Windows Server 2022 Remote Desktop Gateway UDP support

Ed Seidman 1 Reputation point
2022-10-07T15:06:04.937+00:00

In our testing with Windows Server 2022 we seem to be unable to get UDP connections working.
Was this a product change? We can't seem to find any documentation on this change.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,285 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,294 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Milan Kiss 1 Reputation point
    2022-11-11T22:12:28.283+00:00

    Hello Ed!

    If everything else is configured correctly, it is probably failing the DTLS handshake between the client, and the Gateway. If you record a Wireshark trace, you can see constant "Client Hello" packets from your client without answer from the Gateway. Please, take a look at the following registry value on the Gateway for the list of the allowed ciphers:
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
    Value: Functions

    You either need to add the missing ones which is supported by your client, or completely get rid of the "Functions" value (and reboot the Gateway).

    All the bests,
    Milan

    0 comments No comments

  2. Ed Seidman 1 Reputation point
    2022-12-01T18:32:58.927+00:00

    Hi @Milan Kiss ,

    We did not do the Wiresharek traces. But we have added below ciphers at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002:

    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GC
    M_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_1
    28_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_W
    ITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_
    RSA_WITH_AES_128_CBC_SHA256.

    Added these ciphers on windows server 2022 RD gateway and cluster, still UDP connections were not established only HTTP connections were established.

    Any further suggestions? Should we work to get the wireshark traces?

    Thanks, Ed


  3. TP 79,056 Reputation points
    2022-12-01T19:35:50.68+00:00

    Hi Ed,

    Do you have a description of your configuration, source client, target server, tests performed, etc.? I've not had an issue using UDP with Server 2022 so far. Some things to check:

    1. Is your RD Gateway server listening on UDP port 3391? Use netstat to check
    2. Do all firewalls between the client and your RD Gateway permit UDP 3391?
    3. Is the target server listening on UDP port 3389 and its firewall allow UDP port 3389?

    266275-server-2022-rdg-udp.jpg

    0 comments No comments

  4. Azul33458 0 Reputation points
    2023-01-13T05:14:09.0533333+00:00

    We're having this same issue on a Server 2022 RD Gateway/Connection broker with Server 2019 session hosts.

    We've spent a tremendous amount of time on this going through encryption settings, cipher suites, quadruple checking the configuration, etc.. I don't believe there is anything we haven't tried. The symptoms are almost exactly as described by Milan Kiss. We see the UDP packets come in, but UDP is never negotiated and we receive an schannel error about a TLS error.

    0 comments No comments