For a remote RD Session Host Agent installation to work, the following ports should be open:
TCP: 135 TCP: 445
The following ports are also needed for the agent to communicate with Parallels RAS:
UDP: 30004 TCP: 30004 TCP: 30005
Should any of these ports be closed, the remote RD Session Host Agent installation will fail or the agent will be installed successfully but won’t be able to communicate with Parallels RAS.
Note: By default, TCP ports 135 and 445 are open on a Windows Server, but if this is not the case a firewall rule is required for these ports as well.
Checking which Ports are Blocked
To check which of the required ports are blocked by the Windows Firewall, follow the procedure below:
- Open the Windows Firewall with Advanced Security MMC on the Terminal Server where you are trying to install the RAS RD Session Host Agent.
- Open the properties of the Windows Firewall by right clicking the main node and selecting Properties.
- Click Customize from the Logging section.
In the Customize Logging Settings for the Domain Profile dialog box, select Yes from the Log dropped packets drop down menu as seen in the screenshot below. By enabling this option, the firewall will log all blocked ports once an application tries to connect to them, thus allowing you to find out which ports should be opened.
Retry installation of the RAS RD Session Host Agent, or click Check Agent and when it fails, open the log file generated by the Windows Firewall. As seen from the screenshot below, the firewall will log all blocked ports. In this example, UDP port 30004 is blocked.
Creating New Firewall Rules for RAS RD Session Host Agent
Follow the procedure below to open the required ports on the Windows Firewall on the terminal server where the 2X Agent should be installed:
- Open the Windows Firewall with Advanced Security MMC on the terminal server where you are trying to install the RAS RD Session Host Agent.
- Highlight the Inbound Rules node and click New Rule at the top right.
- In the first step of the inbound rule wizard, select Port and click Next.
In the second step of the wizard (shown in the screenshot below) select TCP or UDP and specify multiple ports or a range of ports and click next. Note: If you need to open both TCP and UDP ports create multiple rules.
- In the Action step click Allow the connection and click Next since we need to allow the connection to go through.
- In the Profile step select which profiles this new rule should apply to and click Next.
- In the last step of the wizard, specify a name and a description for the new rule and click Finish.