Deploying RD Connection Broker High Availability in Windows Server 2012


Prerequisite Configuration

  • Create a folder on the root directory of the SQL Server (“DB_path”) “if a local path is used” (on the SQL Server).
  • Ensure that all RDS servers are added to the Server pool.
  • Before deploying a RD Connection broker HA configuration, Please see the following post: Troubles with Removing RD Connection Broker High Availability

RDCB Security Group

SQL RDS9

Ensure both connection brokers are in the Connection broker security group.

RD-HACB01

Ensure that all RDCB Servers have the SQL Server Native Client Installed and configured.

DNS Configuration

RD-HACB1

Configure the DNS Round Robin using the IP address’s of the connection Brokers.

HA Deployment

RD-HACB2

RD-HACB3 RD-HACB4 RD-HACB5

Please note that the database folder will created on the SQL server if a local path is used, not on the connection broker.

Ensure that you have the correct SQL Native Client

SQL 2008 R2

If you are using SQL 2008 R2, you will need the following script.

DRIVER=SQL Server Native Client 10.0;SERVER=<name of SQL server>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=<name of database>

SQL 2012

If you are using SQL 20012, you will need the following script.

DRIVER=SQL Server Native Client 11.0;SERVER=<name of SQL server>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=<name of database>

 

RD-HACB8

RD-HACB9

RD-HACB10

RD-HACB11

RD-HACB12 RD-HACB13

Once the install is complete, the Certificates for SSO and publication will need to be changed to the HA DNS name.

RD-HACB14

You can change the active Connection broker under tasks> Set active RD Connection Broker server.

RD-HACB15

Changing the RDCB HA DNS Alias

Post installation:

If you want to change the DNS name, you would need to run the following command as this can only be done in PowerShell.

Set-RDClientAccessName -ConnectionBroker <ACTIVE MANAGEMENT SERVER NAME> -ClientAccessName <NEW DNS RR NAME> 

You cannot edit this in the GUI.

RD-HACB16

Configuring RD Gateway for RDCB HA

Once you have configured HA you will need to create a CAP and RAP for the HA configuration.

RDHA1 RDHA2 RDHA3

RDHA4 RDHA5 RDHA6 RDHA7 RDHA8 RDHA9 RDHA10

Add both connection brokers and the HA DNS Name.

RDHA11 RDHA12 RDHA13

Restart all RDS Servers once the configuration is complete.

Summary:

  • Step 1 – Create Active Directory Group for Connection Brokers (Domain\”Connection Broker AD User Group”) Add Both Connection Broker 01/02/”03 in RDS2016″)
  • Step 2 – Add the Connection broker group to the SQL Instance used for the RDCB DB – (Security/Logins/add-account) grant
  • Step 3 – Add SQL permissions for the user Group ((Domain\”Connection Broker AD User Group”) dbcreator for the SQL Instance
  • Step 4 – Install the SQL Native Client (ODBC-64 bit) on Connection Broker 01 and configure the SQL instance using (integrated Windows Authentication)
  • Step 5 – Run the RDCB HA wizard – Dedicated instance option,  HA Name: “HAname.domain” –  use the following string: DRIVER=SQL Server Native Client 11.0;SERVER=”SQL_Instance_name”; Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=”Database Name”
  • Step 6 – Add the SQL DB path “Drive:\DB_path”
  • Step 7 – Complete the Wizard
  • Step 8 – On the SQL Instance add dbo permission for the security group ((Domain\”Connection Broker AD User Group”) to the new database (Database Name)
  • Step 9 – Run the HA wizard on the RDMS console for the Second Connection broker.
  • Step 10 – reboot both connection brokers and test.
  • Step 11 – open the RDCB Database and run the script SELECT TOP 10 [Id] ,[Name],[LatestTimeStamp] FROM [“DB_name”].[rds].[ConnectionBroker] to confirm the Connection Brokers are communicating with the SQL Instance. the timestamp should update every 30 seconds (estimate)

SQL Native client link: https://www.microsoft.com/en-gb/download/details.aspx?id=36434

 

43 thoughts on “Deploying RD Connection Broker High Availability in Windows Server 2012

  1. Hi Ryan ,

    Your blog is really helpful

    I am in situation where we need to disable/remove RD Connections Broker high availability feature from RDS 2012 deployment I am able to remove 2nd RD Connection broker Server from RDS management but still RD connection broker is in (High Availability Mode) .

    Please guide me that how to remove connection broker high Availability mode ?
    Looking for your positive response .

    Rgards
    Tahir Shabbir

    1. Hi Tahir,

      Once you configure RD Connection Broker High Availability you cannot revert back to a local windows DB ( SQL instance). You would need to decommission the whole deployment and start from scratch. This is the best to my knowledge at the time of writing this reply.

      Best Regards,

      1. Hi Ryan,

        Thanks for the information. I have question for certificates

        I have wild card certificate for *.Externaldomain.com (Digicert.com) which is applied to RDSWEB and RDSGW role. With Subject alternative names

        Please mention that how to create certificate for domain.local certificates for RDCB and RDCB SSO .

        Should we need to purchase domain.local certificates from CA or we can create localy ?
        I cant understand domain.local certificates .

        Please help in this regard

        Regards
        Tahir

      2. Hi Ryan ,

        Now i converted RDSCB from HA to plain . Please explain how i can change RDCB host name as we can do HA mode . I tried above mentioned command for changing CB DNS Alias name but it gave error that CB setup is not in HA mode .

        I want external.domain.com for Conn Broker insted of cb1.domain.local name ?

        Please help in this regard.
        Thanks.

  2. Hi ,
    Actually ,I have RDS session based deployment. I want to change host-name of rdscb.domain.local to rdscb.domain.com for external clients .

    I was able to change it in RDS Connection broker HA mode ,
    Set-RDClientAccessName -ConnectionBroker -ClientAccessName

    But this command is not working for RDSCB (Simple Mode/ Not HA mode)

    Regards

    1. Hi,

      Is the connection broker also the rdsh server? . You would need to create a new A record in your dns pointing to the external name.

      You would not need to use the powershell Cmd for the rdcb ha as it’s not a ha configuration .

      Best Regards,

  3. No RDSCB and RDSH are seprate

    My Setup details are as

    DC 2012 (1 node -Physical Server)
    RDSGW + RDSWeb (1 VM)
    RDSCB1 (1 VM’s)
    RDSH1+RDSH2+ RDSH3 (3 VM’s )

    I applied SAN / star *.extdomain.com certificates . But when accessing Remote App pop up a certificate dialog with Connect & Cancel option ,

    It Shows
    Publisher:*.externaldomain.com
    Type: Remote App programs
    Path:mspaint
    Name:paint
    Remote Computer: rdscb1.domain.local
    GW Server:rdweb.externaldomain.com

    I want to change remote computer as rdsfarm.externaldomain.com

    Regards
    Tahir

  4. Hello Ryan thanks for sharing the knowledge!Specially the last two links! I spent a day trying to publish remote apps in 2012 with public certificates.Although I won’t be able to implement it because the company that I’m working with will not purchase a SAN certificate with local and public addresses without any official MS statement about this and knowing that the local addresses on SAN certificates will be unsupported on a near future.

    1. Hi, what clients are going to be accessing RDS ? You could try and deploy certificates to the clients. You could also configure a split brain DNS but the downside of this would be you would need to manage two sets of DNS records.

      Best Regards.

  5. I have setup RDCB in HA but when Broker2 is offline I cannot connect to a session. It will work if Broker 1 is offline. Is there a setting in the collection settings needed?

    I have been doing this as a test for our live environment. Will all of the collections need changes or recreating?

  6. I really appreciate your post, it’s the best information I’ve found on setting up HA on the broker server.
    I believe I’ve got all the prereqs setup properly, but I’m getting “The database specified in the database connection string is not available from the RD Connection Broker server RDbroker1.mydomain.com. Ensure the SQL server is available on the network, the SQL Server Native Client is installed on the RD Connection Broker server, and the RD Connection Broker has write permissions to the database.”

    – I can telnet to my SQL server on 1433 (confirmed SQL listening port)
    -I created a group and added my broker servers to it and gave it DBcreator on the SQL server (also tried creating a DB and giving it DBOwner to it).
    -confirmed proper version of SQL native client is installed (created system DSN and confirmed a successful test to the RDbroker DB I manually created – this should rule out a lot of other potential issues)

    Still get that error every time…This is 2012 R2 not sure if there are any differences, can’t find any documentation specific to 2012 R2.

      1. Found the problem, I did all of this within the span of about an hour and I didn’t reboot the RDBroker server after adding it to the group I gave the SQL permissions to, so the computer token didn’t include that group…tried again after a reboot and voila.

  7. Great Article. Any recommendations on sizing of SQL server, specifically disk space? I’m having a hard time finding documentation .

  8. When moveing from single-CB to HA-CB is it possible to migrate the localdb to shared sql db to keep all current CBconfig in tact ?

    1. Is it a windows internal database, or are you using SQL for the single RDCB Server. There is no reason why you could not add the DB to a shared SQL instance. The connection broker configuration would not change it will just be simply migrated from the internal to a SQL box or if your moving from SQL to SQL you can do a full restore including transaction logs which would provide a exact copy.

  9. Ryan excelent article. I have a problem.I had configured RD Connection Broker HA with two RDCB (RDCB1 and RDCB2) and the fail over work fine. But the RDCB does not redirect the RD Client to the RDSessionHost (RDSH) that have the user ´s Disconnected Session. If RR DNS Alias indicate the IP of the RDSH1, then the clien is redirected to RDHS1 in spite of redirect to RDHS2 where the user has their ssesion opened so we have two user session, one at each server RDSH. Sorry for my English language. I hope you can help me.

  10. Ryan, great article. I am configuring an RDS Farm with RDCB HA. I have RDCB1 and RDCB2 and the fail over works fine but i can not do the Connection Brokers Servers redirect the users to the server that have their open session.
    RDCB1 y RDCB2 act as RDSH servers in the farm too. So the RDCB that attend the request redirect the user to the RDSH running on itself.
    If the RR DNS alias redirect to RDCB1 and the session was opened at RDSH2, the RDCB1 redirect the user to RDSH1, not to the RDSH2.

  11. HI Ryan, i have an RDS 2008 deployment that consist of 1 broker and 13 session hosts and would like HA. can i just rebuild the brokers in 2012 and re-deploy?

    1. What are you wanting to do. HA Session Host or HA everything. if you just want session hosts then i would recommend using one connection broker for the RDMS Management console and load balance all sessions using a layer 7 Load balancer. I would also recommend disabling the Connection broker load balancing. so that the load balancer can manage connections. The Connection broker will only manage reconnects in the type of setup

  12. Great article. I have a small query. I have 2012 R2 HA RDS environment with 4 connection brokers. We removed 2 brokers from Deployment overview (Remove RD Connection Broker Server) but the powershell command: Get-RDConnectionBrokerHighAvailability, still shows all four. How can i get rid of other two brokers ?

  13. Great article Ryan. I am going to tackle setting up a test HACB setup this week for a client. However, they don’t want to spend the money on a wildcard certificate. Is it possible to make the local round robin DNS record for the HACBs the same as the external FQDN? ie http://www.mydomain.com That way I can use a single certificate for the gateway, connection broker, and web access.

    1. Thanks Alan. My Advice would be to spend the money as you will be making things more complicated and more problematic. There are a number of External Certificate authorities that offer great Wild SSL prices

  14. Hi, Ryan!
    Great article!
    Can you please help me with how can I get current CB server?
    I mean, I have CB in HA mode, so I have 2 CD servers and 1 is a “main”, and in Deployment GUI I see that server and I need to point that server in every RDS PowerShell cmdlet when working from remote server.
    So, my question is – how can I get current CB server? With which PowerShell cmdlet? Can I do it and how?
    Thanks!

  15. I have a working HA broker scenario with the SQL DB running on a third machine. That SQL server isn’t HA but just a simple SQL Express instance. I have a need to reboot that SQL server (it only hosts SQL for the connection broker HA) during the day. Is this possible or does it need to be done during off hours?

  16. Great article Ryan. I’ve worked through it on 2012R2 and have a strange result; When I initiate a RDP connection to the round-robin hostname, I can only connect to the active connection broker, the session is never redirected to any of my session hosts. Any ideas what could cause this?

  17. Hello Ryan,

    You are awesome.. I design the entire RDS 2012 R2 Solution for my customer based on your articles. Thank you so much for that. Solution is working. I tested all the ways and everything looks good.

    A small query though.

    I have RD Connection Broker configured with High Availability (2 Servers), Server 1 is acting as Current Active Connection Broker Server. My question is, If by chance Server 1 goes down, Does the Second server becomes active automatically? (It should become active and starts accepting the User requests, That’s the purpose of High Availability rite). Correct me if I am wrong !…

    Also, If second server does not become automatically, and my users cannot connect to RDS, then it will be a big mess. I need to achieve Fail over concept as well for RDCB. How do you recommend ?

    Once again, Really appreciate for all you article.

    Regards,
    Akbar

  18. Hello Ryan, I wonder if you may have some input on the following. I have a HA Connection Broker setup for RDS and we have changed the addressing scheme on the lan from a 192.168.1.x/24 to 192.168.26.x/24 subnet.

    This has broken the RDS deployment and as far as I can tell id down to the fact I’m unable to change the Round Robin DNS record. For example the RR DNS Entry we have is rds.domainname.com and If I try and amend/delete/add a new record with the new IP Address of the servers I get a ‘The record cannot be updated. Refused. error. This is only related to the RR records.

    Would you have any idea why this may be or a workaround?

    Kind Regards,

    Ben

    1. OK, did you use -force ? With admin privileges. Try restarting the connections broker service and review the event logs to see if there are any errors pointing to the connection brokers. I am just guessing with out looking at it. The points above should help close in on the issue

      1. Hi Ryan,

        Thanks for the pointers.When I restart the connection brokers they restart without issue and all RDS services show as running.

        If I try and connect to the farm I just get a Remote Gateway unavailable message. I can only assume this is to do with the Round Robin DNS entries. It won’t even allow me to delete these from DNS when running with Admin privileges. Is there some part of RDS that is locking these records ?

        Regards

        Ben

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s