none
RD Session Broker on 2012 DC

    Question

  • Hi All,

    I'm trying to install the Remote Desktop Connection Broker role service on a 2012 domain controller but the request to add the feature fails from Server Manager.

    Closer inspection shows I'm getting the event log error detailed in Scenario 1 from KB2799605 Remote Desktop Services role cannot coexist with AD DS role on Windows Server 2012.  Trouble is I've installed KB2871777 which is supposed to allow this setup.

    Does anyone know if this fix has to be installed before the DC promotion; I can't recall if I promoted first or after?  Otherwise, does anyone have any ideas?

    TIA.

    Monday, November 11, 2013 3:55 PM

Answers

  • I've worked it out.  I was right to wonder about the new 2012 specific security groups, I hadn't yet transferred over any of the operation masters to the new 2012 DC.  As soon as I moved the PDC Emulator master over the new security groups were created and visible in AD.  Adding the RDCB role then went without a hitch.  So, note to self "always make the latest Windows version DC the operations master!" :-)


    • Marked as answer by Ross Aveling Friday, November 15, 2013 12:48 PM
    • Edited by Ross Aveling Friday, November 15, 2013 12:54 PM
    Friday, November 15, 2013 12:48 PM

All replies

  • are there any RDS related roles/features which did get installed? can you roll them all back, reboot and try again?

    have you confirmed that KB2871777 is indeed successfully installed?

    Monday, November 11, 2013 7:44 PM
  • Hi armin19,

    Originally I tried to install a host of roles all at once including Network Policy Server and the RDS services Connection Broker, Gateway, Licensing and Web Access but that failed due to an issue with the Windows Internal Database and the service account used to start WID not being granted the logon as service right (this was already a DC).  That particular problem was sorted by modifying the appropriate group policy and I've been able to successfully add/remove all those roles again apart from the Connection Broker.  Right now the server has none of the other roles mentioned installed (apart from AD DS) and I'm now trying to do the Broker separately to ensure nothing else is conflicting.

    KB2871777 is listed as an installed update in Program and Features in Control Panel and also marked as installed from my WSUS server.  I'm unable to uninstall it and reinstall to be sure though.

    Very frustrating.  I'm wondering if the only thing I can do is to demote the server and see if the Broker role installs then try to promote again.

    Thanks,

    Ross

    Tuesday, November 12, 2013 11:04 AM
  • what about WID feature? is that uninstalled and its databases removed from C:\Windows\rdcbDb (might as well delete the whole folder after you uninstall the feature).  Also remove the user profile account that WID creates.

    also delete the local RDS groups if they got created, there are some other accounts in those as well.

    yeah hoping you don't have to demote AD, although it'll be a nice test for backing up/restoring AD :)

    Tuesday, November 12, 2013 2:27 PM
  • I can successfully install/uninstall the WID feature at will with no issues.  Broker role will not install with either WID installed or not; same result every time.  I've made sure that C:\Windows\WID, C:\Windows\rdcvDb and the user profile folder for the WID user account are removed during testing too.

    Unless I've misunderstood I can't do anything with local RDS groups as this is a DC.

    I feel a demotion coming on... :-(

    EDIT: I demoted the server and was then able to install the Connection Broker fine.  I've since promoted it to a DC again and lo and behold the Connection Broker no longer works and exhibits the issues described in Scenario 2 in KB2871777!  It's as though that update isn't installed.

    • Edited by Ross Aveling Wednesday, November 13, 2013 3:59 PM additional info
    Wednesday, November 13, 2013 2:45 PM
  • Hi,

    I am trying to involve someone to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.


    Jeremy Wu

    TechNet Community Support

    Thursday, November 14, 2013 8:23 AM
  • Thanks Jeremy.

    Just to update since my last post, I've pretty much decided this server won't be going into full service now (it's been messed around with too much) so I tried the SQL Management solution mentioned in the middle of this other post but the RDCB service still fails to start.  I'll leave it in it's current state for the moment in case you'd like me to try anything.

    In the meantime I'm going to bring up a fresh test VM and install KB2871777 before I add either the AD DS and RDCB roles to see if that makes a difference.

    EDIT: I bought up a new test 2012 VM, fully patched, added AD DS (new forest) and then installed the RDCB role afterwards absolutely fine.  Maybe installing the patch first is important.

    Otherwise I've just noticed that since I promoted the problematic 2012 DC in my existing forest/domain (2008 R2 functional level) I don't have new 2012 security groups present in AD; 'Hyper-V Administrators', 'RDS Endpoint Servers', 'RDS Management Servers', and 'RDS Remote Access Servers' for example.  That can't be right can it?

    Cheers.





    • Edited by Ross Aveling Thursday, November 14, 2013 1:45 PM
    Thursday, November 14, 2013 9:10 AM
  • I've worked it out.  I was right to wonder about the new 2012 specific security groups, I hadn't yet transferred over any of the operation masters to the new 2012 DC.  As soon as I moved the PDC Emulator master over the new security groups were created and visible in AD.  Adding the RDCB role then went without a hitch.  So, note to self "always make the latest Windows version DC the operations master!" :-)


    • Marked as answer by Ross Aveling Friday, November 15, 2013 12:48 PM
    • Edited by Ross Aveling Friday, November 15, 2013 12:54 PM
    Friday, November 15, 2013 12:48 PM
  • i think it's also inconvenient that the article assumes you already have that in place regarding the FSMO roles, it wouldn't hurt to have the requirements updated.
    Friday, November 15, 2013 6:13 PM