Main Contents

Speed up RDS Gateway Initial Connection

February 3, 2011

Using a Remote Desktop Gateway (RDP over HTTPS) for Remote Desktop Services (RDS, or formerly known as Terminal Services) works great, except the initial connection time can be long, even up to 30-45 seconds. I discovered that this is because the RDP client attempts to connect over port 3389 first. If your firewall is designed to ignore connection attempts then the RDP client will need to time-out before trying HTTPS. This causes the delay. To speed it up, configure your firewall to actively deny traffic on port 3389, or send a RST (Reset Flag) packet. For example, on a Cisco PIX firewall, it will look something like this:

access-list outside_in deny tcp any host my.public.ip.address eq 3389

Can’t get the above working on an ASA, though.

With iptables, this:

iptables -A FORWARD -i $PUB_IF -p tcp --dport 3389 -j REJECT --reject-with tcp-reset

Filed under: Microsoft, Network, Windows |

Sorry, the comment form is closed at this time.