On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session.
In a lot of this cases the quick solutions made by the customers are even more worse than the problem it self: 3rd party remote solutions without encryption, authentication or any care about Information privacy. I don't like it when things like this happen, because changing to other solutions without any benefit is bad for our business.
What I will to show other people in this article is, that RDP is something you have to care about in the sense of putting more work and thoughts into it's further development, because it's THE remote tool of a windows administrator (was until powershell :-).
First, RDP is equal to a service/role/feature on a server and even if you don't use the full Terminal Service from Microsoft, it is something you should care about. Most people care in way of applying critical hotfixes to servers or workstations on a regular basis and avoiding service packs for a long time. I think Microsoft already knows about this and applies cool features in smaller updates and not only in full SP's.
Great isn't it?
NO, the problem most people are facing is that they are not enough into the Microsoft patch world (or don't have enough time to get into it) or just underestimate the chances hiding behind all the other (non-critical, non-security) updates out there. Let's take a look at most WSUS server configurations. I am pretty sure most company's automate only the download of the most critical security updates to servers (hopefully to clients too) and only for the languages, client/server versions they are using. This has many good reasons, cause a WSUS server can get very big in terms of disc size and with every additional client/server version, Software like IE, .NET, Silverlight it takes more effort to keep the feeling "Updates are under MY control" and BAD updates won't harm my network.
The lucky people out there, have Microsoft Server 2008 R2/Windows 7 installed, no mixed environment with older Microsoft clients can jump to "What else can be done"
in this article.
Windows XP is deployed with 5.1.2600.2180
(Check details of MSTSC.exe) and SEVEN/Server 2008 R2 for example with 6.1.7600.16385
. To get a feeling for changes MS made to the protocol, take a look at this great performance whitepaper on RDP 5.1 to 6.1: Microsoft RDP Performance Whitepaper
More resources on RDP 7.0:
Remote Desktop Protocol Performance Improvements in Windows Server 2008 R2 and Windows 7: RDP 7.0
Windows Server 2008 R2 and Windows 7: More Secure Together
To benefit from the better performance and security (I like the overall experience not only the performance) and I hope you encounter less errors, you need to:
Windows XP SP2 must be upgraded to SP3 first
WSUS must be configured to deploy "normal" updates to
Vista needs at least SP1
and then deploy over WSUS:
Update for Windows XP, x86-based versions:
Update for Windows Vista, x86-based versions
Update for Windows Vista, x64-based versions:
This can lead a lot of client updating, but we can sort things out like this:
Administrators working remote on different sites have to get the update first
Servers on remote sites really need it
Branches and mobile users working over RDP can really benefit from this update (and of cause all administrators supporting them)
I was pretty surprised, after updating a branch office to 6.0 (server 2003 SP2 over 2 MBit MPLS) and 6.1 (XP SP3), working in a remote session was much better/faster then before. From this Point we could even work with two or three administrators on the remote site (we could do that before of cause, but you know what a slide show looks like).
What else can be done:
Your workflow in RDP assistance can also be enhanced by using Remote Desktop Connection Manager (RDCMan). This tool gives a lot of advantages to you (some people reported problems on Windows 7 SP1
Installs the newest RDP files ;-)
Save/Organize RDP connections as shortcuts like myserver1 (DNS), myserver2 (DHCP), Server 3 (DNS,ADDS,WSUS)
Sort the shortcuts
Save RDP connections preconfigured with different login credentials (per Server or Location)
Connect/Disconnect all Servers at once in a location (group)
On 1920x 1024 resolution you can look at4 RDP Sessions at once on your screen
Download RDCMan from MS : RDCMan
Some common errors I came across:
Most errors with RDP were caused by graphics card driver or network configuration.
A complete notebook series from a well known vendor, Intel HD Graphics, caused me a lot of headaches once. BSOD when I tried to remote assist a user working with this notebook, in a branch office, far far away ....
I flashed the bios, updated all drivers, removed software from the vendor, even tried a clean install only using the most critical drivers, still a BSOD after user accepts my remote assistance attempt.
Change Resolution to whatever lower resolution and back to your higher preferred resolution. Done.
YES, I had to take a deep breath to accept this and believe me, I did a lot of testing to be really sure this was the true and only solution of the problem. IT was.
People from our team tried to RDP into their Work-pc's from home. nothing, after that a ping to the work-pc died a lonely death.
Next day we found the workstations frozen at the login screen of windows XP. This time someone luckily remembered that the Nvidia Detonator Drivers were update on some of the workstations. We changed to another driver version and RDP was working again.
I don't remember the full solution of this one but, a restart of RDP was forced by firewall/VPN misconfiguration, where strict access lists and/or wrong NAT prevented the client to send the stream/authentication back to the initiator of the RDP session.
No RDP connection to server = NIC teaming/bonding misconfigured.
More problems resolved:
Some Applications like PDF Readers, 3rd party file explorers show glitches, black lines when scrolling or resizing the app window.
Get's better with newer OS versions and newer RDP versions
Try different PDF Reader
Try newer/sometimes older graphics card driver
Long story short, it pays to think more about RDP, because it's THE tool that makes your life as windows administrator easier and the satisfaction of end-users working on remote systems is what we are paid for. You can spend money, time and effort on additional 3rd party remote software, but I don't think you will get a cheaper or securer solution like RDP (I know it's not perfect).
Keep in mind that the RDP feature is kind of a "use for free" , "use only limited at once" , "use it as administration, remote working once in a while" and not as "hundreds of teleworkers all day remote tool", because this is a special discipline for which Microsoft offers additional services and company's like CITRIX build even more specialized solutions for this.
I hope this was informative and good luck!