Windows OS Hub / Windows Server 2019 / Migrating RDS Roles (Connection Broker, Web Access) to Another Server

March 11, 2024 PowerShellWindows Server 2016Windows Server 2019

Migrating RDS Roles (Connection Broker, Web Access) to Another Server

This guide should help you to migrate (move) Remote Desktop Connection Broker and RDS Web Access roles to another server. In this example, we will migrate the RDS Connection Broker role from Windows Server 2012 R2 host to Windows Server 2019. We will also look at the specifics of migrating the RD Web Access role.

Some compatibility restrictions of Windows Server versions in an RDS farm:

  • When updating a Windows Server version, start with the host with the RD Connection Broker role;
    If you are using the high-availability RD Connection Broker deployment, it is enough to leave one host with the Connection Broker role in a cluster, perform an in-place upgrade of the Windows Server version, then upgrade other hosts, and add them to the cluster.
  • A terminal farm can contain RDSH hosts with different Windows Server versions (2019/2016/2012R2). It is recommended to use hosts with the same version of Windows Server within the same RDS collection. This means that you may create two RDS collections, for example, one with Windows Server 2019 hosts, and another one with Windows Server 2012 R2 hosts;
  • RDS hosts with previous Windows Server versions can use a Connection Broker with a newer version of OS (for example, RDS hosts running WS2012R2 or WS2016 can use RD Connection Broker with WS2019, but not vice versa).
  • When upgrading the Windows Server version on RDSH hosts, be sure to install the RDS Licensing server on the latest version of Windows Server and activate new RDS CALs.

In my case, two RDS hosts are running Windows Server 2012 R2:

  • Rds2 – with the RD Connection Broker, Web Access, and RDSH roles
  • Rds1– with the RDSH role
You can use this guide to migrate a standalone RDSH server.

You can list roles in your RDS deployment with Server Manager or PowerShell:

Get-RDServer

rds deployment configuration on windows server

The task is to migrate the Connection Broker role with the configured RemoteApp and RDS collections to a new Windows Server 2019 host (an in-place upgrade is not applicable).

Prepare a new host with Windows Server 2019 and install the RD Connection Broker and RD Licensing roles (if needed) on it.

Windows Server doesn’t have built-in tools to easily transfer configured RDS roles between hosts.

To export/import current RDCB settings, you can use the ExportImportRdsDeployment module from PowerShell Gallery.

By default RDCB uses a local SQL database (Windows Internal Database) to store its settings (C:\Windows\rdcbDb\).

Install the ExportImportRdsDeployment module from PowerShell Gallery (you can also install a PowerShell module offline):

Install-Module ExportImportRdsDeployment -Force
Import-Module ExportImportRdsDeployment

If Windows Management Framework 5.1 (includes Windows PowerShell 5.1) is not installed on Windows Server 2012 R2, you will see the following error when running the command:

Install-Module : The term 'Install-Module' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Download and install KB3191564 (https://www.microsoft.com/en-us/download/details.aspx?id=54616) to update your PowerShell version to 5.1.

If you receive an Install-Module: Unable to download from URI error when running the command, you need to enable the TLS 1.2 protocol for the PowerShell connection:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Export the RDS collections to an XML file:

Export-RDCollectionsFromConnectionBroker -ConnectionBroker localhost –XMLFile c:\ps\rdsoldcol.xml –verbose

Export rds configuration with powershell - Export-RDCollectionsFromConnectionBroker

Then export your RDS configuration (including a list of servers in deployment):

Export-RDDeploymentFromConnectionBroker -ConnectionBroker localhost –XMLFile c:\ps\rdsdeployment.xml -Verbose

If you are using wildcard certificates on your old RDS server, export them in PFX (with a password).

Copy both files to your new RDS server running Windows Server 2019. Also, install the module:

Install-Module ExportImportRdsDeployment -Force

In this example, I am migrating the RDS configuration without certificates, so I have specified files that do not exist. If you are using certificates in RDS deployment, provide your file paths and password.

Then run the following commands:

$RDGatewayCertPath = "C:\\PS\\nocert.pfx"
$RDWebAccessCertPath = "C:\\PS\\nocert.pfx"
$RDRedirectorCertPath = "C:\\PS\\nocert.pfx"
$RDPublishingCertPath = "C:\\PS\\nocert.pfx "
$RDGatewayCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDWebAccessCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDRedirectorCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDPublishingCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
Import-RDDeploymentToConnectionBroker -ConnectionBroker localhost -XmlFile c:\ps\rdsdeployment.xml -RDGatewayCertPath $RDGatewayCertPath -RDGatewayCertPassword $RDGatewayCertPassword -RDWebAccessCertPath $RDWebAccessCertPath -RDWebAccessCertPassword $RDWebAccessCertPassword -RDRedirectorCertPath $RDRedirectorCertPath -RDRedirectorCertPassword $RDRedirectorCertPassword -RDPublishingCertPath $RDPublishingCertPath -RDPublishingCertPassword $RDPublishingCertPassword -Verbose

Migrate RDS configuration to new Windows Server host

If you are not using certificates for RDS, you will see a warning that the files were not found. Ignore this error.

Run the Get-RDServer command and make sure that the RD Connection Broker role is on a new server.

Get-RDServer - list roles in RDS deployment

Import the RDS collections:

Import-RDCollectionsToConnectionBroker -ConnectionBroker localhost -XmlFile "C:\PS\rdsoldcol.xml" -Verbose

Make sure that all RD collections with the configured permissions and Remote Apps appeared in the RDS management console.

Move rds collections to new connection broker host

Remove the RDCB role on the previous WS2012R2 host using Server Manager or the Remote-WindowsFeature command:

Remove-WindowsFeature RDS-Connection-Broker

remove RDS-Connection-Broker on old host

There are some nuances when migrating a configured RD Web Access role. If you are moving the RDWebAccess role between different Windows Server versions (with different IIS versions), you will have to copy the settings manually.

    1. Install the RDS-Web-Access role and add a new server to your RDS farm:Install-WindowsFeature RDS-Web-Access
    2. Import the certificates (if needed);
    3. You can use Microsoft Web Deploy v3.6 to copy RDWeb site settings between servers with the same Windows Server versions. Download and install the WebDeploy_amd64_en-US package (https://www.microsoft.com/en-us/download/details.aspx?id=43717) on both hosts;
    4. To transfer IIS site settings offline, you can use the commands below:cd "C:\Program Files (x86)\IIS\Microsoft Web Deploy V3"On a source host:msdeploy -verb:sync -source:apphostconfig="Default Web Site" -dest:archivedir=c:\ps\rdwebOn a target host:msdeploy -verb:sync -source:archivedir=c:\ps\rdweb -dest:appHostConfig="Default Web Site"
      You can also use IIS backup features.

Make sure that your custom IIS settings have been applied (including your expired password change form for RD Web Access). Similarly, you can migrate the Remote Desktop Gateway role.

If the URL address of your RD Web Access server has changed, be sure to change it in the RDS Single Sign-On policy.

4 comments
1
Facebook Twitter Google + Pinterest

Related Reading

View Windows Update History with PowerShell (CMD)

April 30, 2025

Uninstalling Windows Updates via CMD/PowerShell

April 18, 2025

Allowing Ping (ICMP Echo) Responses in Windows Firewall

April 15, 2025

How to Pause (Delay) Update Installation on Windows...

April 11, 2025

How to Write Logs to the Windows Event...

March 3, 2025

4 comments

Russell Johnson April 19, 2023 - 6:48 pm

Excuse me if this is a dumb question. In an HA environment with existing 2012 R2 broker servers, can the 2019 Server(s) be simply added and then inherit the RDS configurations? Then make one of the 2019 Servers the active connection broker, followed by removing the 2012 R2 servers?

Reply
Stefan May 4, 2023 - 9:02 am

Yes, same idea, this would be an easy and smooth way for migrating the role

Reply
Benjamin December 5, 2023 - 8:52 pm

Just tried it and it worked almost great.
FYI we had a HA deployment on W2K12R2 and migrated to W2K22. Our bokers also had the web access role. 2 tips that we needed for the migration :
1. After the deployment import, we had tp remove the 2 old brokers with powershell (there were migrated as they did have web access role). Without that we could not load the deployment GUI.
2. We had few issue with collection import as our apps were published on D Drive. If you have this issue you need to add a D Drive on your broker then launch the script.

Anyway thanks a lot for the procedure…helped a lot.

Reply
Marco February 13, 2024 - 1:44 pm

I’m working on this.
I have 3 servers:
2012 R2 with RD broker and RD session host
2012 with RD gateway (on DMZ)
2019 with RD session host and license role

My goal is to dismiss 2012 R2, so I need to migrate RD Broker on the 2019.
All is working fine on the export.
After I installed RD broker role on the 2019, the 2019 server remote desktop was unavailable and Import-RDDeploymentToConnectionBroker gave me an error about the impossibility to import the configuration.
I had to remove the RD broker role on the 2019 to restore the functionality.
Can you help me about this?
Thanks for your job.

Reply

Leave a Comment