RDP won’t work on any port but 3389

hyper-vrdpwindows-server-2008-r2

We have a server 2008 r2 virtual machine that's acting as a public facing RDP terminal (I know I know, that's a whole different fight). I'm trying to set RDP to use any port but 3389, but I get the "this computer is unavailable" message whenever I change the port. What I'm doing is:

1) Changing the port used by RDP in the registry (HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp > PortNumber field)

2) Changing the symantec firewall rule that allows traffic on port 3389 to port (for example) 4000. (Windows firewall is disabled, and I've made sure the service isn't running in services.msc)

3) Try to open an RDP session from another computer on the LAN to x.x.x.x:4000

When I use netstat -a it says TCP is listening on port 4000, but RDP connections fail with the "the computer is offline error". When I do the exact steps as above with 3389 it works, anyone know what's up?

Best Answer

Export the registry from the working one and import into the broken one

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Related Solutions

Windows – Remote App Authentication Error (Code:0x507)

I had the same problem (on XP SP3 connecting to Windows 7). I followed the instructions you copied from the KB article, however forgot (actually skipped) step 9. Did a reboot and it started working. Yay.

Ssl – How to fix RDP on windows server 2012

You may encounter this error when connecting after importing an SSL certificate (and associated private key) into Windows Server 2012:

This computer can't connect to the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

In addition, in the Windows event logs, you see:

"A fatal error occurred when attempting to access the SSL server credential 
private key. The error code returned from the cryptographic module is 0x8009030D. 
The internal error state is 10001."

Solution:

Quote from Microsoft KB2001849:

"The Remote Desktop Host Services service runs under the NETWORK SERVICE account. Therefore, it is necessary to set the ACL of the key file used by RDS (referenced by the certificate named in the SSLCertificateSHA1Hash registry value) to include NETWORK SERVICE with "Read" permissions. To modify the permissions follow the steps below:

Open the Certificates snap-in for the local computer:

Click Start, click Run, type mmc, and click OK.
On the File menu, click Add/Remove Snap-in.
In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and click Add.
In the Certificates snap-in dialog box, click Computer account, and click Next.
In the Select Computer dialog box, click Local computer: (the computer this console is running on), and click Finish.
In the Add or Remove Snap-ins dialog box, click OK.
In the Certificates snap-in, in the console tree, expand Certificates (Local Computer), expand Personal, and navigate to the SSL certificate that you would like to use.
Right-click the certificate, select All Tasks, and select Manage Private Keys.
In the Permissions dialog box, click Add, type NETWORK SERVICE, click OK, select Read under the Allow checkbox, then click OK."

Source: https://support.microsoft.com/en-us/kb/2001849

Best Answer

Related Solutions

Windows – Remote App Authentication Error (Code:0x507)

Ssl – How to fix RDP on windows server 2012

Related Topic