Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows Server 2019 / Migrating RDS Roles (Connection Broker, Web Access) to Another Server

September 9, 2022 PowerShellWindows Server 2012 R2Windows Server 2016Windows Server 2019

Migrating RDS Roles (Connection Broker, Web Access) to Another Server

This guide should help you to migrate (move) Remote Desktop Connection Broker and RDS Web Access roles to another server. In this example, we will migrate the RDS Connection Broker role from Windows Server 2012 R2 host to Windows Server 2019. We will also look at the specifics of migrating the RD Web Access role.

Some compatibility restrictions of Windows Server versions in an RDS farm:

  • When updating a Windows Server version, start with the host with the RD Connection Broker role;
    If you are using the high-availability RD Connection Broker deployment, it is enough to leave one host with the Connection Broker role in a cluster, perform an in-place upgrade of the Windows Server version, then upgrade other hosts, and add them to the cluster.
  • A terminal farm can contain RDSH hosts with different Windows Server versions (2019/2016/2012R2). It is recommended to use hosts with the same version of Windows Server within the same RDS collection. This means that you may create two RDS collections, for example, one with Windows Server 2019 hosts, and another one with Windows Server 2012 R2 hosts;
  • RDS hosts with previous Windows Server versions can use a Connection Broker with a newer version of OS (for example, RDS hosts running WS2012R2 or WS2016 can use RD Connection Broker with WS2019, but not vice versa).
  • When upgrading the Windows Server version on RDSH hosts, be sure to install the RDS Licensing server on the latest version of Windows Server and activate new RDS CALs.

In my case, two RDS hosts are running Windows Server 2012 R2:

  • Rds2 – with the RD Connection Broker, Web Access, and RDSH roles
  • Rds1– with the RDSH role
You can use this guide to migrate a standalone RDSH server.

You can list roles in your RDS deployment with Server Manager or PowerShell:

Get-RDServer

rds deployment configuration on windows server

The task is to migrate the Connection Broker role with the configured RemoteApp and RDS collections to a new Windows Server 2019 host (an in-place upgrade is not applicable).

Prepare a new host with Windows Server 2019 and install the RD Connection Broker and RD Licensing roles (if needed) on it.

Windows Server doesn’t have built-in tools to easily transfer configured RDS roles between hosts.

To export/import current RDCB settings, you can use the ExportImportRdsDeployment module from PowerShell Gallery.

By default RDCB uses a local SQL database (Windows Internal Database) to store its settings (C:\Windows\rdcbDb\).

Install the ExportImportRdsDeployment module from PowerShell Gallery (you can also install a PowerShell module offline):

Install-Module ExportImportRdsDeployment -Force
Import-Module ExportImportRdsDeployment

If Windows Management Framework 5.1 (includes Windows PowerShell 5.1) is not installed on Windows Server 2012 R2, you will see the following error when running the command:

Install-Module : The term 'Install-Module' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Download and install KB3191564 (https://www.microsoft.com/en-us/download/details.aspx?id=54616) to update your PowerShell version to 5.1.

If you receive an Install-Module: Unable to download from URI error when running the command, you need to enable the TLS 1.2 protocol for the PowerShell connection:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Export the RDS collections to an XML file:

Export-RDCollectionsFromConnectionBroker -ConnectionBroker localhost –XMLFile c:\ps\rdsoldcol.xml –verbose

Export rds configuration with powershell - Export-RDCollectionsFromConnectionBroker

Then export your RDS configuration (including a list of servers in deployment):

Export-RDDeploymentFromConnectionBroker -ConnectionBroker localhost –XMLFile c:\ps\rdsdeployment.xml -Verbose

If you are using wildcard certificates on your old RDS server, export them in PFX (with a password).

Copy both files to your new RDS server running Windows Server 2019. Also, install the module:

Install-Module ExportImportRdsDeployment -Force

In this example, I am migrating the RDS configuration without certificates, so I have specified files that do not exist. If you are using certificates in RDS deployment, provide your file paths and password.

Then run the following commands:

$RDGatewayCertPath = "C:\\PS\\nocert.pfx"
$RDWebAccessCertPath = "C:\\PS\\nocert.pfx"
$RDRedirectorCertPath = "C:\\PS\\nocert.pfx"
$RDPublishingCertPath = "C:\\PS\\nocert.pfx "
$RDGatewayCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDWebAccessCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDRedirectorCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDPublishingCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
Import-RDDeploymentToConnectionBroker -ConnectionBroker localhost -XmlFile c:\ps\rdsdeployment.xml -RDGatewayCertPath $RDGatewayCertPath -RDGatewayCertPassword $RDGatewayCertPassword -RDWebAccessCertPath $RDWebAccessCertPath -RDWebAccessCertPassword $RDWebAccessCertPassword -RDRedirectorCertPath $RDRedirectorCertPath -RDRedirectorCertPassword $RDRedirectorCertPassword -RDPublishingCertPath $RDPublishingCertPath -RDPublishingCertPassword $RDPublishingCertPassword -Verbose

Migrate RDS configuration to new Windows Server host

If you are not using certificates for RDS, you will see a warning that the files were not found. Ignore this error.

Run the Get-RDServer command and make sure that the RD Connection Broker role is on a new server.

Get-RDServer - list roles in RDS deployment

Import the RDS collections:

Import-RDCollectionsToConnectionBroker -ConnectionBroker localhost -XmlFile "C:\PS\rdsoldcol.xml" -Verbose

Make sure that all RD collections with the configured permissions and Remote Apps appeared in the RDS management console.

Move rds collections to new connection broker host

Remove the RDCB role on the previous WS2012R2 host using Server Manager or the Remote-WindowsFeature command:

Remove-WindowsFeature RDS-Connection-Broker

remove RDS-Connection-Broker on old host

There are some nuances when migrating a configured RD Web Access role. If you are moving the RDWebAccess role between different Windows Server versions (with different IIS versions), you will have to copy the settings manually.

    1. Install the RDS-Web-Access role and add a new server to your RDS farm:Install-WindowsFeature RDS-Web-Access
    2. Import the certificates (if needed);
    3. You can use Microsoft Web Deploy v3.6 to copy RDWeb site settings between servers with the same Windows Server versions. Download and install the WebDeploy_amd64_en-US package (https://www.microsoft.com/en-us/download/details.aspx?id=43717) on both hosts;
    4. To transfer IIS site settings offline, you can use the commands below:cd "C:\Program Files (x86)\IIS\Microsoft Web Deploy V3"On a source host:msdeploy -verb:sync -source:apphostconfig="Default Web Site" -dest:archivedir=c:\ps\rdwebOn a target host:msdeploy -verb:sync -source:archivedir=c:\ps\rdweb -dest:appHostConfig="Default Web Site"
      You can also use IIS backup features.

Make sure that your custom IIS settings have been applied (including your expired password change form for RD Web Access). Similarly, you can migrate the Remote Desktop Gateway role.

If the URL address of your RD Web Access server has changed, be sure to change it in the RDS Single Sign-On policy.

2 comments
0
Facebook Twitter Google + Pinterest
previous post
How to Enable and Configure WinRM (Windows Remote Management) via GPO?
next post
Find Windows OS Versions and Builds in Active Directory

Related Reading

Configuring Event Viewer Log Size on Windows

May 24, 2023

How to Detect Who Changed the File/Folder NTFS...

May 24, 2023

Enable Single Sign-On (SSO) Authentication on RDS Windows...

May 23, 2023

Allow Non-admin Users RDP Access to Windows Server

May 22, 2023

How to Create, Change, and Remove Local Users...

May 17, 2023

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Configuring Event Viewer Log Size on Windows

    May 24, 2023
  • How to Detect Who Changed the File/Folder NTFS Permissions on Windows?

    May 24, 2023
  • Enable Single Sign-On (SSO) Authentication on RDS Windows Server

    May 23, 2023
  • Allow Non-admin Users RDP Access to Windows Server

    May 22, 2023
  • How to Create, Change, and Remove Local Users or Groups with PowerShell?

    May 17, 2023
  • Fix: BSOD Error 0x0000007B (INACCESSABLE_BOOT_DEVICE) on Windows

    May 16, 2023
  • View Success and Failed Local Logon Attempts on Windows

    May 2, 2023
  • Fix: “Something Went Wrong” Error When Installing Teams

    May 2, 2023
  • Querying Windows Event Logs with PowerShell

    May 2, 2023
  • Configure Windows LAPS (Local Administrator Passwords Solution) in AD

    April 25, 2023

Follow us

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Manage Windows Updates with PSWindowsUpdate PowerShell Module
  • Installing RSAT Administration Tools on Windows 10 and 11
  • Configuring Port Forwarding in Windows
  • Start Menu or Taskbar Search Not Working in Windows 10/11
  • How to Delete Old User Profiles in Windows?
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • Adding Drivers into VMWare ESXi Installation Image
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top