Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Windows Server 2019 / Migrating RDS Roles (Connection Broker, Web Access) to Another Server

March 11, 2024

Migrating RDS Roles (Connection Broker, Web Access) to Another Server

This guide should help you to migrate (move) Remote Desktop Connection Broker and RDS Web Access roles to another server. In this example, we will migrate the RDS Connection Broker role from Windows Server 2012 R2 host to Windows Server 2019. We will also look at the specifics of migrating the RD Web Access role.

Some compatibility restrictions of Windows Server versions in an RDS farm:

  • When updating a Windows Server version, start with the host with the RD Connection Broker role;
    If you are using the high-availability RD Connection Broker deployment, it is enough to leave one host with the Connection Broker role in a cluster, perform an in-place upgrade of the Windows Server version, then upgrade other hosts, and add them to the cluster.
  • A terminal farm can contain RDSH hosts with different Windows Server versions (2019/2016/2012R2). It is recommended to use hosts with the same version of Windows Server within the same RDS collection. This means that you may create two RDS collections, for example, one with Windows Server 2019 hosts, and another one with Windows Server 2012 R2 hosts;
  • RDS hosts with previous Windows Server versions can use a Connection Broker with a newer version of OS (for example, RDS hosts running WS2012R2 or WS2016 can use RD Connection Broker with WS2019, but not vice versa).
  • When upgrading the Windows Server version on RDSH hosts, be sure to install the RDS Licensing server on the latest version of Windows Server and activate new RDS CALs.

In my case, two RDS hosts are running Windows Server 2012 R2:

  • Rds2 – with the RD Connection Broker, Web Access, and RDSH roles
  • Rds1– with the RDSH role
You can use this guide to migrate a standalone RDSH server.

You can list roles in your RDS deployment with Server Manager or PowerShell:

Get-RDServer

rds deployment configuration on windows server

The task is to migrate the Connection Broker role with the configured RemoteApp and RDS collections to a new Windows Server 2019 host (an in-place upgrade is not applicable).

Prepare a new host with Windows Server 2019 and install the RD Connection Broker and RD Licensing roles (if needed) on it.

Windows Server doesn’t have built-in tools to easily transfer configured RDS roles between hosts.

To export/import current RDCB settings, you can use the ExportImportRdsDeployment module from PowerShell Gallery.

By default RDCB uses a local SQL database (Windows Internal Database) to store its settings (C:\Windows\rdcbDb\).

Install the ExportImportRdsDeployment module from PowerShell Gallery (you can also install a PowerShell module offline):

Install-Module ExportImportRdsDeployment -Force
Import-Module ExportImportRdsDeployment

If Windows Management Framework 5.1 (includes Windows PowerShell 5.1) is not installed on Windows Server 2012 R2, you will see the following error when running the command:

Install-Module : The term 'Install-Module' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Download and install KB3191564 (https://www.microsoft.com/en-us/download/details.aspx?id=54616) to update your PowerShell version to 5.1.

If you receive an Install-Module: Unable to download from URI error when running the command, you need to enable the TLS 1.2 protocol for the PowerShell connection:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Export the RDS collections to an XML file:

Export-RDCollectionsFromConnectionBroker -ConnectionBroker localhost –XMLFile c:\ps\rdsoldcol.xml –verbose

Export rds configuration with powershell - Export-RDCollectionsFromConnectionBroker

Then export your RDS configuration (including a list of servers in deployment):

Export-RDDeploymentFromConnectionBroker -ConnectionBroker localhost –XMLFile c:\ps\rdsdeployment.xml -Verbose

If you are using wildcard certificates on your old RDS server, export them in PFX (with a password).

Copy both files to your new RDS server running Windows Server 2019. Also, install the module:

Install-Module ExportImportRdsDeployment -Force

In this example, I am migrating the RDS configuration without certificates, so I have specified files that do not exist. If you are using certificates in RDS deployment, provide your file paths and password.

Then run the following commands:

$RDGatewayCertPath = "C:\\PS\\nocert.pfx"
$RDWebAccessCertPath = "C:\\PS\\nocert.pfx"
$RDRedirectorCertPath = "C:\\PS\\nocert.pfx"
$RDPublishingCertPath = "C:\\PS\\nocert.pfx "
$RDGatewayCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDWebAccessCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDRedirectorCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDPublishingCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
Import-RDDeploymentToConnectionBroker -ConnectionBroker localhost -XmlFile c:\ps\rdsdeployment.xml -RDGatewayCertPath $RDGatewayCertPath -RDGatewayCertPassword $RDGatewayCertPassword -RDWebAccessCertPath $RDWebAccessCertPath -RDWebAccessCertPassword $RDWebAccessCertPassword -RDRedirectorCertPath $RDRedirectorCertPath -RDRedirectorCertPassword $RDRedirectorCertPassword -RDPublishingCertPath $RDPublishingCertPath -RDPublishingCertPassword $RDPublishingCertPassword -Verbose

Migrate RDS configuration to new Windows Server host

If you are not using certificates for RDS, you will see a warning that the files were not found. Ignore this error.

Run the Get-RDServer command and make sure that the RD Connection Broker role is on a new server.

Get-RDServer - list roles in RDS deployment

Import the RDS collections:

Import-RDCollectionsToConnectionBroker -ConnectionBroker localhost -XmlFile "C:\PS\rdsoldcol.xml" -Verbose

Make sure that all RD collections with the configured permissions and Remote Apps appeared in the RDS management console.

Move rds collections to new connection broker host

Remove the RDCB role on the previous WS2012R2 host using Server Manager or the Remote-WindowsFeature command:

Remove-WindowsFeature RDS-Connection-Broker

remove RDS-Connection-Broker on old host

There are some nuances when migrating a configured RD Web Access role. If you are moving the RDWebAccess role between different Windows Server versions (with different IIS versions), you will have to copy the settings manually.

    1. Install the RDS-Web-Access role and add a new server to your RDS farm:Install-WindowsFeature RDS-Web-Access
    2. Import the certificates (if needed);
    3. You can use Microsoft Web Deploy v3.6 to copy RDWeb site settings between servers with the same Windows Server versions. Download and install the WebDeploy_amd64_en-US package (https://www.microsoft.com/en-us/download/details.aspx?id=43717) on both hosts;
    4. To transfer IIS site settings offline, you can use the commands below:cd "C:\Program Files (x86)\IIS\Microsoft Web Deploy V3"On a source host:msdeploy -verb:sync -source:apphostconfig="Default Web Site" -dest:archivedir=c:\ps\rdwebOn a target host:msdeploy -verb:sync -source:archivedir=c:\ps\rdweb -dest:appHostConfig="Default Web Site"
      You can also use IIS backup features.

Make sure that your custom IIS settings have been applied (including your expired password change form for RD Web Access). Similarly, you can migrate the Remote Desktop Gateway role.

If the URL address of your RD Web Access server has changed, be sure to change it in the RDS Single Sign-On policy.

4 comments
1
Facebook Twitter Google + Pinterest
PowerShellWindows Server 2016Windows Server 2019
previous post
How to Enable and Configure WinRM (Windows Remote Management) via GPO
next post
Find Windows OS Versions and Builds in Active Directory

Related Reading

How to Repair EFI/GPT Bootloader on Windows 10...

March 16, 2024

How to Restore Deleted EFI System Partition in...

March 11, 2024

How to Run Program without Admin Privileges and...

June 8, 2023

Fix: Remote Desktop Licensing Mode is not Configured

August 24, 2023

How to Install Remote Server Administration Tools (RSAT)...

March 17, 2024

Refresh AD Groups Membership without Reboot/Logoff

March 15, 2024

How to Repair Windows Boot Manager, BCD and...

March 11, 2024

How to Find the Source of Account Lockouts...

March 12, 2024

4 comments

Russell Johnson April 19, 2023 - 6:48 pm

Excuse me if this is a dumb question. In an HA environment with existing 2012 R2 broker servers, can the 2019 Server(s) be simply added and then inherit the RDS configurations? Then make one of the 2019 Servers the active connection broker, followed by removing the 2012 R2 servers?

Reply
Stefan May 4, 2023 - 9:02 am

Yes, same idea, this would be an easy and smooth way for migrating the role

Reply
Benjamin December 5, 2023 - 8:52 pm

Just tried it and it worked almost great.
FYI we had a HA deployment on W2K12R2 and migrated to W2K22. Our bokers also had the web access role. 2 tips that we needed for the migration :
1. After the deployment import, we had tp remove the 2 old brokers with powershell (there were migrated as they did have web access role). Without that we could not load the deployment GUI.
2. We had few issue with collection import as our apps were published on D Drive. If you have this issue you need to add a D Drive on your broker then launch the script.

Anyway thanks a lot for the procedure…helped a lot.

Reply
Marco February 13, 2024 - 1:44 pm

I’m working on this.
I have 3 servers:
2012 R2 with RD broker and RD session host
2012 with RD gateway (on DMZ)
2019 with RD session host and license role

My goal is to dismiss 2012 R2, so I need to migrate RD Broker on the 2019.
All is working fine on the export.
After I installed RD broker role on the 2019, the 2019 server remote desktop was unavailable and Import-RDDeploymentToConnectionBroker gave me an error about the impossibility to import the configuration.
I had to remove the RD broker role on the 2019 to restore the functionality.
Can you help me about this?
Thanks for your job.

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Configuring Windows Protected Print Mode (WPP)

    May 19, 2025
  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Install and Manage Windows Updates with PowerShell (PSWindowsUpdate)
  • How to Download Offline Installer (APPX/MSIX) for Microsoft Store App
  • Fix: Remote Desktop Licensing Mode is not Configured
  • How to Delete Old User Profiles in Windows
  • How to Install Remote Server Administration Tools (RSAT) on Windows
  • Configuring Port Forwarding in Windows
  • Start Menu or Taskbar Search Not Working in Windows 10/11
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top