I'm getting the following error quite often when I use external DNS round robin to load balance between 2 SA6500 clusters at different sites:
"Juniper Terminal Services client session has timed out. Please log on to Secure Gateway again"
We're running 6.5R2 and using Brocade load balancers in front of the 6500s
After initial token authentication, you can begin to launch an RDP session, but then get the error.
Everything works just fine when using a single DNS reference pointing to the Brocade VIP at either site.
Can anyone help with this? Please advise.
Thanks .. dfry
check users public ip address in the logs and see if it is changing
Do you have sticky bit configured on load balancer? Its required while using DNS round robin.
If the connections are not stable, and TS session is trying to reconnect, user might be connecting to other node in cluster and not find a session there.
You'll need to remove the user from active users list in that case.
Please check and let us know.
Thanks for the responses. This problem was caused by a very short DNS TTL expiring, causing the client to do a lookup when initiating a Terminal Server session, and failing if it happened to get the "wrong" address, that is the other public address from a round-robin configuration. Looks like it comes down to a balance between length of TTL and failover speed to make global load-balancing work properly. Any suggestions in this area would be appreciated.