Share via

How to RDP to an Azure VM after replacing its public IP address?

John Huang (ALLEGIS GROUP HOLDINGS INC) 60 Reputation points Microsoft External Staff
2026-01-22T00:41:57.29+00:00

Due to a security requirement, my team recently replaced an existing Azure VM's public IP address with a new one.

Since then, we have been unable to RDP into the VM.

We had taken all of the recommended steps, including resetting the NIC, redeploying the VM, making sure all network port rules allowed access, trying to connect from different machines, and ensuring all Azure's troubleshooting self-diagnose checks were green... yet we were still unable to connect. We also tried the Windows Admin Center but that didn't work.

We are already a couple of days behind schedule, and the urgency is rising. I tried to create a support ticket but was redirected here instead. I'd appreciate all the help I could get.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
0 comments
Answer accepted by question author
  1. Himanshu Shekhar 3,615 Reputation points Microsoft External Staff Moderator
    2026-01-22T03:51:29.8833333+00:00

    The Network Security Group (NSG) allows inbound RDP (port 6332) only from a single source IP while a deny‑all rule blocks everything else.

    The customer’s outbound source IP fluctuates within a /30 range due to Azure IP masking, causing intermittent or consistent RDP failures when the source IP does not exactly match the allowed one. This explains why the /30 CIDR rule previously worked and why allowing only one IP now breaks RDP after the public IP change.

    Validation Steps Taken

    • Confirmed the new public IP is correctly attached to the VM and the old IP is no longer visible.
    • Used Azure Run Command > RunPowerShellScript to validate:
    • RDP registry settings
    • Firewall rules
    • Port listening state
    • Remote Desktop Services status
    • Verified there are no leftover references to the old public IP in VM networking.
    • The VM is configured correctly for RDP on port 6332.

    RDP fails due to an overly restrictive NSG inbound rule, which allows traffic from only one specific source IP, while the client source IP rotates within a /30 range after Azure NAT.

    • RDP on the VM is enabled and healthy, but it is configured to use a non‑standard port 6332 instead of the default 3389, for historical/security reasons.
    • Port 3389 is not listening by design, while port 6332 is listening on TCP and UDP, confirmed via Azure Run Command output.
    • The Remote Desktop Services (TermService) is running, and the registry value fDenyTSConnections = 0 confirms RDP is enabled at the OS level.

    Additionally working with customer to offline for details

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-01-22T00:42:07.1066667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To troubleshoot RDP connectivity issues to your Azure VM after replacing its public IP address, you can follow these steps:

    1. Verify Public IP Assignment: Ensure that the new public IP address is correctly assigned to the VM's network interface. You can check this in the Azure Portal under the VM's networking settings.
    2. Check Network Security Group (NSG) Rules: Confirm that the NSG associated with the VM's network interface allows inbound traffic on TCP port 3389, which is required for RDP. You can use the Azure Portal to review the effective security rules.
    3. Reset RDP Configuration: Use the Azure Portal to reset the RDP configuration. Navigate to your VM, go to the Help section, and select the Reset password option. Choose Reset configuration only and apply the changes.
    4. Review Boot Diagnostics: Check the boot diagnostics logs for any startup issues that might be affecting RDP connectivity. This can provide insights into whether the VM is running properly.
    5. Check Resource Health: Ensure that the VM is healthy and there are no known issues with the Azure platform that could impact connectivity. You can find this in the Resource Health section of the VM in the Azure Portal.
    6. Firewall Settings: If you have a firewall running on the VM itself, ensure that it is configured to allow RDP traffic. You may need to temporarily disable the firewall for testing.
    7. Use Azure Serial Console: If you have access to the Azure Serial Console, you can log in and check if the Remote Desktop Services are running. You can also restart the service if necessary.
    8. Recreate RDP Listener: If the RDP listener is missing or misconfigured, you may need to recreate it via the registry or other means.

    If you have tried all these steps and still cannot connect, consider redeploying the VM as a last resort, which can sometimes resolve persistent connectivity issues.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.