Use powershell to turn off IPSec Task Offloading on all Virtual Machines on a host

By mindaugas · · , · Leave a comment

I know you came here to copy and paste so here it is. Run this on each host. Works on stand alone and in clusters.

Get-VM | Get-VMNetworkAdapter | Set-VMNetworkAdapter -IPsecOffloadMaximumSecurityAssociation 0

Very simple. Gets all virtual machines on a host, then their network adapters, then?disables IPSec task offloading. This is equivalent to unchecking the box in the settings below.

You can also change that 0 (disable) to a different number to change the offload tasks. IE 333 or something. Not that I recommend that, I just like the number 3.

But wait, you only want to disable this on certain machines, and your machines all have similar names? Maybe you have virtual machines named MyVirtualMachine001 -?MyVirtualMachine099.?Here’s the command with a select-object. Just change the name to whatever fits your environment and virtual machine names.

Get-VM | Where-Object {$_.Name -like “MyVirtualMachine0*”} | Get-VMNetworkAdapter | Set-VMNetworkAdapter -IPsecOffloadMaximumSecurityAssociation 0

Why disable this you ask? Well in my case we were having an issue with RDP being really slow on some virtual machines. We originally thought it was disk IO, but our IO numbers didn’t add up. They just weren’t bad enough to make a machine as slow as it was. Then we logged into console and realized that was a LOT faster. Our CTO?at work found this and we started testing by disabling. RDP was much faster after disabling IPSec task offloading.

Update
These servers that had the RDP issue were actually part of Windows Azure Pack Websites. Turns out that disabling IPSec offloading didn’t do the trick. We thought it did, but once we added the roles back into WAPWS they were slow again. Again, our CTO found the fix. On our local machines we are disabling UDP for the remote desktop client. This seems counter-intuitive since everywhere else online recommends enabling UDP for better performance. But I can’t argue with the results, RDP is much faster and I’m not seeing a decrease in performance with other connections. To disable:

  1. Open local group policy editor on the machine you are connecting from (not the server).
  2. Navigate to Computer Config > Administrative Templates > ?Windows Components > Remote Desktop Services > Remote Desktop Connection Client.
  3. Edit the rule titled “Turn off UDP on the client.” Click enabled.

  4. The effect is immediate, just reconnect to the server through RDP. No need to restart your client.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.