Unable to RDP | Fixing RDP Not Listening on Port 3389

Written By Abbas Ahmadi

1. Symptoms & Initial Checks

Typical Symptoms

  • Remote Desktop fails on new builds.
  • Test-NetConnection -Port 3389 returns TcpTestSucceeded: False.
  • No output from netstat -an | findstr 3389.

What’s Working

Get-NetFirewallRule -DisplayGroup "Remote Desktop" | Select DisplayName, Enabled, Direction
(Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server").fDenyTSConnections

2. Root Cause

The RDP port was set incorrectly in the registry, causing no listener on 3389.

Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name PortNumber

3. Fix

Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name PortNumber -Value 3389
Restart-Service TermService -Force

After running this, the host should show LISTENING on port 3389.

4. Verification

On Host

netstat -an | findstr 3389
Get-Service -Name TermService

From Remote

Test-NetConnection -ComputerName <PCName> -Port 3389

TcpTestSucceeded: True

5. Security Notes

  • Re-enable NLA in production (UserAuthentication = 1).
  • Don’t expose RDP to the internet — use a VPN or jump host.
  • Use strong passwords and lockout policies to prevent brute-force attacks.
Abbas Ahmadi
Previous

Exchange: Fix mailbox migration fail | “Mailbox Exists On-Premises”
Next

How to get BIOS serial number without “wmic”