You can Understanding TCP Reverse Connect Flow for AVD using Event Logs. Let’s quickly go through the WVD event logs using TCP Reverse Connect technologies. You can check this internal process of RDP connection through the secure channel from Windows 10 devices.
I have a WVD Troubleshooting Options Tips Tricks – Windows Virtual Desktop in the previous post. There could be many ways to perform WVD troubleshooting as per Microsoft docs.
I’m going to share my experience in this blog post. I was trying to analyze TCP Reverse connect technology used in WVD using the event logs (Microsoft-Windows-RemoteDesktopServices-RdpCoreCDV/Operational).
WVD TCP Reverse Connect Technology
We don’t need any inbound ports to be opened for the WVD TCP reverse connect technology. Even the default RDP port, TCP/3389, doesn’t have to be open. Instead, an agent creates an outbound connection using TCP/443 into the WVD management plane. Azure is your reverse proxy for RDP traffic.
The connection details are explained in the following diagram. This diagram might help to understand the WVD event log flow.
WVD Related Events Logs Event ID 229
All the following events are taken from Microsoft-Windows-RemoteDesktopServices-RdpCoreCDV/Operational.
CUM RDP Listener Reverse Connect Tcp Udp
‘Got connection for named pipe’ in CUMRDPListenerReverseConnectTcpUdp::OnNamedPipeConnectionCompleted at 5172 err=[0x0]
Reverse TCP Connect Context
‘ReverseTCPConnectContext::HandleRequest’ in CUMRDPListenerReverseConnectTcpUdp::ReverseTCPConnectContext::HandleRequest at 4970 err=[0x0]
Adding Additional Headers
Adding an extra header to secure authentication.
‘Adding extra header ‘Cookie’=’ARRAffinity=f0ae4aa2de7044dc11cff22d08a382782347f334ad1816b1aa6f1a6e6d72” in CUMRDPListenerReverseConnectTcpUdp::ReverseTCPConnectContext::HandleRequest at 5034 err=[0x0]
Adding extra header ‘ms-wvd-activity-hint’
‘Adding extra header ‘ms-wvd-activity-hint’=’ms-wvd-hp:99c34ceb-9ed1-41a2-c9ea-08d86484831” in CUMRDPListenerReverseConnectTcpUdp::ReverseTCPConnectContext::HandleRequest at 5034 err=[0x0]
Adding extra header ‘X-MS-User-Agent’=’com.microsoft.wvd.agent to get authenticated with WVD RD gateway.
‘Adding extra header ‘X-MS-User-Agent’=’com.microsoft.wvd.agent/1.0.2116.3600” in CUMRDPListenerReverseConnectTcpUdp::ReverseTCPConnectContext::HandleRequest at 5034 err=[0x0]
Contacting WVD RD Gateway
Contacting the nearest WVD RD Gateway in Singapore https://rdgateway-c101-sin-r1.wvd.microsoft.com/
‘Starting Reverse Connect GUID=’b13d33bf-e7b1-42u3-b347-f80a7ef98765′ URI=’https://rdgateway-c101-sin-r1.wvd.microsoft.com/api/v2/Connections/reverse/b16dh33bf-e7b1-42e0-b347-f80a7ef12745?RDmiGatewayToken=CfDJ8CK-Jasjdajdhasjkdhby7-g3b2okHpyasdkjuS1_NasdkiJG
Resolving the Name of WVD RD Gateway – DNS?
‘WINHTTP_CALLBACK_STATUS_RESOLVING_NAME name=’rdgateway-c101-sin-r1.wvd.microsoft.com” in CHttpIoRequestWinHttp::StatusCallback at 2528 err=[0x0]
Resolved the Name of WVD RD Gateway to IP
‘WINHTTP_CALLBACK_STATUS_NAME_RESOLVED name=’104.211.242.104′‘ in CHttpIoRequestWinHttp::StatusCallback at 2512 err=[0x0]
Connecting to Nearest Azure Backbone
Now Connecting to Nearest Azure Backbone (?) to Reach the VM – From south India it’s reaching out Azure Chennai Region?
‘WINHTTP_CALLBACK_STATUS_CONNECTING_TO_SERVER IP=’104.211.242.104′‘ in CHttpIoRequestWinHttp::StatusCallback at 2520 err=[0x0]
‘WINHTTP_CALLBACK_STATUS_CONNECTED_TO_SERVER IP=’104.211.242.104” in CHttpIoRequestWinHttp::StatusCallback at 2516 err=[0x0]
TCP Reverse Connect Completed
Reverse connect succeeded – TCP reverse connect completed for WVD completed.
‘Closing Request Handle=0x6e559840‘ in CHttpIoRequestWinHttp::WebSocketCompleteUpgrade at 1972 err=[0x0]
‘Sending reply to WVD Agent. Reverse connect succeeded.‘ in CUMRDPListenerReverseConnectTcpUdp::ReverseTCPConnectContext::OnConnectionCompleted at 5106 err=[0x0]
‘Reverse connection (websocket) successfully completed‘ in CUMRDPListenerReverseConnectTcpUdp::OnConnectionCompleted at 5257 err=[0x0]
‘OnConnectionCompleted(TCP reverse connect completed)’ in CUMRDPListenerReverseConnectTcpUdp::OnConnectionCompleted at 5338 err=[0x0]
‘Set RDPTransportMode to TCP+UDP.‘ in CUMRDPListenerReverseConnectTcpUdp::OnConnectionCompleted at 5382 err=[0x0]
ReverseTCPConnectContext
‘Sending reply to WVD Agent. Reverse connect succeeded.’ in CUMRDPListenerReverseConnectTcpUdp::ReverseTCPConnectContext::OnConnectionCompleted at 5106 err=[0x0]
CUMRDPListenerReverseConnectTcpUdp
‘UDP port number for SxS stack not set. UDP listener won’t be enabled.’ in CUMRDPListenerReverseConnectTcpUdp::GetUdpPort at 4703 err=[0x0]
CUMRDPListenerReverseConnectTcpUdp
‘Reverse connection (websocket) successfully completed‘ in CUMRDPListenerReverseConnectTcpUdp::OnConnectionCompleted at 5257 err=[0x0]
Resources
- WVD Troubleshooting Options Tips Tricks – Windows Virtual Desktop
- WVD Architecture Changes for v2 | New Portal Admin Experience