Issue:
RDP connections to terminal servers are extremely slow, logging in takes abnormally long for a user. Disabling the F-Secure security features does not help. The servers are Microsoft Farm Load Balancing Servers.
Resolution:
To confirm if the issue is caused by the F-Secure Firewall profile, Disable the F-Secure firewall profile completely by:
- Go to your Terminal Server locally C:\Program Files (x86)\F-Secure\Server Security and rename this dll file fs_manageable_win_firewall_32.dll to for example fs_manageable_win_firewall_32_old.dll
Once the file has been renamed, test if the slow login issue can be reproduced. If renaming improves the connection, then you need to create a firewall rule to fix the issue.
Note: If the Connection Broker says redirect to another server, the terminal server sends a message back to the RD Client with the IP address of the server that it needs to connect to. Therefore, if the client is on an external network, the client's outbound firewall rules need to open up port 3389 for all the IP addresses of the terminal servers. Likewise, the firewall on the network for which the terminal servers belong to need to allow inbound connections to the terminal servers.
Load Balanced Ports & Services:
Protocol Port Purpose/Role Service
TCP/HTTPS 443 HTTPS (RD Gateway, RD Web Access)
TCP/UDP/RDP 3389 RDP (UDP transport was added in RDP V8.0)
UDP 3391 RDP (RD Gateway)
Create a firewall rule, where you allow RDP connection between your server and clients. The rule set consists of the protocols for load balanced Ports.
A custom firewall rule (service) for F-Secure Client Security or Server Security can be created either through F-Secure Policy Manager Console or locally on the workstation where Client has been installed on.
To add a custom firewall rule through the Policy Manager Console, see Adding firewall rules in the Policy Manager Help Guide.
Article no: 000028296