March 27, 2017 at 6:57 pm #166932
here is what I did:
1. Change the port number (3389 to some number) on the server thru the registry:
2. Create an inbound firewall rule on the server to allow the traffic thru the new port (some number)
3. In our Meraki firewall, under the Forwarding Rules, change the public port to the new port number (some number) for the rdp forwarding rule.
That did not do it for me. I could not remote to the server after the change. I don’t know what I am missing here. I change it back to default (3389) and the remote access functions normal now but I would really like to change the rdp port to make it more secure to public. Could anyone tell me what did I miss here ? TIA.
OssianModeratorMarch 28, 2017 at 12:14 am #191593
Can you remote in internally on the correct port? (rules out server issues)?
[noparse]Are you connecting using servername:port (required in RDP client if you change to other than 3389)?[/noparse]March 28, 2017 at 2:56 pm #340290
[noparse]Yes i can internally servername:portnumber. Externally, i still can not (ip address:port number).[/noparse]
JeremyWModeratorMarch 28, 2017 at 9:19 pm #271452
Did you reboot your Meraki MX? I’ve had issues with firewall changes not taking effect immediately unless I rebooted, even if it says it’s config is up to date.
BloodModeratorApril 4, 2017 at 8:11 am #337271
Have you tried changing the port number back to 3389 on the server and translating the public port number (some number), to the private port number
(3389) using port redirection? This is how I masked our FTP server by blocking traffic from the public side that used the default port.April 4, 2017 at 6:01 pm #340292
Thanks Blood. That did it. It worked. Internally, no port specified. Externally, specified port is needed.
I used this command to redirect the port on the server:
netsh interface portproxy add v4tov4 listenport=12345 listenaddress=192.168.A.B connectport=54321 connectaddress=192.168.X.Y where 12345 is the new port and 54321 is 3389. Thank you All for your help.March 31, 2018 at 10:53 pm #340293
i really dont understand why i can not post a new topic. since this topic is related to this server, so i choose to add it to this post. sorry if this confuses you.
Lately, i’ve seen many event id 56 on our remote server.
it says ‘The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 22.214.171.124.’
Most of the client IPs belong to our users. Many of them are from countries like Russian and Germany.
I look up for ‘126.96.36.199’ and it is from Russia. I have enabled port forwarding on our remote server so it is no longer 3389.
i wonder if this is just port scanning that hackers do or our server has been compromised ? any help is appreciated. TIA
You must be logged in to reply to this topic.