Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Windows Server 2019 / Configuring RDS Connection Broker High Availability on Windows Server

March 15, 2024

Configuring RDS Connection Broker High Availability on Windows Server

Remote Desktop Connection Broker (RDCB) is a component of the Remote Desktop Services (RDS) role in Windows Server. RD Connection Broker allows you to load-balance the RDS farm servers (when connecting to an RDS farm, the user is redirected to the least loaded RDS host), provides user access to VDI and RemoteApps, manages RDS host configuration in the farm. Also, RDCB allows users to reconnect to their sessions: when connecting to RDS, RDCB checks if there is any incomplete session on other servers of the farm and redirects them to their previous sessions.

In this article, we’ll show how to configure a fault-tolerant high availability RD Connection Broker instance maintaining its features in case one of the servers with the RDCB role fails. A database server running MS SQL Server 2019 will be used to store Remote Desktop Connection Broker data. To avoid a single point of failure, an RDCB SQL database should also be deployed in a fault-tolerant configuration. In this example, we will use two SQL Server nodes with the SQL Always On Availability Group configured.

Contents:
  • Preparing Infrastructure for Remote Desktop Connection Broker
  • Install Remote Desktop Services Roles on Windows Server
  • Deploying RD Connection Broker High Availability
  • Configuring SQL Server Failover Configuration for RD Connection Broker HA

RD Connection Broker High Availability requirements and supported configurations:

  • At least 2 servers with the RD Connection Broker role running Windows Server 2022/2019;
  • If you want to use high availability for an RDCB SQL database, you will need at least 2 hosts with SQL Server 2014 or newer (Standard or Enterprise edition). In this example, we have installed a standalone MS SQL Server 2019 Enterprise instance on each of the servers. If you are not going to have an HA SQL database, one server with SQL Express is enough;
  • Install SQL Server Native Client on the servers with the RD Connection Broker role;
  • Grant full control over your SQL database and SQL installation folder to RD Connection Broker servers;
  • At least one server with the Remote Desktop Session Host role in the farm.

We will create a highly available RDCB configuration of two servers. Both of them will have the RD Connection role and SQL Server installed. High availability and disaster recovery of the SQL Server database will be provided by the SQL Server Always On Availability group.

High Availability Remote Desktop Connection Broker on Windows Server 2019

In Windows Server 2012 and newer, RDS Connection Broker provides high availability in the Active/Active mode. In this mode, all RDCB servers are active and can process incoming connections. It allows providing high RDCB availability and scalability in large Remote Desktop environments.

Preparing Infrastructure for Remote Desktop Connection Broker

Assign static IP addresses to all servers with the RD Connection Broker role and join them to your Active Directory domain.

  • srv-rds1.woshub.com — 192.168.13.20
  • srv-rds2.woshub.com — 192.168.13.21

Create a new security group in Active Directory (MUN_RD_Connection_Brokers) and add all RDCB servers to it. You can create the group with the ADUC snap-in (dsa.msc) or by using PowerShell:

New-ADGroup "MUN_RD_Connection_Brokers" -path 'OU=Groups,OU=Berlin,DC=woshub,DC=com' -GroupScope Global -PassThru –Verbose

Add two RDS hosts to the group:

Add-AdGroupMember -Identity "MUN_RD_Connection_Brokers" -Members srv-rds1$,srv-rds2$

rd_conneciton_broker security group in active directory

Create A records for the cluster name of your RDS farm (in our example, it is MUNRDCB) in DNS. DNS records must contain the IP addresses of all RDCB servers. It enables load balancing (Round Robin) between RD Connection Broker servers. I have created the following entries:

  • A — MUNRDCB.woshub.com 192.168.13.20 (IP address of the first RDCB server — srv-rds1.woshub.com)
  • A — MUNRDCB.woshub.com 192.168.13.21 ( IP address of the second RDCB server — srv-rds2.woshub.com)

You can create A records in DNS using PowerShell:

Add-DnsServerResourceRecordA -Name MUNRDCB -IPv4Address 192.168.13.20 -ZoneName woshub.com
Add-DnsServerResourceRecordA -Name MUNRDCB -IPv4Address 192.168.13.21 -ZoneName woshub.com

RDS connection broker round robin DNS A records

Install the SQL Server Native Client on all servers with the RDCB role. You can download the SQL Server Native Client for your SQL Server version from the Microsoft website or copy it from the SQL Server install image (D:\1033_ENU_LP\x64\Setup\x64\sqlncli.msi).

Microsoft SQL Server Native Client for RD Connection Broker Connectivity

Then run SQL Server Management Studio and connect to your first SQL server, on which a shared Connection Broker database will be created (later we will move it to the Always On high availability group).

Open Security -> Logins to add a new login. Click Search, select your domain in Locations, set Object Types = Groups, and find the domain group MUN_RD_Connection_Brokers.

SQL Server RDS permissions

Assign dbcreator and sysadmin roles to the group.

RDCB SQL database permissions

Open SQL Server ports in Windows Defender Firewall (by default, TCP 1433 port is used to connect to Microsoft SQL Server).

Install Remote Desktop Services Roles on Windows Server

Then you have to install RDS roles on your servers. Open the Server Manager console, select Manage -> Add roles and Features -> Remote Desktop Services Installation.

remote desktop services farm installation

The installation of the RDS role on a standalone host is described in this article.

Select Standard deployment -> Session-based desktop deployment.

Session-based RDS deployment

Choose one server you want to install the RD Connection Broker role on. You don’t need to install the RDCB role on the second server now.

add rd connection broker host to rds deployment

Install the RD Web Access role on the same server. Install the RD Session Host role on both servers.

install RDS session hosts

Wait for the installation of RDS roles to complete. installing RDS farm components

When you have finished installing the roles, add the RDCB hosts and ‘NT AUTHORITY\NETWORK SERVICE’ accounts to the local RDS Management Servers group on both servers.

RDS Management Servers (local security group)

During the installation of the RD Connection Broker role on the first server in the farm, a local SQL database will be created in C:\Windows\rdcbDb\rdcms.mdf on the local drive of the RD Connection Broker server.

rdcms.mdf - Connection Broker on Windows Internal Database (WID)

This database keeps the information about the farm and terminal user sessions. Since it is located on the local computer, other RDCB servers will not be able to use it. To provide RDCB HA, you have to move it to a dedicated SQL server where other servers can access it.

Deploying RD Connection Broker High Availability

Before you add a second host with the RD Connection Broker role to the farm, you must migrate the local RDCB database to an external SQL Server.

To move the Connection Broker database from the local database to the dedicated SQL Server, open Server Manager -> Remote Desktop Services -> Overview. To run the Remote Desktop Connection Broker Failover Configuration Wizard, click the RD Connection Broker role image and select Configure High Availability.

RD Connection Broker - COnfigure High Availability

Then select Dedicated Database Server. Specify SQL Server connection settings the local RDCB database will be moved.

Fill in two fields:

  • DNS name for the RD Connection Broker Cluster: an FQDN name of your RDCB farm we have created Round Robin DNS records for (in our example, it is MUNRDCB.woshub.com). This is the address that RDP clients will use when connecting to RD Connection Broker servers;
  • Database Connection String – specify the connection string to the SQL Server database. Here is the string format: DRIVER=SQL Server Native Client 11.0;SERVER=<SQL Server Name>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=<DB Name>
    In this example, SQL Server Name is the name of the SQL server you want to create a database on, and DB Name is the name of your new database: DRIVER=SQL Server Native Client 11.0;SERVER=srv-rds2.woshub.com;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=RDCB_DB

Connection string and DNS name for RD Connection Broker Cluster

Once an RD Connection Broker HA configuration is enabled, you won’t be able to revert to the internal RDCB database without decommissioning the whole RDS farm configuration.

Click Configure in the next step.

Then connect to your SQL Server instance using SQL Management Studio and make sure that the new database RDCB_DB has been created.

running RDCB database on SQL Server

Grant both RD Connection Broker servers write permissions to the database. Open Database -> RDCB_DB -> Security -> Users -> New user.

Create two new users: BUILTIN\RDS Management Servers and woshub\MUN_RD_Connection_Brokers. Grant both db_owner and public privileges.

granting RD Connection Broker SQL permissions

To provide high availability in case the first server fails, add a second RD Connection Broker server to the current configuration.

Click the RD Connection Broker icon and select Add RD Connection Broker Server.

Add second RD Connection Broker server

Enter the name of the second server you want to install the Connection Broker role on and click Next. Then two servers with the RDCB role will appear in the list of RDS farm hosts. You will also see the RD Connection Broker (High Available Mode) message.

This completes the High Availability configuration of the Remote Desktop Connection Broker.

multiple RD Connection Broker hosts in an RDS farm

Configuring SQL Server Failover Configuration for RD Connection Broker HA

Then set up a failover configuration of your SQL database. Meanwhile, it is running on one server only. Place your RD Connection Broker database in the SQL cluster. It may be either a classic Microsoft Failover Cluster or an SQL Server Always On high availability group.

Basic Always On configuration in SQL Server 2019 is described in this article. We will show only the main steps here:

  1. Install the Failover Clustering role and build an SQL-RDS cluster of two RDCB hosts with a witness and quorum on any file server (it is described in the article on Always On mentioned above);
  2. Enable the option Enable Always On Availability Groups in the SQL Server Configuration Manager settings on both servers;Enable Always On Availability Groups on SQL Server
  3. Run the New Availability Group Wizard;
  4. Enter the name of the Availability Group (SQL-RDS);
  5. Select a database you want to place in your high availability group (RDCB_DB); Select RDCB database for SQL Always On availability group
  6. Add the second SQL server to the high availability group and check the Automatic Failover option; enable Automatic Failover for RDCB database
  7. On the Listener tab, enter the name and IP address that clients will use to connect to the database in your Always On group (SQL-RDSDB-liste); Set AlwaysOn listener DNS name and IP
  8. Open the Failover Cluster Manager snap-in (FailoverClusters.SnapInHelper.msc) and make sure that the new resource has appeared in the list of roles. Running RD Connection Database on WIndows Failover Cluster

Then change the connection string for the SQL server with the RDCB database in the Connection Broker settings. You can only change the RDCB connection string via PowerShell:

Set-RDDatabaseConnectionString [-DatabaseConnectionString] <String> [[-ConnectionBroker] <String>] [ <CommonParameters>]

In my example, the command to switch the RDCB farm to the SQL database High Availability group looks like this:

Set-RDDatabaseConnectionString -ConnectionBroker srv-rds1.woshub.com -DatabaseConnectionString "DRIVER=SQL Server Native Client 11.0;SERVER=SQL-RDSDB-liste;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=RDCB_DB"

Set-RDDatabaseConnectionString - powershell

If the command returns no error, then everything is OK. Now your RDS Connection Broker cluster is configured to use SQL Always On availability group.

Open your RDS farm settings and make sure that a new connection string is used for HA (Tasks -> Edit Deployment Properties).

RDCB connection string points to SQL Server Cluster

So, we have created a high-availability RDS Connection Broker service on Windows Server 2022/2019. You can test RDCB’s high availability by shutting down one of the hosts in the RDS farm.

Then you can go on with the configuration of your RDS farm, deploy an RDS licensing server, add RDSH servers, set up RDS collections, publish RemoteApps, enable HTML5 web client for RDS, etc.

3 comments
8
Facebook Twitter Google + Pinterest
PowerShellWindows Server 2019Windows Server 2022
previous post
Tracking and Analyzing Remote Desktop Connection Logs in Windows
next post
How to Change Expired Password via Remote Desktop Web Access on Windows Server

Related Reading

How to Repair EFI/GPT Bootloader on Windows 10...

March 16, 2024

How to Restore Deleted EFI System Partition in...

March 11, 2024

How to Repair Windows Boot Manager, BCD and...

March 11, 2024

PowerShell: Get Folder Size on Windows

April 2, 2024

How to Convert (Upgrade) Windows Server Evaluation to...

March 15, 2024

How to Find the Source of Account Lockouts...

March 12, 2024

How to Clean Up System Volume Information Folder...

March 17, 2024

How to Delete Old User Profiles in Windows

March 15, 2024

3 comments

Mat September 20, 2023 - 12:44 pm

Hi,

I have a question, what about kerberos when connection to the roundrobbin-dns-name ? This setup will use NTLM as no SPN is configured for the alias, right ?

Reply
chris white August 12, 2024 - 9:33 am

You should update the connection string because SQL Server Native Client 11.0 is EOL.
https://learn.microsoft.com/en-us/sql/relational-databases/native-client/sql-server-native-client?view=sql-server-ver15
So for my current deployment I use
Driver={ODBC Driver 18 for SQL Server};Server=tcp:DBSERVER.xxx.xx,1433;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=DBNAME;Encrypt=Optional;

Reply
Peter Hoogeveen April 3, 2025 - 12:15 pm

FYI:
Spent some time with this error and in my case the problem was with Windows Authentication login name. General recommendation is to add the RD broker server to a security group but in my case the server added to the built-in group “RDS Management Servers” just wasn’t propagated to the database, and newly created group just did not work for an unknown reason. Specifying computer name directly as DOMAIN\Server$ works even though selecting computer isn’t available through “Browse”.

So here is proper workflow which worked with Server 2016 and SQL 2019:

Create empty db
Create new login and add RD Broker server as DOMAIN\Server$ (just type in, do not press “Search…”)
In the login under User Mapping select new DB and role db owner. No need to select dbcreator under Server Roles
On the RD Broker server install latest ODBC (v18 works)
In the RD Broker wizard select Dedicated Server

Connection string:

Driver=ODBC Driver 18 for SQL Server;Server=myserver.mydomain.local;App=Remote Desktop Services Connection Broker;Database=RDCB;Trusted_Connection=Yes;Connect Timeout=30;Trust Server Certificate=False;

It was confirmed that:
Path to db files isn’t required
No need to specify “Create any db” secuarable
Native SQL client (SNAC) isn’t required and even not possible on Server 2016+

From: https://serverfault.com/questions/1007905/rds-connection-broker-high-availability-cannot-connect-to-database

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Install and Manage Windows Updates with PowerShell (PSWindowsUpdate)
  • How to Download Offline Installer (APPX/MSIX) for Microsoft Store App
  • Fix: Remote Desktop Licensing Mode is not Configured
  • How to Delete Old User Profiles in Windows
  • Configuring Port Forwarding in Windows
  • How to Install Remote Server Administration Tools (RSAT) on Windows
  • Start Menu or Taskbar Search Not Working in Windows 10/11
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top