3.6 Example 6: Establishing a Multitransport Connection
This example demonstrates the process of establishing a multitransport connection as described in section 2.5.1.5.
Prerequisites
A valid, non-expired license exists for the client on the License Server.
The RD Session Host server is operational and listening for an RDP connect request on port 3389. If the RDP client is using the IPv6 protocol, the RD Session Host supports the IPv6 protocol.
Initial System State
The RDP client and RD Session Host are not connected.
Final System State
The RDP client is connected to the RD Session Host and a multitransport connection exists which can be used to tunnel dynamic virtual channel data.
Sequence of Events
The multitransport setup sequence is initiated after the licensing phase of the RDP handshake [MS-RDPBCGR] (section 1.3.1.1) and is illustrated in the following diagram:

Figure 15: Establishing a Multitransport Connection
The RDP server initiates a multitransport connection by sending an Initiate Multitransport Request PDU ([MS-RDPBCGR] section 2.2.15.1) to the RDP client over the main RDP connection.
Upon receiving the Initiate Multitransport Request PDU, the client initiates the creation of the requested transport (reliable or lossy UDP) as described in [MS-RDPEUDP] sections 1.3.2 and 1.3.2.1.
After the transport has been successfully set up, the connection is secured by using Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) to set up a secure channel. TLS ([RFC2246], [RFC4346] and [RFC5246]) is used to secure reliable UDP transport connections, while DTLS ([RFC4347]) is used to secure lossy UDP transport connections.
After the secure channel has been established, the client finalizes the creation of the multitransport connection by sending a request ID and a security cookie to the server in the Tunnel Create Request PDU ([MS-RDPEMT] section 2.2.2.1); this PDU is sent over the newly created and secured multitransport connection. The data sent in the Tunnel Create Request PDU is identical to the data that the client received over the main RDP connection as part of the Initiate Multitransport Request PDU. The server compares the data in the Tunnel Create Request PDU to the data that was sent over the main RDP connection in the Initiate Multitransport Request PDU.
When the security check succeeds, the server indicates to the client that it was able to successfully initialize the multitransport connection by sending the Tunnel Create Response PDU ([MS-RDPEMT] section 2.2.2.2) over the multitransport connection.
The server and client start transferring data over the multitransport connection.