Migrating RD Web and RD Gateway Roles

KB ID 0001406


I’ve got a job coming up to deploy some Duo two factor authentication into a clients RDS farm. To make things a bit easier for them I needed to migrate their RD Connection Broker. They had their Connection Broker, Gateway, and Web roles on one server, (which is not unusual, or incorrect). It turned out, that moving the Connection Broker, was going to be a major task, and it would be a lot easier to move the other two roles.


Note: Before deploying make sure you have the certificate ready to import (in .PFX format with a known password). If you are confused export the one from the old server. If you’re still confused use the search button above, I’ve written that procedure up before.

Moving the Gateway and Web roles is actually pretty simple to do, the process is, add the server to the RDS farm, ddd the Role, migrate the IIS settings. You can then repoint your firewall rules to the new server and remove the roles form the old one.

Build your new server, update it and join it to the domain.

Join Domain

Add the new server into the RDS deployment, (on one of the RDS farm members).

Add Server to RDS Deployment

You can (from one to the other servers in the RDS farm) now deploy the new role, I’m going to deploy RD Web Access first.

Add Rd Web Access

Search for, select, then add the new server > Next.

Add Rd Web Access Server


Add Rd Web Access Server

The new role will be deployed, (time for a coffee?).

Add Rd Web Access Server

Select  ‘Configure Certificate’.

Add Rd Web Access Server

Your newly added role will say ‘Error’ > Select it > ‘Select existing certificate’.

Set RD Web Certificate

Browse to the certificate > Supply the password > Tick ‘Allow the certificate to be added to the Trusted Root……’ option > OK.

Import RD Web Certificate

When the display changes to ‘Success’ > Apply > OK.

Imported RD Web Cert Sucessful

Now you can add the other RDS Server(s) into the Server Manager console on the ‘new’ RDS server.

Add OLD Servers to New Server RDS Deployment

Now to ‘migrate’ any custom IIS settings, download the web Deploy Tool, either directly fromMicrosoft,

IIS Web Deploy Tool

Or you can deploy from the Web Platform Installer.

Migrate IIS

Then to migrate all the IIS settings issue the following commands;

CD “C:\Program Files (x86)\IIS\Microsoft Web Deploy V3”

msdeploy.exe -verb:sync -source:webServer,computername={Source-Server-IP} -dest:webServer,computername={Destination-Server-IP}

RDS Web Migraiton IIS

Repeat the process for the RD Gateway Role

Add RDS Gateway

Related Articles, References, Credits, or External Links


Author: PeteLong

Share This Post On


  1. Hi,

    Do you only need to migrate the IIS settings if they have been changed from the default ? I want to move the RDWeb role from one server to another is a matter of just adding the new one and then removing the old one ?


    Post a Reply
    • No you don’t and if you’re sure nothings being changed then don’t worry about it, but if theres a likelihood that someone has messed around with it, you just never know, so better safe than sorry.

      Post a Reply
  2. Really nice guide, works like a charm!

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *