Avatar of benjilafouine
benjilafouine asked on

Terminal server listening on two ports


Is there a way to have a Windows 2008 Server listening on two different ports at once for Terminal Server connections. I have clients that must connect from different locations except that one of them is behind a firewall that blocks port 3389 outgoing.

I could change the listening port to something else than 3389 but I would still like to keep listening on the default port (less trouble). And once I have this done (if feasible), how do I set the outgoing client to connect on a different port?

Any suggestions for me to workaround this problem?

Microsoft Server OSWindows Server 2003

Avatar of undefined
Last Comment

8/22/2022 - Mon

I'm not aware of a way to have a Terminal Server listen on two ports. However, I do have a possible solution for you:

If your firewall has the ability for you to create custom firewall rules, create a new custom one called 'Terminal Server Custom Port'. Set its External Port to something other than 3389 so the remote connections work, but set the port it maps to Internally to 3389. Then, assign this firewall rule and have it set to forward to the Terminal Server's IP.

By doing this, inbound requests on port, say 3390, will be received by the firewall, but passed on to the Terminal Server on port 3389 - the standard port - and things will work as normal. This also means you can keep the current port 3389 rule and have other users connect directly on that.

It has worked for me. Good luck.


I could do that but if I'm right, I would have to instruct my other clients to use IP address xxx.xxx.xxx.xxx:3390 to connect to my server, right? This is what I want to avoid.

My router/firewall does cannot make any other rule than port forwarding or port range forwarding.



So your router does not enable you to create a custom rule? Most routers let you add in your own Custom Port Forward rules, where you then map an 'external' port to an 'internal' port. I've seen very few which don't have this feature.

If you can use this, it means the Terminal Server stays listening on port 3389. The router then does the mapping, so it takes incoming requests on port 3390 and sends them to port 3389 on the Terminal Server.

You can add another rule (giving you two rules) - the usual port 3389 terminal services rule - which would enable all the users for whom 3389 is not blocked to still connect without specifying a different port in their connection string.

Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

This was well worth the small amount I'm paying per month for this service. I knew I could count on someone at Experts Exchange for a quick answer.  Solved on Windows 2008 (but don't forget to open a port manually on the Windows 2008 built-in firewall). And thanks.