We help IT Professionals succeed at work.

RDP Port Number Change

2,242 Views
Last Modified: 2013-12-14
I've opened up my firewall to allow traffic through port 3389 (RDP) to my server.  Not having a DMZ, I figured it would be a good idea to at least change the TCP Port Number for Remote Desktop and my firewall to something unconventional, like 444 or 4444.  I modified the RD listening port on my server using the instructions provided at http://support.microsoft.com/kb/306759.  (It's a simple registry edit.)  I modified the port forwarding on my DSL router and internal router from 3389 to 444.  I then tried to use RD to get into my network from a workstation on the WAN with no success.  I tried 4444 as well, with no success.  I went back to the good old 3389 and everything worked just fine again.  Note that I was able to use RD to access my server using ports 444 and 4444 from another workstation in the LAN.  So it appears that it's a firewall issue.
Comment
Watch Question

Commented:
Did you check the firewall setting on the PC ? See this thread for more info:

http://www.tomshardware.com/forum/145326-45-change-port-firewall

Author

Commented:
The RD host is actually running Windows Server 2003, R2 with Terminal Server, and it's not running Windows Firewall.  I think the fact that I was able to access it from another workstation on the LAN using RD and port 444 makes me think it's configured properly.  
CERTIFIED EXPERT

Commented:

What do you see when you enter the following commnad from the cmd window?

netstat -an , is youor server listening on port 444?


harbor235 :}

Commented:
After you make the port-forwarding change on the router, use a online port scanner tool to scan your public ip address and see if port 444/4444 is open. You can use ShieldsUp or any such tool:

https://www.grc.com/x/ne.dll?bh0bkyd2

Author

Commented:
harbor235, I connected to my server (Windows Server 2003, R2) via the LAN using RD and port 444.  No problem making the connection.  Here's the corresponding row in netstat -n:

Proto      Local Address                  Foreign Address                State
  TCP          192.168.1.2:444            192.168.1.52:3781          ESTABLISHED

vjlp, Despite the fact that port forwarding is set up for port 444 on my DSL router and my internal router in the exact same fashion as port 3389, Shields Up shows the port as closed (attached).  

So, here's where I stand:
1. RD access using TCP port 3389 using LAN: Success
2. RD access using TCP port 3389 using WAN with port forwarding on DSL router and internal router: Success
3. RD access using TCP port 444 using LAN: Success
4. RD access using TCP port 444 using WAN with port forwarding on DSL router and internal router: Failure

Explanations I can think of:
1. The server  (Windows Server 2003, R2) is accepting port 444 traffic from a LAN address but rejecting port 444 traffic from the LAN gateway (seems unlikely).
2. Shields Up is looking for specific types of responses based on specific port numbers.  In other words, port 444 is customarily associated with Simple Network Paging Protocol.  What if Shields Up is looking for a Simple Network Paging Protocol type response rather than a RDP type of response?
3. I set up port forwarding on the routers incorrectly.  I supposed this is a possibility, but I've reset the router twice and rebuilt the port forwarding three times.  
4. Something else?


Shields-Up-Port-444.jpg
CERTIFIED EXPERT

Commented:

Ok, good, then if you are initiating a trem serv connection from outside the firewall you need the following;

1) static translation
2) ACL entries to allow the traffic
3) Apply ACLs to appropriate interface

Can you post a sanitized config

harbor235 ;}

Author

Commented:
harbor235,

1) static translation - You lost me.  Are we talking about the DSL router?
2) & 3) ACLs entries to allow traffic - Are you talking about Windows ACLs?  I'm having a hard time seeing how they figure into the picture?

I'd be happy to post a sanitized config.  Do you want the port forwarding config on the two routers?  A routing table?  Terminal Services config on the server?


CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
harbor235 and vjlp,

Thanks for all your efforts.  Turns out it was my ISPs firewall.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.