As we know, RD Connection Broker is the brain of the RDS deployment which is responsible for directing clients to an available RD Session Host, reconnecting to existing sessions. It manages all session collections and published RemoteApps. It distributes the RDS configuration among the farm members. Having a single RD Connection Broker server creates a single point of failure. Back in 2008 R2, connection broker had a big disadvantage. We was able to configure High Availability but only as active / passive. Second server was used only when the first server failed. This provided high availability but not scalability. This is not the case any more (That was changed in RDS 2012) and now we can have multiple ative connection brokers in a single RDS environment.
Enabling Connection Broker HA is a one way ticket. Once a RD Connection Broker HA configuration is done, you cannot revert back without decommissioning the whole RDS configuration so be aware of it.
When RDS is configured, you will notice that there is a small database on RD Connection Broker server located in C:\Windows\rdcbDb
Database contains information about the farm and because it is stored locally on this machine there is no way for other Connection Brokers to access, read or modify it. For us to make RD Connection Broker highly available we need to move this database to SQL server so that other RD Brokers can talk to the database.
Prerequisites
- Be sure to add second connection broker to All Servers in Server Manager (on your primary RDCB) so that you can manage it from there.
- Create Active Directory Security Group and add all your Connection Broker servers to it. We need this group to be able to convert the RD Connection Broker to a highly available RD Connection Broker.
- Configure the DNS Round Robin using the IP address’s of the Connection Brokers.
- SQL server is a must. I will run this on SQL 2016. Be sure to pre-create a folder to store the SQL database files on SQL server if you are not planing to use SQL default path. Give RD Connection Brokers full access on the folder.
- Ensure that all RDCB Servers have the SQL Server Native Client Installed
Let’s get started.
- Add second connection broker in the All servers list in Server Manager
- Create new security group in AD and add both RDCB servers in it. In my case ,RD Connection Brokers. Reboot RD Connection Broker servers.
- Next step is to create new host record in DNS. It will be used for DNS round robin for the broker servers. In my case I am using the DNS name of RDSFarm
- Let’s configure the SQL Server. Check if TCP/IP is enabled under Client Protocols. SQL Server 2016 install enables this by default, but check it just to be sure, especially if you use an existing SQL Server.
Click on Protocols for MSSQLSERVER and be sure that the TCP/IP is enabled.
Be sure that port 1433 is not being blocked by Windows Firewall. I added new rule SQL Server with port 1433 to the exception list to allow all inbound traffic.
When that is done, open SQL Management Studio –> expand Security and right click on Logins –> New Login
Click on Search
Change Object Types to Group, change Locations to Entire Directory and Add RD Group. Once Done, click OK
On Login – New Wizard, Click Server Roles and mark dbcreator. Click OK
We have granted the RDS Connection Broker server the right to create databases.
We need this because the RDS Connection Broker service will try to migrate from WID (Windows Internal Database to a (high available) SQL Server instance when we convert the Broker to a high available broker.
- Our next step is to install SQL Client on all RD Connection Broker servers so that they can communicate with the SQL Server. I have sql iso file on both RDCB Servers. Start SQL server installation and add Client Tools Connectivity.
Everything should be in place now so let’s convert the RD Connection Broker to HA.
In Server Manager click on remote desktop service node -> Overview –> Right-Click on RD Connection Broker and select Configure High Availability
Before you begin wizard will pop-up. Click Next
On Configure RD Connection Broker for HA page, click on Dedicated database server and click Next. Choose second option (Shared database server) if you manually created database on sql server.
On Configure RD Connection Broker for HA page, type in the DNS Round Robin name, Connection String and where you want to store the database.
DNS Name: RDSFARM.mehic.se
Connection String: DRIVER=SQL Server Native Client 11.0;SERVER=<name of SQL server>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=<name of database>
Folder path: C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA
Once done, click next
On Confirmation Page, click Configure
And if everything is configured properly you should see Succeeded. Click Close
The RD Connection Broker is now in High Availability Mode which we can see in Server Manager Overview
Before we continue let’s go back to our SQL server to check if database is created.
Expand Security –> Double-Click on your connection broker login and under User Mapping click on RDS database and give db_owner permission. Once done click ok
Now we are ready to add second Connection Broker server. Go to Server Manager –> Remote Desktop Services, right click on RD Connection Broker and choose Add RD Connection Broker Server to add your new broker server
On Before you begin page, click Next
On Select a server page, select your Connection Broker server and click Next
On Confirm selections page, click ADD
Once the configuration is completed, we will now need to re-apply the certificates for Single-Sign On and Publishing. This certificate will be required on all broker servers. Select the option Configure certificate
Deployment Properties wizard will pop-up. You can see that status is showing Error. This is because I already pre-created my certificates. Click Select existing certificate
Locate the certificate, enter the password and select the checkbox to allow the certificate to be added to the Trusted Root Certification Authorities certificate store on the destination computers and hit OK.
Hit Apply to assign the certificate and you will see Success. Do the same for Publishing. Click on OK and close the wizard.
The RDS Farm is now configured with two highly available RD Connection broker servers.
If you would like to change RD Management server you can do it under tasks –> Select RD management server.
That’s it. In the next posts we will continue with our RDS Deployment and add additional session host and configure RD Gateway.
Thanks for reading.
Cheers,
Nedim
A very nice instruction indeed. Thank you.
I’ve set this up in Windows 2012 R2 the same way. Something I want to address is that Microsoft wants to put both the main database file and the log file in the same folder. Most larger enterprise implementations of SQL Server tend to put .mdf and .ldf on different disks. You might want to change having both files in the same folder. To do so set database offline move the log file to the correct disk and folder then change the path to the file in database properties.
LikeLike
Hi Peter, Thank you for reaching out. That is true. Usually you are going to put those on separate drives because of performance. Having them on the same drive will make writes much slower especially if you have databases that are heavily used. Just to point that databases that are lightly-used will not cause IO performance problems but if organization is already separate .mdf and .ldf files then it is good to keep the same scheme.
Best Regards,
Nedim Mehic
LikeLike
I like your site a lot for your information and articles and also your thoughts they very useful to us.The excellent material you have, Thank you so much for it. You made a good site and also you sharing the best information on this topic.
LikeLiked by 1 person
Hello,
Thank you for the kind words, I really appreciate it.
LikeLike
Great article, many thanks for sharing the knowledge and for those RDS Standard posts, I design the entire RDS solution for my client based on your articles.
⋆⋆⋆⋆⋆ for great work,
Cheers,
Philippe
LikeLike
Thanks Philippe, I appreciate it.
Cheers,
Nedim
LikeLike
As always, Great post. Congrats.
If you want to bring the High Availability to the whole solution, you must think in deploying SQL Always On Cluster.
If you are installing the SQL Always On remember to assign permissions at Security – Logins on both SQL Servers.
Regards.
LikeLike
Hi David,
Thanks,
I know, When you are configuring Broker HA you are moving single point of failure from broker to sql server and if that goes down no one will be able to connect. The whole HA solution will require SQL HA as well.
Problem here is that organizations will try to avoid high SQL costs and because of that they will use one sql server and implement good backup solution for example Veeam. With Veeam you can start SQL on replica server and on that way minimize downtime while you are restoring primary SQL. I have seen this.
If organization cannot afford downtime then sql HA is a must.
Cheers,
Nedim
LikeLike
You are awesome. I don’t know how many times I can say thank you for this post. Great explanation. I am looking forward to RD Gateway setup with RD Broker HA. Keep up with good work.
Cheers,
John
LikeLike
Thanks John,
Cheers,
Nedim
LikeLike
Hi Nedim,
I’m having problems trying to bring High Availavility to User Profile Disks. Because all my environment is Vmware and I can’t implement Scale Out File Server easy way.
Do you Think that I could accomplish this customer requirement with Veeam Replicas on the File Server VM that contains the UPD share?
Thanks.
LikeLike
Hi David,
SOFS would be the best option but if you are not able to configure it Veeam Replication can help if you tolerate downtime. If something happens with primary server you can start it on replica. If you are going to use Veeam be sure to replicate very often to minimize data loss.
Cheers,
Nedim
LikeLike
Great post Nedim, Excellent explanation especially that you include reboot Connection broker servers which is not the case in many guides about HA.
Regards,
Carlo
LikeLike
Thanks Carlo
Cheers,
Nedim
LikeLike
Hi Nedim,
Many thanks for sharing the knowledge. Please tell me when will gateway part be available? We are in process of deploying gateways with conenction broker high availability 🙂
Regards,
Gabriel
LikeLiked by 1 person
Thanks this really helped me a lot. Much appreciated.
5 STARS for the effort.
LikeLiked by 1 person
Great walkthough, Nicely explained, well done !!! thank you
LikeLiked by 1 person
The whole HA solution will require SQL HA as well. Hi David,
Thanks,
I know, When you are configuring Broker HA you are moving single point of failure from broker to sql server and if that goes down no one will be able to connect.
LikeLike
Great Post Nedim, well done 🙂
LikeLike
The whole HA solution will require SQL HA as well. The whole HA solution will require SQL HA as well.
LikeLike
Hi Nedim,
Thank you very much for RDS posts and specially for broker HA. I really like the way you posting and describing it and that you provide all necessary steps not only half solution.
Best Regards,
Kemal
LikeLike
Hi Nedim,
Great thank you for the post! It’s very usefull. But one question is still undiscovered. When to put the roles on different servers or collocate them? As far as i know there can be more than three RDCB in the deployment. So in theory, it’s possible to collocate RDSH and RDCB on all servers. What is the recommendation about that?
Thank you in advance!
LikeLike
Problem here is that organizations will try to avoid high SQL costs and because of that they will use one sql server and implement good backup solution for example Veeam. The whole HA solution will require SQL HA as well.
LikeLike
Many thanks for this post Nedim
LikeLike
Great post and explanation Nedim. Please continue with RDS posts.
LikeLike
Great article! I installed the SQL database path on a SOFS (HA). The actual SQL server is installed on one of the brokers. Is that enough to keep things going if the broker with the SQL server installation dies? Will the other broker still be able to access the SQL database on the SOFS?
LikeLike
Perfect post Nedim, many thanks
LikeLike
Thank you so much for broker ha post.
LikeLike
Please continue with remote desktop services Nedim, great work so far
LikeLike
Great guide, thanks
LikeLike
Thank you Nedim, great post
LikeLike
Hello All,
I get this error when configuring HA Broker
DRIVER=SQL Server Native Client 11.0;SERVER=itgdls-svrds02;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=BD_Broker
Error:
la base de données contenue dans la chaine de connexion n’est pas disponible depuis le serveur service briker.
SQL is installed on the same server like broker and configurations have been done.
Thanks a lot for your return.
Ngoug
LikeLike
Hi,
I usually never install sql and broker on the same server and to be honest I never did it. Just to check, did you create AD group and added broker servers to it? Did you reboot brokers after adding them? Next take a look at permissions in sql, did your broker ad group have required permissions? Check the path to the sql as well in connection string
LikeLike
Hi,
I found a solution by modifing the chaine
DRIVER=SQL Server Native Client 11.0;SERVER=itgdls-svrds02;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=BD_Broker
by
DRIVER=SQL Server Native Client 11.0;SERVER=itgdls-svrds02;Trusted_Connection=No;APP=Remote Desktop Services Connection Broker;DATABASE=BD_Broker;user:”domain\username”;password:”password of username”
So i used Trusted Connection to “No”
LikeLike
Hi to all,
i have another issue.
My target architecture:
2 servers RDWA
2 servers RDCB
2 servers RDLS
2 servers RDSH
After making broker high available, i encounter a problem to publish remote app on session host farm(rdsh1 and rdsh2). explanation:
* i publish notepadd++ on RDSH1 and test:
– connect to RDWA farm , notepad++ appear on the list of app and run it: Good
– shutdown the RDSH1 and connect the RDWA farm, notepad++ to the list of publised application but when click on it, i get an error
I asked me a question and found that i need to install notepad++ to RDSH2 too to give it high available on the two RDSH but while installaing notepadd++ on RDSH2, i get the error that i cannot install the same application on RDSH1 as it already exists.
So why can i do to make an application high available on all RDSH hosts.
Thanks you for your reply.
LikeLike
Hi to all,
I have another issue.
My target architecture:
2 servers RDWA
2 servers RDCB
2 servers RDLS
2 servers RDSH
After making broker high available, i encounter a problem to publish remote app on session host farm(rdsh1 and rdsh2). explanation:
* i publish notepadd++ on RDSH1 and test:
– connect to RDWA farm , notepad++ appear on the list of app and run it: Good
– shutdown the RDSH1 and connect the RDWA farm: Notepad++ appears to the list of published applications but when click on it, i get an error
I asked me a question and found that i need to install notepad++ to RDSH2 too to give it high available but while installing Notepadd++ on RDSH2, i get the error that i cannot install the same application on RDSH2 as it already exists on RDSH1.
So why can i do to make an application high available on all RDSH hosts.
Thanks you for your reply.
LikeLike
Hey Nedim
Just a question with the DNS round robin. Do you point the records to the IP of the connection broker or the session hosts? For example if I have 1 connection broker and 2 Session host machines for scalability if I point DNS to the connection broker machine RDP fails to the session host as the RDP connection attempts to connect remotely to the Broker machine rather than the session host machines.
So does this change if you have high availability? Also how does it work if we also have clients connecting externally through a direct RDP connection?
Thanks
LikeLike
Hi Ross,
Starting in server 2012 you point users to the RD Connection Broker instead of the session host server like in 2008 R2 so use broker ip address. If your collection is named RDSFARM then create a new dns record named rdsfarm and point it to connection broker. Users will normally use RD Web Access to connect to session hosts but if you have users that need to use built-in rdp client then you need to specify default collection in registry settings. Before you go and specify default collection you will need to open rd web access and download the rdp file. Once you download it you will need to edit it and copy the value of loadbalanceinfo, example (tsv://MS Terminal Services Plugin.1.SKG) When you have the value then open regedit on your broker server and browse to HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings
and create a new registry setting
Name: DefaultTsvUrl
REG_SZ
and paste in the value from rdp file
All of this will be explained in part 7 session host load balancing which will be available soon. Before part 7 I will post rd web access sso and high availability and this part is done and will be available next week.
LikeLike
Thanks Nedim
TBH this is doing my head in. I have tried this a thousand times now but I keep getting errors when trying to setup HA. I follow all the steps exactly in regards to creating the SQL instance and the AD security group and giving that group dbcreator access and checking SQL was using port 1433 however it just keep failing when trying to create the database from the connection broker machine. I also tried just creating a database and then using the shared database option in connection broker but I am not sure of the format for the connection strings here.
on the connection broker event log I get the error: Database is offline?
LikeLike
Hi Ross,
I saw this issue one time and problem was that NT AUTHORITY\NETWORK SERVICE was used for db creation instead of active directory group that I created. Try to give network service access to sql sever and the same permissions that you give to your ad group and give access to the folder (if you created your own to store db on sql server)
LikeLike
Thanks, it actually randomly just worked, I didn’t change anything at all but it suddenly worked. However now when trying to add a new Connection Broker Server its telling me that the new server is unable to connect to the database. I have turned the firewall off. DNS works. Tested a native client connection from the new machine with a .udl connection and it works fine.
it tells me the database in the connection string is not available from the second connection broker machine
LikeLike
Update on last comment. The install says failed. however in the event log on the second broker machine there is event logs saying that the connection to the database has been restored and all RDS deployment services are working correctly. But it does not show in the deployment servers on the original broker machine..very confusing
LikeLike
Nice article: 2 items to add: When someonoe using SQL Express, make sure SQL Browsing is etup on Automatic and started. 2nd: when adding 2nd Broker, it fails: because the RD Connection Broker Group only is DB creator. You should give the group also DB Owner group afterwards, otherwise the 2nd broker fail.
LikeLike
Just a note for anyone who may see this. If your using the ODBC 13.0 driver use driver=ODBC Driver 13 for SQL Server
LikeLike
Hi Dave,
Thnx, I will update the post.
LikeLike
Attractive section of content. I just stumbled upon your website and
in accession capital to assert that I get actually enjoyed account your blog posts.
Anyway I will be subscribing to your augment and even I achievement you access
consistently rapidly.
LikeLike
Hi Nedim,
What will happen if the SQL server fails? The RDCB HA still working when the SQL server doesn’t?
LikeLike
These RDS posts are gold mine. Thank you so much.
LikeLike
Hello to all,
I have a strange issue on windows server 2016 broker in HA.
I have 2 HA brokers, every money, user have are not able to connect with this error:
1) error 1296
Remote Desktop Connection Broker Client failed while getting redirection packet from Connection Broker.
User : xxx\yyyy
Error: Remote Desktop Connection Broker is not ready for RPC communication.
2) error 1306
Remote Desktop Connection Broker Client failed to redirect the user BTL\tst879.
Error: NULL
To resolve the issue, I uninstall and reinstall the broker.
How can i fix this???
Tnahk you for your help
LikeLike
I uninstall again , reconfigure and test: it was OK.
Reboot again all the rds servers and after, users was enable to redirect by broker.
Error:
The same as above.
LikeLike
Finally, I added a WFP exception for RDS Connection Broker to connect to SQL UDP port 1434 following the link below: https://gallery.technet.microsoft.com/Add-a-WFP-exception-for-9c719d6a#content
LikeLike
Solution: I had to use the port in the string (despite it was the default port):
DRIVER=ODBC Driver 17 for SQL Server;SERVER=SQLListener\DBcollection1,1433;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=RDSBrokerHA
LikeLiked by 1 person
I have a problem with a RDS 2016 platform with 2 brokers and 3 sessions collections. Since two weeks, one session collection expirienced a problem, the users cannot open their session. The broker log error 802: Cannot create another system semaphore.
I finally create another collection and migrate the same session host servers but the error can occur again.
How can i fixed it finally.
Thanks for your return.
LikeLike