none
RDP - Slow initial connection RRS feed

  • Question

  • When making the FIRST Remote Desktop Connection between any of the following:

     

    Local Computer                Remote Computer

    Windows 7                          Windows 7

    Windows 7                          Windows Server 2008

    Windows Server 2008    Windows 7

    Windows Server 2008    Windows Server 2008

     

    there is a 20-30 second delay before the connection is established.  On some versions of Remote Desktop client you will see the message “Securing Remote Connection” during the delay.   Once the first connection has been established the delay disappears for any new connections which occur within the next 3-5 minutes.  After 3-5 minutes the delay reoccurs.

     

    The delay does NOT occur for the following connections:

     

    Local Computer                Remote Computer

    Windows 7                          Windows XP

    Windows 7                          Windows Server 2003

    Windows Server 2003    Windows 7

    Windows Server 2003    Windows Server 2008

     

    There are no certificates nor terminal services gateways involved.  This is on a LAN connection.


    Thursday, June 9, 2011 4:54 PM

Answers

All replies

  • Use notepad to edit the .rdp file and add the following:

    enablecredsspsupport:i:0

    Here's a link explaing RDP Settings for Remote Desktop Services include the enablecredsspsupport command:  http://technet.microsoft.com/en-us/library/ff393699(WS.10).aspx

    Friday, June 10, 2011 3:45 PM
  • Thanks, this was great help! Solved the problem!
    • Proposed as answer by Spikendoo Friday, December 11, 2015 8:27 PM
    Wednesday, September 7, 2011 8:41 AM
  • Hi,

    I would like to raise this question.

    It isn't secure to just turn off CredSSP.

    So I'd like to understand what is going on during these 20-30 seconds.

    I suppose client computer is trying to get certificate revocation list.

    I guess this happens only if there is a proxy server configured or DNS resolves Internet addresses AND both sides are NT version 6.x.

    I gonna test this.

    If anyone knows the answer, please post.

    Thank you!

    Wednesday, October 17, 2012 6:05 PM
  • I did some testing, here are results.

    When no DNS server is available, RDSC doesn't make any requests.

    The connections open faster, though "Securing remote connection" still hangs for 5-7 seconds, always ending up with credintals prompt, despite credintals are saved and proved to be valid.

    As all DNS servers in our enterprise resolve Internet addresses, I cannot test it with DNS server.

    I think credintals prompt is linked to inavailable domain controller (no DNS = no AD).

    There is more.

    I noticed that the problem appeared after some Windows update.

    AFAIK clean Windows 7 (no SP) installation doesn't have this problem.

    .

    I need someone with same problem to test connecting to the RDS with only TCPv4, only 4 minimal parameters (ip/mask/gate/dns), with DNS doesn't resolving Internet addresses and Gate doesn't allowing Internet connections.

    The next thing is to find out what exactly RDP is looking for and how to disable it (without disabling entire CredSSP authentication, since this also disables stored credintals).

    .

    Thank you!

    Eugene

    Wednesday, October 17, 2012 7:07 PM
  • This is an issue on networks that do not have access to the internet. I manage several different networks that are "dark sites" with no connectivity to the internet due to the highly critical and sensitive nature of them. All of them expirence this delay.

    Windows XP and Windows Server 2003 there were the last operating systems to use the older RDP client that didn't use secure encyrption via Network Level Authentication (NLA). This is why if you try to connect from a Win7 or Server 2008 machine to a XP or Server 2003 box you do not see the long lag at "securing remote connection".

    The reason that this lag occurs on machines that cannot access the internet is because remote desktop actually reaches out to the internet to check for root certificates that may have been revoked. Since the machine cannot get out to the internet, it sits there until it times out and then your RDP connection proceeds.



    THE FIX:

    The fix is simple, again for machines that cannot access the internet, make the following changes in your group policy:

    Computer Configuration --- Policies --- Administrative Templates --- System --- Internet Communication Settings 

    Configure the setting for "Turn off Automatic Root Certificates Update" set it to ENABLED

    • Edited by Cyberfed Thursday, January 17, 2013 1:37 PM
    • Proposed as answer by C Knudsen Tuesday, March 5, 2013 6:38 AM
    Thursday, January 17, 2013 1:36 PM
  • Finally the fix with "Turn off Automatic Root Certificates Update" policy enabled, solved my problems also with RDP slow initial connectionon on the Citrix XenApp Windows 2008 R2 servers.

    Thank You Cyberfed!


    • Edited by dsoic Tuesday, April 2, 2013 1:22 PM
    Tuesday, April 2, 2013 1:20 PM
  • This also applies to when connecting to Virtual Machines from Failover Cluster Manager! 

    We had a LAB Windows 2012 R2 Hyper V cluster, which did not have access to the internet. Connecting to VM's from the failover cluster manager was really slow, it took from 11 to 20 seconds to connect to VM. As soon as we enabled "Turn off Automatic Root Certificates Update" policy, there was no connection delay.

    Thanks Cyberfed!

    Wednesday, November 6, 2013 9:07 AM
  • Glad its worked for so many of you!

    Cheers!

    Wednesday, November 6, 2013 12:53 PM
  • This fixed the issue with our Windows 7 PCs on MPLS sites (no internet).  Thanks Cyberfed
    Wednesday, January 29, 2014 2:27 PM
  • I am having the same problem when connecting from a Win7Pro system behind a pretty strict firewall to my home computer (through an SSH tunnel) running Win8.1Core plus Thinstuff Remote Desktop Host (because Win8.1Core does not ship with an RDP server). While connections to my old WinXP system through the very same SSH tunnel work instantaneously, it takes 30 seconds to do the initial connect to Win8.1Core. So all the symptoms you explained here why it works with XP (no CredSSP) and is slow with newer systems apply to my situation, probably also the restriction with downloading CRL updates (Windows updates are also not allowed here).

    Now the thing is, "Turn off Automatic Root Certificates Update" did not fix it for me, only speed up the initial connect from 30 to 25 seconds or so. Turning of CredSSP for the RDP connection lets me connect instantaneously. I am connecting through an SSH tunnel under my control, so this is not so bad for me. But the fact that automatic logon does not work anymore and I now have to enter my password manually really bugs me. Do you have an idea how to resolve this?

    Friday, February 14, 2014 8:24 AM
  • Brilliant!

    Configure the setting for "Turn off Automatic Root Certificates Update" set it to ENABLED

    This fixed the issue I was having too connecting to an RDS environment via RDP from various Kiosk machines. Kiosks are win 7 and the RDS desktops are win 8.1.

    It also fixed and issue where I was using a smartcard to login.

    Thanks

    Monday, May 19, 2014 1:07 PM
  • Thanks Cyberfed, you the man (though your name is a bit disturbing)
    Thursday, January 8, 2015 10:16 PM
  • Can you please just fix the issue rather than telling us a work around? There is no way it should take 30 seconds to establish any connection to a RDP session ever.
    Monday, September 21, 2015 1:28 AM
  • Thank you for the response.  It is also worth mentioning that that setting affects other programs too.

    For example, one that was really bothering me was the SCVMM "Connect to console".  That connection, before the fix, took over one minute.  Now it is instant!

    Tuesday, September 26, 2017 2:21 PM
  • Thanks Cyberfed
    Saturday, December 2, 2017 10:42 AM
  • Thank you for helping me in 2018 :-)
    Thursday, October 4, 2018 11:00 PM
  • Thanks for the explanation!

    I had the same problem connecting to a local VM hosted in my machine, though my host machine has internet access. This answer made me check the the "Server Authentication" under "Advanced" tab. And after selecting the"Connect and don't warn me" had solved the slowness problem for me. 


    Wednesday, December 12, 2018 10:21 AM