Link to home
Create AccountLog in
Avatar of AA-in-CA
AA-in-CA

asked on

RDP over VPN to Server 2012-based hosts is sluggish with many disconnects, Server 2008-based hosts experience normal performance

Consider the following scenario:

We have multiple customers with mixed environments of Server 2008 R2 and Server 2012 R2 VMs.  To access those servers for administrative purposes, we VPN to each customer's site with Sonicwall Global VPN clients, then RDP to each machine.

When we RDP to VMs running Server 2008/2008 R2, session performance is normal, and disconnections/hangs are rare.  When we RDP to 2012/2012R2 VMs with equivalent hardware resources, on the same network, and sometimes even on the same hypervisor, the RDP connection quality meter shows only one or two "bars", sessions are sluggish, and disconnections are constant.  Sometimes I have to reconnect to the same VM 6 or 7 times in a ten minute period.

Here's where it gets interesting:  if you're actually on the customer's network (say by sitting at one of their PCs) and RDP to the 2012 VMs having trouble, session performance is perfectly normal.  In other words, it's only when VPN access is used, that performance suffers.  Which suggests something about the VPN or the firewall it traverses is misconfigured, but if that's true, why is RDP session performance for 2008-based VMs unaffected when we VPN in that same way?

As I said, we ruled out hardware resource limitations.  I also tried turning off all client redirection features (printers, audio, etc.), and downgrading the color and other 'visual experience' settings, to no avail.  And the performance problems occur when RDPing over VPN from multiple Windows PCs, running everything from 7 to 8.1, so it's not just my machine that's having trouble establishing stable sessions.

Any thoughts?
Avatar of David Needham
David Needham
Flag of United Kingdom of Great Britain and Northern Ireland image

Can I take it that there are absolutely no differences with regards to the routes into the network for both sets of VPN users?  Also, assuming that the VPN service is run over the same circuit as is used for general internet access, have you had any reports of problems browsing by the users?
Avatar of AA-in-CA
AA-in-CA

ASKER

Hi David,

1)  No differences.  When we VPN in, RDP traffic travels to 2008 and 2012 VMs along an identical path.  This is the case at multiple customer sites, which are completely unrelated to each other.  It also happens if I VPN in from another location as the starting point, like my home (it occurred to me that maybe our office was the problem, but that doesn't seem to be the case).

2)  No problems reported by users.
What firewLl/vpn hardware are you using?
Sonicwall Global VPN client and various TZ-series Sonicwall routers (which have a VPN module you can license).  We 'dial out' to the routers with the client, and then we're on the client's network.
SOLUTION
Avatar of David Needham
David Needham
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I'd agree that it's the SonicWall dropping the UDP packets.  Glad that you've sorted it! :)
Glad you found the fix. Cheers!
My solution was the only immediate fix--the posts that were marked as assisting me were likely to find a root cause, but that's unnecessary at this time.