For others who come across this thread that have configured their security server(s) with 2 NICs (not recommended), just this week I was involved in troubleshooting the dreaded PCoIP black screen then disconnect issue for users connecting from the internet. This had been an intermittent issue for a very long time within a VDI at an Army datacenter on the East coast. After a good deal of troubleshooting, the realization was made that both security servers involved had been configured with 2 NICs (one external IP on DMZ and one internal IP) so the servers could be added to the domain and patch management could be handled just like with all of the internal servers. Unfortunately, the route priorities had not been configured on either security server so internal IP had priority over the external IP for the 0.0.0.0 routes. The internal IP was listed first and had a higher priority on both security servers which caused the black screen ~65 - 75% of the time. Of course, the firewall ports/rules were all configured to allow the PCoIP traffic over the external IP. Approximately 1 in 5 attempts the external IP route would be used and the user would not get the black screen. To get rid of the black screen, on both servers the external adapter was given a higher priority interface metric (lower number) than the internal adapter (Adapter settings -> TCP/IP properties -> Advanced -> Interface metric). Using the route command the internal IP route for 0.0.0.0 was also removed from the table. As soon as these changes were made no more black screens. Note: the decision was made by the responsible leadership to leave the servers dual-homed because of the red tape involved with managing a Windows server in a DMZ that is not part of the domain.
Bryan