Arc Machine WAC

Handian Sudianto 7,241 Reputation points

We set custom port for RDP, how we can connect thru admin center from portal azure if the RDP port is custom?

  1. Bharath Y P 9,730 Reputation points Microsoft External Staff Moderator

    Hello Handian, thanks for reaching out! To help you get the right guidance, could you share a few more details about your setup?

    1. Which “admin center” experience are you using in the Azure portal?
      • The built-in Windows Admin Center preview in the Arc blade?
      • Azure Bastion’s RDP option?
    2. What exact custom port number did you configure on the VM for RDP?
    3. Is your Arc-enabled server showing as “Connected” in the portal?
    4. Do you have any NSG or on-prem firewall rules in front of the VM that might need updating to allow your new RDP port?
    5. Are you trying to use Azure Update Manager or another extension to initiate this connection?

    Once we have those details, we can walk you through the precise steps (or any necessary network and Azure Arc settings) to make your custom RDP port work from the portal’s admin center.

    Thanks

  2. Handian Sudianto 7,241 Reputation points

    Hi..

    1.WAC i mean is built in WAC preview in Arc blade. If i use standard RDP port 3389 then i can RDP from there

    2.My Custom port let say 13389

    3.Yes showing connected

    4.No

    5.No

    👁 User's image

    👁 User's image

  3. Bharath Y P 9,730 Reputation points Microsoft External Staff Moderator

    Just checking if the information shared was helpful. If so, please consider accepting the answer and giving it an upvote.

    If you have any further questions or need additional clarification, feel free to reach out. Thanks!

Sign in to comment

2 answers

  1. Bharath Y P 9,730 Reputation points Microsoft External Staff Moderator

    Hello Handian, the built-in Windows Admin Center preview in the Azure Arc blade currently only spins up an RDP session to port 3389 – there’s no UI today to override that port. Since your box is now listening on 13389 only, the portal can’t reach it.

    Here are a couple of ways to work around it:

    1. Add a second RDP listener on 3389
      • On your server, go into the registry under HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp and add or duplicate a listener entry with PortNumber = 3389.
      • Restart RDP (or reboot).
      • The portal will connect on 3389 as expected, and you can still RDP directly to 13389 if you like.
    2. Revert back to the default port 3389
      • Change your RDP listener port to 3389.
      • That way the portal’s one-click RDP will work without any special tweaks.
    3. Alternative methods
      • Use an on-prem Windows Admin Center gateway build (you can customize ports there).
      • For Azure VMs you could use Azure Bastion, which lets you manually specify a custom RDP port in the portal UX. (Note: Bastion isn’t available for Arc-enabled servers outside Azure.)

    Right now there isn’t a built-in setting in the Azure Arc WAC preview to point at a custom port. If custom-port support via the portal is important, consider filing feedback on the Azure portal or vote up an existing feature request.

    Hope this helps! Thanks

    References:

    0 comments No comments
    Sign in to comment

  2. AI answer

    Windows Admin Center (WAC) connectivity from the Azure portal to an Azure Arc-enabled server does not depend on the RDP port and does not require any inbound RDP access.

    Key points:

    1. WAC uses the Azure Arc connectivity platform
      • Traffic flows via a reverse proxy over outbound web sockets from the Azure Connected Machine agent to Azure, not over RDP.
      • No inbound port is required on the Arc machine for WAC.
      • The local port that matters for WAC is the WAC HTTPS port (commonly 6516), not the RDP port.
    2. Configure the WAC port for Arc connectivity
      • Ensure the WAC port is allowed in the Arc connectivity agent configuration: 
         azcmagent config list
        Confirm the WAC port (for example 6516 or your chosen port) appears under incomingconnections.ports (preview).
      • If it is missing, add it: 
         azcmagent config set incomingconnections.ports <wac-port>
        Multiple ports can be comma-separated if using other scenarios like SSH.
    3. Install and connect to WAC from the Azure portal
      • On the Arc-enabled server resource in the Azure portal:
        1. Go to Windows Admin Center under Settings.
        2. Install the Windows Admin Center extension and specify the desired WAC port.
        3. After installation, select Windows Admin Center (preview)Connect.
      • Authentication is via Microsoft Entra ID (no local admin credentials required).
    4. Ensure outbound connectivity
      • Outbound HTTPS (443) from the Arc machine to the required Azure endpoints must be allowed so the reverse proxy and certificate service can function.
      • No change is required for the custom RDP port; WAC does not use it.

    In summary, a custom RDP port does not affect WAC connectivity from the Azure portal. Configure and expose the WAC HTTPS port via azcmagent and ensure outbound connectivity; then use the Windows Admin Center blade in the portal to connect.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.
Sign in to answer

Your answer