Share via

RDP to a Windows 11 computer via VPN doesn't work. However, on the physical network, it does work.

Jay Rosenthal 20 Reputation points
2026-01-28T20:21:09.38+00:00

I can't log onto any company computers with Windows 11 from home, using SSL VPN.

I can log onto any Windows 10 computer from home and Server 2022, using the SSL VPN.

I can log onto a Windows 11 computer if I am on the same physical network.

If I change the port from 3389 to a different port, I can access the Windows 11 computer from home.

The firewall tech support checked their settings and they say they are not blocking anything.

The TCP DUMP shows my home computer sending a request from my computer to the Windows 11 computer, but there is no reply from the target Windows 11 computer. When I try connecting with the different port number, the TCP Dump shows "Request" and a return acknowledgement.

When I connect with the different port number, event viewer shows the event.

When I try to connect with port 3389 there is no logged event for the attempt.

Tried with turning off Windows Firewall and Eset Anti virus.

Eset logged onto my computer and said there is no Eset firewall installed on the computer. Nothing in their settings that could be blocking port 3389. Again it works when I am at the office.

I ran the qwinsta command and netstat -ano | find "3389". Shows only 1 program listening.

Windows is up to date, and I installed KB5077744 for WIndows 25H2.

My fellow friends in other companies, don't have this issue. They have printing issues.

Thank you

Windows for business | Windows for IoT
0 comments

Answer accepted by question author

  1. VPHAN 30,935 Reputation points Independent Advisor
    2026-01-28T21:01:48.7333333+00:00

    Hi Jay Rosenthal,

    Windows 11 utilizes the RDP protocol more aggressively over UDP (RDP Shortpath) compared to older OS versions. Many SSL VPN adapters have smaller MTU sizes which cause these UDP packets to fragment and drop without logging an event on the host OS, because the packet never creates a valid session at the application layer. When you change the port, you likely force the connection to fail over to TCP or bypass the VPN's "RDP Optimization" logic.

    To resolve this, you need to force the Windows 11 target machine to stop listening for RDP on UDP and rely strictly on TCP. Please apply this registry change to the target office Windows 11 computer:

    Open the Registry Editor (regedit) as an Administrator and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services. In the right-hand pane, look for a DWORD value named fServerDisableUDP. If it does not exist, right-click, select New > DWORD (32-bit) Value, and name it fServerDisableUDP. Double-click this value and set the data to 1.

    After applying this key, restart the "Remote Desktop Services" via services.msc or simply reboot the target computer. This will force all incoming RDP connections to use the TCP protocol, which is much more stable over SSL VPN tunnels.

    Additionally, regarding ESET: even if the "Firewall" module is not installed, ESET often includes a "Network Attack Protection" (IDS) module that functions separately. This module contains signatures specifically monitoring port 3389 for BlueKeep-style exploits or brute-force patterns. Since your custom port worked, it bypassed this signature check. If the UDP fix above does not immediately resolve it, please inspect the ESET settings specifically for Network Attack Protection or Botnet Protection and ensure the VPN subnet is whitelisted there, as this layer sits below the Windows Event Viewer's ability to log a login attempt.

    I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

    VP

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-01-28T20:21:52.5566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It seems like you're experiencing issues with Remote Desktop Protocol (RDP) connections to Windows 11 computers over SSL VPN, while connections to Windows 10 and Server 2022 work fine. Here are some troubleshooting steps and considerations based on your description:

    1. RDP Listener Port: Since you mentioned that changing the port from 3389 to a different port allows you to connect, it indicates that there might be an issue with how port 3389 is being handled over the VPN. Ensure that the VPN configuration allows traffic on port 3389.
    2. Firewall Settings: Although the firewall tech support has checked their settings, it might be worth double-checking if there are any specific rules or configurations that could be affecting RDP traffic on port 3389. Sometimes, VPNs have their own firewall settings that might block certain ports.
    3. Network Level Authentication (NLA): Windows 11 may have stricter requirements for NLA compared to previous versions. Ensure that the remote computers are configured to allow connections from clients that do not use NLA, or that your client is set up to use it properly.
    4. Event Viewer Logs: Since you mentioned that there are no logged events for RDP attempts on port 3389, this could indicate that the requests are being blocked before they reach the Windows 11 machine. This is consistent with your TCP DUMP findings where no reply is received.
    5. Updates and Compatibility: Ensure that all Windows updates are installed, as you mentioned KB5077744. Sometimes, specific updates can resolve connectivity issues, especially with newer OS versions like Windows 11.
    6. Testing with Different Networks: If possible, test the connection from a different network outside of your home network to see if the issue persists. This can help determine if the problem lies with your home network configuration.
    7. Consult VPN Documentation: Review the SSL VPN documentation for any known issues or additional configurations required for Windows 11 connections.

    If the problem continues after these checks, it may be beneficial to engage with your IT department for further assistance, as they may have additional tools or insights into the network configuration that could be affecting your RDP connections.

    References:

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.