Configuring HA for the Remote Desktop Connection Broker in a 2012 RDS Farm

Applies to: Windows Server 2012 and 2012 R2

One of the biggest issues with Remote Desktop Services on Windows 2008 R2 was the limitation of only having a single active RD Connection Broker server per RDS farm. Yes, you still could have multiple broker servers, however they would run in an Active/Passive mode. This was a major problem since it would limit the size of the farm. The more servers, resources, and users added to the farm put a strain on the single active RD broker server. In most cases, you would have to create multiple RDS farms to get around this problem. This has changed with RDS for 2012. You can now have multiple active brokers in a single RDS farm.

As per Microsoft, the RD Connection Broker provides the following functionality:

http://technet.microsoft.com/en-us/library/cc772245.aspx

  • Allows users to reconnect to their existing sessions in a load-balanced RD Session Host server farm. This prevents a user with a disconnected session from being connected to a different RD Session Host server in the farm and starting a new session.
  • Enables you to evenly distribute the session load among RD Session Host servers in a load balanced RD Session Host server farm.
  • Provides users access to virtual desktops hosted on RD Virtualization Host servers and to RemoteApp programs hosted on RD Session Host servers through RemoteApp and Desktop Connection.

When a farm is created, there is a small SQL database which resides on the RD Connection Broker server located in the directory c:\windows\rdcbDb\

2-5-2014 4-26-49 PM

This database contains information about the farm. Since it resides on a single machine, no other broker server would be able to read or modify the database. In order to configure HA, we will need to run a wizard which will take this database and place it on a SQL server. Once there, multiple broker servers can talk to the database directly. The following is a step by step guide on how to configure HA (Active/Active) for the RD Connection Broker servers in a 2012 RDS farm.

 Requirements:

  1. SQL Server (for this example, SQL 2012 is being used.)
  2. Access to DNS – A new host record will be required in DNS. This record will be used to round robin the RD broker servers.

Please remember to add each of the servers being used in the RDS Farm to Server Manager in order to have the ability to configure them.

  • Create a new Host record in DNS which will be used for DNS round robin for the broker servers. Do this for each of the IP addresses of the RD Connection Broker servers which will be used for HA. In this example we are using the DNS name of RDFarm.DemoLab.int.
  • From Active Directory Users and Computers, create a new Security Group. For this example, we used the group name “RD Brokers”
  • Add each broker server’s computer account to this new group. The broker servers in this example are RDBROKER01 and RDBROKER02.

2-5-2014 2-36-53 PM

  • From the SQL server, add the newly created security group as a new SQL login. On the Server Roles for this login, add the role dbcreator.

2-5-2014 2-38-16 PM2-5-2014 2-38-41 PM

  • On each of the Broker Servers, install the SQL client tools. This can be found with the SQL installation media.
  • From Server Manager, go to the Remote Desktop Services Group, right click on RD Connection Broker and choose Configure High Availability.

2-5-2014 2-28-38 PM

  • A wizard will be launched. On the before you begin screen, hit next.

4

  • On the next screen, you will need to enter information for the SQL server, database, database location and the DNS name for High Availability for the RD Connection broker farm to be accessible on. The information entered is as follows:

Database Connection String: (In this example the database name will be RDFarm)

DRIVER=SQL Server Native Client 11.0;SERVER=DC01;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=RDFarm

Folder to store database files: (This is from a default installation of SQL for demo purposes. Please check with your SQL admin on the correct location.)

C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA

DNS Round Robin Name: Enter the DNS Round Robin name the RD Brokers will be accessed one. (This should be placed into DNS prior to proceeding)

RDFarm.DemoLab.int

2-5-2014 2-44-27 PM

If the DNS name is not resolvable, you will be notified and prompted to continue. If you do so, you must ensure this information is added into DNS. If you get this pop-up, this means the DNS host record for RDFarm.DemoLab.int was never added. Please ensure this new host record is added to DNS.6

  •  Verify the items on the confirmation screen and hit Configure.

2-5-2014 2-49-27 PM

  • Once completed, hit close.

2-5-2014 2-51-11 PM

  • HA is now enabled for the RD Connection Brokers in the farm. Before we begin adding additional brokers, we must first change the permissions to the newly created database. Within SQL, go to the properties of login RD Brokers which we added early. Within there, select user mappings. Select the RD Farm database and set the database role membership to db_owner. Hit OK to exit.

2-5-2014 3-26-05 PM

  • With the correct database permissions configured, we are ready to add another RD Connection Broker. Go to Server Manager\Remote Desktop Services, right click on RD Connection Broker and choose Add RD Connection Broker Server to add your new broker server(s).  And don’t forget to add the new brokers IP addresses to your DNS Round Robin Name as well make sure to add the broker server’s computer accounts to the Active Directory computer group you created earlier.

2-5-2014 2-51-34 PM

  • On the before you begin screen, hit next.

2-5-2014 2-52-08 PM

  • Select and add the designated broker server and hit next.

2-5-2014 2-54-56 PM

  • On the confirmation screen, hit Add.

2-5-2014 2-55-32 PM

  • Once the configuration is completed, we will now need to reapply the certificates for Single-Sign On and Publishing. This certificate will be required on all broker servers. Select the option configure certificates.

2-5-2014 3-30-03 PM

  • As you can see it now lists an error for the broker certificates. Since I have already pre-created my certificates, highlight Enable Single-Sign On and hit the button “select existing certificate”.

2-5-2014 3-30-31 PM

  • Locate the certificate, enter the password and select the checkbox to allow the certificate to be added to the Trusted Root Certification Authorities certificate store on the destination computers and hit OK.

2-5-2014 3-30-59 PM

  • Hit Apply to assign the certificate.

2-5-2014 3-31-11 PM

  • Do the same for the RD Connection Broker – Publishing certificate. Once completed with the certificate installation, hit OK.

2-5-2014 3-32-55 PM

  • Now that the certificates are applied, close out of the wizard.

2-5-2014 3-33-18 PM

The RDS Farm is now configured with two highly available RD Connection broker servers. Should you be using a RD Gateway server for the environment, take a look at the steps to configure the RD Gateway server(s) for a RD Farm with HA enabled on the Broker servers.

© 2014 Eddie Kwasnik “the Wolf” All Rights Reserved

About these ads

, , , , , , , , , , ,

  1. #1 by Jo on June 13, 2014 - 4:40 pm

    Hi Eddie

    Another great step by step guide. Thank you
    I have managed to setup RD connection broker HA using SQL 2012 in my lab. only issue I have is with the firewall. Have opened 1433 still don’t work?.For now I have disable domain firewall setting on my SQL box.

    Instead of using DNS round robin can you setup as NLB?
    But if you setup as NLB and add the 2 RD connection brokers to the NLB cluster. you can only connect to the brokers session not the RDHS servers in collection or do you add the RDHS servers to the NLB?

    “Create a new Host record in DNS which will be used for DNS round robin for the broker servers. Do this for each of the IP addresses of the RD Connection Broker servers which will be used for HA. In this example we are using the DNS name of RDFarm.DemoLab.int.”

    Many thanks

    Jo

    • #2 by Eddie Kwasnik on June 16, 2014 - 2:54 pm

      Jo,

      Thanks! When a connection is made to the farm, it is the broker’s responsibility to send the user to the specific RDSH server. So the user never initially connects to a specific RDSH server but instead the connection starts out with the Broker and the broker passes the session off to the specific RDSH server. I’m not a huge fan of DNS Round Robin since DNS will not be aware if a server went offline. I prefer using a load balancer (hardware or software based)for the RD Connection brokers since it would know when a server was offline or unavailable. Also, how are you trying to connect to the published resource in the collection? are you connecting via RD Web Access?

      Thanks,
      Eddie

  2. #3 by Jo on June 21, 2014 - 4:38 pm

    Hi Eddie

    In our current 2008R2 environment. we deploy the RDP icon to user desktop via GPO.
    After reading your post. Now I understand in 2012. the broker’s responsibility to send the user to the specific RDSH server. We do have a hardware load balancer. If we use hardware load balancer.
    during the setup of connection broker HA . Do we specify the load balancer FQDN in the following step? “DNS Round Robin Name:” ?
    is there anything thing I need to be aware of using Hardware load balancer ?

    ” DNS Round Robin Name: Enter the DNS Round Robin name the RD Brokers will be accessed one. (This should be placed into DNS prior to proceeding)
    RDFarm.DemoLab.int replace with hardwareloadbalancer.DemoLab.int ”

    Thanks

    Jo

    • #4 by Eddie Kwasnik on June 23, 2014 - 9:06 am

      Jo,

      The load balancer would replace the need of using the DNS round robin name. So you would use the FQDN for the VIP in the Load balancer instead of the dns round robin name.

      Eddie

      • #5 by Jo on June 24, 2014 - 5:57 am

        Hi Eddie

        So you don’t change the FQDN round robin DNS name “RDFarm.DemoLab.int” with the FQDN for the VIP in the Load balancer ?

        I download the RDP file in my lab
        it looks like this

        full address:s:RDFarm.DemoLab.int
        workspace id:s:RDFarm.DemoLab.int
        use redirection server name:i:1
        loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.RDFARM
        alternate full address:s:RDFarm.DemoLab.int

        Many Thanks

        Jo

      • #6 by Eddie Kwasnik on June 24, 2014 - 9:30 am

        Hi Jo,

        The DNS Round Robin FQDN is just a pointer to the RD Connection Brokers. So if you use a hardware load balancer, the FQDN for the VIP would be the same, just a pointer to the RD Connection Brokers but with the load balancer, it will be able to detect if one of the connection brokers is offline or not. The purpose of the load balancing is simply to ensure one of the connection brokers is not overloaded with users trying to access their RemoteApps/Desktops. So to answer your question, use the FQDN for the VIP of the Load balancer used for the connection brokers.

        Thanks,
        Eddie

  3. #7 by Hong Zheng on July 29, 2014 - 1:56 pm

    Hi Eddie,
    Before adding the second Broker, has the broker server role has already installed on the server? or the process installs this role automatically. What about he webAccess role? The first broker is also WebAccess server, I’d like to install WebAccess on second broker too and configure WebAccess farm at the same time. Is it possible?
    Hong

    • #8 by Eddie Kwasnik on July 29, 2014 - 2:45 pm

      The process will add the role to the second server for you. And yes, you can definitely install the RD Web Access role on the second broker as well.

      Eddie

  4. #9 by Nanda Kumar on September 30, 2014 - 3:01 am

    I need to do Virtual machine based RDS with HA. So i tried the steps mentioned above and done collection creation with one desktop. Collection alone can see in other machine when one shutdown but the desktop in that collection is not shown under collection. But i can see that desktop in Hyperv manager and failover cluster manager (because of cluster i hope). Please let me know whether the above setup will support Virtual machine based desktop deployment or need to do anthing additionally to achieve.

    • #10 by Eddie Kwasnik on September 30, 2014 - 8:32 am

      Are you not seeing the desktop in the collection from one of the broker servers? Or is it not showing up on either broker?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: