Forum Discussion

nicolasriderelli's avatar
nicolasriderelli
Copper Contributor
Jan 19, 2022

VM Connection very often gets disconnected

Hello!  I'm seeing a lot of disconnects in my hostpools.  Just in the last 24 hours, a user had the following The connection from the client to the Windows Virtual Desktop service was terminated u...
tejas_memane's avatar
tejas_memane
Icon for Microsoft rankMicrosoft
Apr 26, 2023

HI KevHal, This is the solution, for all facing disconnections, the new RDP client comes with a by design addition of rdp shortpath, you need to disable it,

I suggest to this 

You can easily disable the feature by disabling the following GPO: Enable RDP Shortpath for managed networks
It is under Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop.
More information, here: Configure RDP Shortpath - Azure Virtual Desktop | Microsoft Learn
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
Select RDP transport protocols. Set it to Enabled, then for Select Transport Type, select Use only TCP.
Gpupdate /force after thatn and reboot the server just in case.
David_Lafferty's avatar
David_Lafferty
Copper Contributor
May 18, 2023

tejas_memane 

 

 I did this on the Session hosts. Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
Select RDP transport protocols. Set it to Enabled, then for Select Transport Type, select Use only TCP.

 

ConnectionFailedClientDisconnect (-2147467259)

SocketConnectionTimedOut (1796)

TransportClosedUnexpectedly (516)

I have all the updated Verions of the Remote Desktop App 1.2.4159.0 and  they just came out the a new updpate 1.2.4240.0 i have to update on all client machines.

 

Im suppost to be setup with a Phone call with Microsoft Support Engineer and its already been 3 days without a phone call.  Im not sure why Microsoft Support doesnt Call back.  I was told they have High Call Volumes now and that it may take 1 to 3 day to call me.  We/The Client pays a lot of Money to run their infrasture in Azure, We pay for alllllll of the Microsoft licenses and they are expensive.  Microsoft really needs to fix these issues.  This just doesnt make a good Cloud Experience for no one.  Customers complain, and it makes us look bad and incompetent in the perception of our clients."   I hope Microsoft gets us all some sort of Resolution.

  • Tejas5190's avatar
    Tejas5190
    Copper Contributor
    Aug 15, 2024

    HI David_Lafferty< apologies for the late reply.

    If you want, you can find me here http://www.linkedin.com/in/tejas-memane

     

    I will explain what and how it's happening for everyone.

    consider

    The avd diagram first https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-shortpath?tabs=managed-networks

    This article is also helpful for your configuration.

    Over here there are 3 steps to get your avd session active.

    1.Color Purple Line
    Your user on his Laptop will open the RD client app or the WebPortal, and will try to access his subscription. You will be prompted for a 1st auth with your domain creds.

    This is represented by the Purple line. depending on your setup if its hybrid, on prem or only cloud, Auth request will flow to where your DC is located, and it will be allocated a token after successful verification.

    2. Color Red Line
    Once you're in, you will be redirected to the web access link while in backend Azure will find your Authorization stored in SQL Database and it will display your available resources i.e Apps or Desktops sessions hosts.

    3. The Blue Line.

    Now once you're here, you click on the session desktop or app and may or may not get another cred prompt for auth depending on SSO is enabled or not. 

    This is a representation of the user session by "Reverse connect" and not direct access as inside with RDP Or MSTSC access to the User session. 

    Eg. You visit a restaurant so and you sit at a table, you order what you want to the Waiter and donot barge into the Restaurant Kitchen directly. 

    Similarly, here all the requests are managed over the RDGateway.
    Now all this Traffic is being managed by TCP 443 and is reliable but at the same time there are overheads on these packets hence it's like a Metro train stopping at every station and picking up passengers causing delays.

    As per AVD design recommendations the AVD Resources should be close to each other as possible.

    But in real world it's not possible In WFH situations and if you go through the entire way to your destination, which may cause the RTT time to go over 200 MS leading to disconnections. 

    ConnectionFailedClientDisconnect (-2147467259).

    you can check this in the diagnostic logs or also in the sign in logs.

    KQL may give added info.

    See this website for delay predictions as per your own location and compare the RTT https://www.azurespeed.com/
    You will notice that this may be lower or higher for you.

     

    Now the fun Begins.


    I have handled cases where the Customers resources are located in same location, but they face constant disconnections.

    Here the culprit is UDP traffic over undefined network routes and NVA hops.


    4. UDP traffic is shown by the Dotted Lite Blue line at the top.
    If you see RDP short path removes the TCP way from picture and connects directly to the machine, however it has its own pros and cons, i.e. speed but with compromise on stability.
    This connection may be strong if the below things are maintained and well configured.

     

    UDP traffic is shown by the dotted lite blue line at the top.
    This is direct and fast but may be unreliable given the nature of UDP.

    it may be as low as 1 ms. you can what's your connection type by clicking on the 4 blue connection bars symbol which will say TCP Websocket or UPD.

     

    In order to have a good connection i will recommend you, to get RDP short path Configured 
    Make sure you select your environment if its managed or public shortpath solution.

    you may have to take in consideration the NVA devices which may cause WAN flapping see article https://networkencyclopedia.com/flapping/#:~:text=Essentially%2C%20route%20flapping%20occurs%20when%20a%20network%20path,bandwidth%20consumption%2C%20and%20in%20severe%20cases%2C%20network%20outages.
    If the route is not defined clearly in Azure disconnections will follow as this will disconnect causing problem to reach the IP of your physical Machine in datacenter unit allocated to you.
    Also, in public networks as of now there are STUN and Turn servers, there route your traffic, hence need to properly configure by your net team. 
    Also Turn is still in preview so may fail so stick to stun.

     

    If you want to stick to TCP Disable the RDP Short Path so traffic will not flow over UDP.

     

    The gist is these disconnections are based on location of resources and their point of loci, system environment configuration and network pls don't confuse it with the isp speed per.

    Feel free to reach out to me for any queries.
    If you still face issue DO NOT open case with AVD Team Instead open it with AZURE NETWORK Team who can help you.

    For Configuration of RDP Short path you can check with your Cloud Solutions architect for consultations.

    Forgive me for any mistakes if made in the reply.

    I hope you the best.

     

    Thanks, and Regards

    Tejas Memane

    MS Global SME Azure

     

     

     

     

     

     

     

Resources