CCM
/Skills
SkillsMCPMarketplacesDigestToolsAdvertise

This week in Claude

Every Monday: Claude Code, Agent SDK, MCP, and the Anthropic platform moves worth your time.

Skills by Category
Frontend DevelopmentBackend & APIsTesting & QASecurityDevOps & CI/CDGit & Pull RequestsDocumentationCode Review & QualityAI & Agent BuildingSkill Development
MCP Servers by Category
Sales & MarketingWeb & Browser AutomationDatabasesAI & LLM ToolsCloud & InfrastructureCommunication & MessagingDeveloper ToolsDesign & CreativeDocuments & KnowledgeSearch & Web Crawling
Marketplaces by Category
AI Agents & OrchestrationLLM IntegrationDevelopment ToolsFrontend & UIBackend & APIsDatabasesTesting & Code QualityDevOps & CloudSecurity & ComplianceGit & Version Control

Claude Code Marketplaces

Discover Claude Code plugins, extensions, and tools. Automatically updated directory of Anthropic Claude AI marketplaces with development tools, productivity plugins, and integrations.

Resources

  • Browse Skills
  • Browse MCP Servers
  • Browse Marketplaces
  • Plugins Reference

Community

  • About
  • Tools
  • Feedback
  • Privacy Policy
  • Advertise

Built for the Claude Code community with Claude Code by @mertduzgun

Independent project, not affiliated with Anthropic

Windows Remote Desktop Connection Doctor

daymade/claude-code-skills
518 installs1.3k stars
Summary

This is for when your Azure Virtual Desktop or Windows 365 connection on macOS feels sluggish and you need to figure out why you're stuck on WebSocket instead of UDP Shortpath. It walks through the full diagnostic path: parsing Windows App logs for STUN/TURN failures, checking if your VPN is swallowing UDP packets (look for that 198.18.0.x source IP), and testing whether your ISP just blocks UDP entirely. The methodology is thorough, covering everything from Tailscale netcheck output to ShadowRocket proxy rules, and it includes actual log patterns like "FetchClientOptions exception" that signal the client can't even negotiate transport options. If you've ever stared at high RTT wondering why your remote desktop feels like molasses, this gets you to the answer without guessing.

Install to Claude Code

npx -y skills add daymade/claude-code-skills --skill windows-remote-desktop-connection-doctor --agent claude-code

Installs into .claude/skills of the current project.

CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
Files
SKILL.mdView on GitHub

Windows Remote Desktop Connection Doctor

Diagnose and fix Windows App (Microsoft Remote Desktop / AVD / WVD / W365 / direct PC) connection issues on macOS, with focus on transport protocol optimization and root-cause falsification.

Methodology base: the general evidence-driven diagnosis discipline lives in the debugging-network-issues skill. This skill is the Windows-App / AVD transport domain layer — it leans toward connection-quality optimization more than root-cause falsification, so the methodology overlap is lighter.

Background

Azure Virtual Desktop transport priority: UDP Shortpath > TCP > WebSocket. UDP Shortpath provides the best experience (lowest latency, supports UDP Multicast). When it fails, the client falls back to WebSocket over TCP 443 through the gateway, adding significant latency overhead.

Direct PC connections use plain RDP over TCP 3389 (usually TLS-wrapped). They have no Connection Info panel, no gateway reachability tests, and no transport optimization step. For direct PC, the dominant failure modes are:

  1. The remote PC is off or unreachable (network/firewall).
  2. The Windows App client has a stale or expired Microsoft work/school account that poisons the auth orchestration, leaving the connection stuck at "Configuring remote PC...".
  3. The remote PC rebooted (often Windows Update), and the client cannot recover cleanly.

This skill handles both scenarios.

Diagnostic Workflow

Step 1: Determine the Connection Type and Symptom

Before collecting evidence, identify which scenario you are diagnosing:

ScenarioKey CharacteristicPrimary Evidence Source
AVD/WVD/W365User connects to a cloud desktop through a workspace/gatewayConnection Info panel, gateway health checks, UDP Shortpath logs
Direct PCUser connects to a named PC by hostname or IP (e.g., a home workstation)RDP protocol probe, Windows App log auth chain, Windows-side reboot events

For AVD/WVD/W365, ask the user to provide the Connection Info from Windows App (click the signal icon in the toolbar). Key fields to extract:

FieldWhat It Tells
Transport ProtocolCurrent transport: UDP, UDP Multicast, WebSocket, or TCP
Round-Trip Time (RTT)End-to-end latency in ms
Available BandwidthCurrent bandwidth in Mbps
GatewayThe AVD gateway hostname and port
Service RegionAzure region code (e.g., SEAS = South East Asia)

If Transport Protocol is UDP or UDP Multicast, the connection is optimal — no further diagnosis needed.

If Transport Protocol is WebSocket or TCP, proceed to Step 2.

For Direct PC, the Connection Info panel does not exist. Instead, first run the RDP protocol probe in Step 2E to prove the server is reachable, then analyze the Windows App log for auth poisoning or reconnect failures. If the progress dialog is stuck at "Configuring remote PC...", strongly suspect client-side identity issues (see Category E).

Step 2: Collect Network Evidence

Gather evidence in parallel — do NOT make assumptions. Run the following checks simultaneously:

2A: Network Interfaces and Routing

ifconfig | grep -E "^[a-z]|inet |utun"
netstat -rn | head -40
scutil --proxy

Look for:

  • utun interfaces: Identify VPN/proxy TUN tunnels (ShadowRocket, Clash, Tailscale)
  • Default route priority: Which interface handles default traffic
  • Split routing: 0/1 + 128.0/1 → utun pattern means a VPN captures all traffic
  • System proxy: HTTP/HTTPS proxy enabled on localhost ports

2B: RDP Client Process and Connections

# Find the Windows App process (NOT "msrdc" — the new client uses "Windows" as process name)
ps aux | grep -i -E 'msrdc|Windows' | grep -v grep
# Check its network connections
lsof -i -n -P 2>/dev/null | grep -i "Windows" | head -20
# Check for UDP connections
lsof -i UDP -n -P 2>/dev/null | head -30

Key evidence to look for:

  • Source IP 198.18.0.x: Traffic is being routed through ShadowRocket/proxy TUN tunnel
  • No UDP connections from Windows process: Shortpath not established
  • Only TCP 443: Fallback to gateway WebSocket transport

2C: VPN/Proxy State

# Environment proxy variables
env | grep -i proxy
# System proxy via scutil
scutil --proxy
# ShadowRocket config API (if accessible on local network)
NO_PROXY="<local-ip>" curl -s --connect-timeout 5 "http://<local-ip>:8080/api/read"

2D: Tailscale State (if running)

tailscale status
tailscale netcheck

The netcheck output reveals NAT type (MappingVariesByDestIP), UDP support, and public IP — valuable even when Tailscale is not the problem.

2E: Independent RDP Server Health Check (Direct PC)

This step is critical for direct PC connections and useful for AVD/WVD/W365 as a falsification test: it proves the server-side RDP stack is alive without relying on the Windows App client or any credentials.

Use the bundled probe script:

python3 scripts/probe_rdp_server.py <host> [port]

Example:

python3 scripts/probe_rdp_server.py my-pc.local 3389

A successful probe reports RDP server <host>:<port> is reachable and healthy (RDP + TLS). and means the problem is client-side (auth, app state, proxy, or identity). A failed probe means the problem is server-side or network (PC off, firewall, port unreachable, TLS interception).

See references/direct_pc_and_auth_diagnostics.md for detailed interpretation of probe results.

Step 3: Analyze Windows App Logs

This is the most critical step. Windows App logs contain transport negotiation details that no network-level test can reveal.

Log location on macOS:

~/Library/Containers/com.microsoft.rdc.macos/Data/Library/Logs/Windows App/

Files are named: com.microsoft.rdc.macos_v<version>_<date>_<time>.log

Important: Windows App log timestamps are UTC. The user's clock and Windows Event logs are usually local time. Convert all timestamps to a single timezone before building a timeline.

Per-session tracking: each connection attempt gets a unique activity GUID in braces. Aggregate events by GUID to understand the lifecycle of one attempt. See references/windows_app_log_analysis.md for the GUID aggregation technique and references/direct_pc_and_auth_diagnostics.md for the direct-PC failure signatures.

See references/windows_app_log_analysis.md for detailed log parsing guidance.

Quick Log Search

LOG_DIR=~/Library/Containers/com.microsoft.rdc.macos/Data/Library/Logs/Windows\ App
# Find the most recent log
LATEST_LOG=$(ls -t "$LOG_DIR"/*.log 2>/dev/null | head -1)

# Search for transport-critical entries (filter out noise)
grep -i -E "STUN|TURN|VPN|Routed|Shortpath|FetchClient|clientoption|GATEWAY.*ERR|Certificate.*valid|InternetConnectivity|Passed URL" "$LATEST_LOG" | grep -v "BasicStateManagement\|DynVC\|dynvcstat\|asynctransport"

Key Log Patterns

Log PatternMeaning
Passed: InternetConnectivityHealth check completed successfully
TCP/IP Traffic Routed Through VPN: No/YesClient detected VPN routing for TCP
STUN/TURN Traffic Routed Through VPN: YesClient detected VPN routing for STUN/TURN
Passed URL: https://...wvd.microsoft.com/ Response Time: NmsGateway reachability confirmed
FetchClientOptions exception: Request timed outCritical: Client cannot get transport options from gateway
Certificate validation failedTLS interception or DNS poisoning detected
OnRDWebRTCRedirectorRpc rtcSession not handledWebRTC session setup not handled by client
OneAuthError_InteractionRequiredA cached Microsoft account token cannot be refreshed silently
No valid refresh tokens available in the cacheNo usable cached credentials for the auth request
credential completion has been canceledThe interactive sign-in prompt was canceled
GATEWAY(ERR): ... UserCancelled(8)Auth orchestration failed because sign-in was canceled
RDP_WAN: Client connMonitor goto CMSTATE_DROPPEDConnection monitor detected a dropped session
Channel::StartWrite failed / GetBuffer failedTransport is dead; client is writing to a closed socket
ParseUserData: No data of type 0xc09Non-fatal — server answered MCS Connect; proves TCP path works
IHAddMouseEventToPDU / IHAddMouseWheelEventToPDUSession is alive and receiving input

Compare Working vs Broken Logs

When possible, compare a log from when the connection worked (UDP) with the current log:

# Compare startup health check blocks
for f in "$LOG_DIR"/*.log; do
  echo "=== $(basename "$f") ==="
  grep -E "InternetConnectivity|Routed Through VPN|Passed URL|FetchClient" "$f" | head -10
  echo ""
done

A working log will contain the full health check block (InternetConnectivity, VPN routing detection, gateway URL tests). A broken log may show these entries missing entirely, or show certificate/timeout errors instead.

Step 4: Determine Root Cause

Based on collected evidence, identify the root cause category:

Category A: VPN/Proxy Interference

Evidence: Windows App source IP is 198.18.0.x, STUN/TURN routed through VPN, no UDP connections.

Fix: Add DIRECT rules for AVD traffic in the proxy tool:

DOMAIN-SUFFIX,wvd.microsoft.com,DIRECT
DOMAIN-SUFFIX,microsoft.com,DIRECT
IP-CIDR,13.104.0.0/14,DIRECT

Verify: Temporarily disable VPN/proxy, reconnect VDI, check if transport changes to UDP.

Category B: ISP/Network UDP Restriction

Evidence: Even with all VPNs off, still WebSocket. No UDP connections. FetchClientOptions timeout.

Verify:

# Test STUN connectivity to a known server
python3 -c "
import socket, struct, os
header = struct.pack('!HHI', 0x0001, 0, 0x2112A442) + os.urandom(12)
for srv in [('stun.l.google.com', 19302), ('stun1.l.google.com', 19302)]:
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        s.settimeout(3)
        s.sendto(header, srv)
        data, addr = s.recvfrom(1024)
        print(f'STUN from {srv[0]}: OK')
        s.close(); break
    except: print(f'STUN from {srv[0]}: FAILED'); s.close()
"

Fix options:

  • Try mobile hotspot (isolate home network from ISP)
  • Check router NAT type (Full Cone NAT preferred)
  • Enable UPnP on router
  • Try IPv6 if available
  • Contact ISP about UDP restrictions

Category C: Client Health Check Failure

Evidence: Log shows certificate validation errors at startup, health check block (InternetConnectivity, STUN/TURN detection) missing from log, FetchClientOptions timeout.

This means the client cannot complete its diagnostic/capability discovery, preventing Shortpath negotiation.

Possible causes:

  • ISP HTTPS interception/MITM (especially in China)
  • DNS poisoning returning incorrect IPs for Microsoft diagnostic endpoints
  • Firewall blocking Microsoft telemetry endpoints

Fix options:

  • Change DNS to 8.8.8.8 or 1.1.1.1 (bypass ISP DNS)
  • Route Microsoft traffic through a clean proxy
  • Check if ISP injects certificates

Category D: Server-Side Shortpath Not Enabled

Evidence: Log shows no STUN/TURN or Shortpath related entries at all (not even detection), but health checks pass and no errors.

This means the AVD host pool does not have RDP Shortpath enabled. This requires admin action on the Azure portal.

Category E: Client Identity / Expired Microsoft Account Poisoning (Direct PC and AVD)

Evidence: The RDP protocol probe succeeds (server is healthy), but the Windows App log shows the OneAuth/MSAL chain:

  • OneAuthError_InteractionRequired
  • No valid refresh tokens available in the cache
  • AcquireTokenInteractively
  • credential completion has been canceled
  • User canceled sign in
  • GATEWAY(ERR): CWVDTransport::OnOrchestrationHttpError error: UserCancelled(8)
  • Fail OnDisconnected call

The progress dialog may stay at "Configuring remote PC..." because the app is waiting for an interactive sign-in prompt that is hidden or canceled. This can affect direct PC connections even when the expired account is unrelated to that PC, because the Windows App client shares the same auth orchestration across all connection types.

Fix: Open Windows App → Settings → Accounts, sign out or remove the stale Microsoft work/school account, then fully quit (Cmd+Q) and relaunch the app. Retry the connection.

See references/direct_pc_and_auth_diagnostics.md for the full signature set and troubleshooting steps.

Category F: Server-Side Reboot / Windows Update

Evidence: A previously working session dropped suddenly, followed by reconnect failures. The Windows App log shows CMSTATE_DROPPED and possibly Channel::StartWrite failed. The Windows PC's LastBootUpTime is close to the drop time, and Event ID 1074 shows MoNotificationUx.exe (Windows Update orchestrator) or another planned restart reason.

Fix: Wait for the PC to finish booting, then reconnect. To prevent recurrence, set active hours / disable automatic restart during active hours in Windows Update settings, or schedule reboots when the user is not using the machine.

If you have admin access, use Get-CimInstance Win32_OperatingSystem for LastBootUpTime and Get-WinEvent for Event ID 1074. See references/direct_pc_and_auth_diagnostics.md for the WSL/SSH encoded-command technique.

Step 5: Verify Fix

After applying a fix, reconnect and verify the appropriate symptoms:

For AVD/WVD/W365:

  1. Check Connection Info — Transport Protocol should show UDP or UDP Multicast.
  2. RTT should drop significantly (e.g., from 165ms to 40-60ms).
  3. Verify with lsof:
lsof -i UDP -n -P 2>/dev/null | grep -i "Windows"
# Should show UDP connections if Shortpath is active

For Direct PC:

  1. The progress dialog should disappear and the session window should appear.
  2. The Windows App log for the new session should show mouse/keyboard input events (IHAddMouseEventToPDU, IHAddKeyboardEventToPDU) and no UserCancelled(8) errors.
  3. If the issue was an expired Microsoft account, confirm that only valid accounts remain in Windows App → Settings → Accounts.

For server reboots:

  1. Verify the PC is reachable again with ping and scripts/probe_rdp_server.py.
  2. Confirm LastBootUpTime is recent and matches the outage window.

References

  • references/windows_app_log_analysis.md — Detailed log parsing patterns, error signatures, GUID lifecycle analysis, and comparison methodology
  • references/avd_transport_protocols.md — How AVD transport selection works, STUN/TURN/ICE overview, Shortpath architecture
  • references/direct_pc_and_auth_diagnostics.md — Direct PC connection failures, expired Microsoft account poisoning, RDP protocol probe usage, Windows-side reboot correlation, stuck-dialog vs. live-session discrimination
  • scripts/probe_rdp_server.py — Standalone RDP protocol + TLS health probe
Featured
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
First SeenJun 3, 2026
View on GitHub

Recommended

caveman

juliusbrussee/caveman

Ultra-compressed communication mode cutting token usage ~75% while preserving technical accuracy.
348.3k
88.9k
grill-me

mattpocock/skills

Relentless interviewing skill that stress-tests plans and designs through systematic questioning.
546.6k
168.9k
improve

shadcn/improve

improve
23.2k
8.1k
systematic-debugging

obra/superpowers

Structured debugging methodology that mandates root cause investigation before attempting any fixes.
185.7k
253.9k
karpathy-guidelines

forrestchang/andrej-karpathy-skills

Behavioral guidelines to reduce common LLM coding mistakes through explicit assumptions, simplicity, and verifiable success criteria.
17.9k
191.7k
find-skills

vercel-labs/skills

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities.
2.5M
26k