Windows Server 2008 TS Session Broker

Load Balancing Step-By-Step Guide

Microsoft Corporation
Published: January 2008
Author: Tessa Wooley
Editor: Linda Caputo

Abstract
Terminal Services Session Broker (TS Session Broker) is a role service in
Windows Server® 2008 that enables you to load balance sessions in a terminal server farm, and
allows a user to reconnect to an existing session in a load-balanced terminal server farm. The
new TS Session Broker Load Balancing feature enables you to easily distribute the session load
between servers in a load-balanced terminal server farm.
Copyright Information
This document supports a preliminary release of a software product that may be changed
substantially prior to final commercial release, and is the confidential and proprietary information
of Microsoft Corporation. It is disclosed pursuant to a non-disclosure agreement between the
recipient and Microsoft. This document is provided for informational purposes only and Microsoft
makes no warranties, either express or implied, in this document. Information in this document,
including URL and other Internet Web site references, is subject to change without notice. The
entire risk of the use or the results from the use of this document remains with the user. Unless
otherwise noted, the example companies, organizations, products, domain names, e-mail
addresses, logos, people, places, and events depicted herein are fictitious, and no association
with any real company, organization, product, domain name, e-mail address, logo, person, place,
or event is intended or should be inferred. Complying with all applicable copyright laws is the
responsibility of the user. Without limiting the rights under copyright, no part of this document may
be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by
any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose,
without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

© 2007 Microsoft Corporation. All rights reserved.

Active Directory, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, and
Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.

All other trademarks are property of their respective owners.

Contents
Windows Server 2008 TS Session Broker Load Balancing Step-by-Step Guide............................4
What new functionality does this feature provide?.................................................................. .....4
About using DNS round robin....................................................................................... ...............5
TS Session Broker Load Balancing system requirements.............................................. .............6
Checklist: Deploying TS Session Broker Load Balancing................................................... .........6
Install the TS Session Broker role service.............................................................. .....................7
Installation prerequisites....................................................................................................... ....7
Installation procedure................................................................................................. ..............7
Add each terminal server in the farm to the Session Directory Computers local group...............8
Configure TS Session Broker settings for terminal servers in the farm..................................... ...9
Configure TS Session Broker settings by using Group Policy...................................... ............9
Configure TS Session Broker settings by using Terminal Services Configuration..................11
Configure DNS for TS Session Broker Load Balancing............................................... ..............12
Additional information.............................................................................................. ..................13
Configure dedicated redirectors (optional).................................................. ...........................13
Deny logons to a terminal server in a load-balanced farm.....................................................14
Additional references..................................................................................... .....................14
Windows Server 2008 TS Session Broker
Load Balancing Step-by-Step Guide
Terminal Services Session Broker (TS Session Broker) is a role service in the
Windows Server® 2008 operating system that enables you to load balance sessions between
terminal servers in a farm, and allows a user to reconnect to an existing session in a load-
balanced terminal server farm. TS Session Broker stores session state information that includes
session IDs, their associated user names, and the name of the server where each session
resides.
This step-by-step guide describes how to configure the new TS Session Broker Load Balancing
feature.

Note
In Windows Server 2008, the name of the Terminal Services Session Directory feature
was changed to TS Session Broker.

What new functionality does this feature provide?

The new TS Session Broker Load Balancing feature enables you to evenly distribute the session
load between servers in a load-balanced terminal server farm. With TS Session Broker Load
Balancing, new user sessions are redirected to the terminal server with the fewest sessions.
Using TS Session Broker to load balance sessions involves two phases. In the first phase, initial
connections are distributed by a preliminary load-balancing mechanism, such as Domain Name
System (DNS) round robin. After a user authenticates, the terminal server that accepted the initial
connection queries the TS Session Broker server to determine where to redirect the user.
In the second phase, the terminal server where the initial connection was made redirects the user
to the terminal server that was specified by TS Session Broker. The redirection behavior is as
follows:
• A user with an existing session will connect to the server where their session exists.
• A user without an existing session will connect to the terminal server that has the
fewest sessions.
TS Session Broker Load Balancing sets a limit of 16 for the maximum number of pending logon
requests to a particular terminal server. This helps to prevent the scenario where a single server
is overwhelmed by new logon requests; for example, if you add a new server to the farm, or if you
enable user logons on a server where they were previously denied.
The TS Session Broker Load Balancing feature also enables you to assign a relative weight value
to each server. By assigning a relative weight value, you can help to distribute the load between
more powerful and less powerful servers in the farm. For more information, see Configure TS
Session Broker settings by using Terminal Services Configuration.

4
Additionally, a new "server draining" mechanism is provided that enables you to prevent new
users from logging on to a terminal server that is scheduled to be taken down for maintenance.
This mechanism provides for the ability to take a server offline without disrupting the user
experience. If new logons are denied on a terminal server in the farm, TS Session Broker will
allow users with existing sessions to reconnect, but will redirect new users to terminal servers that
are configured to allow new logons. For more information, see Deny logons to a terminal server in
a load-balanced farm.
You can enable TS Session Broker Load Balancing through Terminal Services Configuration,
Group Policy, or Windows Management Instrumentation (WMI). If you are using DNS round robin
to distribute initial connections, you must also configure DNS entries for each terminal server in
the farm.

Note
While any load-balancing mechanism can be used to distribute the initial connections,
DNS round robin is the easiest mechanism to deploy. Deploying TS Session Broker Load
Balancing with a network level load-balancing solution such as Network Load Balancing
(NLB) or a hardware load balancer avoids the limitations of DNS, while still taking
advantage of TS Session Broker session-based load balancing, the per server limit on
the number of pending logon requests, and the new "server draining" feature. The
limitations of DNS round robin include the caching of DNS requests on the client, which
can result in clients using the same IP address for each initial connection request, and
the potential for a 30-second timeout delay if a user is redirected to a terminal server that
is offline, but still listed in DNS.

About using DNS round robin

To configure DNS round robin, you must create a host resource record for each terminal server in
the farm that maps to the terminal server farm name in DNS. (The farm name is the virtual name
that clients will use to connect to the terminal server farm.) DNS uses round robin to rotate the
order of the resource records that are returned to the client. This functionality helps to distribute
initial connections across servers in the farm. The initial connection behavior is as follows:
1. An incoming Terminal Services client queries DNS and receives a list of IP addresses
for the farm.
2. The client tries to connect to the first IP address in the list that was returned by DNS.
If the connection fails, the client will automatically try to connect to the next IP address (after
a 30-second timeout delay). This provides a degree of fault tolerance if one of the terminal
servers is unavailable.

Note
For information about how to configure dedicated redirectors that redirect user sessions
but do not accept user logons, see Configure dedicated redirectors (optional).

5
TS Session Broker Load Balancing system
requirements
To participate in TS Session Broker Load Balancing, the following system requirements apply:
• The TS Session Broker server and the terminal servers in the farm must be running
Windows Server 2008. TS Session Broker is available in the Windows Server 2008
Standard operating system, as well as the Windows Server 2008 Enterprise and
Windows Server 2008 Datacenter operating systems.

Note
Windows Server 2003-based terminal servers cannot use the TS Session Broker
Load Balancing feature.
• You must configure all terminal servers in the load-balanced farm identically, with the
same available programs.
• For clients to use TS Session Broker Load Balancing, they must be running Remote
Desktop Connection (RDC) version 5.2 or later.

Checklist: Deploying TS Session Broker Load

Balancing
To deploy TS Session Broker Load Balancing, you must complete the following tasks.

Note
This step-by-step guide describes how to configure TS Session Broker Load Balancing
by using DNS round robin to distribute the initial connections. If you prefer, you can use
NLB or a hardware load balancer to spread the initial connection and authentication load
between multiple terminal servers in the farm.

Task Reference

Install the TS Session Broker role service on Install the TS Session Broker role service
the server that you want to use to track user
sessions for a farm.

Add the terminal servers in the farm to the Add each terminal server in the farm to the
Session Directory Computers local group on Session Directory Computers local group
the TS Session Broker server.

Configure the terminal servers in the farm to Configure TS Session Broker settings for
join a farm in TS Session Broker, and to terminal servers in the farm
participate in TS Session Broker Load
Balancing.

Configure DNS round robin entries for terminal Configure DNS for TS Session Broker Load
servers in the farm. Balancing

6
Install the TS Session Broker role service
You must install the TS Session Broker role service on the server that you want to use to track
user session information for a load-balanced terminal server farm. You can use a single
TS Session Broker server to track user sessions across multiple farms, as there is minimal
performance overhead.
The Windows Server 2008-based server where you install the TS Session Broker role service
does not have to be a terminal server or have Remote Desktop enabled. It is considered a best
practice to install the TS Session Broker role service on a back-end infrastructure server, such as
a file server. If you install the role service on a server that is not a terminal server, the Terminal
Services Session Broker service will not be affected when you need to perform maintenance on
terminal servers in the farm.
When you install the TS Session Broker role service, the following changes occur on the local
computer:
• The Terminal Services Session Broker service is installed. By default, the service is
set to Started and to Automatic.
• The Session Directory Computers local group is created.

Installation prerequisites
The server where you install TS Session Broker must be a member of a domain.

Note
If you install the TS Session Broker role service on a domain controller, the Session
Directory Computers group will be a domain local group and will be available on all
domain controllers.

Installation procedure
Membership in the local Administrators group is the minimum required to complete this
procedure.

To install TS Session Broker

1. Open Server Manager. To open Server Manager, click Start, point to
Administrative Tools, and then click Server Manager.
2. If the Terminal Services role is already installed:
a. Under Roles Summary, click Terminal Services.
b. Under Role Services, click Add Role Services.
c. On the Select Role Services page, select the TS Session Broker
check box, and then click Next.
If the Terminal Services role is not already installed:

7
 a. Under Roles Summary, click Add Roles.
b. On the Before You Begin page of the Add Roles Wizard, click Next.
c. On the Select Server Roles page, select the Terminal Services check
box, and then click Next.
d. Review the Terminal Services page, and then click Next.
e. On the Select Role Services page, select the TS Session Broker
check box, and then click Next.
3. On the Confirm Installation Selections page, click Install.
4. On the Installation Results page, confirm that the installation succeeded, and
then click Close.

Add each terminal server in the farm to the

Session Directory Computers local group
For terminal servers to use TS Session Broker, you must add the computer account for each
terminal server in the farm to the Session Directory Computers local group on the TS Session
Broker server.
Membership in the local Administrators group is the minimum required to complete this
procedure.

Important
You must perform this procedure on the server where you installed the TS Session
Broker role service.

To add terminal servers to the Session Directory Computers local group

1. On the TS Session Broker server, click Start, point to Administrative Tools, and
then click Computer Management.
2. In the left pane, expand Local Users and Groups, and then click Groups.
3. In the right pane, right-click the Session Directory Computers group, and then
click Properties.
4. Click Add.
5. In the Select Users, Computers or Groups dialog box, click Object Types.
6. Select the Computers check box, and then click OK.
7. Locate and then add the computer account for each terminal server that you
want to add.
8. When you are finished, click OK.

8
Configure TS Session Broker settings for terminal
servers in the farm
You can configure a terminal server to join a farm in TS Session Broker and to participate in
TS Session Broker Load Balancing by using Group Policy or the Terminal Services Configuration
tool. However, you must use Terminal Services Configuration to configure the following settings:
• The IP addresses to be used for reconnection.
• The relative weight of the server when using TS Session Broker Load Balancing.
For information about how to configure the settings by using Group Policy, see Configure TS
Session Broker settings by using Group Policy. Configuring the settings by using Group Policy is
a recommended best practice.
For information about how to configure the settings by using Terminal Services Configuration, see
Configure TS Session Broker settings by using Terminal Services Configuration.

Important
Group Policy settings take precedence over configuration settings in the Terminal
Services Configuration snap-in and those that are made by using the Terminal Services
WMI provider.

Configure TS Session Broker settings by using Group Policy

To assign TS Session Broker settings through Group Policy, it is a best practice to group the
terminal servers that are in the same terminal server farm into a single organizational unit (OU) in
Active Directory Domain Services (AD DS). Then, configure the TS Session Broker settings in a
Group Policy object (GPO) that applies to the OU.

Note
For the TS Session Broker settings to be effective on a server, the server must have the
Terminal Server role service installed.
The following procedure describes how to configure TS Session Broker Group Policy settings by
using the Group Policy Management Console (GPMC) on a Windows Server 2008-based domain
controller.
To change Group Policy settings for a domain or an OU, you must be logged on as a member of
the Domain Admins, Enterprise Admins, or the Group Policy Creator Owners group, or have
been delegated the appropriate control over Group Policy to complete this procedure.

To apply TS Session Broker settings to an Active Directory OU

1. To start the GPMC, click Start, point to Administrative Tools, and then click
Group Policy Management.
2. In the left pane, locate the OU that contains the terminal servers.
3. To modify an existing GPO for the OU, expand the OU, and then click the GPO.
To create a new GPO, follow these steps:

9
 a. Right-click the OU, and then click Create a GPO in this domain, and
link it here.
b. In the Name box, type a name for the GPO, and then click OK.
c. In the left pane, click the new GPO.
4. In the right pane, click the Settings tab.
5. Right-click Computer Configuration, and then click Edit.
6. In the left pane, under Computer Configuration, expand Administrative
Templates, Windows Components, Terminal Services, Terminal Server, and then
click TS Session Broker.
7. In the right pane, double-click the Join TS Session Broker policy setting, click
Enabled, and then click OK.
8. Double-click the Configure TS Session Broker farm name policy setting, and
then do the following:
a. Click Enabled.
b. In the TS Session Broker farm name box, type the name of the farm in
TS Session Broker that you want to join, and then click OK.

Important
TS Session Broker uses a farm name to determine which servers are in the
same terminal server farm. You must use the same farm name for all servers
that are in the same load-balanced terminal server farm. Although the farm
name in TS Session Broker does not have to be registered in AD DS, it is
recommended that you use the same name that you will use in DNS for the
terminal server farm. (The terminal server farm name in DNS represents the
virtual name that clients will use to connect to the terminal server farm.) If
you type a new farm name, a new farm is created in TS Session Broker and
the server is joined to the farm. If you type an existing farm name, the server
joins the existing farm in TS Session Broker.
9. Double-click the Configure TS Session Broker server name policy setting, and
then do the following:
a. Click Enabled.
b. In the TS Session Broker server name box, type the name of the
server where you installed the TS Session Broker role service, and then click
OK.
10. Double-click the Use TS Session Broker load balancing policy setting, click
Enabled, and then click OK.
11. Optionally, if you are using a hardware load balancer that supports token
redirection, double-click Use IP Address Redirection and configure the setting. See
the Group Policy Explain text for more information.

10
 Note
To configure TS Session Broker settings by using local Group Policy, use the Local Group
Policy Editor. To start the Local Group Policy Editor, click Start, click Run, type
gpedit.msc, and then click OK. To configure local Group Policy settings, you must be a
member of the Administrators group on the local computer or you must have been
delegated the appropriate authority.

Configure TS Session Broker settings by using Terminal

Services Configuration
You can configure a terminal server to join a farm in TS Session Broker and to participate in
TS Session Broker Load Balancing by using Terminal Services Configuration.

Note
The following steps are only applicable if the Terminal Server role service is installed.
Membership in the local Administrators group is the minimum required to complete this
procedure.

To configure TS Session Broker settings by using Terminal Services Configuration

1. Start Terminal Services Configuration. To do this, click Start, point to
Administrative Tools, point to Terminal Services, and then click Terminal
Services Configuration.
2. In the Edit settings area, under TS Session Broker, double-click Member of
farm in TS Session Broker.
3. On the TS Session Broker tab, click to select the Join a farm in TS Session
Broker check box.
4. In the TS Session Broker server name or IP address box, type the name or
the IP address of the TS Session Broker server.

Note
The TS Session Broker server is the server where you installed the TS Session
Broker role service.
5. In the Farm name in TS Session Broker box, type the name of the farm that
you want to join in TS Session Broker.

Important
TS Session Broker uses a farm name to determine which servers are in the
same terminal server farm. You must use the same farm name for all servers that
are in the same load-balanced terminal server farm. Although the farm name in
TS Session Broker does not have to be registered in AD DS, it is recommended
that you use the same name that you will use in DNS for the terminal server
farm. (The terminal server farm name in DNS represents the virtual name that
clients will use to connect to the terminal server farm.) If you type a new farm
name, a new farm is created in TS Session Broker and the server is joined to the
11
 farm. If you type an existing farm name, the server joins the existing farm in
TS Session Broker.
6. To participate in TS Session Broker Load Balancing, select the Participate in
Session Broker Load-Balancing check box.
7. Optionally, in the Relative weight of this server in the farm box, modify the
server weight. By default, the value is 100. The server weight is relative. Therefore, if
you assign one server a value of 100, and one a value of 200, the server with a
relative weight of 200 will receive twice the number of sessions.
8. Verify that you want to use IP address redirection. By default, the Use IP
address redirection (recommended) setting is enabled. If you clear the check box,
the server switches to token redirection mode.
9. In the Select IP addresses to be used for reconnection box, click to select the
check box next to each IP address that you want to use. When you select the IP
addresses to use, consider the following:
• Only the first selected IPv4 address will be used by clients that are
running RDC 5.2 and earlier.
• Using IPv6 addresses is not recommended if the terminal server farm
contains servers that are running Windows Server 2003.
10. When you are finished, click OK.

Configure DNS for TS Session Broker Load

Balancing
To configure DNS round robin for TS Session Broker Load Balancing, you must map the IP
address of each terminal server in the farm to the terminal server farm name in DNS.
The following procedure provides the steps to configure DNS on a Windows Server 2008-based
domain controller.
You must be a member of the Domain Admins, Enterprise Admins, or the DnsAdmins group
to complete this procedure.

To add DNS entries for each terminal server in the farm

1. Click Start, point to Administrative Tools, and then click DNS.
2. Expand the server name, expand Forward Lookup Zones, expand the domain
name, and then click the appropriate zone.
3. Right-click the zone, and then click New Host (A or AAAA).
4. In the Name (uses parent domain name if blank) box, type the terminal server
farm name.
The farm name is the virtual name that clients will use to connect to the terminal server
farm. For management purposes, it is recommended that you use the same farm name
that you specified when you configured the terminal servers to join a farm in TS Session

12
 Broker.

Important
Do not use the name of an existing server for the farm name.
5. In the IP address box, type the IP address of a terminal server in the farm.
6. Click Add Host, and then click OK when you receive the message that the host
record was successfully created.
7. Repeat steps four through six for each terminal server in the farm. For each DNS
entry, ensure that you specify the same farm name in the Name (uses parent
domain name if blank) box. For example, if you have three terminal servers in a
farm named FARM1, with IP addresses of 192.168.1.20, 192.168.1.21, and
192.168.1.22, the entries would look similar to the following:
Farm1 Host(A) 192.168.1.20
Farm1 Host(A) 192.168.1.21
Farm1 Host(A) 192.168.1.22
8. When you are finished, click Done.

Additional information
Configure dedicated redirectors (optional)
When you register the IP address of each terminal server in the farm to a single terminal server
farm name in DNS, incoming Terminal Services clients will try to connect to the first IP address for
the farm name that is returned by DNS. The terminal server that receives this initial connection
request acts as the redirector.
To increase session redirection performance in a large terminal server farm, you can configure
terminal servers to be dedicated redirectors. These servers will process incoming requests, but
will not accept user sessions. To configure dedicated redirectors, you must do the following:
1. Create DNS round robin entries for the terminal servers that you want to use as
dedicated redirectors. When you do so, you must map the IP address of each terminal
server that you are using as a dedicated redirector to the terminal server farm name in
DNS. (The farm name is the virtual name that clients will use to connect to the terminal
server farm.) The farm name must not match an existing server name in AD DS.
2. Configure the servers to deny new user logons. For more information about how to
deny new user logons, see Deny logons to a terminal server in a load-balanced farm.
Because these dedicated redirectors have no user sessions, they do not require roaming profiles
or any installed programs. This enables a faster logon experience, and makes the server easier
to manage and more reliable.

13
Deny logons to a terminal server in a load-balanced farm
In Windows Server 2008, you can configure a terminal server to deny logon requests from new
users. With the ability to deny logons from new users to specific servers in a farm, you can
maintain your terminal server environment without disrupting end-user service. If you configure a
terminal server to deny new logons, the following behavior occurs:
• Users with existing sessions can still reconnect to the server. Only new logons to that
server are denied. However, an administrator can still log on to the server locally to
perform maintenance on the server.

Note
An administrator can also connect remotely by starting the RDC client from the
command line with the /admin option (mstsc /admin).
• If you are using TS Session Broker Load Balancing, TS Session Broker will redirect
new users to other servers in the farm, where new user logons are enabled.
Before you take a server down for maintenance, you can notify users with existing sessions to log
off from the server by using Terminal Services Manager to send a message.

To deny new user logons

1. Click Start, point to Administrative Tools, point to Terminal Services, and then
click Terminal Services Configuration.
2. In the Edit settings area, double-click User logon mode under General.
3. On the General tab, click either of the following:
• Allow reconnections, but prevent new logons
• Allow reconnections, but prevent new logons until the server is
restarted
4. Click OK.
When you are finished doing maintenance, ensure that Allow all connections is
selected.

Additional references
• For information about how to configure a load-balanced terminal server farm by using
TS Session Broker and NLB, see the Step-by-Step Guide for Configuring Network Load
Balancing with Terminal Services: Windows Server 2008
(http://go.microsoft.com/fwlink/?LinkID=80406).
• For information about Terminal Services Session Directory in Windows Server 2003,
see Session Directory and Load Balancing Using Terminal Server
(http://go.microsoft.com/fwlink/?LinkID=80740).

14