
Thanks in advance.
Per