Windows 2008 R2 – Change RDP port and Remote Access stop working

Home Forums Server Operating Systems Windows Server 2008 / 2008 R2 Windows 2008 R2 – Change RDP port and Remote Access stop working

This topic contains 8 replies, has 4 voices, and was last updated by Avatar spn 1 year, 3 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • Avatar
    spn
    Member
    #166932

    here is what I did:
    1. Change the port number (3389 to some number) on the server thru the registry:

    HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminal ServerWinStationsRDP-TcpPortNumber
    2. Create an inbound firewall rule on the server to allow the traffic thru the new port (some number)
    https://support.rackspace.com/how-to/create-an-inbound-port-allow-rule-for-windows-firewall-2008/
    3. In our Meraki firewall, under the Forwarding Rules, change the public port to the new port number (some number) for the rdp forwarding rule.

    That did not do it for me. I could not remote to the server after the change. I don’t know what I am missing here. I change it back to default (3389) and the remote access functions normal now but I would really like to change the rdp port to make it more secure to public. Could anyone tell me what did I miss here ? TIA.

    Avatar
    Ossian
    Moderator
    #191593

    Can you remote in internally on the correct port? (rules out server issues)?
    [noparse]Are you connecting using servername:port (required in RDP client if you change to other than 3389)?[/noparse]

    Avatar
    spn
    Member
    #340290

    [noparse]Yes i can internally servername:portnumber. Externally, i still can not (ip address:port number).[/noparse]

    JeremyW
    JeremyW
    Moderator
    #271452

    Did you reboot your Meraki MX? I’ve had issues with firewall changes not taking effect immediately unless I rebooted, even if it says it’s config is up to date.

    Avatar
    spn
    Member
    #340291

    I’ve tried that too JeremyW. it still does not work.

    Blood
    Blood
    Moderator
    #337271

    Have you tried changing the port number back to 3389 on the server and translating the public port number (some number), to the private port number
    (3389) using port redirection? This is how I masked our FTP server by blocking traffic from the public side that used the default port.

    Avatar
    spn
    Member
    #340292

    Thanks Blood. That did it. It worked. Internally, no port specified. Externally, specified port is needed.

    I used this command to redirect the port on the server:
    netsh interface portproxy add v4tov4 listenport=12345 listenaddress=192.168.A.B connectport=54321 connectaddress=192.168.X.Y where 12345 is the new port and 54321 is 3389. Thank you All for your help.

    Blood
    Blood
    Moderator
    #337272

    You’re very welcome.

    Avatar
    spn
    Member
    #340293

    i really dont understand why i can not post a new topic. since this topic is related to this server, so i choose to add it to this post. sorry if this confuses you.

    [ATTACH=JSON]{“data-align”:”none”,”data-size”:”medium”,”data-attachmentid”:516626}[/ATTACH]

    Lately, i’ve seen many event id 56 on our remote server.
    it says ‘The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
    Client IP: 82.202.249.19.’
    Most of the client IPs belong to our users. Many of them are from countries like Russian and Germany.
    I look up for ‘82.202.249.19’ and it is from Russia. I have enabled port forwarding on our remote server so it is no longer 3389.

    i wonder if this is just port scanning that hackers do or our server has been compromised ? any help is appreciated. TIA

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.