Windows Rdp Server



-->

RDP refers to Remote Desktop protocol which connects your remotely connected computers or system over a RDP connected network. RDP gives a graphical interface to a client to be able to associate with. Choose Your Cheap Windows RDP Hosting. High-performance SSD VPS servers for Windows web hosting, SQL Server database hosting, Remote Desktop (RDP), forex trading and web surfing.

Important

RDP Shortpath is currently in public preview.This preview is provided without a service level agreement, and we don't recommend using it for production workloads. Certain features might not be supported or might have constrained capabilities.For more information, see Supplemental Terms of Use for Microsoft Azure Previews.

RDP Shortpath is a feature of Windows Virtual Desktop that establishes a direct UDP-based transport between Remote Desktop Client and Session host. RDP uses this transport to deliver Remote Desktop and RemoteApp while offering better reliability and consistent latency.

Key benefits

  • RDP Shortpath transport is based on top of highly efficient Universal Rate Control Protocol (URCP). URCP enhances UDP with active monitoring of the network conditions and provides fair and full link utilization. URCP operates at low delay and loss levels as needed by Remote Desktop. URCP achieves the best performance by dynamically learning network parameters and providing protocol with a rate control mechanism.
  • RDP Shortpath establishes the direct connectivity between Remote Desktop client and Session Host. Direct connectivity reduces the dependency on the Windows Virtual Desktop gateways, improves the connection's reliability, and increases the bandwidth available for each user session.
  • The removal of additional relay reduces the round-trip time, which improves user experience with latency-sensitive applications and input methods.
  • RDP Shortpath brings support for configuring Quality of Service (QoS) priority for RDP connections through a Differentiated Services Code Point (DSCP) marks
  • RDP Shortpath transport allows limiting outbound network traffic by specifying a throttle rate for each session.

Connection security

RDP Shortpath is extending RDP multi-transport capabilities. It doesn't replace reverse connect transport but complements it. All of the initial session brokering is managed through the Windows Virtual Desktop infrastructure.

UDP port 3390 is used only for the incoming Shortpath traffic that is authenticated over reverse connect transport. RDP Shortpath listener ignores all connection attempts to the listener unless they match the reverse connect session.

RDP Shortpath uses a TLS connection between the client and the session host using the session host's certificates. By default, the certificate used for RDP encryption is self-generated by the OS during the deployment. If desired, customers may deploy centrally managed certificates issued by the enterprise certification authority. For more information about certificate configurations, see Windows Server documentation.

RDP Shortpath connection sequence

After installing the reverse connect transport, the client and session host establish the RDP connection and negotiate multi-transport capabilities. Additional steps described below:

  1. The session host sends the list of its private and public IPv4 and IPv6 addresses to the client.
  2. The client starts the background thread to establish a parallel UDP-based transport directly to one of the host's IP addresses.
  3. While the client is probing the provided IP addresses, it continues the initial connection establishment over the reverse connect transport to ensure no delay in the user connection.
  4. If the client has a direct line of sight and the firewall configuration is correct, the client establishes a secure TLS connection with session host.
  5. After establishing the Shortpath transport, RDP moves all Dynamic Virtual Channels (DVCs), including remote graphics, input, and device redirection to the new transport.
  6. If a firewall or network topology prevents the client from establishing direct UDP connectivity, RDP continues with a reverse connect transport.

The diagram below gives a high-level overview of the RDP Shortpath network connection.

Requirements

To support RDP Shortpath, the Windows Virtual Desktop client needs a direct line of sight to the session host. You can get a direct line of sight by using one of the following technologies:

If you're using other VPN types to connect to the Azure virtual network, we recommend using UDP-based VPN for the best results. While the majority of TCP-based VPN solutions encapsulate all IP packets, including UDP, they add inherited overhead of TCP congestion control that would slow down RDP performance.

The direct line of sight means that firewalls aren't blocking UDP port 3390 and the client can connect directly to the session host.

Enabling RDP Shortpath preview

To participate in the preview of RDP Shortpath, you need to enable RDP Shortpath listener on the session host. You can enable RDP Shortpath on any number of session hosts used in your environment. There's no requirement to enable RDP Shortpath on all hosts in the pool.To enable Shortpath listener, you need to configure the following registry values:

Warning

Serious problems might occur if you modify the registry incorrectly using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

  1. On the session host, Start Regedit.exe, and then navigate to the following location:

  2. Create a new DWORD value named fUseUdpPortRedirector and set it to 1 (decimal)

  3. Create a new DWORD value named UdpPortNumber and set it to 3390 (decimal)

  4. Quit Registry Editor.

  5. Restart session host

You can also run the following cmdlets in an elevated PowerShell window to set these registry values:

You can also use PowerShell to configure Group policy

Configure Windows Defender Firewall with Advanced Security

To allow inbound network traffic for RDP Shortpath, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules.

  1. Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security.
  2. In the navigation pane, select Inbound Rules.
  3. Select Action, and then select New rule.
  4. On the Rule Type page of the New Inbound Rule Wizard, select Custom, and then select Next.
  5. On the Program page, select This program path, and type '%SystemRoot%system32svchost.exe' then select Next.
  6. On the Protocol and Ports page, select the UDP protocol type. In the Local port, select 'Specific ports' and type in 3390.
  7. On the Scope page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then select Next.
  8. On the Action page, select Allow the connection, and then select Next.
  9. On the Profile page, select the network location types to which this rule applies, and then select Next.
  10. On the Name page, type a name and description for your rule, and then select Finish.

Remote Desktop Server Windows 10

You can verify that the new rule matches the screenshots below:

You can also use PowerShell to configure Windows Firewall:

Using PowerShell to configure Windows Defender Firewall

You can also use PowerShell to configure Group policy

Configuring Azure Network Security Group

To allow access to the RDP Shortpath listener across network security boundaries, you need to configure Azure Network Security Group to allow inbound UDP port 3390.Follow the network security group documentation to create an inbound security rule allowing traffic with following parameters:

  • Source - Any or the IP range where the clients are residing
  • Source port ranges - *
  • Destination - Any
  • Destination port ranges - 3390
  • Protocol - UDP
  • Action - Allow
  • Optionally change the Priority. The priority affects the order in which rules are applied: the lower the numerical value, the earlier the rule is applied.
  • Name - - RDP Shortpath

Disabling RDP Shortpath for a specific subnet

If you need to block specific subnets from using the RDP Shortpath transport, you can configure additional network security groups specifying the Source IP ranges.

Verifying the connectivity

Using Connection Information dialog

To verify that connections are using RDP Shortpath, open the “Connection Information” dialog by clicking on the antenna icon in the connection toolbar.

Using event logs

To verify that session is using RDP Shortpath transport:

  1. Connect to the desktop of the VM using Windows Virtual Desktop client.
  2. Launch the Event Viewer and navigate to the following node: Applications and Services Logs > Microsoft > Windows > RemoteDesktopServices-RdpCoreCDV > Microsoft-Windows-RemoteDesktopServices-RdpCoreCDV/Operational
  3. To determine if RDP Shortpath transport is used, look for event ID 131.

Using Log Analytics to verify Shortpath connectivity

Server

If you are using Azure Log Analytics, you can monitor connections by querying the WVDConnections table. A column named UdpUse, indicates whether Windows Virtual Desktop RDP Stack uses UDP protocol on current user connection.The possible values are:

Windows Rdp Server
  • 0 - user connection isn't using RDP Shortpath
  • 1 - user connection is using RDP Shortpath

The following query list lets you review connection information. You can run this query in the Log Analytics query editor. For each query, replace userupn with the UPN of the user you want to look up.

Troubleshooting

Verify Shortpath listener

To verify that UDP listener is enabled, use the following PowerShell command on the session host:

If enabled, you'll see the output like the following

If there is a conflict, you can identify the process occupying the port using the following command

Disabling RDP Shortpath

In some cases, you may need to disable RDP Shortpath transport. You can disable RDP Shortpath by using the group policy.

Disabling RDP Shortpath on the client

To disable RDP Shortpath for a specific client, you can use the following Group Policy to disable the UDP support:

  1. On the client, Run gpedit.msc.
  2. Navigate to Computer Configuration > Administration Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client.
  3. Set the “Turn Off UDP On Client” setting to Enabled

Disabling RDP Shortpath on the session host

To disable RDP Shortpath for a specific session host, you can use the following Group Policy to disable the UDP support:

  1. On the Session Host Run gpedit.msc.
  2. Navigate to Computer Configuration > Administration Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Host > Connections.
  3. Set the “Select RDP Transport Protocols” setting to TCP Only

Public preview feedback

We'd like to hear from you about your experiences with this public preview!

  • For questions, requests, comments, and other feedback, use this feedback form.

Next steps

  • To learn about Windows Virtual Desktop network connectivity, see Understanding Windows Virtual Desktop network connectivity.
  • To get started with Quality of Service (QoS) for Windows Virtual Desktop, see Implement Quality of Service (QoS) for Windows Virtual Desktop.

For Dedicated Servers, Virtual Servers and Dynamic Cloud Servers with Windows operating system

Enable Remote Desktop Server 2019

This article explains how to establish a Remote Desktop Connection (RDP) to your server. The Remote Desktop Connection is preinstalled on all Windows systems and gives you direct access to the desktop interface of your server. Please proceed as follows:

Prerequisite

You have noted down the IP address of your server with which you want to establish a connection.

  • Open the Remote Desktop Connection.

    • Windows 7: Start > All Programs > Accessories > Remote Desktop Connection

    • Windows 8: On the Home screen, type Remote Desktop Connection, and then click Remote Desktop Connection in the list of results.

    • Windows 10: On the taskbar, click the search box and type Remote Desktop Connection. Select the Remote Desktop Connection app.

  • In the Remote Desktop Connection window, click Options (Windows 7) or Show options (Windows 8, Windows 10).

  • Type the IP address of your server.

  • In the User name field, enter the user name.

  • Optional: To save the access data, select the Allow saving data check box.

  • Click Connect.
    The Windows Security window will open.

  • Enter the password and click OK.

  • If this is the first time you connect to the desired server, or if you do not save the connection data, you must confirm the connection with Yes.

Please Note

On your server, a session is created for each connection. The license allows a maximum of two connections to be established simultaneously. To end a session, you must log out of your server. If the remote desktop window is closed, the session and all programs running in it will be saved.