Thursday, April 5, 2012

How to configure High Availability for RD Connection Broker on Windows 8

In a previous blog post (Better HA on de RDCB) I wrote a quick feature highlight of the new High Availability options for RD Connection Broker on Windows Server 8 (Beta). I promised to write a more detailed blog post on how to actually set this up. So here it is!

The process for setting up a highly available (HA) RD Connection Broker has changed and improved a lot in Windows Server 8 (Beta). As also seen in my previous blog post on this, a wizard has been added to the new server manager to guide you through the process of setting up the HA and adding new RD Connection Broker servers.

Prerequisites
Before we start to configuration, I’ll quickly sum up the prerequisites. At this point we assume that there is a RD Connection Broker already in place (e.g. during the setup of a quick deployment). The prerequisites for High Availibility for the RD Connection Broker are:

• A Microsoft SQL Server with write permissions granted to all RD Connection Broker servers that will be part of the deployment

• The Microsoft SQL Server Native Client is installed on all RD Connection Broker servers that will be part of the deployment

• Static IP addresses have been assigned to all RD Connection Broker servers that will be part of the deployment

• DNS resource records with a single DNS name have been created for all RD Connection Broker servers that will be part of the deployment

Step 1. Preparing the Broker for HA

Before adding a second server with the RD Connection Broker role we need to prepare the current RD Connection Broker for HA. Which means that during this process, the wizard will create a central database on a central MS SQL Server instance and will transfer the configuration to this database.

We open the Server Manager on the machine that is currently holding the RD Connection Broker Role and we navigate to “Remote Desktop Services” and then “Overview”. We right-click the RD Connection Broker and choose “Configure RD Connection Broker for HA”.



On the "before you begin" screen the previously discussed prerequisites are summed again, we press “Next”. On the “Configure High Availability” screen we enter the details of the HA setup.


We need to specify the following parameters:

Database connection string
The wizard will use this string to create the database. Pay close attention to the format of the string. Copy the string below and change only replace the <name of SQL server> and <name of database> values.

DRIVER=SQL Server Native Client 10.0;SERVER=<name of SQL server>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;Database=<name of database>

Folder to store databasefile
Here we need to specify the folder on the SQL Server where we want the databases to be stored. For demo purposes I placed in C:\RCDB, but in most environments you will probably use an existing HA SQL environment and enter the desired values. Note that we specify the location for the .mdf as well as the .ldf file, so no separation there. However, you should be able to change that in using SQL Server manager after the installation.

DNS Resource Record name
Here we specify the DNS name that we want this HA RD Connection broker farm be accessible on.  For this demo I used rdcb.lab.local

We click “Next” and click “Configure” on the confirmation page. Shortly after that we get the confirm that the configuration has succeeded.


 A database is created on the SQL Server we specified.


Remember that this was just step 1. We now have prepared the current RD Connection Broker for HA purposes.


Step 2. Adding a RD Connection Broker

As the next step we will add a new RD Connection Broker to the HA setup we just created.

We go back to the server manager and we now have the option available “Add Connection Broker Server”.


After clicking next on the prerequisites page we are presented with the screen below. We select the server that we want to add as a RD Connection Broker and click next. (Please remember that before we are able to add a server here that server must be added to the Server Manager to be able for it to configure it).


We click “Add” on the confirm dialog and the wizard will remotely install the RD Connection Broker on the server we selected and add it to HA environment.

And that’s it!

We are now able to remotely connect to the DNS farm name (rdcb.lab.local) we created by using mstsc. An initial connection (as seen here) will be hosted by one of the active RD Connection Broker servers and we get be redirected to one of the RD Session Host Servers in the Session Collection! (And of course this also works in conjunction with the RD Gateway and RD Web Access).


Conclusion
Windows Server 8 (Beta) supports a true active-active HA solutions for the RD Connection Broker  Big improvement !

27 comments:

  1. Ok, I am at this again after taking the weekend off… I am 100% sure that I will run into the same problem so let me know where I am going wrong. When I go to setup the RDCB-HA i have to set a client access name which is “farm.publicdomain.net”. I also need to create DNS records so that this resolves somewhere… I know in 2008 the RDS farm functioned as follows:

    1. Client is sent directly to RDSH (because of DNS RR)
    2. Client is directed to query the RDCB for load and availability
    3. Client is connected to final RDSH

    The huge flaw in this is that if one RDSH was down, and DNS RR sent you to that server you would be out of luck. Also, if that server was down for maintenance you would get a connection error and again be out of luck.

    My understanding is that the initial connection goes to the RDCB first so that the client does not get stuck at an RDSH that is offline or in maintenance mode. Upon the initial basic setup of the 2012 farm, I can see that after the gateway, the RDP connection was being sent directly to the name of the broker server. Keep in mind that today the gateway, broker and web services all run on (1) server, and i have (2) RDSH servers.

    So, when i setup my DNS record internally for farm.publicdomain.net I assume that it needs to be pointed at the broker server. However that gives me an error that I do not have permission to connect (which is correct) as nobody should actually make and RDP connection to the broker desktop. So where should farm.publicdomain.net resolve to? Should it be the RDSH servers? Will 2012 then use DNS RR between the (2) RDSH servers and potentially send a client to a server that is in maintenance mode?

    Any help is appreciated!

    ReplyDelete
  2. Hi Damian,

    You are connect the farm.publicdomain.net should point to your RD Connection Broker server(s). And yes, normally a end user would obviously get a access denied when trying to directly RDP to the RD Connection Broker. However, a RDP parameter is passed upon a user connection so that the RD Connection Broker knows that this end user wants to connect to a RD Session Host as part of a Session Collection. More details on this:

    http://microsoftplatform.blogspot.nl/2012/04/rd-connection-broker-ha-and-rdp.html

    Kind regards,
    Freek Berson

    ReplyDelete
  3. Hey Freek,

    What happens if the SQL server goes down? Does HA not function correctly in a scenario where both the SQL server and 1 of the brokers fails?

    I mostly ask because I want to have a few brokers distributed through a few sites in an mpls WAN type setup (think multiple regional offices) and if the mpls goes down in the head office it would be nice to have HA fail to a broker in a different region.

    ReplyDelete
  4. Hi Matt,

    As both the configuration data as well as the session data are stored in the SQL Server database, the availability of the database is crucial for correctly functioning. In other words, if the a RD Connection Broker cannot connect to the database no user can use the that RD Connection Broker to logon. Therefor making sure the SQL Server itself is also HA is very important. For more info on that, also see:

    http://microsoftplatform.blogspot.nl/2012/10/rd-connection-broker-ha-sql-server-2012.html

    ReplyDelete
  5. Thanks so much Freek!

    I figured there had to be a sql HA componant I just didn't find it right away.

    Great blog by the way.

    ReplyDelete
  6. Thanks Freek ,

    For some reason we need to remove connections Broker high availability feature from RDS 2012 . I am able to remove 2nd RD Connection broker Server from RDS management but still RD connection broker is in (High Availability Mode) .
    Please guide me that how to remove connection broker high Availability

    ReplyDelete
  7. Hi Freek

    Can i trouble you to please explain the HA aspect as im drawing a blank.

    If i have 2 brokers and DNS RR points to both and one is down for maintenance. How does HA work??

    Also with a single broker. Do i still always connect to the broker from the RDP client rather than directly to a session host.

    Thanks

    ReplyDelete
  8. Hi Graham,

    DNS RR obviously does not "know" about RD Connection Broker servers being down as DNS RR is not a load balancing technique but more of a load spreading technique. If you use DNS RR, prior to putting the RD Connection Broker down for maintenance, remove it from the DNS. True load balancing could be created by making use of for example hardware load balancers in front of your RD Connection Broker servers (or software options like NLB).

    Yes, with a single broker you still point the client to the broker to do the initial connection. Make sure the .RDP files you use contain the right RDP properties (as shown here: http://microsoftplatform.blogspot.nl/2012/04/rd-connection-broker-ha-and-rdp.html) Also, in a single broker environment I would still recommend to do the prepare for HA step to put the database on a central SQL server and be able to manager the DNS name easier.

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete
  10. Hi Freek

    first of all, great blog you have here, allready learned allot from it.

    Ok here is my issue: with 2012 came CB's in active/active mode. Why is there still an option in my setup that i can change the active to another server.So it is still an active/passive setup. or have i perhaps missed something during my setup?

    Also when i have 2 connection brokers in HA, and i turn the 'active' one off, my entire farm is unavailable. DNS RR is configured correctly. Any idea on what could be wrong?

    ReplyDelete
  11. Hi Kevin,

    Thank you for your kind words, glad you like the blog!

    About your question, the RDCB is definitely active-active. I think what you are referring to is the option inside the server manager console (deployment overview) to change the active RDCB. although the naming suggests it, this has nothing to do with the RDCB being HA from an enduser perspective. What the option does is change the RCCB server which accepts your configuration changes via PowerShell. If you have done RDS 2012 configurations via PowerShell you might have noticed that with many commands you need to specify a RD Server. What you specify in the GUI as the "Active RDCB" server is the RDCB server that will accept configuration changes via PowerShell.

    About your second questions. If you setup RDCB HA with 2 RDCB servers then yes you will have a full RDCB HA. However, you would still need to point users who are connoting to a RDCB server, preferably using load balancing. When you use DNS RR you rely on DNS to balance the load. However, DNS RR does not check whether a RDCB server is offline or not. It just returns a RDCB server in a round robin principle. So if one of your RDCB servers is down, the DNS RR mechanism would still send requests to both RDCB servers, which causes errors for users who are routed to the RDCB server that is down. This is separate from RDCB HA, and would happen with any service you would publish using DNS RR. To overcome this in stead of DNS RR, use a real load balancer (hardware or software) which is able to test if the RDCB service is up.

    Does that make sense?
    If you have any other questions, feel free to contact me. Or e-mail me directly.

    Kind regards,
    Freek Berson

    ReplyDelete
  12. Hey Freek,

    Nice work here.
    I want to implement a load balance solution to avoid the DNS RR syndrome, however, I don't have any experience doing so. I'd like to use MS's solution, so do you have any recommendations for the solution itself and/or any blog references I can delve into?

    ReplyDelete
  13. Hi Alan,

    Thanks!
    There are many hardware / software load balancers out there. I've been doing some testing with KEMP, wrote a blog post on that few weeks ago here:

    http://kemptechnologies.com/blog/load-balancing-remote-desktop-services-web-access-gateway-with-kemp-load-master-for-azure/

    In that case it was a virtual Load Balancer, but KEMP has appliance models as well.

    ReplyDelete
  14. Hey Freek,

    Fantastic blog. Helped me out a lot. Got only one thing I can't figure out. In another post you mention the specific RDP connection info for the RDP file when connecting to a HA Farm. When I use this specific RDP file, it tells me that it can't validate the settings from the RDP file. There seems to be little information about the following line: loadbalanceinfo:s:tsv:
    Question is, what do I fill in with the following HA: brokers (2) available via farm.domain.com (RR) and the session collection is named: RDSH. I thought i'd use: loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.RDSH but that does not work. Can u please help me out here? THANKS

    ReplyDelete
    Replies
    1. Hi Gerrit,

      Thanks, glad you found the blog post interesting. The name depends to the number of Session Collection you have, and the name of your Session Collection.

      You can retrieve the exact name by for example signing up for the Remote Apps and Desktop using the RADC (Remote App en Desktops Connections) inside the control panel of by using the new Modern UI Remote Desktop App. More info: http://blogs.msdn.com/b/rds/archive/2012/12/10/remote-desktop-windows-store-app-working-with-remoteapp-and-desktop-connections-resources.aspx

      Then open the .RDP files created by the sign up (C:\Users\\AppData\Roaming\Microsoft\Workspaces\) and take a look at the value.

      Or open regedit on the connection broker and browse to

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\CentralPublishedResources\PublishedFarms\Wortell_Session\Applications

      Then open the key RDPFileContents of any of the Remote Apps, you'll find the value there too.

      If you only published a full desktop (not remote apps) search here:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\CentralPublishedResources\PublishedFarms\Wortell_Session\RemoteDesktops

      also the value RDPFileContents

      Best regards,
      Freek Berson

      Delete
  15. Cool, that worked for me! thanks a lot!

    ReplyDelete
  16. Hi Freek,
    I have two Windows 2012 RDS and I want to configure the load balance but I can not add the server to the load balance. When I try to the add RD session host, server list comes empty , how can I add the servers to the RD Session Host ?

    ReplyDelete
  17. Hi Ersoy,

    Please explain in more detail, what do you mean by "how can I add the servers to the RD Session Host"? Are you trying to add an additional RD Session Host to a Session Collection? Then you first need to add it to the deployment. If that's not your issue, please provide more details.

    Best regards,
    Freek Berson

    ReplyDelete
  18. This comment has been removed by the author.

    ReplyDelete
  19. Freek, fantastic blog. Was wondering what your recommendation would be on a few things.

    After setting up a test environment, I'm now moving on to build the production Server 2012 R2 Remote Desktop Services environment that we'll be migrating to from Citrix Xenapp 6.5. I have 2 Connection brokers set up in high availability mode, and 1 session host currently attached. I've also installed the RD Web Access on the Connection Brokers. Should I create separate servers for the Licensing and Gateway, or can I have the Web Access, Licensing, and Gateway roles on the 2 Connection Brokers, so that all four features are in High Availability mode? If I do add the roles to both CB servers through the RDSM, is there any additional setup I need to do to make these roles Highly Available? Our current environment has 140 users logged into the Citrix environment, so I'd like this to be properly sized for up to 200-250 concurrent connections. Thanks for any advice you may provide.

    ReplyDelete
  20. Hi Aaron,

    Glad you like the blog post!
    In theory, you could run all roles RD Web Access, RD Gateway, RD Connection Broker and RD Licensing on both servers. With the number of concurrent users you're mentioning that should work (if the servers have reasonable specs). However, do note that installing the RD Web Access, RD Gateway, RD Licensing on your RD Connection Broker HA setup does not imply that those new roles magically become HA too :) For RD Web Access and RD Gateway to become HA you should add some load balancing mechanism in front that can handle HTTPS traffic. This can be Hardware load balancer, software load balancer or even NLB or DNS RR (although I would not recommend those last two). Making the RD Licensing role "HA" basically means installing RD CAL's 50/50 on both servers and add both servers as a Licensing Server using the RDMS.

    If you have any additional questions, feel free to contact me via email!

    ReplyDelete
  21. I have got a problem, the command is not connecting to the SQL server. It is not sending a pakets to talk to the SQL server. I have tested the client and is working. Any HElp?

    ReplyDelete
  22. I have a problem and I would be greatful for any help, I've deployed RDS 2012 with RDCB with HA using DNSRR. I tried NLB and obtained same results...
    RDCB and RDSH roles are installed together on two 2012 Servers (NON R2) and deployed with Gateway and RDWeb Access. If one of the two RDCB + RDSH servers goes down, RDCB on the remaining server is not aware of that server going down and if someone was originally connected to downed RDSH, RDCB will continue to send the user the to that downed server, is there any configurations that allow RDCB to detect the downed server? I've waited over 30 minutes and tried to connect again, same situation. Any help would be greatly appreciated.

    ReplyDelete
  23. Hy, congratulations, your article is very good.
    I have a little problem, when I try create the database, I receive a message talking that is impossible. I have adjusted the permissions of SQL Server Express 2012, I have created a group in AD that include the machines of CB and I added the DATABASE CREATOR permission for this group and not worked.

    thanks a lot

    ReplyDelete
  24. Hi,Really very informative article.
    I need one suggestion, we have four connection broker configured in HA using DNSRR. Can we remove two connection broker from the HA without affecting existing environment as our current running environment very critical. Thanks in advance.

    ReplyDelete
  25. Hi,

    The challenge with DNSRR is that it does not check if RD Connection Broker servers are offline. So prior to removing the two RD Connection Broker servers make sure you remove them first from DNSRR and be VERY sure that no clients have cached DNS entries because that would still result in them being redirected to removed RD Connection Broker servers.

    ReplyDelete
  26. Hi Freek, can you please point me on how much sql db for connection broker is expected to grow? Thank you

    ReplyDelete