When working with clients that are having issues with disconnects and poor performance over the Remote Desktop Protocol (RDP), the number one culprit always seems to be a misconfigured RDS environment where UDP is not flowing over RDP through Remote Desktop Gateways and/or network load balancers. Please read this article and watch the step-by-step RDPHard Channel video below to make UDP work properly and verify that it is working.
Step 1 – Make Sure Your Firewall / Edge Device Is Allowing UDP Over the Correct Ports
It’s easy to forget to add the correct port types on your edge firewalls (and session host Windows Firewalls) to support UDP over RDP. If you have your servers connected directly to the Internet (this is not recommended – get them behind Remote Desktop Gateways with MFA authentication please), you need to make sure you’re allowing both TCP AND UDP over port 3389 (or a different port if you’re using port forwarding). In contrast, if you are using a Remote Desktop Gateway, make sure you have an exception for UDP traffic over port 3391, alongside the port 443 TCP exception you created for RDWeb and Gateway traffic. Finally, if you’re running your systems in the cloud (e.g. Azure), you’ll probably need to setup these exceptions as Network Security Rules for the public interfaces connected to the Internet.
Step 2 – Make Sure Your Remote Desktop Gateway Server Has UDP Enabled
In order for a Remote Desktop Gateway to handle UDP traffic, you must enable UDP transport over port 3391 in the Remote Desktop Gateway Manager on EACH Remote Desktop Gateway you’ve deployed into your RDS environment. Also, make sure that on EACH Remote Desktop Gateway you’ve also enabled the Windows Firewall Exception for UDP traffic over port 3391. The video above shows you precisely how to do this.
Step 3 – Make Sure Your Load Balancer Is Configured Properly
If you are running a highly available (HA) Remote Desktop Services environment, with multiple RD gateways and multiple RD connection brokers, you will need to create a load balancing VIP and rule for TCP traffic to/from the Remote Desktop Gateway on port 443, and UDP traffic to/from the Remote Desktop Gateway on port 3391. This is easy to get wrong, so please review the video above, where I walk you through setting both TCP and UDP load balancing rules up on a Kemp LoadMaster appliance. Note that the same rules for a Kemp LoadMaster can be adapted to other hardware and cloud-based load balancers.
Step 4 – Verify That UDP Is Flowing Over RDP At the User Session Level, Using Our Free Remote Desktop Commander Lite tool.
Our free Remote Desktop Commander Lite tool can show you whether or not UDP is in use alongside TCP for any given set of RDP user sessions on your terminal servers. Per the video above, simply download and install it, add in your session hosts, and then right mouse click on sessions to review connection quality metrics.