What ports are used by a RDS deployment?

To configure Remote Desktop Services correctly for internet access or any time where firewalls are used, it is useful to know what ports are required. A detailed guide for perimeter networks is here.

The information / taxonomy is broken down by role service/component, and lists all inbound/outbound ports used.

Client
- If using RDWeb
  - TCP 443
- TCP|UDP 3389: Standard RDP port. Can be configured on host and client to a different port number.
Remote Desktop Connection Broker (RDCB)
- TCP 5504: connection to RD Web Access
- TCP 3389: connection to RD Session Host
- TCP 3389: connection to non-managed VM pools, managed machiens use VMBus to open port.
- TCP 3389: client port for clients not using RD Gateway
- TCP 445|RPC: connection to RD Virtualization Host
- TCP 445|RPC: connection to RD Session Host
- TCP 5985: WMI and PowerShell Remoting for administration
Remote Desktop Gateway
- For external internet traffic from RD Clients:
  - HTTP (includes RPC over HTTP) over SSL : Port 443 (configurable using RD Gateway Management console)
  - UDP : Port 3391 (configurable using RD Gateway Management console)
- For internal traffic:
  - TCP: 88, Kerberos for user authentication
  - TCP: 135 RPC Endpoint Mapper
  - TCP: <>, Port on which NTDS RPC services listens on AD
  - TCP|UDP 389: LDAP for user authentication
  - TCP|UDP 53: Internal resource name resolution, DNS
  - TCP|UDP 3389: RDP
  - TCP|UP 389: If using LDAP for Certificate Revocation List (CRL)
  - TCP 80: If using HTTP for Certificate Revocation List (CRL)
  - TCP 21: If using FTP for Certificate Revocation List (CRL)
  - UDP 1812, 1813: If NPS Server is being used
  - TCP 5985: WMI and PowerShell Remoting for administration
Remote Desktop Web Access
- If RD Web Access is on perimeter network
  - TCP: <WMI Fixed Port>
  - TCP: 5504, connection to RD Connection Broker for centralized publishing
  - TCP 5985: WMI and PowerShell Remoting for administration
If ISA is used, please refer to: http://www.isaserver.org/articles/2004perimeterdomain.html
Remote Desktop Session Host
- RD License Server Port RPC
- TCP 386|636: Active Directory communication
- TCP 5985: WMI and PowerShell Remoting for administration
Remote Desktop Virtualization Host
- RD License Server Port RPC
- TCP 389|636: Active Directory communication
- TCP 5985: WMI and PowerShell Remoting for administration
Remote Desktop License Server
- RD License Server Port RPC
- TCP 443: Communication over the internet to the Microsoft Clearing House
- TCP 5985: WMI and PowerShell Remoting for administration

Wiki - Revision Comment List(Revision Comment)

| |

Comments

Danny van Dam

15 Aug 2013 11:24 AM

Danny van Dam edited Revision 6. Comment: updated title to reflect what the wiki is about
- Edit
Carsten Siemens

27 May 2013 4:18 AM

Carsten Siemens edited Revision 4. Comment: Added tag: en-US
- Edit

Wikis - Comment List

Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.

Posted by Carsten Siemens

on 27 May 2013 4:18 AM

Carsten Siemens edited Revision 4. Comment: Added tag: en-US
Edit
Posted by Danny van Dam

on 15 Aug 2013 11:24 AM

Danny van Dam edited Revision 6. Comment: updated title to reflect what the wiki is about
Edit

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

What ports are used by a RDS deployment?

What ports are used by a RDS deployment?