I am currently building a farm of RDSH Computers running Windows 2008 R2. Due to auditing requirements I need to have traceability for any web browsing conducted on these systems. Our Web Filtering Service only logs and audits via the source IP address of the web request and therefore cannot differentiate between user sessions on the same computer by default.
I thought I could get arouind this by using IP Address Virtualization, but it isn't working as expected. The Remote Desktop Session Host successfully allocates the Virtual IPs to each user session as expected (I have the pools configured statically within the registry of each RDSH as I cannot put a DHCP Server on the LAN the User Session are presented over). However, when I check IE usage using TCPMon and our Web Filtering service, all traffic is using the statically-assigned IP Address of the User session NIC and not the assigned virtual IP.
OK, to help you all out and hopefully come to an answer, here's my configuration:
First and foremost, the RDSH are physical tin and I do not have any Teaming Software in use.
I have two interfaces on each RDSH: one for User Session connections and a back-end one onto the Data Centre LAN.
The Data Centre LAN has the DNS Server adresses added, but no Default Gateway and registers the host's DNS record.
The User Session Interface has the Default Gateway defined but no DNS servers, and it is this one that has IP Address Virtualization.
I'm using a Connection Broker and Load-balancing via DNS Round-Robin.
The network configuration is otherwise good and I'm getting excellent responses to all requests, considering I only have 1 Gb of network bandwidth to play with and I've load tested the system up to 100 connections so far. I need the second interface as I will have to use App-V on the systems; we have a broad swathe of end-user applications, some of which cannot co-exist on the same Operating System installation and I don't want to go down the road of Departmental RDSH silos.
I've tried the latest NIC Driver (and then the previous one) from the manufacturer as suggested in several other posts, and followed various recommendations. However, from what I can see on all the other posts, others appear to be getting the issue that a Virtual IP Address isn't being assigned. I'm getting the address assigned, it's just that IE isn't using it.
Does anyone have any ideas how to get around this?
Sorry, I should have added that I'm using per-program IP Address Virtualization and not per-session as I have multiple NICs