Deploying RDS 2012 R2 - ""Unable to install RD Web Access role service on server"

I spun up brand new 2012 R2 Core servers to be designated for a Connection broker, and one for Web access.
2 other 2012 R2 servers (full GUI) to be designated for Session Hosts.
From Server Manager on my Windows 8.1 system, logged in as my domain admin account, I am attempting to deploy standard RDS, assigning the roles in the wizard like normal, but after servers are selected and I click "deploy", it appears like it's in progress for a couple mins but then fails with the error:
"Unable to install RD Web Access role service on server "RDSWA01.cafenet.com".
So the RD Connection Broker role service status for server RDSCB01.cafenet.com is "Failed", and RD Web Access role service status is "failed".
my session hosts RDSSH01 and RDSSH02 are then shown "cancelled" by the wizard.
I have no anti-virus running on the servers.
My GPO for User Right Assignment for "Log on as service" has MSSQL$MICROSOFT##WID added.
I am not sure what to do here to get it going....
I googled the error I'm getting omitting the server name and it does not exist according to Google.
any help appreciated.
garryshapeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

garryshapeAuthor Commented:
From the collection broker I'm running the New-SessionDeployment cmdlet, it seems to be installing so far. Not sure if that's the right way to go at this point, though.
0
garryshapeAuthor Commented:
After powershell attempt from connection broker it fails as well:
"Unable to install RD Web Access role service on server RDSWA01.cafenet.com
    + CategoryInfo          : InvalidResult: (:) [], RDManagementException
    + FullyQualifiedErrorId : JobStateFailed
    + PSComputerName        : localhost
0
garryshapeAuthor Commented:
I re-ran deployment and this time chose the Quick Deploy option (puts 3 roles on one server), selected one of the designated session host servers (2012 R2 GUI) and it appears to have succeeded.

So I'm wondering if the problem is with 2012 R2 CORE edition not supporting WA role...
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

MaheshArchitectCommented:
In your server manager you have to add all servers intended for RDS deployment 1st
otherwise your distributed deployment won't work as expected

Your quick deployment worked because all roles getting installed on singe server which is already listed in server manager
0
garryshapeAuthor Commented:
I did have all the servers Added in Server Manager, as well as into a Server Group.
I'm thinking the WA role didn't work maybe because it was a 2012 R2 Core.
At this point I guess I can just stick with the quick deployment and build on it to scale as needed?
Or am I at a disadvantage with Quick Deployment?
0
MaheshArchitectCommented:
Quick start deployment is recommended for lab testing or to explore rds feature functionality

Standard deployment is recommended for RDS deployment having HA as main goal with production scenario

HA is not possible in quick start deployment unless you break / modify it and deploy it with standard way on multiple servers so that you can define each on separate servers and build HA

For example, In case if you deployed RDS quick start, later on you want to build HA for connection broker, this is not possible unless you remove other roles from this server and install it on other servers

I am not saying that this is not possible, but it will increase complexities if you installing RDS with Quick Start but your intention is to deploy HA for RDS
0
garryshapeAuthor Commented:
Ok thanks I'm going to retry it.
So should dns that is URL rds.domain.com point to round robin connection broker? For internal and external users accessing ?
0
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
On the servers failing, and all RDS servers I suggest:
Elevated CMD: regedit [ENTER]
HKLM --> System
Search for: PendingFile
 --> Do NOT delete KeysNotToRestore entries
 --> You are looking for:Pending File Rename Operations --> Delete those
 --> Run the RDS S/U steps again

We find we get hung up on these quite regularly.
0
MaheshArchitectCommented:
RDS.domain.com will remain points to RDS servers only
With 2012 RDS you are actually connecting to RD connection broker 1st before you get connected to RD session hosts
From external network you can connect to RDS farm via RD connection broker via RD Gateway, you don't have to publish RD connection broker to internet, you only need its FQDN in RDS certificate (You might get SAN certificate from public CA and use publically routable FQDN for RDCB ), RD gateway server is published on internet
From internal network even if you try to connect to RD session host servers FQDN directly, 1st you will get connected to RD connection broker and then RDCB redirect you to appropriate RDS server
You can watch entire blog series of Ryan for detailed information and to clear your all queries
http://ryanmangansitblog.com/2013/09/27/rds-2012-deployment-and-configuration-guides/
http://www.rdsgurus.com/ssl-certificates/windows-2012-r2-how-to-create-a-mostly-seamless-logon-experience-for-your-remote-desktop-services-environment/
0
garryshapeAuthor Commented:
Ok thanks for the info I'm trying to wrap around all of it.
So about the web access RDSserver?
I'm not sure if I need to point RDS.ourdomain.com to the connection broker, or to the web access server. I plan to have 2 connection brokers and 2 Web Access if needed.
Web Access is the server that you login to and are presented published applications right?
If I just point RDS.ourdomain.com to a a single IP I'm not sure if it needs to be an IP address of a Connection Broker or Web Access servers. Or if it needs to be a DNS round robin of the multiple CB's or multiple WA's.
0
garryshapeAuthor Commented:
And RDS Gateway is better to have than to simply do a NAT configuration over internet to allow access to the Connection Broker(s), right?
So the public URL RDS.domain.dom would point to the RDS Gateway, which would then use the Connection Brokers/WA/Session Hosts on the back-end?
0
garryshapeAuthor Commented:
Also I reployed with standard this time with GUI 2012 R2 instead of Core and it appears to have worked no issue. So I think the issue may have been something with Core.
0
garryshapeAuthor Commented:
I also went back in to the standard deploy and added Remote Gateway. It asked for fqdn so I put the "rds.ourdomain.com" to it.
0
MaheshArchitectCommented:
Your understanding about RDS gateway is correct
Its god that you have switched from core to GUI..

Its not required to have RDS gateway FQDN match to rds.domain.com

Rds.domain.com should always point to RDS servers only

You can put rdgateway.domain.com as RD Gateway URL
Note that whatever URL you put as RD gateway, the certificate should have that FQDN and TCP 443 (SSL) from internet should be allowed on this FQDN from internet

You need to give RDCB.domin.com as connection broker URL / FQDN and then you can connect to this FQDN via RD Gateway, it will redirect you to RDS servers automatically

Understand the RDCB flow
In Windows 2008 and Windows 2008 R2, you connect to the farm name, which as per DNS round robin, gets first directed to the redirector, then to the connection broker, and finally to the server that hosts your session.
In Windows 2012, you connect to the connection broker, and it then routes you to the collection by using the collection name.

I hope this is clear now
http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
https://technet.microsoft.com/en-us/library/dn781533.aspx
1
garryshapeAuthor Commented:
Ok, well oops I already gave fqdn of URL for the RD gateway. I suppose I could change that right?
When say rds.domain.com should point to RDS servers, I guess I am not clear on what server/role the URL points to. If there are multiple servers connection brokers how do I point rds.domain.com to multiple without using DNS round robin...? Use a load balancer?
0
MaheshArchitectCommented:
RDS URL points to server having RD Session host server role.
You could change RD gateway URL any thing that recognize the role, keep in mind that you have to have certificate with that hostname.
Actually with 2012 R2 RDS, you don't need to put any URL for RD session host servers, that concept lies with 2008 R2 RDS deployments
With 2012 RDS, RD session host information is stored as session host collections (these collection info is stored on Connection broker server in registry)
You have to connect to RDCB.domain.com (Connection broker) via RD gateway (RDGateway.domain.com) from external network OR you can connect to RDCB.domain.com (again connection broker) directly from corporate network.
Now its responsibility of RDCB server to do load balancing and redirect client requests to appropriate RD session host servers in collection
RDCB server resolves RD session host server names from DC/DNS directly and it do not look for any generic RDS record (rds.domain.com in your case)
If you are using RD web access and remote Apps, it will also 1st connect to RDCB server and then RDCB will redirect requests to appropriate RD Session host servers
---------------------------------------------------------------------------------------------------------------------------------
I have suggested to create generic RDS.domain.com record for all RD session hosts because in our environment, I used to connect to RD Session host servers from RDP directly and we are not connecting to RDCB FQDN 1st (the old 2008 R2 RDS way)
However RDS role is so smart that even if I am connecting to RD Session host servers directly, the connection 1st get directed to RDCB and then RDCB decides to which server my connection to be redirected (offcource it is using server actual DNS host (A) record from DC/DNS)
This may not be as per best practice, but we are using that way, you don't have to follow my way, you can stick to what MS is saying
1
MaheshArchitectCommented:
Finally if you are using 3rd party certificate for RDS deployment and your RDCB name in certificate is something like (RDCB.domain.com) which is publically routable domain name but your actual RDCB hostname is RDCB.domain. Local (I am talking about scenario where internal AD domain name is different from public domain name), in that case you need to tell every RD session host collection that use RDCB.domain.com as alternate name for connection broker
Also in that case domain.com zone must be exists in internal network with Host(A) record pointing to RDCB server (i.e. RDCB.domain.com)
Otherwise you will likely to get certificate errors
Check Ryan post for complete details
http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.