Announcement

Collapse
No announcement yet.

Windows 2008 R2 - Change RDP port and Remote Access stop working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2008 R2 - Change RDP port and Remote Access stop working

    here is what I did:
    1. Change the port number (3389 to some number) on the server thru the registry:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Terminal Server\WinStations\RDP-Tcp\PortNumber
    2. Create an inbound firewall rule on the server to allow the traffic thru the new port (some number)
    https://support.rackspace.com/how-to/create-an-inbound-port-allow-rule-for-windows-firewall-2008/
    3. In our Meraki firewall, under the Forwarding Rules, change the public port to the new port number (some number) for the rdp forwarding rule.

    That did not do it for me. I could not remote to the server after the change. I don't know what I am missing here. I change it back to default (3389) and the remote access functions normal now but I would really like to change the rdp port to make it more secure to public. Could anyone tell me what did I miss here ? TIA.



  • #2
    Can you remote in internally on the correct port? (rules out server issues)?
    Are you connecting using servername:port (required in RDP client if you change to other than 3389)?
    Last edited by JeremyW; 29th March 2017, 04:16. Reason: Added noparse tag.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Yes i can internally servername:portnumber. Externally, i still can not (ip address:port number).
      Last edited by JeremyW; 29th March 2017, 04:17. Reason: Added noparse tag.

      Comment


      • #4
        Did you reboot your Meraki MX? I've had issues with firewall changes not taking effect immediately unless I rebooted, even if it says it's config is up to date.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          I've tried that too JeremyW. it still does not work.

          Comment


          • #6
            Have you tried changing the port number back to 3389 on the server and translating the public port number (some number), to the private port number
            (3389) using port redirection? This is how I masked our FTP server by blocking traffic from the public side that used the default port.
            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment


            • #7
              Thanks Blood. That did it. It worked. Internally, no port specified. Externally, specified port is needed.

              I used this command to redirect the port on the server:
              netsh interface portproxy add v4tov4 listenport=12345 listenaddress=192.168.A.B connectport=54321 connectaddress=192.168.X.Y where 12345 is the new port and 54321 is 3389. Thank you All for your help.

              Comment


              • #8
                You're very welcome.
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment

                Working...
                X