Remoteapps with non-standard RDS port

I have a client with a 2016 RDS server using a non-standard port (not 3389) for security reasons, which works fine.
The client would like to setup a RemoteApp for it as well.  If I set the RDS server to the standard port of 33889, the remoteapp works fine, but when I change the port back to the non-standard one, I can log into the remote app wep page without issue, but when I try to start the app, I get the error;
Remote Destop can't connect to the remote computer for one of these reasons:
1 remote access to the server is not enabled
2 the remote computer is turned off
3 the remote computer is not available on the network

Can anyone help me get the remoteapps to work on the non-standard port?
Thanks!
Brion ApplingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
My first suggestion is make life easy in yourself and use the standard port. As long as you aren't changing other settings, there is almost zero security in changing ports.  Port scans are incredibly easy and fast so security by obscurity doesn't even really apply.  

RDP also authenticates BEFORE creating the actual remote session. So this is as secure as any domain login.. Credentials are never exposed, and a failed Auth means the RDP session is never created.

If accessing externally, you definitely should be using RDGateway, which further proxies over an encrypted https tunnel.  But changing from 3389 breaks that as well.

So really, make life easy on yourself and keep it as default.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
As Cliff mentions please use RD Gateway.

Never, ever publish a RDP listener to the web on any port. TSGrinder sniffs all 65K+ ports for RDP listeners and then goes to town.
Brion ApplingAuthor Commented:
This wasn't the answer I was hoping for, but it may be the best one.  I hear your point about the the scanners out there that can find the port regardless, but I also know I see a lot less attempts on a non-standard port.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.