Disable RDP Port 3389

DenverDTS 1 Reputation point
2020-11-25T02:47:25.063+00:00

Test Server
RDP 3389 Active
Bastion Enabled and functioning
Disabled RDP Port 3389 in networking

This rule denies traffic from AzureLoadBalancer and may affect virtual machine connectivity. To allow access, add an inbound rule with higher priority to allow AzureLoadBalancer to VirtualNetwork.

Can't change the priority of AzureLoadBalancer

Want RDP disabled

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
262 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. suvasara-MSFT 10,041 Reputation points
    2020-11-25T07:38:49.573+00:00

    @DenverDTS , I have done a repro of this setup in my lab. All you need to do is,

    Step 1:

    Ignore the warning and save the configuration.

    42454-image.png

    Step 2:

    Now, to allow AzureLoadBalancer to VirtualNetwork or to Allow VirtualNetwork to VirtualNetwork you need to create an inbound rule as mentioned below,

    42585-image.png

    The Virtual Network tag includes the Virtual IP of the host, an allow effectively grants access for AzureLoadBalancer probes.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments
  2. DenverDTS 1 Reputation point
    2020-11-25T15:01:11.687+00:00

    @suvasara-MSFT

    Created the rule above, but still having the same issue.

    Thank you.

    42684-2020-11-25-08-00-09-window.png42677-2020-11-25-07-53-15.png

    0 comments
  3. suvasara-MSFT 10,041 Reputation points
    2020-11-26T04:58:42.49+00:00

    @DenverDTS , that is expected behavior on denying RDP port. Bastion makes use of the 3389 default RDP port. As your question is around asking for an assistance on setting the priority of the "AllowAzureLoadBalancerInBound", provided the solution accordingly.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments
  4. suvasara-MSFT 10,041 Reputation points
    2020-12-04T09:06:06.943+00:00

    @DenverDTS ,

    If you think your question has been answered, click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.

    ----------

    Best regards
    Subhash

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.