Migrating RD Web and RD Gateway Roles

KB ID 0001406

Problem

I’ve got a job coming up to deploy some Duo two factor authentication into a clients RDS farm. To make things a bit easier for them I needed to migrate their RD Connection Broker. They had their Connection Broker, Gateway, and Web roles on one server, (which is not unusual, or incorrect). It turned out, that moving the Connection Broker, was going to be a major task, and it would be a lot easier to move the other two roles.

Solution

Note: Before deploying make sure you have the certificate ready to import (in .PFX format with a known password). If you are confused export the one from the old server. If you’re still confused use the search button above, I’ve written that procedure up before.

Moving the Gateway and Web roles is actually pretty simple to do, the process is, add the server to the RDS farm, ddd the Role, migrate the IIS settings. You can then repoint your firewall rules to the new server and remove the roles form the old one.

Build your new server, update it and join it to the domain.

Add the new server into the RDS deployment, (on one of the RDS farm members).

You can (from one to the other servers in the RDS farm) now deploy the new role, I’m going to deploy RD Web Access first.

Search for, select, then add the new server > Next.

Add

The new role will be deployed, (time for a coffee?).

Select  ‘Configure Certificate’.

Your newly added role will say ‘Error’ > Select it > ‘Select existing certificate’.

Browse to the certificate > Supply the password > Tick ‘Allow the certificate to be added to the Trusted Root……’ option > OK.

When the display changes to ‘Success’ > Apply > OK.

Now you can add the other RDS Server(s) into the Server Manager console on the ‘new’ RDS server.

Now to ‘migrate’ any custom IIS settings, download the web Deploy Tool, either directly fromMicrosoft,

Or you can deploy from the Web Platform Installer.

Then to migrate all the IIS settings issue the following commands;

[box]CD “C:\Program Files (x86)\IIS\Microsoft Web Deploy V3”

msdeploy.exe -verb:sync -source:webServer,computername={Source-Server-IP} -dest:webServer,computername={Destination-Server-IP}[/box]

Repeat the process for the RD Gateway Role

Related Articles, References, Credits, or External Links

NA