I had wired situation with Windows RDP connection, when connected to server straight from another server or workstation, the performance was fine without any interruption. but once connected through SSL-VPN tunnel the performance was really slow and the RDP session got stuck and disconnected often, especially when a lot of graphics was involve or internet browser open graphic rich webpage . Working with SMB was fine all along, and even when disconnected from RDP session occur there were not network interruption or SSL-VPN disconnection. The solution I have found was to lower the encryption level of the RPD protocol to 1 . Encryption level 3 is the default, this is the command I used :
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting WHERE TerminalName="RDP-Tcp" CALL SetEncryptionLevel 1 wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting WHERE TerminalName="RDP-Tcp" CALL SetSecurityLayer 2
- Low level of encryption. Only data sent from the client to the server is encrypted using 56-bit encryption. Note that data sent from the server to the client is not encrypted.
- Client-compatible level of encryption. All data sent from client to server and from server to client is encrypted at the maximum key strength supported by the client.
- High level of encryption. All data sent from client to server and from server to client is encrypted using strong 128-bit encryption. Clients that do not support this level of encryption cannot connect.
- FIPS-compliant encryption. All data sent from client to server and from server to client is encrypted and decrypted with the Federal Information Processing Standard (FIPS) encryption algorithms using the Microsoft cryptographic modules. FIPS is a standard entitled “Security Requirements for Cryptographic Modules”. FIPS 140-1 (1994) and FIPS 140-2 (2001) describe government requirements for hardware and software cryptographic modules used within the U.S. government.
You need to remember when lowering the encryption level you expose the server to vulnerabilities fixed by higher levels !!!
1. Can we set it when we connected to a particular server?
or do we set it on the server itself?
2. If we have a Thin Client or on Linux how does one set this?
Please & Thanks.