AVD: How to enable RDP Shortpath for Public Networks?

Since you are on this page, I’m assuming that you have or your clients have AVD implemented and are looking for ways to improve your environment. One of my favorite features is RDP Shortpath for Public Networks. Why? Clients and hosts are usually connected using something called “reverse connect”, which sends TCP outbound traffic through AVD gateway (using TCP 443) to the client machine. Due to this, there can be high latency, which can, for example, delay watching videos.

RDP Shortpath is a feature of Azure Virtual Desktop that establishes a direct UDP-based transport between Remote Desktop Client and Session host. RDP uses this transport to deliver Remote Desktop and RemoteApp while offering better reliability and consistent latency. For a complete overview please check the Microsoft doc.

Take a look at the diagram of RDP Shorpath Network Connection.

You can clearly see (red pointer) direct connection with RDP Shortpath compared to Reverse Connect.

Let’s see how it looks from the client’s perspective.

If you compare with UDP and Original, you can see that TCP is still behind and delayed.
Picture is captured from Microsoft blog post.

What steps should I take to implement this?

First of all, I would like to note that RDP Shortpath for Public Networks is still in preview, but I think it works great. I have not encountered any problems either in my testing environment or at clients’ sites.

Implementation is very simple.

To enable RDP Shortpath for Public Networks, follow these steps:
  1. Connect to the session host
  2. Open the elevated command prompt
  3. Enable the RDP Shortpath for public networks.
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations" /v ICEControl /t REG_DWORD  /d 2 /f

To disable RDP Shortpath for Public Networks, follow these steps:

Follow the steps below to configure session host:

  1. Connect to the session host
  2. Open elevated command prompt
  3. Disable the RDP Shortpath for public networks.
REG DELETE "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations" /v ICEControl /f

How can I tell if RDP Shortpath is enabled?

You can check if RDP Shortpath is working in many ways. If you want to verify that each client is using, you should look at Insights (Log Analytics).

From Azure Portal using Azure Virtual Desktop Insights

  1. Go to portal.azure.com > Azure Virtual Desktop > Insights > Connection Diagnostics > scroll all the way down to “Connection activity browser for Last 48 hours” – select the user and on the right side you can see information about ShortpathRequested and Established. See below.

From Azure Portal running a Query from Log Analytics

  1. Go to portal.azure.com > open Log Analytics Workspaces > select your workspace > under General click on Logs and run a Query.
| where Name contains "Shortpath"

What is the best way to check if RDP Shortpath is working from the clients’ machine?

This is probably the most common way to find out if RDP Shortpath is enabled.

  1. Once you establish connection from the client side (your/clients computer), check connection information. See below.
Click on Connection information to get the details.

Once you open Connection information, show details.

Here is an example when RDP Shortpath is not enabled. TCP is still active as can be seen.
Here is an example of RDP Shortpath enabled. The latency decreased by 11 ms. In my example, I’m in a completely different region and the numbers are higher. The numbers will be different for you.

RDP Shortpath does not work after I’ve done all of this. It still shows TCP. How can I fix this?

  1. Try rebooting your Session Host.
  2. Define your host pool as a validation host pool.
How to set Validation environment to Yes?
  1. Sign in to the Azure portal at https://portal.azure.com.
  2. Search for and select Azure Virtual Desktop.
  3. In the Azure Virtual Desktop page, select Host pools.
  4. Select the name of the host pool you want to edit.
  5. Select Properties.
  6. In the validation environment field, select Yes to enable the validation environment.
  7. Select Save to apply the new settings.
Set Validation environment to Yes.

Does this work on Mac clients?

When connecting from Macs, it does not work. I tested this, and it always routed through TCP for some reason. I could not find any word about this on the Microsoft docs page.

Unfortunately, on Mac – only TCP.

That’s all there is to it. If you have any questions or issues, please let me know. I’m always here to help.

1 Comment

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.