none
Slow logon trough RD Gateway RRS feed

  • Question

  • Hi all,

    I've a session host farm consisting in 4 server, the farm name is "RDFARM.mydomain.local" I've configured DNS with 4 entries (host A) for rdfarm.mydomain.local each pointing to the IP address of a session host. I've also a clusterized RD Connection Broker and all session host servers are member of the connection broker farm. The connections to the farm is very fast, all works well.

    Now I've added a RD Gateway before my farm but if I use this RD Gateway my logon time are biblic! And often it fails due to timeout. I've checked the event log of the RD Gateway but I've found nothing strange... please help!

    Thursday, September 15, 2011 8:33 AM

Answers

  • Hi,

    1. As a test, please disable all of the offload features of the RD Gateway's network adapter, for example, TCP Checksum Offload (IPv4 & 6), Large Send Offload, Receive Side Scaling (RSS) Offload, etc.

    2. Please test from a client with Bypass RD Gateway server for local addresses unchecked in the RD Client options and let us know if performance improves substantially.

    3. How many seconds does it from the moment you click the button on the RD Client credentials prompt to the time you see the RD Session Host server background with Welcome, Applying user settings, Preparing your Desktop, etc. messages?

    Thanks.

    -TP

    Friday, September 16, 2011 6:26 AM
    Moderator

All replies

  • Hi,

    1. As a test, please disable all of the offload features of the RD Gateway's network adapter, for example, TCP Checksum Offload (IPv4 & 6), Large Send Offload, Receive Side Scaling (RSS) Offload, etc.

    2. Please test from a client with Bypass RD Gateway server for local addresses unchecked in the RD Client options and let us know if performance improves substantially.

    3. How many seconds does it from the moment you click the button on the RD Client credentials prompt to the time you see the RD Session Host server background with Welcome, Applying user settings, Preparing your Desktop, etc. messages?

    Thanks.

    -TP

    Friday, September 16, 2011 6:26 AM
    Moderator
  • KeyHKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot

    ValueDisableRootAutoUpdate

    Type: REG_DWORD

    Data1 - Root Update disabled

    To be implemented on the TS/RD Gateway only. 

    I had a similar issue and resolve it with the above registry. The reason why we set DisableRootAutoUpdate to 1 is because in some scenarios, if the TLS client side can’t retrieve root authorities list via internet due to DNS error or network connectivity issue, it will retry 1 more time. Sometimes, we experience slowness issue to wait download behavior timeout. The workaround is to disable this feature accordingly.

     

    Here is explanation about “update root certificates feature”

    The Update Root Certificates Feature in Windows Vista

    The Update Root Certificates feature in Windows Vista is designed to automatically check the list of trusted authorities on the Windows Update Web site when this check is needed by a user's application. Specifically, if the application is presented with a certificate issued by a certification authority in a PKI that is not directly trusted, the Update Root Certificates feature (if it is not turned off) will contact the Windows Update Web site to see if Microsoft has added the certificate of the root CA to its list of trusted root certificates. If the CA has been added to the Microsoft list of trusted authorities, its certificate will automatically be added to the set of trusted root certificates on the user's computer.

    http://technet.microsoft.com/en-us/library/cc749331(WS.10).aspx

    Please proposed as answered if this has helped you.


    Thanks


    • Edited by cyw77 Monday, April 29, 2013 10:21 PM
    Monday, April 29, 2013 10:19 PM