I can say it's kind strange behaviour. I've got approximately the same configuration and it works just fine. Just a hint to think about.
The way RDP works in Azure is: there is one public ip or yourapplication.cloudapp.net endpoint. All your instances are behind the load balancer. So that to be able to RDP any of your instances, there should be such rows in the serviceDefinition file.
<Imports>
<Import moduleName="RemoteAccess" />
<Import moduleName="RemoteForwarder" />
</Imports>
In your case those rows are under your webrole instance. That means, when you try to connect to yourapplication.cloudapp.net endpoint and RemoreForwarder forwards you to a specific instance based on the information which is stored in the RDP connection file. So that to check this. Go to the azure portal and download rdp connection file for your webrole instance and for your workerrole instance. Open those with notepad and see yourself: the same endpoint and a section which says to the remoteforwader to which instance to connect.
And one thing I forgot to tell you. If you want to connect to your instances manually(not using the RDP connection file from azure portal), means that you omit the instance cookie, most likely you will be connected to the one of your webrole instances, probably to instance 0.