Q: When I'm traveling, I routinely need to access a server over the Internet via RDP. In my case, it’s more important that I be able to access the server at any time and from any network than it is to add layers of security between the server and the Internet. I frequently run into the problem that the network I’m using doesn’t allow outgoing access to port 3389. I have the server configured with RRAS to accept PPTP connections, but the network often blocks outgoing PPTP connections. How can I reach my server from a restrictive network?
A: I’ve occasionally run into the same problem, and I've found two solutions that work. One solution is to subscribe to a wireless WAN service, such as those available from Verizon, Sprint, or Cingular, which reduces your dependency on local networks as long as you're in the service area and the building you’re in doesn’t interfere with signal reception.
My second solution can help when you have to use a client's or a hotel’s local network that restricts outgoing connections. In that case, you can usually get out on port 443 (HTTPS). I've tried port 80 (HTTP), but RDP fails to connect with networks that use proxy servers, such as Microsoft ISA Server. Although proxies work at the HTTP level, they fail to forward RDP traffic sent over port 80. Port 443, however, has always worked for me. The reason is that, because HTTPS is encrypted, even proxies have to forward RDP traffic through port 443.
To access your server via RDP on port 443, you either have to use RRAS to redirect port 3389 traffic to port 443 or reconfigure Terminal Services to use port 443 instead of port 3389. To reconfigure Terminal Services, open a registry editor (e.g., regedit.exe) and go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp. Change the PortNumber value from 00000D3D (hexadecimal for port 3389) to 000001BB (hexadecimal for port 443).