KB ID 0001406
Problem
I’ve got a job coming up to deploy some Duo two factor authentication into a clients RDS farm. To make things a bit easier for them I needed to migrate their RD Connection Broker. They had their Connection Broker, Gateway, and Web roles on one server, (which is not unusual, or incorrect). It turned out, that moving the Connection Broker, was going to be a major task, and it would be a lot easier to move the other two roles.
Solution
Note: Before deploying make sure you have the certificate ready to import (in .PFX format with a known password). If you are confused export the one from the old server. If you’re still confused use the search button above, I’ve written that procedure up before.
Moving the Gateway and Web roles is actually pretty simple to do, the process is, add the server to the RDS farm, ddd the Role, migrate the IIS settings. You can then repoint your firewall rules to the new server and remove the roles form the old one.
Build your new server, update it and join it to the domain.
Add the new server into the RDS deployment, (on one of the RDS farm members).
You can (from one to the other servers in the RDS farm) now deploy the new role, I’m going to deploy RD Web Access first.
Search for, select, then add the new server > Next.
Add
The new role will be deployed, (time for a coffee?).
Select ‘Configure Certificate’.
Your newly added role will say ‘Error’ > Select it > ‘Select existing certificate’.
Browse to the certificate > Supply the password > Tick ‘Allow the certificate to be added to the Trusted Root……’ option > OK.
When the display changes to ‘Success’ > Apply > OK.
Now you can add the other RDS Server(s) into the Server Manager console on the ‘new’ RDS server.
Now to ‘migrate’ any custom IIS settings, download the web Deploy Tool, either directly fromMicrosoft,
Or you can deploy from the Web Platform Installer.
Then to migrate all the IIS settings issue the following commands;
[box]CD “C:\Program Files (x86)\IIS\Microsoft Web Deploy V3”
msdeploy.exe -verb:sync -source:webServer,computername={Source-Server-IP} -dest:webServer,computername={Destination-Server-IP}[/box]
Repeat the process for the RD Gateway Role
Related Articles, References, Credits, or External Links
NA
Hi,
Do you only need to migrate the IIS settings if they have been changed from the default ? I want to move the RDWeb role from one server to another is a matter of just adding the new one and then removing the old one ?
Thanks
No you don’t and if you’re sure nothings being changed then don’t worry about it, but if theres a likelihood that someone has messed around with it, you just never know, so better safe than sorry.
Really nice guide, works like a charm!