none
RDS 2012R2 - slow logon time when using RDS Gateway RRS feed

  • Question

  • Hi !

    In this case:

    Bypass gateway is unchecked - approx - 4min.
    Bypass gateway is checked - logon time below 30s

    1. What are your login times in RDS 2012R2 deployment.
    2. Why does the gateway extend the logon time by 3min ? Is there any timeout, or does the RDCB,RDGW also checks for the CRL's ?
    3. How to enable some Verbose logging on RDS components to have any view on the performance of the logon time ?
    4. What counters / logs are worth to analyze in this case ?


    * There is no internal CA, just few SAN certificates to cover the session hosts servers.
    * Security set on the RDS to be FIPS compliant, CRL are reachable from the endpoints
    * Regular RDP connections are as fast as the expectations for the RDS (they does not stuck during: securing remote connection, only if the self signed certs is available on the call it jump host, otherwise it takes more than 2min to establish the RDP connection to host...)
    * UPD profiles, single sign on experience so no popups at the user endpoints during logon through RDWA

    Any help would be really apreciated !


    • Edited by pitor Monday, October 30, 2017 10:49 AM
    Friday, October 27, 2017 2:11 PM

All replies

  • Hi,

    To further analyze the behavior, I suggest you use Network Monitor or other similar tools to capture network traffic to perform in-depth analysis.

    Terminal and remote desktop services related logs might be helpful under

    Event Viewer -> Applications and Services Logs\ Microsoft\ Windows

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 30, 2017 12:18 PM
    Moderator
  • just a short question then.
    * in case of having public SAN certs, which components (RDWA, RDCB and RDGW) should have internet connectivity in order to check the CRL's ?

    Thursday, November 2, 2017 8:16 AM
  • just a short question then.
    * in case of having public SAN certs, which components (RDWA, RDCB and RDGW) should have internet connectivity in order to check the CRL's ?

    Hi,

    Theoretically, it's the remote desktop client systems that need to be able to perform certificate revocation check.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 2, 2017 11:31 AM
    Moderator