Skip to main content

Hello all,

 

We are experiencing a behavior with RDP sessions via Password Safe initiated from machines with Windows 11.
The session has a slow image loading, appearing to load in rows of images and in blocks.
A simple movement of windows within the RDP session causes the image loading of this movement to be very slow.

This does not occur if the RDP session is direct with the destination server.
But if the connection is through Password Safe being Windows 11 > Resource Broker > Destination server, this slowness is noticed.

 

Has anyone else noticed this problem in your environments?

 

Additionally, this behavior does not occur in Windows 10.

Points that I have already checked:
- The software installed on the computers are the same between Windows 10 and 11;
- The network settings are the same. This behavior occurs on both wireless and wired networks;
- The GPOs of the Windows 10/11 stations, Resource Brokers and destination servers have already been checked. No Remote Desktop configurations that could impact the sessions;

The environment as a whole is the same. The only thing that changes is the Windows version.

 

I wonder if it could be something between the RDP on the Windows 11 machine and the RDP Proxy within the resource broker.

 

One workaround that I applied and significantly improved the RDP session was the addition of the gfx and gfx_caps_override registry keys to a resource broker in the environment.

However, the use of these two registry keys was advised against by BeyondTrust support as they were no longer necessary.

 

Could I simply apply these two keys to all resource brokers? Yes, I could. However, using them removes the Password Safe loading screen during the RDP connection, making it impossible to see if any error occurred.

 

I continue to investigate this behavior in my environment, but have not yet been successful in improving it.

 

Any thoughts here we'll be apreciated.

Hi rgkessel,

The behavior you're describing is similar to the one mentioned in the following BeyondTrust knowledge base article:
Remote Support / Privileged Remote Access - Windows 11 24H2 - RDP graphics issue - Little colored squares over everything (screen artifacting)

I hope you find it helpful.


Hello Lino,

 

Thanks for your comment.

 

The KB you mentioned is related to PRA, right?

My case is related to Password Safe.

And even though it is Password Safe, I have already seen a KB mentioning this issue. We had this issue in our environment, but it was fixed with the update to version 24.3.

But even after this update, the slowness continues when accessing servers via Password Safe, where the user's machine is Windows 11.


 

One workaround that I applied and significantly improved the RDP session was the addition of the gfx and gfx_caps_override registry keys to a resource broker in the environment.

However, the use of these two registry keys was advised against by BeyondTrust support as they were no longer necessary.

 

Could I simply apply these two keys to all resource brokers? Yes, I could. However, using them removes the Password Safe loading screen during the RDP connection, making it impossible to see if any error occurred.

 

 

 

 

 Hi, I’ve used these two registry keys, and they have indeed improved performance in my lab. May I ask why BT support is against this? Was any reasoning provided? (I’m just curious — I’m not an employee.)


 Hi, I’ve used these two registry keys, and they have indeed improved performance in my lab. May I ask why BT support is against this? Was any reasoning provided? (I’m just curious — I’m not an employee.)

 

Hello prakash,

 

They reported that these two registry keys were no longer needed because they were used as a workaround to fix an issue in Windows RDP.
This issue has been fixed in the most recent versions of Resource Brokers (in the case of Password Safe Cloud).

BeyondInsight / Password Safe - Windows 11 2024 version 24H2 update RDP graphics issue - Little colored squares over everything (screen artifacting)

 

Although my report is not the same problem as the KB above, these registry keys have greatly improved the performance of RDP sessions.


Hi ​@prakash.r   It is not recommended as the registry keys removes functionality from Password Safe such as not showing the countdown timer, no splash screens can appear or screen overlays.  For example the screen showing the session is locked shown in https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0019648.    Have you ensured all the windows 11 updates have been done?  


According to Microsoft Windows 11 has more visual effects, such as animations and shadows, which can consume more system resources.  You can disable some visual effects in performance option to free up system resources.  Consult Microsoft documentation for further information.


Hello Gloria,

 

Even if I disable features or leave visual effects at a minimum in the RDP settings, the slowness is still noticeable.

 

Today I tested access through a recently formatted Windows 11 machine, without being part of my network domain.

So the machine does not have any GPOs applied, security agents or other settings that could affect its performance in any way.

Even so, the slowness is noticeable.

 

So, I understand that the problem is not with our environment's settings.

 

Thanks,

Rudolf.


I know there is a issue with the gfx key, because if right now anyone try to acess a session with a resolution that ends with “50” like 1440x1050 or 1680x1050, the session resolution loses 2 pixels, the screen get the followings resolutions “1440x1048” and “1680x1048”, but when re-applying the gfx key on regedit, the session works with the normal resolution instead of losing 2 pixels.

 

I have this tested in at least 5 other enviroments with the same issue.


If you are still having issue, I would open a case with BeyondTrust Support and include the information at the bottom of this article:  How to troubleshoot RDP or Application Session slowness


I know this is a different product but I’m wondering if our performance issues with BT Privileged Remote Access are related (perhaps it using the same bomgar rdp framework on back end?). There is pretty noticeable performance lag/slowness when using PRA to remote into Windows PC’s (this is not only on Windows 11 btw, we see it on Windows 10 also). However, if we select external tool BYOT RDP, the performance is amazing and we have no issues. The slowness is also present on the web only client also. 

I have not tried any registry key modifications to troubleshoot this so I may try the ones mentioned here and see if anything improves. Thanks


Reply