HAProxy RDP Windows


#1

So,

I am working on setting up a HAProxy Load balancer in my company. I am using the community version of Haproxy installed on my RHEL 6.9 server. I want to have it so that people who would like to remote into a developer space via Remote Desktop Connection would put the IP address of the front end load balancer which would in turn check then load balance to the next available Remote Desktop. In my current configuration, it works when I have only one backend server to reach. However when I add in another option, it starts the connection with the first server, then switches to the second midway through the authentication process. I see the Remote Desktop Connection asks me for my credentials, I put them in, it validates it (I have verified this by checking out my Windows AD) , and then it asks if I would like to accept the certificate installed on this computer, I say ‘Yes’ I would like to accept this certificate, then in the haproxy logs, I see it bounces to the next option in the backend load balancer list. One workaround I have done is to add the same entry twice, because I have an issue with it hopping to the next one, it will go back to it’s initial connection. Let me know what you think the solution is:

Attached is my configuration:
#---------------------------------------------------------------------

Example configuration for a possible web application. See the

full configuration options online.

http://haproxy.1wt.eu/download/1.4/doc/configuration.txt

#---------------------------------------------------------------------

#---------------------------------------------------------------------

Global settings

#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the ‘-r’ option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 172.29.0.53 local2
#stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------

common defaults that all the ‘listen’ and ‘backend’ sections will

use if not designated in their block

#---------------------------------------------------------------------
defaults
mode tcp
log global
option httplog
option dontlognull
option http-server-close

option forwardfor except 127.0.0.0/8

#option                  redispatch
retries                 3
timeout http-request    10s
timeout queue           1m
timeout connect         1m
timeout client          1m
timeout server          1m
timeout http-keep-alive 10s
timeout check           1m
maxconn                 3000

#---------------------------------------------------------------------

main frontend which proxys to the backends

#---------------------------------------------------------------------
frontend main *:5000
mode tcp
bind 172.29.0.130:5000 name rdp
timeout client 1h
log global
option tcplog
tcp-request inspect-delay 20s
tcp-request content accept if RDP_COOKIE

default_backend             ecs-loadbalancer

#---------------------------------------------------------------------

round robin balancing between the various backends

#---------------------------------------------------------------------
backend ecs-loadbalancer
mode tcp
balance roundrobin
timeout server 50s
timeout connect 50s
log global
option tcplog
option tcp-check
#option redispatch

tcp-check connect port 3389 ssl
default-server inter 30s rise 2 fall 3
#server  mecs-vmwks3 172.29.0.64:3389 weight 10 check verify none
#server  mecs-vmwks3 172.29.0.64:3389 weight 10 check verify none
#server  mecs-vmwks2 172.29.0.63:3389 weight 10 check verify none
server  mecs-wks4 172.29.0.101:3389 weight 10 check verify none
server  mecs-wks4 172.29.0.101:3389 weight 10 check verify none
server  mecs-wks5 172.29.0.200:3389 weight 10 check verify none
server  mecs-wks5 172.29.0.200:3389 weight 10 check verify none
server  mecs-wks6 172.29.0.202:3389 weight 10 check verify none
server  mecs-wks6 172.29.0.202:3389 weight 10 check verify none
#server  mecs-wks1 172.29.0.51:3389 weight 10 check verify none
#server  mecs-wks2 172.29.0.50:3389 weight 10 check verify none

#--------------------------------------------------------------------

Web page

#--------------------------------------------------------------------
listen stats 172.29.0.130:1936
mode http
#log global

maxconn 10

timeout client     100s
timeout server     100s
timeout connect    100s
timeout queue      100s

stats enable
stats hide-version
stats refresh 30s
stats show-node
stats auth admin:C1sco123!
stats uri /haproxy?stats