Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Windows 2008 R2 - Change RDP port and Remote Access stop working

  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2008 R2 - Change RDP port and Remote Access stop working

    here is what I did:
    1. Change the port number (3389 to some number) on the server thru the registry:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Terminal Server\WinStations\RDP-Tcp\PortNumber
    2. Create an inbound firewall rule on the server to allow the traffic thru the new port (some number)
    3. In our Meraki firewall, under the Forwarding Rules, change the public port to the new port number (some number) for the rdp forwarding rule.

    That did not do it for me. I could not remote to the server after the change. I don't know what I am missing here. I change it back to default (3389) and the remote access functions normal now but I would really like to change the rdp port to make it more secure to public. Could anyone tell me what did I miss here ? TIA.

  • #2
    Can you remote in internally on the correct port? (rules out server issues)?
    Are you connecting using servername:port (required in RDP client if you change to other than 3389)?
    Last edited by JeremyW; 29th March 2017, 04:16. Reason: Added noparse tag.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Yes i can internally servername:portnumber. Externally, i still can not (ip address:port number).
      Last edited by JeremyW; 29th March 2017, 04:17. Reason: Added noparse tag.


      • #4
        Did you reboot your Meraki MX? I've had issues with firewall changes not taking effect immediately unless I rebooted, even if it says it's config is up to date.

        Network Consultant/Engineer
        Baltimore - Washington area and beyond


        • #5
          I've tried that too JeremyW. it still does not work.


          • #6
            Have you tried changing the port number back to 3389 on the server and translating the public port number (some number), to the private port number
            (3389) using port redirection? This is how I masked our FTP server by blocking traffic from the public side that used the default port.
            A recent poll suggests that 6 out of 7 dwarfs are not happy


            • #7
              Thanks Blood. That did it. It worked. Internally, no port specified. Externally, specified port is needed.

              I used this command to redirect the port on the server:
              netsh interface portproxy add v4tov4 listenport=12345 listenaddress=192.168.A.B connectport=54321 connectaddress=192.168.X.Y where 12345 is the new port and 54321 is 3389. Thank you All for your help.


              • #8
                You're very welcome.
                A recent poll suggests that 6 out of 7 dwarfs are not happy


                • #9
                  i really dont understand why i can not post a new topic. since this topic is related to this server, so i choose to add it to this post. sorry if this confuses you.

                  Click image for larger version

Name:	snapshot.png
Views:	5
Size:	26.7 KB
ID:	516626

                  Lately, i've seen many event id 56 on our remote server.
                  it says 'The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
                  Client IP:'
                  Most of the client IPs belong to our users. Many of them are from countries like Russian and Germany.
                  I look up for '' and it is from Russia. I have enabled port forwarding on our remote server so it is no longer 3389.

                  i wonder if this is just port scanning that hackers do or our server has been compromised ? any help is appreciated. TIA