Category: Azure

RDP ShortPath for Azure Virtual Desktop

By

On November 5, 2023

In Azure

What is RDP Shortpath?

Remote Desktop Protocol (RDP) by default uses a TCP-based reverse connect transport as it provides the best compatibility with various networking configurations and has a high success rate for establishing RDP connections. However, if RDP Shortpath can be used instead, this UDP-based transport offers better connection reliability and more consistent latency.

Shortpath over Public networks Overview

Overview

UDP is enabeled by default. Client and AVD Host must be allowed to use udp.

Network configuration

Details can be found here: https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-shortpath?tabs=public-networks#session-host-virtual-network#

Session host virtual network

NameSourceSource PortDestinationDestination PortProtocolAction
RDP Shortpath Server EndpointVM subnetAnyAny1024-65535
(default 49152-65535)		UDPAllow
STUN/TURN UDPVM subnetAny20.202.0.0/163478UDPAllow
STUN/TURN TCPVM subnetAny20.202.0.0/16443TCPAllow

Client network

NameSourceSource PortDestinationDestination PortProtocolAction
RDP Shortpath Server EndpointClient networkAnyPublic IP addresses assigned to NAT Gateway or Azure Firewall (provided by the STUN endpoint)1024-65535
(default 49152-65535)		UDPAllow
STUN/TURN UDPClient networkAny20.202.0.0/163478UDPAllow
STUN/TURN TCPClient networkAny20.202.0.0/16443TCPAllow

Result

Shortpath Managed networks

For managed networks you can also establish an direct connection from your enddevice to the session host via Express Route or a Site-2-Site VPN.

To enable this you need to do the following:

  1. enable shortpath on session host

admx files can be downloaded here: https://aka.ms/avdgpo

  1. Windows Firewall – allow port 3390
New-NetFirewallRule -DisplayName 'Remote Desktop - RDP Shortpath (UDP-In)' -Action Allow -Description 'Inbound rule for the Remote Desktop service to allow RDP Shortpath traffic. [UDP 3390]' -Group '@FirewallAPI.dll,-28752' -Name 'RemoteDesktop-UserMode-In-RDPShortpath-UDP' -PolicyStore PersistentStore -Profile Domain, Private -Service TermService -Protocol UDP -LocalPort 3390 -Program '%SystemRoot%\system32\svchost.exe' -Enabled:True
  1. Set group policy setting on clients

Result

Deploy Azure Virtual Desktop (AVD) on Azure Stack HCI

By

On January 3, 2023

In Azure, HCI, microsoft

This post will be a short guide through all steps without HCI Setup.

Requirements

After you have deployed your HCI Cluster successfully you will have your cluster resources within the azure portal. Once you click on that cluster you will find the following overview.

As you can see as well all prerequisites are met. These prerequisites are:

Deployment

Now you can click on “DEPLOY” to start a custom deployment:

most of the informations are clear, but these 3 were a bit tricky for me 😉

LOCATION

The location you will find within your Azure ARC resources. (Azure Portal > Azure Arc > Custom Location > Properties > ID

IMAGE

To finde the Image id it is required to add at least one image to azure stack.

You have three options to add an image:

The easiest way to get started is to add an azure marketplace image. I have already added “Windows 11” and “Windows Server” to my list. After adding an image go to azure portal > azure stack hci > vm image > “windows11” now copy the url from your browser – that must look like this:

https://portal.azure.com/#DOMAIN/resource/subscriptions/SUB_ID/resourceGroups/RG-NAME/providers/microsoft.azurestackhci/marketplaceGalleryImages/IMAGE-NAME/overview

remove /overview at the end und copy that url to your custom deployment.

NETWORK

Go to Azure Stack HCI > Your HCI Stack > virtual networks > and copy the browser URL that must look like this: https://portal.azure.com/#@DOMAIN/resource/subscriptions/SUB_ID/resourceGroups/RG-NAME/providers/Microsoft.AzureStackHCI/clusters/CLUSTERNAME/virtualnetworks

and add your virtual network name to the end like this:

https://portal.azure.com/#@DOMAIN/resource/subscriptions/SUB_ID/resourceGroups/RG-NAME/providers/Microsoft.AzureStackHCI/clusters/CLUSTERNAME/virtualnetworks/NETWORKNAME

Issues during deployment

My first deployments failed and I wasn’t sure why. After I checked the deployments within my resource group and checked my inputs to the last failed one

I found that my VM tries to get access to the following URL. That was blocked so I copied that script and created my own https url as a workarround.

To change that URL only “redeploy” of one of the last deployments gives you the option to change that URL

After Deployment

After that deployment I had my VM up and running on my azure stack hci. It was domain joined but the avd agent was mising. I installed that avd agent manually. Now I was able to see that host within the azure portal.

Successful Connection

and here we go I was able to get a connection

Powered by WordPress & Theme by Anders Norén