Anyone using ZPA with Windows RDP Broker?

Wondering if anyone is using ZPA with Windows RDP Broker technology? (Load balancing RDP across servers) I can’t really find a lot of info on anyone setting this up.

I ask as regular RDP works fine in our environment, and even RDP brokering works fine from a Mac but not a Windows client. We’ve created some app segments fairly open for troubleshooting, including all network ports except DNS without success. (We still have a Wildcard app segment too)

If you have this working, any special tips?


For anyone else that comes across this thread, we figured out the issue. When connecting to an RDP Broker, the broker redirects by IP address to the final RDP destination. So in our defined app segments we had to include DNS and IP addresses for all servers that are brokers. This is unfortunate as it adds more overhead to maintaining IP lists as well. (This seems to be per Microsoft design)

I seem to remember Citrix did this as well by default. You had to reconfigure to make it use FQDN’s.

yep correct, in Citrix world by default they refer to IP addresses in their ‘.ica’ files.
As soon as you change the ica file to use FQDN instead it works fine.
Maybe there is s similar thing on RDP brokers?