I ran into this issue again today so I thought I would share. I had a client who was experiencing very slow performance from his Remote Desktop Client to several servers he was accessing via TS Gateway. The problem turned out to be related to a feature found in Remote Desktop Connection 6.0 and higher. RDC 6.0 leverages the Receive Window Auto-Tuning feature found in Windows Vista and Windows 7. The problem is that the Receive Window advertised is much larger than it was in Windows XP which allows more data to be sent in larger, faster bursts. This is fine in a LAN environment but, when coming in via a WAN connection and then encapsulating the RDP traffic into an SSL stream, the net result was a lot of packet fragmentation. The following command will set the Receive Window to a more conservative value and consequently improve overall Remote Desktop performance.
netsh interface tcp set global autotuninglevel=highlyrestricted
Here’s the link to the original article that explains the problem in greater detail. Thanks guys!
Remote Desktop Slow Problem Solved
Windows Server 2008 introduced a new service called Terminal Services Gateway. It was renamed Remote Desktop Gateway in Windows Server 2008 R2. Its main purpose is to tunnel RDP traffic from a Remote Desktop Client to a Terminal Server farm. However you can also use it as an endpoint for any Windows workstation or server with Remote Desktop enabled via a single public IP address.
All you have to do is add all computers that you wish to remotely access to the TS RAP (resource allocation policy) in the TS Gateway configuration. Install an SSL certificate and publish the TS Gateway server out to the Internet allowing port 443 into it.
Then on the Remote Desktop Client click on Advanced tab and then the Settings button under “Connect from anywhere”. Finally enter the server name that you published out for the TS Gateway server. You can now go back to the General tab and enter any computer name that you added to the TS RAP policy and connect.
That’s it. No VPN’s, only a single publishing rule on your firewall and everything is encrypted via SSL.