RDP connections to terminal servers are extremely slow, logging in takes abnormally long for a user. Disabling the F-Secure security features does not help. The servers are Microsoft Farm Load Balancing Servers.
To confirm if the issue is caused by the F-Secure Firewall profile, Disable the F-Secure firewall profile completely by following the steps on the Server:
1. You can type the following in the elevated command line to stop F-Secure Server Services:
net stop fshoster
net stop fsulhoster
net stop fsulnethoster
net stop fsnethoster
net stop fsulorsp
2. Navigate to the location at C:\Program Files (x86)\F-Secure\Server Security and rename this DLL file fs_manageable_win_firewall_32.dll to for example fs_manageable_win_firewall_32_old.dll
3. You can start all Services back
net start fshoster
net start fsulhoster
net start fsulnethoster
net start fsnethoster
net start fsulorsp
Once the file has been renamed, test if the slow login issue can be reproduced. If renaming improves the connection, then you need to create a firewall rule to fix the issue.
Note: If the Connection Broker says redirect to another server, the terminal server sends a message back to the RD Client with the IP address of the server that it needs to connect to. Therefore, if the client is on an external network, the client's outbound firewall rules need to open up port 3389 for all the IP addresses of the terminal servers. Likewise, the firewall on the network for which the terminal servers belong to need to allow inbound connections to the terminal servers.
Load Balanced Ports & Services:
Create a firewall rule, where you allow RDP connection between your server and clients. The rule set consists of the protocols for load balanced Ports.
Protocol Port Purpose/Role Service
TCP/HTTPS 443 HTTPS (RD Gateway, RD Web Access)
TCP/UDP/RDP 3389 RDP (UDP transport was added in RDP V8.0)
UDP 3391 RDP (RD Gateway)
A custom firewall rule (service) for F-Secure Client Security or Server Security can be created either through F-Secure Policy Manager Console or locally on the workstation where Client has been installed on.
To add a custom firewall rule through the Policy Manager Console, see Adding firewall rules in the Policy Manager Help Guide.
Article no: 000028296