Remote Desktop Gateway

I am trying to use HAProxy in front for two RD Gateway servers and I am constantly seeing “SD” in the haproxy log. I am using HAPRoxy is an SSL-Bridge configuration.

Here is my configuration:

frontend fe_rdp_tsc
bind 192.168.13.128:443 name rdp_web ssl crt 2013.company.com
mode http
capture request header Host len 32
log global
option httplog
timeout client 300s
maxconn 1000
acl path_rdweb path_beg -i /RDWeb/
http-request redirect location /RDWeb/ if { path -i / /RDWeb }
http-request deny unless path_rdweb
default_backend be_rdp_tsc

backend be_rdp_tsc
balance leastconn
mode http
log global
option httplog
timeout connect 4s
timeout server 300s
option httpchk GET /RDWeb
cookie RDPWEB insert nocache
default-server inter 3s rise 2 fall 3
server srv01 192.168.13.11:443 maxconn 1000 weight 10 ssl check cookie srv01
server srv02 192.168.13.12:443 maxconn 1000 weight 10 ssl check cookie srv02

If I try to connect using RDP 6.1 it works, if I use any modern RDP client (8+) it fails immediately. Im guessing there is a problem somewhere here with NTLM authentication responses, but I could be wrong.

Interestingly, I can use HAPRoxy to pass the connection through to a Microsoft Web Application Proxy and then to the gateway without issue (using the same configuration).

Log:
720/0/6/3/729 401 959 - - --NI 100/89/0/1/0 0/0
155/0/0/-1/156 -1 0 - - SDVN 100/89/0/0/0 0/0

Kind of figured it out…

I can’t get it working with pure HTTP, so i deny the /remoteDesktopGateway/ path so it falls back to RPC

acl RDGW_PATH_0 path_beg -i /remoteDesktopGateway/
http-request deny if RDGW_PATH_0