Remoteapps with non-standard RDS port

Brion Appling
Brion Appling used Ask the Experts™
on
I have a client with a 2016 RDS server using a non-standard port (not 3389) for security reasons, which works fine.
The client would like to setup a RemoteApp for it as well.  If I set the RDS server to the standard port of 33889, the remoteapp works fine, but when I change the port back to the non-standard one, I can log into the remote app wep page without issue, but when I try to start the app, I get the error;
Remote Destop can't connect to the remote computer for one of these reasons:
1 remote access to the server is not enabled
2 the remote computer is turned off
3 the remote computer is not available on the network

Can anyone help me get the remoteapps to work on the non-standard port?
Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
My first suggestion is make life easy in yourself and use the standard port. As long as you aren't changing other settings, there is almost zero security in changing ports.  Port scans are incredibly easy and fast so security by obscurity doesn't even really apply.  

RDP also authenticates BEFORE creating the actual remote session. So this is as secure as any domain login.. Credentials are never exposed, and a failed Auth means the RDP session is never created.

If accessing externally, you definitely should be using RDGateway, which further proxies over an encrypted https tunnel.  But changing from 3389 breaks that as well.

So really, make life easy on yourself and keep it as default.
Philip ElderTechnical Architect - HA/Compute/Storage
Commented:
As Cliff mentions please use RD Gateway.

Never, ever publish a RDP listener to the web on any port. TSGrinder sniffs all 65K+ ports for RDP listeners and then goes to town.

Author

Commented:
This wasn't the answer I was hoping for, but it may be the best one.  I hear your point about the the scanners out there that can find the port regardless, but I also know I see a lot less attempts on a non-standard port.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial