RDS Connection Broker on Azure IaaS (Microsoft patching is a problem)

As part of my up coming change of employment I’ve been asked by my new employer to get up to speed on Windows Server 2012 VDI solutions and to get MCSE: Desktop Infrastructure ASAP!

After looking through the 70-415 syllabus I realised there were some gaps in my knowledge – mainly on the RDS Gateway and the RDS Connection Broker front. In my current environment UAG 2010 deals with the RDS Gateway for me – hence no real experience.

To Azure!

Not having all the capacity in the world (unlike Azure) I went and merrily built a RDS infrastructure on Azure IaaS or so I thought…

The Windows Server 2012 images that Microsoft provide on Azure are patched and unbeknownst to me there is a problem installing the RDS Connection Broker role if you’ve got KB2821895 installed on your Windows Server 2012 instance… The currently available VM images from Microsoft have this patch installed (unsurprisingly).

What to do?


So I went to my local SCVMM install, dug out the ISO that contains the Windows Server 2012 RTM files, created a VM, installed Windows Server 2012 Datacenter Edition, SysPrep’d it and attempted to upload the file to Azure using PowerShell. Azure PowerShell is amazing and wonderful and brilliant and didn’t work for me… At first I thought it was a problem with my local firewall/HTTP/HTTPS proxy (it usually is) but no! For once it was happy!

What to do?

To Cerebrata’s Azure Management Studio!

I downloaded the free trial of Cerebrata’s Azure Management Studio and my first thought was “Err… OK…” I ploughed on and found the correct way to upload a PageBlob (which VHDs, not VHDXs as they are not support on Azure, need to be for use as VM images) to my container. It’s not the most amazing user interface I’ve ever seen but it does EXACTLY what you need it to do. They even give MVPs a free copy! (I wish I was a MVP!)

Back to Azure!

Once the VHD was up there it was back to the Azure portal to create the VM image template and the new VM for my RDS Connection Broker. Instead of installing the Windows Internal Database (which a standalone RDS Connection Broker uses) as part of the RDS setup wizard I decided to install that first and then use the RDS setup wizard. Job done!


There seems to be something going slightly awry at Microsoft with regards to patching at the moment. I can’t remember ever having to revert to a non-patched server OS to install a role before.

There have been recent problems with Hyper-V patches causing BSODs when using VLANS, ADFS has had issues, Exchange 2013 too. Windows 7 is also having issues as well.

It makes me wonder if MS’s new rapid development cycle is causing substandard code, and consequently patches, to be released?

Like most people I try to test patches before rolling them into production however that can be an issue if you don’t have a test environment that matches your production environment. I think we’re heading towards a period where IT Pros are going to reluctant to install patches without someone else doing it first just in case it destroys their environment. This means systems that need patching will remain unpatched until someone bites the bullet and tries – the question is who?

Update 13/9/2013

It would appear that Microsoft have fixed the issue with http://support.microsoft.com/kb/2871777


Posted on 2 September, 2013, in Azure, Microsoft, Windows Server 2012. Bookmark the permalink. Leave a comment.

Anything to add? Let me know

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: