By default, CA PAM establishes RDP connection to remote Windows Target Host over port 3389 and RDP Application uses the same default port.

<Please see attached file for image>

We can customize the RDP port for a specific Target Host in the device's properties, define in CA PAM.

<Please see attached file for image>

Is it possible to customize the port associated with RDP Application?

RDP access via CA PAM uses the port defined in the respective device's properties but RDP application always uses port 3389.

== REPRODUCTION STEPS ==

1. Update the following registry key in Target Host with the new RDP port -- 6901:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
2. Disable the Windows Firewall Inboud Rule 'Remote Desktop (TCP-In)'
3. Create a new Windows Firewall Inboud Rule to allow TCP port 6901
4. Reboot the Target Server
5. Update PAM device's properties > 'RDP' Access Methods to use port 6901 

RDP to Target server over port 6901 via CA PAM is working accordingly but the RDP application fails because Windows Firewall is not allowing inbound traffic from port 3389.

== ANALYSIS ==
From the xcd_spfd.log, RDP application is still trying to connect via default port 3389:

2017-02-24 03:18:17 16629 INFO init: Trying to connect to xx.xxx.xxx.xx:3389
2017-02-24 03:18:17 16629 ERROR open: open: Cannot connect. (Connection refused)
2017-02-24 03:18:17 16629 ERROR init: Unable to open connection to BER xxx.xxx.xxx.xx:3389
2017-02-24 03:18:17 16629 ERROR run: Traffic Handler did not initilize properly. Closing the connection.

https://communities.ca.com/community/ca-security/ca-privileged-access-management/blog/2017/04/28/tech-tip-ca-privileged-access-manager-rdp-application-only-works-with-default-port-3389