Thursday, February 12, 2015

Upgrade RDS 2012 to 2012 R2

Recently I was tasked with upgrading an RDS 2012 environment to RDS 2012 R2. We had been having issues with the connection brokers and the Virtualization Host Agent Service on several VDI hosts. After consulting with several Microsoft Solution Architects and our TAM, the decision was made to upgrade the connection brokers and VDI hosts to 2012 R2 in order to address some of the issues we were experiencing.

In researching the upgrade path from RDS 2012 to 2012 R2, I discovered that Microsoft had published a series of TechNet articles describing the steps required to perform an upgrade to a live environment. Those articles can be found here - http://technet.microsoft.com/en-us/library/dn479239.aspx

Reading through these articles, I found the descriptions of several of the steps to be quite vague. Certain steps had little detail, and I was having trouble following the upgrade procedure. I also performed several searches and couldn't find any solid articles or blog postings detailing how to perform an in-place upgrade. There were several guides available on how to setup an RDS 2012 R2 environment from scratch, but not much in the way of performing an upgrade to an existing RDS 2012 environment.

After some trial and error, I was able to successfully upgrade the connection broker servers from 2012 to 2012 R2, with minimal downtime to the RDS environment. I wanted to share my upgrade experience in more detail than what is contained solely in the TechNet articles.



Requirements and Assumptions

  • Per the TechNet article, you cannot upgrade an RDS 2008 R2 deployment to a higher version, so if that's what you've got right now, you are out of luck.
  • Connection Broker High-Availability Mode must be configured and enabled in order to upgrade to 2012 R2. You cannot upgrade an RDS 2012 deployment containing a single connection broker that is not in HA mode.
  • Because HA mode is required, it is assumed you have access to a database server running SQL Server, where the HA mode database is stored.
  • We'll also make the assumption that your connection brokers are load-balanced using a simple DNS round-robin. If you have your existing connection brokers behind a hardware or software load-balancer of some sort, you'll have to consult your vendor documentation on how to make the necessary changes.

Preparing for the Upgrade


The first thing you'll want to do is prepare two new servers running Windows Server 2012 R2 to act as your new connection brokers. Connection brokers are required to utilize a static IP address, so either manually set the static IP or utilize a DHCP reservation. Install the RD Connection Broker role on both of the new servers.

You'll also need to install the SQL Server Native Client on each of the two new servers - this will be required in order to join the servers to the HA deployment. You'll want to install to same version of the SQL Native Client as you are using on your existing connection brokers servers, in order for the SQL connection string to match.

Make sure the new 2012 R2 servers have access to the RDS database on the SQL server. Accomplishing this will be dependent on how you setup your HA mode deployment originally. The recommended method is to create an Active Directory security group, and add the connection broker server's computer accounts as members. That AD group is then defined on your SQL server and granted the sysadmin role in order to create the RDS database. Once the database is created, you could remove the AD group from the sysadmin role, and instead just grant it db_owner access to the database itself.

If you followed this method, simply add the computer accounts of the new servers to the same Active Directory security group. If you did not utilize an AD security group, you'll need to manually define each computer account in SQL server and grant them db_owner access to the RDS database.

Finally, you'll need a copy of the Single Sign-On and Publishing certificates used in your deployment exported as *.pfx files. At one point during the implementation, you'll need to reapply these certificates to the connection brokers, so having them exported and in a known location will be useful.

Implementing the Upgrade


Once you have taken care of building the servers and installing all prerequisites, you are ready to implement the upgrade. While this deployment method should result in minimal downtime to the RDS environment, you'll want to be sure to schedule an outage window, just in case. Don't forget to also navigate through the appropriate change management channels as required by your organization.

1. Join the 2012 R2 connection brokers to the HA deployment.

The first step in implementing the upgrade is to actually add the 2012 R2 connection broker servers to the HA deployment. This is accomplished by remoting to one of your existing RD connection brokers, opening Server Manager, and clicking on the Remote Desktop Services link in the left pane. On the Overview tab, right click the icon labeled RD Connection Broker, and select "Add RD Connection Broker Server".



In the server selection prompt, choose the first 2012 R2 connection broker server from the list, and click the arrow to select it. Click Apply to add the connection broker to the HA deployment. You'll only be able to add a single connection broker at a time, so once the first is complete, repeat the procedure to add the second 2012 R2 connection broker.



You can confirm that the connection brokers were added successfully by looking in Server Manager at the Deployment Servers pane. At this point you should see four connection brokers listed.



You can also use the PowerShell cmdlet Get-RDServer -Role RDS-Connection-Broker to confirm that all four connection brokers are listed.



2. Apply certificates to the 2012 R2 connection brokers.

When adding the new connection brokers to the HA deployment, the certificates used for single sign-on and publishing are not automatically pushed to the new connection brokers. You'll need to reapply the certificates in order to push out to all connection broker servers.

On the Overview tab, click the Tasks button and select Edit Deployment Properties.



Select Certificates from the left pane. You'll notice that the status of the single sign-on and publishing certificates should be listed as Error. This is because the two 2012 R2 connection brokers do not have the certificates installed yet.


You'll need to select your existing certificate and supply the password in order to push to the certificate to the new connection brokers.


Repeat this procedure for both the single sign-on and publishing certificates.

3. Reboot the 2012 R2 connection brokers.

I had some troubles with RemoteApps launching until I rebooted the new connection brokers. Between adding them to the deployment and deploying certificates, enough change had taken place that it wouldn't hurt to reboot. Though we have added them to the deployment, they technically are not active yet, so now is a good time to reboot the new connection brokers.

4. Add the 2012 R2 connection brokers to the DNS round-robin entry.

Open DNS manager and create two new A records using the same name as your existing connection broker round-robin name.

5. Change the active connection broker to one of the new 2012 R2 connection brokers.

The active connection brokers is responsible for synchronizing all the connection brokers and writing any changes to the SQL database. You cannot remove a connection broker from the deployment if it's marked as the active connection broker. So in order to remove the old connection brokers, you'll need to make one of the new 2012 R2 brokers the active on. On the Overview tab, click on Tasks and choose "Set active RD Connection Broker server".



6. Remove the old connection brokers from the DNS round-robin entry.

At this point, you are ready to remove the old connection brokers from the DNS round-robin. This step in the process is where you may start seeing a brief outage occur, as the DNS changes propagate throughout your network. In DNS Manager, delete the A records that point to the old connection brokers.

7. Remove the old connection brokers from the HA deployment.

On the Overview tab, right click the icon labeled RD Connection Broker, and select "Remove RD Connection Broker Server".



In the server selection prompt, choose the first 2012 connection broker server from the list, and click the arrow to select it. Click Apply to remove the connection broker to the HA deployment. Just like when adding the 2012 R2 connection brokers, you'll only be able to remove a single connection broker at a time, so once the first is complete, repeat the procedure to remove the second 2012 connection broker.


Once the old connection brokers have been removed from the farm, be sure to perform extensive testing to ensure your RDS deployment is functioning as desired.

No comments:

Post a Comment