1
votes

I've changed RDP port to 8080 in registry on my Azure Virtual Machine (Windows Server). Now it is not accessible from outside, I cant connect it.

Azure VM is managed by Resource Manager (not Classic VM).

UPDATE:

Turning secuiruty rules so allow all not helped. enter image description here

4
I can't quite imagine why you did that, but... What about your inbound security rules? Did you change the inbound rule to allow port 8080? - David Makogon
@davidmakogon, In Windows? No. Is this the end? - AsValeO
What do you mean, "Is this the end?" And no, not Windows. In Azure. - David Makogon
@davidmakogon, No. I don't know how to do it. I mean I think this can be a deadlock if windows firewall denies 8080 inbound traffic and rdpport is 8080. I'm not so expirienced in networking. - AsValeO

4 Answers

2
votes

I've changed RDP port to 8080 in registry on my Azure Virtual Machine (Windows Server)

We can use CustomScriptextension to check if RDP listening on port 8080.

netstat -ant | findstr "8080" enter image description here

If your port not listening on Port 8080, we may need to restart RDP service.

If RDP listening on port 8080, we can use CustomScriptextension to disable windows firewall.
netsh advfirewall set allprofiles state off

About Extension, we create a ps1 file with the command, and upload it via Azure portal.

enter image description here

1
votes

Azure has to know to allow traffic through to your VM. By default, on a Windows VM, only RDP is open. But you (for some reason) changed the RDP port in Windows Server. You need to do this with the network interface as well, via the VM settings (which has nothing to do with Windows itself):

  • Via Settings, go to Network Interfaces
  • Select your network interface and go to Network Security Group
  • From network security group, add an inbound rule for port 8080 (or modify the existing RDP rule to be port 8080).
1
votes

It used to be possible to change your RDP port in Classic portal using endpoints. but in RM portal you cannot change your RDP port.

If you are trying to secure your box or by pass the security firewall to connect to your box, I recommend using Azure Load Balancer NAT rules, you can create a NAT rule to translate a custom port to 3389, and then you can only allow connectivity from LB to your VM, this a trick I use when I want to by pass the corporate's firewall, for example port 443.

Make sure you attach the LB to your VM from the NAT rule section

1
votes

To access any port from public ip client -

Enable port in Azure firewall (if installed)

Enable Port in Network Security Group (add inbound rule) rule like 8080 -> 8080 or rule like 80 -> 8080

Enable Port in Windows Firewall of VM (on azure) -- most important if port is other than 80 and 443. - e.g. 8080, 8090 etc..