How to set up smartphones and PCs. Informational portal

Ports for rdp to work. What is the standard RDP connection port and how to change it

16.07.2019 Internet, Wi-Fi, local networks

Router port forwarding is used to provide remote access to a specific computer (or device) located on the router's local network from the outside. For example, there are several computers in the local network and you need to connect to one of them remotely. In the external network, they all have the same IP address. The router registers a specific port for the desired computer. Due to this, when processing a request from an external network with a specific port, the router redirects the user to the desired computer.

Port forwarding Let's look at an example implementation. However, this instruction is also suitable for any other settings related to port forwarding, for example, for setting up remote access to a video camera, other computer programs, etc.

Port Forwarding for Remote Desktop (rdp) Windows

In this guide, we'll show you how to do port forwarding on the example of an ASUS RT-N10U router. In other models of routers, the actions will be similar, only the external interface and the location of menu items may differ.

First of all, you need to assign a permanent local ip-address to the desired computer (or device) in the router settings, which will be accessed.

1. To get into the control panel of the router, open it and enter its ip-address in the address bar. In my case it is 192.168.0.1. Most often, most routers use the address 192.168.0.1 or 192.168.1.1, although you can set any ip address from the many local ones in the settings.

2. If you entered the router address correctly, you will be prompted to log in (most often, the login is used by default: admin and password: admin, but this can be changed in the settings). Enter your username and password and click entrance .

3. Select the settings item The local network , tab DHCP server. (In other routers, we also look for a section related to DHCP).

4. At the bottom of the page we find List of manually assigned IP addresses bypassing DHCP and add the desired ip to our computer (you can fix the current ip of the computer). In my case, in the drop-down list of devices, I select COMP(name of my computer) and the ip field is automatically filled in with 192.164.0.84.

5. Click Apply .

Moving on to port forwarding. Consider also the example of the ASUS RT-N10U router. In other routers, the settings will be performed similarly.

Greetings, dear readers, and Denis Trishkin is in touch again.

I recently came across a question like "Remote Desktop" (RDP Windows 7). This tool allows you to work with your computer using another device. So, for example, the user can use home equipment to perform all the necessary functions on a PC located in the office. Agree, in some situations this opportunity is convenient. But at the same time, you first need to debug everything correctly.

In order to enable rdp, you need to perform a few steps:

Establishing a connection( )

To establish an rdp connection, you first need to know its IP address. To do this, on the desired device, go to the command line (open "" and write " cmd»).

In the window that appears, indicate "". A list will open in which you need to find the line with the IPv4 parameter. The numbers that are indicated opposite are the data we need.

After that, on the computer from which we plan to connect, we launch the rdp client or "". To do this, you need to go to Start" and then go to " Standard».

increase

A window will open where the equipment address (IPv4) is set. Then press "".

If everything is specified as expected, a menu will appear in which you need to enter your login and password to establish a connection.

Before that, there is a choice of " Parameters”, where various rdp settings are provided:


Update( )

It is important to understand that with constant work with this tool, you need it to perform all its functions 100%. Otherwise, users may simply not achieve their goals.

For correct functioning it is necessary to specify all settings correctly. But in some cases this is not enough. It is also worthwhile to install all outgoing rdp updates from Microsoft on time. This can be done not only in the corresponding center provided in the operating system itself, but also on the developer's official page.

Changing the RDP Port( )

For a standard connection to a remote computer, port 3389 is used. In this case, the interaction takes place via the TCP protocol. Therefore it is used without udp.

To increase the security of the connection, it is possible to change the RDP port. Changing the value will reduce the risk of intrusion into the system in case of automated selection of passwords.

For the procedure, you must use the registry editor:


No connection( )

Sometimes users may encounter a situation where rdp is not working. At the same time, it is important to note that, judging by the statistics, the user still manages to get to the server, but some network tools do not let him go further. There are several effective ways to solve this problem.

RDP is a remote desktop protocol. From English, this abbreviation stands for Remote Desktop protocol. It is needed to connect one computer to another via the Internet. For example, if the user is at home, and he urgently needs to fill out documents in the office, he can do this using this protocol.

How RDP Works

Access to another computer is made through TCP port 3389 by default. On every personal device, preset automatically. There are two types of connections:

  • for administration;
  • to work with programs on the server.

Servers where Windows Server is installed support two remote RDP connections at once (this is the case if the RDP role is not activated). Computers that are not servers have only one input each.

The connection between computers is made in several stages:

  • protocol based on TCP requests access;
  • the session of the protocol of a remote desktop is defined. During this session instructions are approved data transmission;
  • when the determination stage is completed, the server will transfer to another device graphical output. At the same time, it receives data from the mouse and keyboard. Graphical output is an exactly copied image or commands for drawing various shapes, such as lines, circles. Such commands are key tasks for this type of protocol. They greatly save traffic consumption;
  • the client computer turns these commands into graphics and displays them on the screen.

Also, this protocol has virtual channels that allow you to connect to a printer, work with the clipboard, use an audio system, etc.

Connection security

There are two types of secure connection via RDP:

  • built-in system (Standard RDP Security);
  • external system (Enhanced RDP Security).

They differ in that the first type uses encryption, integrity is created using standard tools that are in the protocol. And in the second form, the TLS module is used to establish a secure connection. Let's take a closer look at the process.


Built-in protection is carried out as follows - at the beginning, authentication takes place, then:

  • when turned on will generatedRSAkeys;
  • a public key is generated;
  • signed by RSA, which is embedded in the system. It is available on any device with the Remote Desktop Protocol installed;
  • the client device receives a certificate upon connection;
  • is checked and obtained this key.

Then the encryption takes place:

  • the RC4 algorithm is used as standard;
  • for Windows 2003 servers, 128 bit protection is used, where 128 bits is the key length;
  • for Windows 2008 servers - 168 bits.

Integrity is controlled by generating mac-codes based on the MD5 and SHA1 algorithm.

The external security system works with TLS 1.0, CredSSP modules. The latter combines the functionality of TLS, Kerberos, NTLM.

End connection:

  • a computer checks permission at the entrance;
  • the cipher is signed using the TLS protocol. This is the best protection option;
  • Only one entry is allowed. Each session is encrypted separately.

Replacing the old port value with a new one

In order to prescribe a different value, you must do the following (relevant for any version of Windows, including Windows Server 2008):





Now, when connecting to a remote desktop, you must specify a new value after the IP address separated by a colon, for example 192.161.11.2:3381 .

Replace using the PowerShell utility

PowerShell also allows you to make the necessary changes:

  • it is recommended to reboot;
  • after the device turns on, type "regedit" in the start menu. Go to directory: HKEY_ LOCAL_ MACHINE, find the CurrentControlSet folder, then the Control folder, go to Terminal Server and open WinStations. Click on the RDP-Tcp. The new value should be set here.
  • Now you need to open the RDP port on the firewall. Enter Powershell, type in the command: netsh advfirewall firewall add rule name="NewRDP" dir=in action=allow protocol=TCP localport= 49089 . The numbers should mean the port to which the old one was transferred.

Failed to open connection file default.rdp

Most often, this error occurs when there are problems withDNSserver. The client computer cannot find the name of the specified server.

In order to get rid of the error, you must first check whether the host address is entered correctly.

Otherwise, if a bug occurs, you need to take the following steps:

  • go to " My documents»;
  • find the default.rdp file. If you don't find it, check the box " Folders settings» to show hidden files and folders;
  • now delete this file and try to connect again.

Quite often, many users who use remote access sessions have a question about how to change the RDP port. Now let's look at the simplest solutions, and also indicate several main steps in the configuration process.

What is the RDP protocol for?

First, a few words about RDP. If you look at the decoding of the abbreviation, you can understand that remote access

In simple terms, this is a terminal server or workstation tool. Windows settings (and any version of the system) use default settings that are suitable for most users. However, sometimes it becomes necessary to change them.

Standard RDP port: should it be changed?

So, regardless of Windows modification, all protocols have a preset value. This is RDP port 3389, which is used to carry out a communication session (connecting one terminal to remote ones).

What is the reason for the situation when the standard value needs to be changed? First of all, only with the security of the local computer. After all, if you figure it out, with a standard port installed, in principle, any attacker can easily penetrate the system. So now let's see how to change the default RDP port.

Changing settings in the system registry

We note right away that the change procedure is carried out exclusively in manual mode, and any reset or setting of new parameters is not provided for in the remote access client itself.

First, we call the standard registry editor with the regedit command in the Run menu (Win + R). Here we are interested in the HKLM branch, in which we need to go down the partition tree through the terminal server directory to the RDP-Tcp directory. In the window on the right we find the key PortNumber. We need to change its meaning.

We go into editing and see 00000D3D there. Many are immediately perplexed about what it is. And this is just the hexadecimal representation of the decimal number 3389. To specify the port exactly in decimal form, we use the appropriate display string for the value representation, and then specify the parameter we need.

After that, we reboot the system, and when we try to connect, we specify a new RDP port. Another way to connect is to use the special command mstsc /v:ip_address:XXXXX, where XXXXX is the new port number. But that's not all.

Windows firewall rules

Alas, the built-in Windows firewall can block the new port. So, you need to make changes to the settings of the firewall itself.

We call the firewall settings with advanced security options. Here you should first select incoming connections and click on the line for creating a new rule. Now we select the item for creating a rule for the port, then we enter its value for TCP, then we allow the connection, we leave the profile section unchanged and finally give the new rule a name, after which we press the button to complete the settings. It remains to reboot the server and, when connecting, specify the new RDP port separated by a colon in the corresponding line. In theory, there shouldn't be any problems.

RDP port forwarding on the router

In some cases, when a wireless connection is used rather than a cable connection, it may be necessary to do port forwarding on the router (router). There is nothing difficult in this.

First, in the system properties, we allow and specify users who have the right to do so. Then we go to the router settings menu through the browser (192.168.1.1 or at the end 0.1 - it all depends on the router model). In the field (if the main address is 1.1), it is desirable to indicate the address, starting from the third (1.3), and write the rule for issuing the address for the second (1.2).

Then, in network connections, we use the details view, where you should view the details, copy the physical MAC address from there and paste it into the router settings.

Now, in the NAT settings section on the modem, enable the connection to the server, add a rule and specify the XXXXX port that needs to be forwarded to the standard RDP port 3389. Save the changes and reboot the router (the new port will not be accepted without a reboot). You can check the connection on some specialized site like ping.eu in the port testing section. As you can see, everything is simple.

Finally, note that the port values ​​are distributed as follows:

  • 0 - 1023 - ports for low-level system programs;
  • 1024 - 49151 - ports allocated for private purposes;
  • 49152 - 65535 - dynamic private ports.

In general, many users usually choose RDP ports from the third range of the list to avoid problems. However, both specialists and experts recommend using these values ​​in tuning, since they are suitable for most of the tasks.

As for exactly this procedure, it is used mainly only in cases of Wi-Fi connection. As you can already see, with a regular wired connection, it is not required: just change the values ​​​​of the registry keys and add rules for the port in the firewall.

Good afternoon, dear readers and guests of the blog, today we have the following task: change the incoming port of the RDP service (terminal server) from the standard 3389 to some other one. Let me remind you that the RDP service is a functionality of Windows operating systems, thanks to which you can open a session over the network to the computer or server you need using the RDP protocol, and be able to work behind it, as if you were sitting at it locally.

What is RDP protocol

Before changing something, it would be good to understand what it is and how it works, I keep repeating this to you. RDP or Remote Desktop Protocol is a remote desktop protocol for Microsoft Windows operating systems, although its origins are from PictureTel (Polycom). Microsoft just bought it. Used for remote work of an employee or user with a remote server. Most often, such servers carry the role of a terminal server, on which special licenses are allocated, either per user or per device, CAL. Here the idea was this, there is a very powerful server, why not share its resources, for example, under the 1C application. This is especially true with the advent of thin clients.

The world saw the terminal server itself, already in 1998 in the Windows NT 4.0 Terminal Server operating system, to be honest, then I didn’t know what it was, and in Russia at that time we all played dandy or sega. RDP connection clients are currently available in all versions of Windows, Linux, MacOS, Android. The most modern version of the RDP protocol at the moment is 8.1.

default rdp port

I’ll immediately write the default rdp port 3389, I think all system administrators know it.

How the rdp protocol works

And so we understood why we came up with the Remote Desktop Protocol, now it is logical that you need to understand the principles of its operation. Microsoft distinguishes two modes of the RDP protocol:

  • Remote administration mode > for administration, you get to the remote server and configure and administer it
  • Terminal Server mode > to access the Application Server, Remote App or share it for work.

In general, if you install Windows Server 2008 R2 - 2016 without a terminal server, then by default it will have two licenses, and two users will be able to connect to it at the same time, the third will have to throw someone out to work. In client versions of Windows, there is only one license, but this can also be circumvented, I talked about this in the article terminal server on windows 7. Also, Remote administration mode, you can cluster and balance the load, thanks to NLB technology and the Session Directory Service connection server server. It is used to index user sessions, thanks to this server, the user can log in to the remote desktop of terminal servers in a distributed environment. The licensing server is also a mandatory component.

The RDP protocol works over a TCP connection and is an application protocol. When the client establishes a connection with the server, an RDP session is created at the transport layer, where encryption and data transmission methods are negotiated. When all negotiations have been determined and initialization is complete, the terminal server sends graphical output to the client and waits for input from the keyboard and mouse.

Remote Desktop Protocol supports multiple virtual channels within a single connection, thanks to which you can use additional functionality

  • Send your printer or COM port to the server
  • Redirect your local drives to the server
  • Clipboard
  • Audio and video

RDP connection steps

  • Establishing a connection
  • Negotiate Encryption Options
  • Server authentication
  • Negotiation of RDP session parameters
  • Client Authentication
  • RDP session data
  • Breaking an RDP session

Security in the RDP protocol

Remote Desktop Protocol has two authentication methods, Standard RDP Security and Enhanced RDP Security, and we'll cover both in more detail below.

Standard RDP Security

The RDP protocol, with this authentication method, encrypts the connection using the RDP protocol itself, which is in it, using this method:

  • When your operating system starts, it generates a pair of RSA keys
  • Proprietary Certificate is being generated
  • After that, the Proprietary Certificate is signed with the RSA key created earlier
  • Now the RDP client connecting to the terminal server will receive a Proprietary Certificate
  • The client looks at it and checks it, then receives the server's public key, which is used at the stage of negotiating encryption parameters.

If we consider the algorithm by which everything is encrypted, then this is the RC4 stream cipher. Keys of different lengths from 40 to 168 bits, it all depends on the edition of the Windows operating system, for example, in Windows 2008 Server - 168 bits. Once the server and client have decided on the key length, two new different keys are generated to encrypt the data.

If you ask about data integrity, then here it is achieved through the MAC (Message Authentication Code) algorithm based on SHA1 and MD5

Enhanced RDP Security

The RDP protocol uses two external security modules for this authentication method:

  • CredSSP
  • TLS 1.0

TLS has been supported since version 6 of RDP. When you use TLS, the encryption certificate can be created using the terminal server, a self-signed certificate, or selected from the store.

When you use the CredSSP protocol, it is a symbiosis of Kerberos, NTLM and TLS technologies. With this protocol, the check itself, in which permission to enter the terminal server is checked, is carried out in advance, and not after a full RDP connection, and thus you save the resources of the terminal server, plus there is more reliable encryption and you can do a single login (Single Sign On ), thanks to NTLM and Kerberos. CredSSP is only available in OS not lower than Vista and Windows Server 2008. Here is this checkbox in the system properties

Allow connections only from computers running Remote Desktop with Network Level Authentication.

Change rdp port

In order to change the rdp port, you will need:

  1. Open the registry editor (Start -> Run -> regedit.exe)
  2. Let's move on to the next section:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Find the PortNumber key and change its value to the port number you need.

Be sure to select a decimal value, for example I will put port 12345.

Once you have done this, then restart the Remote Desktop Service, through the command line, with the following commands:

And we create a new incoming rule for the new rdp port. I remind you that the default rdp port is 3389.

We choose that the rule will be for the port

We leave the protocol as TCP and specify the new RDP port number.

We will have a rule allowing RDP connection on a non-standard port

If necessary, set the necessary network profiles.

Well, let's call the rule in a language that is understandable to ourselves.

To connect from Windows client computers, write the address with the port. For example, if you changed the port to 12345, and the address of the server (or just the computer you are connecting to): myserver, then the MSTSC connection will look like this:
mstsc -v:myserver:12345

Top Related Articles

Formatting characters and paragraphs in MS Word What is paragraph formatting
Formatting characters and paragraphs in MS Word What is paragraph formatting
The file system performs a function
The file system performs a function
The history of the creation of CRT - CRT monitors with a slit mask (Slot Mask)
The history of the creation of CRT - CRT monitors with a slit mask (Slot Mask)
Categories:
© 2022 bumotors.ru. How to set up smartphones and PCs. Informational portal.