Troubleshooting tips for VDI deployments
A comprehensive collection of articles, videos and more, hand-picked by our editors
Remote desktop connectivity is usually reliable, but things can and sometimes do go wrong. Here are five common remote desktop connection problems that you can prevent and solve easily.
1. Network failure
One of the most common remote desktop issues is a failure of the underlying network. To check for connectivity, try plugging a laptop into the network port from which the user is trying to connect, and use the Ping or Tracert command to see if it's connected to the host server or connection broker. Keep in mind that testing remote desktop connectivity this way will only work if you allow ICMP packets through your network firewalls.
If the problematic user is connecting remotely through a VPN or Terminal Services Gateway, the problem could be related to the user's machine, the VPN or gateway, or your remote desktop infrastructure. With these types of remote desktop issues, you’ll have to use process of elimination to diagnose the problem. For example, try connecting to the VPN using a properly configured client computer and a reliable user account to see if you can establish remote desktop connectivity.
2. Firewall problems
It's easy to dismiss the notion that a firewall could contribute to remote desktop connection problems, but it's actually quite common. To avoid problems with the firewall, ensure that the port your remote desktop software uses is open on all firewalls between the client computers and the server they connect to.
The tricky part is that you may need to configure multiple firewalls. For example, the client and the server may both run the Windows Firewall, or there may be multiple hardware firewalls between the two systems. Plus, the port number that should be open on the firewalls differs from one virtual desktop infrastructure (VDI) product to the next. (If you use a Remote Desktop Protocal-based tool, these use port 3389 by default.)
3. SSL certificate issues
Security certificates can also cause remote desktop connectivity problems. Many VDI products use Secure Sockets Layer (SSL) encryption for users that access VDI sessions outside the network perimeter. However, SSL encryption requires the use of certificates, which brings two remote desktop issues into play.
First, if the remote desktops are going to connect properly, client computers must trust the certificate authority that issued the certificate. This isn't usually a problem for organizations that purchase certificates from large, well-known authorities, but clients won't always trust certificates that an organization generates in-house. Use a reliable certificate authority to ensure that clients establish remote desktop connectivity.
The client must also be able to verify the certificate that the server is using. The verification process can break down if the certificate has expired or if the name on the certificate doesn't match the name of the server that's using it, so make sure your certificates are up to date.
4. Network-level authentication
In Windows Server 2008 R2, Microsoft's Remote Desktop Services is designed to use a security feature called Network Level Authentication. The basic idea is that the session host must authenticate the user before a session is created. Not only does network-level authentication improve security, but it also helps decrease the amount of VDI resources the session uses.
More on remote desktop connections:
Evaluating remote desktop connection brokers
Remote Desktop Connection tool resolves Vista and XP snafu
The basics of Remote Desktop Services: The connection broker
Network-level authentication can prevent remote desktop connection problems later in the session, but it's not supported by all remote desktop clients. If you use Microsoft clients, you can determine whether they support network-level authentication by clicking the feature's icon in the upper left corner of the Remote Desktop Connection menu and choosing About from the resulting menu. The client will explicitly state if it supports Microsoft's Network Level Authentication.
If you don't see the message that your client supports it, you can either upgrade the client component or disable the requirement for network-level authentication on your VDI servers. Keep in mind that Network Level Authentication is also sometimes enabled through Group Policy settings.
5. Capacity exceeded
Finally, you could experience remote desktop connectivity issues if you exceed the infrastructure's capacity -- perhaps you've run out of virtual desktops or VDI licenses. Some VDI implementations also refuse client connections if the server is too busy or if launching another virtual desktop session would weaken the performance of existing sessions.
Most of these remote desktop connection problems can be prevented with just a little pre-planning. Make sure your SSL certificates are updated, configure firewalls correctly and keep an eye on your VDI capacity.
About the author:
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.