RDP session via RD Gateway behind Haproxy stuck

Dear Friends, i use Debian 12 Bookworm and Haproxy for loadbalance traffic between gateways. if all backend servers working without problem, but if simulate failover when put down on of backend servers active RDP session deadly freeze and unable to close, only if kill rdp client process.
if stop haproxy process and start again active session reconnects without problem, if not window still stucked until killing process. i trying to change option httpclose, set on-marked-down for backend servers and a lot of config changes without success. Please help solving this issue!

config example:

global
        log /dev/log    local0
        log /dev/log    local1 notice

        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private
        tune.ssl.default-dh-param 4096
    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:@SECLEVEL=0
    ssl-default-server-options ssl-min-ver TLSv1.0 no-tls-tickets


   # ssl-dh-param-file etc/haproxy/dhparam.pem

    log stdout format raw local0



defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        option  redispatch
        #option h1-case-adjust-bogus-client
        option httpclose
        #no option http-use-htx
        retries 3
        timeout connect 10s
        timeout client  30s
        timeout client-fin 30s
        timeout server  35s
        timeout tunnel        3600s
        timeout http-keep-alive  15s
        timeout http-request    30s

        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http


frontend rds_gateway_front
 bind *:80
 bind *:443 ssl crt /etc/haproxy/pki/contoso.com.pem no-tls-tickets alpn http/1.1 allow-0rtt
 mode http
 log global
 option forwardfor
 option http-no-delay
 option http-keep-alive
# option http-server-close # Connection to gw Not work with this option
# Internet Explorer and NTLM with HTTPS sites
 option http-use-proxy-header
 #option accept-invalid-http-request
 #no option  http-buffer-request
 #http-reuse always


 #Dump all headers
 http-request capture req.hdrs len 1024
 redirect scheme https code 301 if !{ ssl_fc }
 default_backend rds_gateway


backend rds_gateway
 #HTTPS
 #default-server ssl tfo verify none alpn http/1.1 check stick allow-0rtt
 #HTTP
 default-server alpn http/1.1 check on-marked-down shutdown-sessions
 mode http

 balance leastconn
 log global

 dynamic-cookie-key  RDGW
 cookie RDGW insert indirect nocache
 stick-table    type ip size 5000
 stick on       src

# no option redispatch
# no option persist
# option http-server-close
 option http-keep-alive
 option prefer-last-server
 option httpchk GET /
 http-check expect status 200

 http-request add-header X-Forwarded-For %[src]
 http-request set-header X-Forwarded-Host %[req.hdr(host)]
 http-request set-header X-Forwarded-Proto https if { ssl_fc }

 http-request set-header X-Client-IP %[src]
 http-request set-header X-Client-IP req.hdr_ip([X-Forwarded-For])

server RDGW1 10.20.10.71:80
server RDGW2 10.20.10.72:80
#server RDGW2 10.20.10.72:443 ssl verify none alpn h2,http/1.1 check
#server RDGW1 10.20.10.72:443 ssl verify none check cookie RDGW1 weight 50



listen statistics
bind *:9001
mode http
log global
stats enable
stats refresh 30s
stats show-node
stats show-legends
stats show-desc desc
stats auth letme:in
stats uri /stats
stats hide-version