Symptom:
When working with a RDS environment that is not connected to the internet, RDP from PSM servers take long time and is usually stuck on "securing connection.."
Cause:
This issue is caused by the local policy on the RDS to try and get Microsoft's CRL list from the internet for each connection. Since the PSMs are isolated from the internet, it takes them around 10-15 seconds to time-out and continue with the RDP connection.
Solution:
In order to solve the issue, please disable the Microsoft CRL lookup for isolated RDS environments. This can be done via the PSM GPO:
- Open the GPO editor and go to Computer Configuration > Windows settings > Security Settings > Public Key Policies
- In the details pane, double-click the Certificate Path Validation Settings.
- In the network Retrieval tab, select Define these policy settings and then clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) check box
- Apply policy on the server ("gpupdate /force" or "gpupdate /sync /boot") and test the RDP again. It should connect immediately.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article