The current Web Access architecture does not work reliably if using a active-active (or load balancing) high availability setup for the ThinLinc Master. In some circumstances the authentication can fail for users.
The problem is that the authentication can involve multiple requests, and we assume that all of those requests will be handled by the same system. In a HA setup that might not be the case as every other request will be switched between the two master systems. The second request will then fail to find the PAM session and things will fail.
For most systems this is not an issue as a single request is sufficient. But a OTP setup, or a password change, can trigger this.