I've got an RDS 2019 setup with published desktops and remoteapps, configured to use the Azure AD Application Proxy.
I've followed all steps here- https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-integrate-with-remote-desktop-services
and here https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-application
I've configured it for pre-auth, but since this wasn't compatible with the Mac RDS clients we switched back to pass-through, so the proxy is just operating as a simple web-proxy and really not doing anything fancy.
Through consistent testing both through the published address that uses the Azure AD Application Proxy and an address that routes right into my network via IP address I've confirmed considerable lag spikes through the proxy that do not exist when going through the direct address. Also users get significantly more short disconnects throughout the day. Also occasionally the RDS Web Access Portal (IIS website) becomes inaccessible through the proxy for a few seconds at a time, whereas these drops do not occur through the direct address (we setup alerts on both to monitor).
I've monitored my organizations bandwidth usage at the times when the lag and disconnects occur (they happen in spikes and the lag can linger for long periods of time but there does not seem to be any consistent pattern to the times or regularity that they occur at) and we are well below our highest traffic at these times (200mbps pipes, with around 80-100 users in RDS we're usually only using between 20-30 mbps)
I'm stumped. I read on an old forum post that the Azure Application Proxy didn't handle UDP properly for RDS, is that the case? I pushed for the proxy in our architecture and have asked for patience in my organization while we worked on this because it's a Microsoft support product and configuration, I'm baffled that I'm not finding more about this anywhere (either the configuration, troubleshooting techniques, or this particular issue).
I have the gateway, connection broker, webserver and licensing components on one server, and around 8 servers operating as Session Hosts with different applications and configurations. All of these servers are filthy rich with resources on high end newish hyper-v servers, and as I said have no issues with performance either inside of my network or outside of it connecting through the direct address, these issues ONLY occur when routing through the Azure AD Application Proxy.
Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 2%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 11%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 76%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 30%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEY%3C/text%3E%3C/svg%3E)