Prerequisite Configuration
- Create a folder on the root directory of the SQL Server (“DB_path”) “if a local path is used” (on the SQL Server).
- Ensure that all RDS servers are added to the Server pool.
- Before deploying a RD Connection broker HA configuration, Please see the following post: Troubles with Removing RD Connection Broker High Availability
RDCB Security Group
Ensure both connection brokers are in the Connection broker security group.
Ensure that all RDCB Servers have the SQL Server Native Client Installed and configured.
DNS Configuration
Configure the DNS Round Robin using the IP address’s of the connection Brokers.
HA Deployment
Please note that the database folder will created on the SQL server if a local path is used, not on the connection broker.
Ensure that you have the correct SQL Native Client
SQL 2008 R2
If you are using SQL 2008 R2, you will need the following script.
DRIVER=SQL Server Native Client 10.0;SERVER=<name of SQL server>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=<name of database>
SQL 2012
If you are using SQL 20012, you will need the following script.
DRIVER=SQL Server Native Client 11.0;SERVER=<name of SQL server>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=<name of database>
Once the install is complete, the Certificates for SSO and publication will need to be changed to the HA DNS name.
You can change the active Connection broker under tasks> Set active RD Connection Broker server.
Changing the RDCB HA DNS Alias
Post installation:
If you want to change the DNS name, you would need to run the following command as this can only be done in PowerShell.
Set-RDClientAccessName -ConnectionBroker <ACTIVE MANAGEMENT SERVER NAME> -ClientAccessName <NEW DNS RR NAME>
You cannot edit this in the GUI.
Configuring RD Gateway for RDCB HA
Once you have configured HA you will need to create a CAP and RAP for the HA configuration.
Add both connection brokers and the HA DNS Name.
Restart all RDS Servers once the configuration is complete.
Summary:
- Step 1 – Create Active Directory Group for Connection Brokers (Domain\”Connection Broker AD User Group”) Add Both Connection Broker 01/02/”03 in RDS2016″)
- Step 2 – Add the Connection broker group to the SQL Instance used for the RDCB DB – (Security/Logins/add-account) grant
- Step 3 – Add SQL permissions for the user Group ((Domain\”Connection Broker AD User Group”) dbcreator for the SQL Instance
- Step 4 – Install the SQL Native Client (ODBC-64 bit) on Connection Broker 01 and configure the SQL instance using (integrated Windows Authentication)
- Step 5 – Run the RDCB HA wizard – Dedicated instance option, HA Name: “HAname.domain” – use the following string: DRIVER=SQL Server Native Client 11.0;SERVER=”SQL_Instance_name”; Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=”Database Name”
- Step 6 – Add the SQL DB path “Drive:\DB_path”
- Step 7 – Complete the Wizard
- Step 8 – On the SQL Instance add dbo permission for the security group ((Domain\”Connection Broker AD User Group”) to the new database (Database Name)
- Step 9 – Run the HA wizard on the RDMS console for the Second Connection broker.
- Step 10 – reboot both connection brokers and test.
- Step 11 – open the RDCB Database and run the script SELECT TOP 10 [Id] ,[Name],[LatestTimeStamp] FROM [“DB_name”].[rds].[ConnectionBroker] to confirm the Connection Brokers are communicating with the SQL Instance. the timestamp should update every 30 seconds (estimate)
SQL Native client link: https://www.microsoft.com/en-gb/download/details.aspx?id=36434
Ryan Mangan's IT Blog 
Hi Ryan ,
Your blog is really helpful
I am in situation where we need to disable/remove RD Connections Broker high availability feature from RDS 2012 deployment I am able to remove 2nd RD Connection broker Server from RDS management but still RD connection broker is in (High Availability Mode) .
Please guide me that how to remove connection broker high Availability mode ?
Looking for your positive response .
Rgards
Tahir Shabbir
Hi Tahir,
Once you configure RD Connection Broker High Availability you cannot revert back to a local windows DB ( SQL instance). You would need to decommission the whole deployment and start from scratch. This is the best to my knowledge at the time of writing this reply.
Best Regards,
Hi Ryan,
Thanks for the information. I have question for certificates
I have wild card certificate for *.Externaldomain.com (Digicert.com) which is applied to RDSWEB and RDSGW role. With Subject alternative names
Please mention that how to create certificate for domain.local certificates for RDCB and RDCB SSO .
Should we need to purchase domain.local certificates from CA or we can create localy ?
I cant understand domain.local certificates .
Please help in this regard
Regards
Tahir
Hi Ryan ,
Now i converted RDSCB from HA to plain . Please explain how i can change RDCB host name as we can do HA mode . I tried above mentioned command for changing CB DNS Alias name but it gave error that CB setup is not in HA mode .
I want external.domain.com for Conn Broker insted of cb1.domain.local name ?
Please help in this regard.
Thanks.
Hi,
Please can you confirm what you are trying to achieve as your previous message was unclear.
Best regards,
Hi ,
Actually ,I have RDS session based deployment. I want to change host-name of rdscb.domain.local to rdscb.domain.com for external clients .
I was able to change it in RDS Connection broker HA mode ,
Set-RDClientAccessName -ConnectionBroker -ClientAccessName
But this command is not working for RDSCB (Simple Mode/ Not HA mode)
Regards
Hi,
Is the connection broker also the rdsh server? . You would need to create a new A record in your dns pointing to the external name.
You would not need to use the powershell Cmd for the rdcb ha as it’s not a ha configuration .
Best Regards,
No RDSCB and RDSH are seprate
My Setup details are as
DC 2012 (1 node -Physical Server)
RDSGW + RDSWeb (1 VM)
RDSCB1 (1 VM’s)
RDSH1+RDSH2+ RDSH3 (3 VM’s )
I applied SAN / star *.extdomain.com certificates . But when accessing Remote App pop up a certificate dialog with Connect & Cancel option ,
It Shows
Publisher:*.externaldomain.com
Type: Remote App programs
Path:mspaint
Name:paint
Remote Computer: rdscb1.domain.local
GW Server:rdweb.externaldomain.com
I want to change remote computer as rdsfarm.externaldomain.com
Regards
Tahir
Please see the following link: http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/67dfab70-7e10-4e0b-a3c8-63ce776f2355/
Best Regards,
Please see the following Link: http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/e93ca955-3a6e-490c-8e69-b516c436aef1
Hello Ryan thanks for sharing the knowledge!Specially the last two links! I spent a day trying to publish remote apps in 2012 with public certificates.Although I won’t be able to implement it because the company that I’m working with will not purchase a SAN certificate with local and public addresses without any official MS statement about this and knowing that the local addresses on SAN certificates will be unsupported on a near future.
Hi, what clients are going to be accessing RDS ? You could try and deploy certificates to the clients. You could also configure a split brain DNS but the downside of this would be you would need to manage two sets of DNS records.
Best Regards.
I have setup RDCB in HA but when Broker2 is offline I cannot connect to a session. It will work if Broker 1 is offline. Is there a setting in the collection settings needed?
I have been doing this as a test for our live environment. Will all of the collections need changes or recreating?
can both connection brokers connect to the SQL server. if everything is configured correctly you should be able to switch between the two.
I really appreciate your post, it’s the best information I’ve found on setting up HA on the broker server.
I believe I’ve got all the prereqs setup properly, but I’m getting “The database specified in the database connection string is not available from the RD Connection Broker server RDbroker1.mydomain.com. Ensure the SQL server is available on the network, the SQL Server Native Client is installed on the RD Connection Broker server, and the RD Connection Broker has write permissions to the database.”
– I can telnet to my SQL server on 1433 (confirmed SQL listening port)
-I created a group and added my broker servers to it and gave it DBcreator on the SQL server (also tried creating a DB and giving it DBOwner to it).
-confirmed proper version of SQL native client is installed (created system DSN and confirmed a successful test to the RDbroker DB I manually created – this should rule out a lot of other potential issues)
Still get that error every time…This is 2012 R2 not sure if there are any differences, can’t find any documentation specific to 2012 R2.
What happens when you add sysadmin ?
Found the problem, I did all of this within the span of about an hour and I didn’t reboot the RDBroker server after adding it to the group I gave the SQL permissions to, so the computer token didn’t include that group…tried again after a reboot and voila.
Great Article. Any recommendations on sizing of SQL server, specifically disk space? I’m having a hard time finding documentation .
The database is quite small so you 40gb should be fine. for a medium sized organisation.
When moveing from single-CB to HA-CB is it possible to migrate the localdb to shared sql db to keep all current CBconfig in tact ?
Is it a windows internal database, or are you using SQL for the single RDCB Server. There is no reason why you could not add the DB to a shared SQL instance. The connection broker configuration would not change it will just be simply migrated from the internal to a SQL box or if your moving from SQL to SQL you can do a full restore including transaction logs which would provide a exact copy.
Now its a windows internal database. And I want to move over to shared mssql.
Rds takes care of this for you
Ryan excelent article. I have a problem.I had configured RD Connection Broker HA with two RDCB (RDCB1 and RDCB2) and the fail over work fine. But the RDCB does not redirect the RD Client to the RDSessionHost (RDSH) that have the user ´s Disconnected Session. If RR DNS Alias indicate the IP of the RDSH1, then the clien is redirected to RDHS1 in spite of redirect to RDHS2 where the user has their ssesion opened so we have two user session, one at each server RDSH. Sorry for my English language. I hope you can help me.
how have you configured your session collection. are both servers in the same session collection ?
Ryan, great article. I am configuring an RDS Farm with RDCB HA. I have RDCB1 and RDCB2 and the fail over works fine but i can not do the Connection Brokers Servers redirect the users to the server that have their open session.
RDCB1 y RDCB2 act as RDSH servers in the farm too. So the RDCB that attend the request redirect the user to the RDSH running on itself.
If the RR DNS alias redirect to RDCB1 and the session was opened at RDSH2, the RDCB1 redirect the user to RDSH1, not to the RDSH2.
I’m not sure what you are asking. Please can you provide more detail.
HI Ryan, i have an RDS 2008 deployment that consist of 1 broker and 13 session hosts and would like HA. can i just rebuild the brokers in 2012 and re-deploy?
What are you wanting to do. HA Session Host or HA everything. if you just want session hosts then i would recommend using one connection broker for the RDMS Management console and load balance all sessions using a layer 7 Load balancer. I would also recommend disabling the Connection broker load balancing. so that the load balancer can manage connections. The Connection broker will only manage reconnects in the type of setup
Great article. I have a small query. I have 2012 R2 HA RDS environment with 4 connection brokers. We removed 2 brokers from Deployment overview (Remove RD Connection Broker Server) but the powershell command: Get-RDConnectionBrokerHighAvailability, still shows all four. How can i get rid of other two brokers ?
Have you tried removing them using Powershell ?
Great article Ryan. I am going to tackle setting up a test HACB setup this week for a client. However, they don’t want to spend the money on a wildcard certificate. Is it possible to make the local round robin DNS record for the HACBs the same as the external FQDN? ie http://www.mydomain.com That way I can use a single certificate for the gateway, connection broker, and web access.
Thanks Alan. My Advice would be to spend the money as you will be making things more complicated and more problematic. There are a number of External Certificate authorities that offer great Wild SSL prices
Hi, Ryan!
Great article!
Can you please help me with how can I get current CB server?
I mean, I have CB in HA mode, so I have 2 CD servers and 1 is a “main”, and in Deployment GUI I see that server and I need to point that server in every RDS PowerShell cmdlet when working from remote server.
So, my question is – how can I get current CB server? With which PowerShell cmdlet? Can I do it and how?
Thanks!
I have a working HA broker scenario with the SQL DB running on a third machine. That SQL server isn’t HA but just a simple SQL Express instance. I have a need to reboot that SQL server (it only hosts SQL for the connection broker HA) during the day. Is this possible or does it need to be done during off hours?
Great article Ryan. I’ve worked through it on 2012R2 and have a strange result; When I initiate a RDP connection to the round-robin hostname, I can only connect to the active connection broker, the session is never redirected to any of my session hosts. Any ideas what could cause this?
are you accessing this via a admin account ? also are you using RDWEB to connect to the collection
Hello Ryan,
You are awesome.. I design the entire RDS 2012 R2 Solution for my customer based on your articles. Thank you so much for that. Solution is working. I tested all the ways and everything looks good.
A small query though.
I have RD Connection Broker configured with High Availability (2 Servers), Server 1 is acting as Current Active Connection Broker Server. My question is, If by chance Server 1 goes down, Does the Second server becomes active automatically? (It should become active and starts accepting the User requests, That’s the purpose of High Availability rite). Correct me if I am wrong !…
Also, If second server does not become automatically, and my users cannot connect to RDS, then it will be a big mess. I need to achieve Fail over concept as well for RDCB. How do you recommend ?
Once again, Really appreciate for all you article.
Regards,
Akbar
Hello Ryan, I wonder if you may have some input on the following. I have a HA Connection Broker setup for RDS and we have changed the addressing scheme on the lan from a 192.168.1.x/24 to 192.168.26.x/24 subnet.
This has broken the RDS deployment and as far as I can tell id down to the fact I’m unable to change the Round Robin DNS record. For example the RR DNS Entry we have is rds.domainname.com and If I try and amend/delete/add a new record with the new IP Address of the servers I get a ‘The record cannot be updated. Refused. error. This is only related to the RR records.
Would you have any idea why this may be or a workaround?
Kind Regards,
Ben
OK, did you use -force ? With admin privileges. Try restarting the connections broker service and review the event logs to see if there are any errors pointing to the connection brokers. I am just guessing with out looking at it. The points above should help close in on the issue
Hi Ryan,
Thanks for the pointers.When I restart the connection brokers they restart without issue and all RDS services show as running.
If I try and connect to the farm I just get a Remote Gateway unavailable message. I can only assume this is to do with the Round Robin DNS entries. It won’t even allow me to delete these from DNS when running with Admin privileges. Is there some part of RDS that is locking these records ?
Regards
Ben
Hi Ryan
I am just in the process of planning an HA Connection Broker scenario. I am trying to figure out whether I need SQL CALs for every user going through the connection brokers? or do I just need to license the servers? I plan to have 2 SQL database servers to make sure this is HA as well.
Hi Thomas,
Apologies for missing this. How did you get on, is everything sorted.
Ryan
Hi Ryan,
Great article – but I’m just stuck on one piece.
When using DNS RR for the connection brokers, when a connection broker goes down, half the clients will continue to get an IP of a “down” connection broker. Does this mean we need some type of “proper” load balancer in front of the connection brokers like an F5 or Kemp ?
or is there something built into the RDP client to allow for that scenario ?
Hi Ben,
The challenge you will face is clearing DNS caches on clients. The way round this would be to use a Load Balancer like KEMP. VLM200 would do the trick. https://shop.systechitsolutions.co.uk/shop/loadmaster/kemp-vlm200/. Speak with these guys, https://www.systechitsolutions.co.uk/microsoft-vdi/ You would not need a large Load balancer for the connection brokers.
Hi Ryan, Just looking into updating my RDS deployment to 2019. Bit of a mix at the moment.My question is do Connection Brokers in an HA setup both process users or only the active management server. Just trying to understand how they work. My plan is:
With two CB servers in HA
1.remove dns rr record for CB02 (non active server)
2.remove role from CB02 (if i can drop to just one CB server in an HA setup?)
3.rebuild CB02 to 2019 and add back in as a CB server to HA (is sql native client still required with 2019?)
4. add dns rr record back for CB02
5. set CB02 to active management server
6. repeat 1. – 5. for CB01
Any thoughts please, I’m sure this is a task facing a lot of RDS admins
Still not sure how the CBs actually work, whether just the active one is used for connections and how the DNS rr is involved but the above process worked, now running 2019 CBs (License server had already been upgraded to 2019). Next job is Session Hosts.
It was fine, as expected, dropping to one CB in the HA and installed v11 SQL native client and all worked first time.