Version: Remote Desktop Client for MacOS - 10.8.2 (2088).

When connecting to an Azure VM (non-Virtual Desktop), from the moment I attempt to connect a session to the time I'm prompted for credentials is 40 seconds. From the moment I enter my credentials to the time a connection is established is 40 seconds. I'm using an Azure point-to-site VPN. Once the connection is established, performance is good.

I enabled verbose logging, and found the following (note the 40 second delay between log entries in each fragment):

Prior to requesting credentials:

 /Users/runner/work/1/s/source/stack/libtermsrv/rdpplatform/uclient/ucore/prothandlerbase.cpp(261): OnUpdateHandlers()
I|2023-05-06 08:00:59.3510 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Changing state from Disconnected to Connected
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(903): ChangeState()
V|2023-05-06 08:00:59.3510 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> "-legacy-"(DBG): !!!!!Update handlers [0x110a45b90]. Upper:[SSLFilter] Lower:[None]
/Users/runner/work/1/s/source/stack/libtermsrv/rdpplatform/uclient/ucore/prothandlerbase.cpp(261): OnUpdateHandlers()
I|2023-05-06 08:00:59.3510 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Initializing protocol implementation
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(211): OnConnected()
I|2023-05-06 08:00:59.3510 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Checking for redirected server certificate
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(1831): ExtractRedirectedCertificate()
I|2023-05-06 08:00:59.3510 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): No redirected server certificate found
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(1837): ExtractRedirectedCertificate()
I|2023-05-06 08:00:59.3510 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Checking for cached server certificate
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(1860): GetCachedTrustedCertificate()
I|2023-05-06 08:00:59.3510 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): No cached server certificate found
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(1903): GetCachedTrustedCertificate()
I|2023-05-06 08:01:39.5200 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Starting security handshake
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(230): OnConnected()
I|2023-05-06 08:01:39.5200 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Changing state from Connected to HandshakeInProgress

and after entering credentials:

 /Users/runner/work/1/s/source/stack/libtermsrv/rdpplatform/uclient/ucore/prothandlerbase.cpp(261): OnUpdateHandlers()
I|2023-05-06 08:01:52.8840 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Changing state from Disconnected to Connected
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(903): ChangeState()
I|2023-05-06 08:01:52.8840 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Initializing protocol implementation
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(211): OnConnected()
I|2023-05-06 08:01:52.8840 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Checking for redirected server certificate
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(1831): ExtractRedirectedCertificate()
I|2023-05-06 08:01:52.8840 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): No redirected server certificate found
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(1837): ExtractRedirectedCertificate()
I|2023-05-06 08:01:52.8840 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Checking for cached server certificate
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(1860): GetCachedTrustedCertificate()
I|2023-05-06 08:01:52.8840 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Got cached server certificate
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(1886): GetCachedTrustedCertificate()
I|2023-05-06 08:02:33.0450 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> A3CORE(INFO): Checkpoint: OnConnecting: SecuringSessionHostConnection
/Users/runner/work/1/s/source/stack/librdcorea3/a3rdcoreadapter/xuclient_events.cpp(622): OnStatusInfoReceived()
I|2023-05-06 08:02:33.0450 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Starting security handshake
/Users/runner/work/1/s/source/stack/libtermsrv/rdp/LegacyXPlat/Filters/SSL/SslFilter.cpp(230): OnConnected()
I|2023-05-06 08:02:33.0450 -04:00|:0 {1a8b2254-e5f8-4323-8d95-4789715b0000} <0x16fb37000> RDPSECURITYFILTER(INFO): Changing state from Connected to HandshakeInProgress

so it appears it's attempting to connect twice. Once to get the authentication challenge, and once to establish the connection with a credential. The first attempt gets a fresh certificate, the second to connect uses the cached copy.

NOTE: I did previously configure the trust settings to Always Trust the certificate, so the delay is NOT the app waiting for me to accept the certificate. Also, note that the delay in each case is nearly exactly 40 seconds.

Has anyone seen this behavior before? Any fixes or workarounds exist?