This article covers the process of migrating the Remote Desktop Connection Broker and RDS Web Access roles to another server. This scenario can be used when you want to migrate RDS roles to a new version of Windows Server or transfer key RDS roles to other servers. In this example, we will migrate the RD Connection Broker role from a Windows Server 2012 R2 host to Windows Server 2019, and also address the specifics of migrating the RD Web Access role.
You can purchase original Windows Server product keys from our store from 10.80 €
Windows Server installers can be downloaded from our catalog.
Compatibility Limitations for Windows Server Versions in an RDS Farm
– When upgrading Windows Server versions, start with the host running the RD Connection Broker role.
– If you are using a high-availability RD Connection Broker role, keep one host with this role in the cluster, upgrade its Windows Server version, then upgrade the other servers and add them back to the cluster.
– An RDS farm can include RDSH hosts with different Windows Server versions (2019/2016/2012R2), but it is recommended to use hosts with the same Windows Server version within a single RDS collection.
– Servers running earlier Windows versions can use a Connection Broker on a newer version (e.g., RDSH hosts on WS2012R2 and WS2016 can use an RD Connection Broker on WS2019, but not vice versa).
– Ensure you install the RDS licensing server on the newer version and activate new RDS CALs when upgrading Windows Server versions on RDSH hosts.
Step 1: Preparation
In this scenario, we have two RDS servers running Windows Server 2012 R2:
– Rds2 – with RD Connection Broker, Web Access, and RDSH roles.
– Rds1 – with the RDSH role.
We will use PowerShell to migrate the settings. You can view the current RDS role distribution using Server Manager or PowerShell:
Get-RDServer
Step 2: Preparing the New Server
Prepare a new host with Windows Server 2019 and install the RD Connection Broker and RD Licensing roles (if needed).
To export/import RDCB settings, use the ExportImportRdsDeployment module from PowerShell Gallery.
By default, RDCB uses a local SQL database (Windows Internal Database) to store settings, located on the RD Connection Broker server’s local disk in the C:\Windows\rdcbDb\ directory.
Install the module from the PowerShell Gallery (you can also install the module offline):
Install-Module ExportImportRdsDeployment -Force
Import-Module ExportImportRdsDeployment
If Windows Management Framework 5.1 (which includes Windows PowerShell 5.1) is not installed on Windows Server 2012 R2, you will encounter the following error when running the command: “Install-Module : The term ‘Install-Module’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.”
Download and install KB3191564 to update PowerShell to version 5.1.
If you encounter the error Install-Module: Unable to download from URI, enable TLS 1.2 for connectivity:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Step 3: Exporting Settings from the Current Server
Export the RDS collections to an XML file:
Export-RDCollectionsFromConnectionBroker -ConnectionBroker localhost -XMLFile c:\ps\rdsoldcol.xml –Verbose
Now export the RDS configuration, including the list of servers in the deployment:
Export-RDDeploymentFromConnectionBroker -ConnectionBroker localhost -XMLFile c:\ps\rdsdeployment.xml -Verbose
If wildcard certificates are used, export them in .pfx format with a password.
Step 4: Importing Settings to the New Server
Copy the XML files to the new Windows Server 2019 server. Install the ExportImportRdsDeployment module on the new server:
Install-Module ExportImportRdsDeployment -Force
In this example, we are migrating the RDS configuration without certificates, so non-existent certificate files are specified. If your RDS deployment uses certificates, provide the correct paths and passwords.
Run the following commands:
$RDGatewayCertPath = "C:\\Temp\\noсert.pfx"
$RDWebAccessCertPath = "C:\\Temp\\noсert.pfx"
$RDRedirectorCertPath = "C:\\Temp\\noсert.pfx"
$RDPublishingCertPath = "C:\\Temp\\noсert.pfx"
$RDGatewayCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDWebAccessCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDRedirectorCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
$RDPublishingCertPassword = ConvertTo-SecureString -String "nopass" -AsPlainText -Force
Import-RDDeploymentToConnectionBroker -ConnectionBroker localhost -XmlFile c:\ps\rdsdeployment.xml -RDGatewayCertPath $RDGatewayCertPath -RDGatewayCertPassword $RDGatewayCertPassword -RDWebAccessCertPath $RDWebAccessCertPath -RDWebAccessCertPassword $RDWebAccessCertPassword -RDRedirectorCertPath $RDRedirectorCertPath -RDRedirectorCertPassword $RDRedirectorCertPassword -RDPublishingCertPath $RDPublishingCertPath -RDPublishingCertPassword $RDPublishingCertPassword -Verbose
If your RDS deployment does not use certificates, you will see a warning about missing certificate files. Ignore this error.
Run the Get-RDServer command to verify that the RD Connection Broker role is now on the new server.
Import the RDS collections:
Import-RDCollectionsToConnectionBroker -ConnectionBroker localhost -XmlFile "C:\PS\rdsoldcol.xml" -Verbose
Step 5: Removing Old Roles
Remove the RDCB role from the previous server (Windows Server 2012 R2) using Server Manager or the following command:
Remove-WindowsFeature RDS-Connection-Broker
Step 6: Migrating RD Web Access
If you are migrating the RD Web Access role to a server with a different Windows Server version (e.g., from Windows Server 2012 R2 to Windows Server 2019), you need to manually migrate the settings.
1. Install the RDS-Web-Access role on the new server:
Install-WindowsFeature RDS-Web-Access
2. Use Microsoft Web Deploy to migrate RDWeb site settings. Download and install the WebDeploy_amd64_en-US package on both the old and new servers. Then run the following commands:
For offline migration of site settings:
cd "C:\Program Files (x86)\IIS\Microsoft Web Deploy V3"
On the source server:
msdeploy -verb:sync -source:apphostconfig="Default Web Site" -dest:archivedir=c:\ps\rdweb
On the destination server:
msdeploy -verb:sync -source:archivedir=c:\ps\rdweb -dest:appHostConfig="Default Web Site"
3. Verify that all custom IIS settings, including the expired password change form for RD Web Access, have been successfully migrated.
This article outlined how to migrate the RD Connection Broker and RD Web Access roles from one server to another using PowerShell and Web Deploy. This process is useful when upgrading servers or relocating key RDS roles to new servers.
