asked on
RDP over VPN to Server 2012-based hosts is sluggish with many disconnects, Server 2008-based hosts experience normal performance
Consider the following scenario:
We have multiple customers with mixed environments of Server 2008 R2 and Server 2012 R2 VMs. To access those servers for administrative purposes, we VPN to each customer's site with Sonicwall Global VPN clients, then RDP to each machine.
When we RDP to VMs running Server 2008/2008 R2, session performance is normal, and disconnections/hangs are rare. When we RDP to 2012/2012R2 VMs with equivalent hardware resources, on the same network, and sometimes even on the same hypervisor, the RDP connection quality meter shows only one or two "bars", sessions are sluggish, and disconnections are constant. Sometimes I have to reconnect to the same VM 6 or 7 times in a ten minute period.
Here's where it gets interesting: if you're actually on the customer's network (say by sitting at one of their PCs) and RDP to the 2012 VMs having trouble, session performance is perfectly normal. In other words, it's only when VPN access is used, that performance suffers. Which suggests something about the VPN or the firewall it traverses is misconfigured, but if that's true, why is RDP session performance for 2008-based VMs unaffected when we VPN in that same way?
As I said, we ruled out hardware resource limitations. I also tried turning off all client redirection features (printers, audio, etc.), and downgrading the color and other 'visual experience' settings, to no avail. And the performance problems occur when RDPing over VPN from multiple Windows PCs, running everything from 7 to 8.1, so it's not just my machine that's having trouble establishing stable sessions.
Any thoughts?
We have multiple customers with mixed environments of Server 2008 R2 and Server 2012 R2 VMs. To access those servers for administrative purposes, we VPN to each customer's site with Sonicwall Global VPN clients, then RDP to each machine.
When we RDP to VMs running Server 2008/2008 R2, session performance is normal, and disconnections/hangs are rare. When we RDP to 2012/2012R2 VMs with equivalent hardware resources, on the same network, and sometimes even on the same hypervisor, the RDP connection quality meter shows only one or two "bars", sessions are sluggish, and disconnections are constant. Sometimes I have to reconnect to the same VM 6 or 7 times in a ten minute period.
Here's where it gets interesting: if you're actually on the customer's network (say by sitting at one of their PCs) and RDP to the 2012 VMs having trouble, session performance is perfectly normal. In other words, it's only when VPN access is used, that performance suffers. Which suggests something about the VPN or the firewall it traverses is misconfigured, but if that's true, why is RDP session performance for 2008-based VMs unaffected when we VPN in that same way?
As I said, we ruled out hardware resource limitations. I also tried turning off all client redirection features (printers, audio, etc.), and downgrading the color and other 'visual experience' settings, to no avail. And the performance problems occur when RDPing over VPN from multiple Windows PCs, running everything from 7 to 8.1, so it's not just my machine that's having trouble establishing stable sessions.
Any thoughts?
* RDPVPNSonicWallWindows Server 2012Windows Server 2008
Last Comment
AA-in-CA
Can I take it that there are absolutely no differences with regards to the routes into the network for both sets of VPN users? Also, assuming that the VPN service is run over the same circuit as is used for general internet access, have you had any reports of problems browsing by the users?
ASKER
Hi David,
1) No differences. When we VPN in, RDP traffic travels to 2008 and 2012 VMs along an identical path. This is the case at multiple customer sites, which are completely unrelated to each other. It also happens if I VPN in from another location as the starting point, like my home (it occurred to me that maybe our office was the problem, but that doesn't seem to be the case).
2) No problems reported by users.
1) No differences. When we VPN in, RDP traffic travels to 2008 and 2012 VMs along an identical path. This is the case at multiple customer sites, which are completely unrelated to each other. It also happens if I VPN in from another location as the starting point, like my home (it occurred to me that maybe our office was the problem, but that doesn't seem to be the case).
2) No problems reported by users.
What firewLl/vpn hardware are you using?
ASKER
Sonicwall Global VPN client and various TZ-series Sonicwall routers (which have a VPN module you can license). We 'dial out' to the routers with the client, and then we're on the client's network.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I'd agree that it's the SonicWall dropping the UDP packets. Glad that you've sorted it! :)
Glad you found the fix. Cheers!
ASKER
My solution was the only immediate fix--the posts that were marked as assisting me were likely to find a root cause, but that's unnecessary at this time.