Free Fault Tolerant Load Balancing using Citrix NetScaler Express (Part 3) – Microsoft RD Web Access and RD Connection Broker

If you would like to read the other parts of this article series please go to:


In the first article of this article series I described the installation and configuration of a high available/fault tolerance free NetScaler VPX Express set-up. This set-up can be used to load balance all kind of services for free. In the second part I described how to load balance the Citrix StoreFront/Web Interface and Citrix XML Desktop Delivery Controller (XML) services.

Microsoft Remote Desktop Web Access

The first component we will set-up as fault tolerant load balancing infrastructure is the Microsoft Remote Desktop Web Access. This component is actually based on IIS, so we need to load balance this based on an HTTP/HTTPS protocol. The first step is to enter the service within the Citrix NetScaler configuration via Traffic Management – Load Balancing – Server under the Configuration tab. Choose the Add button. In the below image there are already servers available from my second article .

Figure 1: Adding Servers

Within the Create Server window we need to specify the server name and the corresponding IP address. Logically you need to redo this step for all the servers that will be part of the load balance group. For this article I will add two servers, VBN-SRV016 ( and VBN-SRV017 (

Figure 2: Create Server window

In another scenario we would set-up a monitor to check if the service is still responding. However the RD Web Access is just plain HTTP/HTTPS traffic. Within NetScaler these monitors are already available by default so we don’t need to create one and we can directly continue with creating the services. The services are created at Traffic Management – Load Balancing – Service again within the Configuration tab. Again use the Add button to set-up the service.

Figure 3: Create Services

Provide a logical name for the Service Name. I use RDWASRV_<<SERVERNAME>> as a naming convention. Because we already added the server ealier, we can select existing server and select the server in the drop-down box. Choose the corresponding protocol. As I used HTTP in the previous article, I will now use a secured connection. For HTTPS you select SSL_BRIDGE and the corresponding port (by default 443).

Figure 4: Basic Settings Load Balancing Service

After pressing OK the service is created. After that we are changing the monitor binding. Select the > symbol at the end of 1 Service to Load Balancing Monitor Binding.

Figure 5: Load Balance Service created, changing monitors

By default the tcp-default monitor is bind to a service, to change this default behavior choose Add Binding.

Figure 6: Service Load Balancing Monitor Binding

Click the > symbol at the Select Monitor option.

Figure 7: Selecting Monitor Binding

A list of available monitors will be shown. Select the monitor HTTPS.

Figure 8: Select https monitor

Leave the other settings default and choose the Bind button.

Figure 9: https monitor selected

Now the Load Balancing Service is fully configured. Repeat these steps for the other servers that will be part of the load balancing infrastructure.

Figure 10: https monitor selected

After the creation of the services, we are ready to set-up the actual virtual server which will be the access point of the RD Web Access users. To set-up the virtual server go to Configuration then Traffic Management – Load Balancing – Virtual Servers and start the process via the Add button.

Figure 11: Virtual Servers

Provide a name for the virtual server. Again you name it whatever you like, but a name that explains the functionality makes sense over time. Select  protocol SSL_BRIDGE as Protocol and IP Address as IP Address type. Next you need to enter the IP address for the virtual server, followed by providing the port number the virtual server will be accessed.

Figure 12: Create Virtual Server

When the OK button is pressed, the virtual server will be created. After, the creation services should be assigned to this virtual server. Choose the > symbol after No Load Balancing Virtual Service Binding.

Figure 13: Add services after virtual server creation

Press the > symbol at Select Service to add services to the virtual server.

Figure 14: Select Service Binding

A list of configure services is shown. Pick the services you have just configured for this virtual server. In my case these are VBN-SRV016 and VBN-SRV017.

Figure 15: Select the required services

The services are now selected and can be connect to the virtual server using the Bind button.

Figure 16: Service Binding selected

After binding the services persistance is automatically configured on SSLSESSION. If required you can change the persistance setting using the pencil icon, but this is optional.

Figure 17: Virtual Server configuration finished

The last step is to create a DNS record to the Virtual Server IP address. For this article I created this for internal access, so I can add it to my local DNS.

Figure 18: Creating DNS record for the virtual server

Microsoft Remote Desktop Connection Broker

Another component within the Remote Desktop infrastructure that is a real good candidate for load balancing through the free NetScaler Express edition is the Remote Desktop Connection Broker. In this paragraph I will describe the steps to set-up a load balanced RD Connection Broker via the NetScaler VPX Express.

The first step is to add the servers running the RD Connection Broker role into the NetScaler configuration. For this article I’m using the same servers as I used for the RD Web Access set-up, so I can skip this step. See the RD Web Access steps on how to add a server in the NetScaler Express via Traffic Management – Load Balancing – Servers under Configuration.

Unfortunately there is no special monitor available within the NetScaler for monitoring the RD Connection Broker component. The NetScaler has a specific RDP script available, but that is only functioning for machines that are hosting the RD Session Host.

Figure 19: RDP monitoring available within the NetScaler, but cannot be used for the RD Connection Broker

So we can skip the monitor part for this component and directly start creating the services for the RD Connection Broker role. Go to Traffic Management – Load Balancing – Services within Configuration followed by the Add button.

Figure 20: Load Balancing – Services

Provide a logical name for the service. I’m using the convention RDCBSRV_<<SERVERNAME>>, but you can fill in whatever you need. As we already added the servers earlier we now can choose the existing server option and select the corresponding server. Next select RDP as the protocol with port 3389.

Figure 21: Add Load Balancing Service

When the service is created we normally add a specific monitor, but as just mentioned there is no monitor available. The only option available is using the default tcp-default monitor, which checks that port 3389 is responding. Repeat this step for the other servers hosting the RD Connection Broker role.

Figure 22: No specific monitor needs to be added

After pressing the Done button the service is fully created and is available for the next step – creating the virtual server.

Figure 23: Services created

Creating the Virtual Server is done via Traffic Management – Load Balancing – Virtual Servers again within the Configuration tab.

Figure 24: Creating Virtual Servers

Creating the Virtual Server starts with providing a name for the virtual server. This name is just for administrative purposes, so fill in a logical name. Secondly the protocol needs to be set to RDP and use IP address as IP Address type. Fill in the IP address the virtual server will be accessed to. At last check if the port number is port 3389.

Figure 25: Create Load Balancing Virtual Server

After the basic settings we need to assign the corresponding services to the virtual server. Choose the > symbol at No Load Balancing Virtual Service Binding.

Figure 26: Basic Settings Virtual Server, add services

The Service Binding window will open. Select the > symbol to select the services.

Figure 27: Select Service

Select the services that are hosting the role.

Figure 28: Select the services

The services are now selected and available to bind to the virtual server.

Figure 29: Services to bind to the virtual server

After adding the services, we need to use the OK button to continue with the next step.

Figure 30: Service binded, press OK for the next step

After pressing OK the Traffic Settings appear, just accept the default values by pressing Done.

Figure 31: Traffic Settings are set

After some time the Virtual Server will be changed to green and is load balancing service available.

Figure 32: Virtual Server is up and running

To make sure that settings are retained when a NetScaler is reboot, don’t forget to save your configuration using the floppy disk icon.

Figure 33: Saving the configuration

The last step is to create a DNS record so the service can be reached on a FQDN. Choose a logical name and assign it to the IP address of the Virtual Server. Remember that this FQDN needs to be configured within the RD Connection Broker configuration, so use the same name you are already using (that will probably change the DNS records) or write down the FQDN and use this in the RDCB wizard.

Figure 34: Creating a DNS record

Remote Desktop Gateway

The last component that should be load balanced is the RD Gateway component. However for this component all communication will flow via the load balancer. While the NetScaler VPX Express is limited to 10 Mbit it’s not a good idea to use the free version of the NetScaler VPX Express for this functionality as you will run out of the bandwidth restrictions pretty quickly. However if you upgrade to official versions you can use the NetScaler to load balance the RD Gateway. For this article this component is not suitable, so I won’t go into details about this set-up.


In the first part I described the step to install and configure a Citrix NetScaler VPX Express, a high available and fault tolerant infrastructure. In the second part we described how to use the NetScaler infrastructure to load balance Citrix StoreFront/Web Interface and the Citrix Delivery Controller components. In this third and last article we built a load balance environment for Remote Desktop Web Access and Remote Desktop Connection Broker. The NetScaler VPX series offers lots of possibilities, where I showed some examples of configuration that can be arranged with the free VPX express edition.

If you would like to read the other parts of this article series please go to:

About The Author

6 thoughts on “Free Fault Tolerant Load Balancing using Citrix NetScaler Express (Part 3) – Microsoft RD Web Access and RD Connection Broker”

  1. Thank you so much for this article! I followed it and it was the simplest to configure compared to other tutorials where we had to create content switching servers and other policies.

    I basically got everything working perfectly except for two exceptions:

    1. I cannot get the RD Client on Android devices to connect!

    2. I also want to load balance on UDP 3391 since using UDP will provide the user with a faster and more smooth RDP experience. I have no idea how to accomplish this with the vServer set to SSL-Bridge mode.

    Any help is appreciated!


  2. Hi Wilco. This is a very helpful article. I have a question. It appears that our RDWeb service IIS access page is also running on our RD Broker servers (there are two of them). So would I just use the same backend servers for the both the RDWAS and RDCB load balancing services? Much appreciated.

    1. Hi Sang. Yes, you can use one Load Balancing rule for both services (as they both are on the same servers) or set-up two rules with the same back-end servers. The result will be the same.

  3. Please forgive me ahead of time. I am not familiar with RD Web Access. According to the instruction, there will be TWO virtual-servers/VIPs. One to RD Web and the other to RD Connection Broker. Is this correct?
    Our current setup today is as follow:
    – Our user is connecting to the RD Web Access to access their RDP session and Remote App
    – The URL is something like this https://FQDN/RDWeb
    What is the purpose of load-balancing the RD Connection Broker?
    We initially load-balanced only the RD Web Access portion using SSL and although we can access and login to the portal, user was not able to launch RDP or RemoteApp session.

  4. Your questions are a bit out of scope of this article. You would like to load balance the Connection Broker for high availability (if one server fails the other will take over) and load balancing in larger environments. I suggest you search for some basic articles about RDS to become familiar or search for a local expert to help you with the set-up.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top