SBS Remote Desktop Connection at Rage on Omnipotent:

In a typical slightly undocumented Microsoft move, you need to open up TCP port 4125 as well as port 3389 (which is the standard RDP port) to allow a remote user to log in through the SBS Remote Web Workplace. So why not just say so somewhere?


Actually no, 3389 isn’t used at all for Remote Web Workplace.



Probably the best instructions on RWW are here:

The Official SBS Blog : Inside the Remote Web Workplace – Part I:

But no, it’s 443 and 4125 ONLY for Remote Web Workplace.  I don’t have 3389 open at all.


And it says so, it’s just hard to find.  Buy a book.  It’s in most all of the good SBS books.


…and stay tuned to SBS 2008 when port 4125 won’t be used at all….


  • 25 (for SMTP e-mail)
  • 443 (for HTTP SSL for Remote Web Workplace and OWA)
  • 4125 (required for Remote Web Workplace)
  • 1701 (for LT2P), 1723 (for VPN PPTP)
  • 4125 and 3389 (for Remote Desktop administration and terminal services connections)   <<< that’s not exactly correct.  4125 is the desktop control port needed for Remote Web Workplace.  If you want to log into the server and from there RDP to different workstations, you won’t be using 4125.  I would recommend that you not keep 3389 open, or if you do, limit it to your external IP only.

    One Response to Actually port 3389 is not used at all…

    1. Chris Knight says:

      The only reason to open up 3389 is when you’ve got ISA Server on the SBS box and want to get to the box if ISA goes into Lockdown Mode. You can have a rule in ISA Server to block 3389, so it only becomes active in Lockdown Mode.
      I’ve found it useful twice before.