Performance on Windows "Direct Access" VPN

Discussion in 'Parallels Client for Windows' started by SamS22, May 4, 2022.

  1. SamS22

    SamS22 Bit Poster

    Messages:
    15
    Our Parallels Environment has always been really fast and zippy when using across our LAN in our offices.

    However when remote and using the Microsoft "Direct Access" VPN ( https://docs.microsoft.com/en-us/windows-server/remote/remote-access/directaccess/directaccess ) it has always been much much slower.

    When opening the client it takes around 45 seconds to make a connection and list the applications/shortcuts in the client.
    When launching an application from the client it also takes up to 45 seconds for the first application and around 20s for any subsequent applications.

    Is there any known optimization we can do to improve performance for remote connectivity? And curious if any other Parallels RAS users also use Windows Direct Access feature with Parallels.
     
  2. SamS22

    SamS22 Bit Poster

    Messages:
    15
    Example of logon durations from Sessions View

    upload_2022-5-5_13-53-17.png
     
  3. jpc

    jpc Kilo Poster

    Messages:
    378
    The "connection duration" is particularly high. You could check the ping time to the server over Direct Access.

    Also, if you have the client locally, clear the logs, set them to verbose and check the time between the connection start ("Connecting to <server>)" and "SSL Connection to <server> was successful" (event id: 13/00000009). If it is purely a network issue, that should be equal to the majority of the connection duration time.
    (Obviously, I'm assuming you are using latest client/server.)
     
    SamS22 likes this.
  4. SamS22

    SamS22 Bit Poster

    Messages:
    15
    Thanks jpc -

    We had been putting up with the increased connection time remotely through the DirectAccess since the huge increase to remote working 2 years ago - but with the continued shift to remote working looking at how we can improve it. So it's always been this slow - I took over our Parallels Environment at our company a few months ago after helping with it from last year.

    Ping over DirectAccess from client pc to server is around 70ms

    Observing something significant in those logs....

    So I do know that DirectAccess is all IPv6 traffic.
    Parallels is trying to connect to the v4 address for 20 seconds before failing and switching to the v6 address which connects very quickly.

    08-05-22 15:03:51 - Connecting to XX.XX.XX.XX
    08-05-22 15:04:12 - Failed: to connect to ras1.business.com:443 (10061)
    08-05-22 15:04:12 - Connecting to XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
    08-05-22 15:04:13 - TCP(v6) Socket Connected to ras1.business.com:443 handle 00000000000008B4
    08-05-22 15:04:13 - SSL Connection to ras1.business.com:443 was successful


    If I create a new connection in the client with the IPv6 address as the server name instead of FQDN it is hugely quicker!!

    Will need to explore this a bit more. but that's a huge start
     
  5. SamS22

    SamS22 Bit Poster

    Messages:
    15
    Forgot to add - yes using latest 18.3 Server and Client.
     
  6. SamS22

    SamS22 Bit Poster

    Messages:
    15
    Is there any way with the RAS Windows Client to have settings where a DNS has both IPv4 and IPv6 to preference the IPv6 for the client to attempt v6 before v4 address?
     
  7. jpc

    jpc Kilo Poster

    Messages:
    378
    As far as I know, you can't select which IP version is in use without using an IP address or changing the DNS records.
    It is possible to push a RAS policy to change the "gateway" that will be used for connections so that an IPv6 address is used. I don't think this is a good solution.
    For the time being, you might instead try to reduce the connection timeout from "Connection Properties" > "Advanced settings" > "Connection advanced settings" > "Connection" section and see if that improves total connection time.
     
    SamS22 likes this.
  8. SamS22

    SamS22 Bit Poster

    Messages:
    15
    Thank you jpc

    Changing this one down to 2s has made a huge improvement initially - "Connection Properties" > "Advanced settings" > "Connection advanced settings" > "Connection"
     

Share This Page