RDP Application only works with default port 3389
search cancel

RDP Application only works with default port 3389


Article ID: 14312


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


By default, CA PAM establishes RDP connection to remote Windows Target Host over port 3389 and RDP Application uses the same default port.

<Please see attached file for image>

We can customize the RDP port for a specific Target Host in the device's properties, define in CA PAM.

<Please see attached file for image>

Is it possible to customize the port associated with RDP Application?


Release: PAMDKT99500-2.7-Privileged Access Manager-NSX API PROXY


RDP access via CA PAM uses the port defined in the respective device's properties but RDP application always uses port 3389.



  1. Update the following registry key in Target Host with the new RDP port -- 6901:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
  2. Disable the Windows Firewall Inboud Rule 'Remote Desktop (TCP-In)'
  3. Create a new Windows Firewall Inboud Rule to allow TCP port 6901
  4. Reboot the Target Server
  5. Update PAM device's properties > 'RDP' Access Methods to use port 6901 

RDP to Target server over port 6901 via CA PAM is working accordingly but the RDP application fails because Windows Firewall is not allowing inbound traffic from port 3389.

From the xcd_spfd.log, RDP application is still trying to connect via default port 3389:

2017-02-24 03:18:17 16629 INFO init: Trying to connect to xx.xxx.xxx.xx:3389
2017-02-24 03:18:17 16629 ERROR open: open: Cannot connect. (Connection refused)
2017-02-24 03:18:17 16629 ERROR init: Unable to open connection to BER xxx.xxx.xxx.xx:3389
2017-02-24 03:18:17 16629 ERROR run: Traffic Handler did not initilize properly. Closing the connection.



Additional Information



1558709550319000014312_sktwi1f5rjvs16rj6.png get_app
1558709548396000014312_sktwi1f5rjvs16rj5.png get_app