RDP Application only works with default port 3389

Document ID : KB000014312
Last Modified Date : 14/02/2018
Show Technical Document Details

By default, CA PAM establishes RDP connection to remote Windows Target Host over port 3389 and RDP Application uses the same default port.

We can customize the RDP port for a specific Target Host in the device's properties, define in CA PAM.


Is it possible to customize the port associated with RDP Application?


RDP access via CA PAM uses the port defined in the respective device's properties but RDP application always uses port 3389.



  1. Update the following registry key in Target Host with the new RDP port -- 6901:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
  2. Disable the Windows Firewall Inboud Rule 'Remote Desktop (TCP-In)'
  3. Create a new Windows Firewall Inboud Rule to allow TCP port 6901
  4. Reboot the Target Server
  5. Update PAM device's properties > 'RDP' Access Methods to use port 6901 

RDP to Target server over port 6901 via CA PAM is working accordingly but the RDP application fails because Windows Firewall is not allowing inbound traffic from port 3389.

From the xcd_spfd.log, RDP application is still trying to connect via default port 3389:

2017-02-24 03:18:17 16629 INFO init: Trying to connect to xx.xxx.xxx.xx:3389
2017-02-24 03:18:17 16629 ERROR open: open: Cannot connect. (Connection refused)
2017-02-24 03:18:17 16629 ERROR init: Unable to open connection to BER xxx.xxx.xxx.xx:3389
2017-02-24 03:18:17 16629 ERROR run: Traffic Handler did not initilize properly. Closing the connection.



Additional Information: