Azure Virtual Desktop and ShortPath for Public Networks

A couple of weeks ago, Microsoft introduced a new preview feature for AVD called ShortPath for Public Networks. This allows us to get UDP-based connections to our AVD machines instead of the traditional Reverse TCP-based connections. NOTE: This feature is still in preview
This of course improves our end-user experience since we can push more content without needing to maintain a reliable connection as we do with TCP-based protocols. This protocol is using URCP (Universal Rate Control Protocol) which is part of the Azure Communication Service.
A Connection setup using ShortPath for Public Networks. 

To traverse NAT, Shortpath is using STUN servers which Microsoft has running (from the Azure Communication Service) to handle the initial setup of the session.

It is important to remember that this protocol still uses the regular R-TCP to set up the initial connection and only after that someone has initialized a session over R-TCP before a user is allowed to set up a connection over UDP.

To get this feature up and running there are only a small set of changes that we need to make, which includes a registry change and a firewall change.

1: Implement this registry change on your VDI/VDA machines
REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations” /v ICEControl /t REG_DWORD  /d 2 /f

So, this feature is something that can be done on a per-machine level, so no central configuration of this feature yet
2: Open the firewall to allow communication over UDP and to the STUN-Servers that Microsoft is currently running on these IP addresses.
RDP Shortpath Server Endpoint VM Subnet 1024-65535 UDP * Allow
STUN Access VM Subnet 3478 UDP,,,, Allow

After you have implemented the registry change, it can take about 20 – 30 minutes before the change is active. 

Secondly, you can also see this in Log Analytics events if you have configured log collection from the AVD machines. You can use this Kusto query to get information about connections using ShortPath for Public Networks if being used. The value 2 indicates that UDP is being used. Value 1 is ShortPath for Managed Networks, Value 0 means that UDP is not being used. 
| where UdpUse == 2

This is a terrific addition to improving the overall end-user experience related to Azure Virtual Desktop.


Leave a Reply

Scroll to Top