What This Port Does
Port 2179 is the listening port for vmrdp — Microsoft's Virtual Machine Remote Desktop Protocol. It runs on the Hyper-V host (the physical machine), not inside any virtual machine.
When you open Hyper-V Manager and click "Connect" on a VM, the VMConnect application doesn't connect to the VM directly. It connects to the host on TCP port 2179. The host's Virtual Machine Management Service (VMMS) receives that connection and pipes it through to the VM's virtual console.
This distinction matters. Port 3389 (standard RDP) connects you to a fully booted OS that has a network stack, an IP address, and a running RDP service. Port 2179 connects you to the hypervisor's view of the VM — which exists whether the VM is running, off, mid-crash, or has no network configuration at all.
It's the back door that bypasses the front door entirely.
The Problem It Solves
Virtual machine administration has a chicken-and-egg problem: you often need to access a VM precisely when normal access is impossible. The OS won't boot. The network is misconfigured. The RDP service crashed. The VM has never been configured at all.
Port 2179 exists for exactly those moments. Because it connects at the hypervisor level rather than the OS level, it gives you what amounts to a physical console — as if you'd plugged in a keyboard and monitor directly. You see the BIOS screen. You see boot messages. You see crashes.
The Virtual Machine Management Service on the host acts as an intermediary: VMConnect on your local machine connects to VMMS on the host over TCP port 2179, and VMMS delivers the VM's framebuffer and accepts your input. The VM never knows port 2179 exists.
IANA Status
Despite being widely used by Windows infrastructure, IANA lists port 2179 as unassigned.1 Microsoft deployed it without formal registration, a common pattern for vendor-specific services in the registered range (1024–49151). The lack of IANA registration doesn't affect functionality — it just means the port number carries no formal guarantee of exclusivity.
Security Considerations
Port 2179 should never be exposed to the public Internet. It provides console-level access to every VM on the host, protected only by authentication to the Hyper-V host itself.
In properly configured environments:
- Port 2179 is only accessible from trusted management networks
- Access is controlled by Windows authentication and Hyper-V permission groups
- Firewall rules restrict which machines can reach the Hyper-V host on this port
If you see port 2179 open on a machine that isn't a Hyper-V host, investigate immediately. It shouldn't be there.
How to Check What's Listening on This Port
On Windows (to confirm Hyper-V is using it):
On Linux:
Remote scan:
If the port is open and you're on a Windows Server running Hyper-V, that's expected — the Virtual Machine Management Service is listening. If the port is open on a machine that isn't a Hyper-V host, that warrants investigation.
Related Ports
- 3389 — Standard RDP, the front door to a running Windows OS
- 2179 — vmrdp, the back door into the VM through the hypervisor
- 5985/5986 — WinRM, for remote PowerShell management of Hyper-V
- 443 — Used by Hyper-V replication when HTTPS transport is configured
Frequently Asked Questions
Bu sayfa faydalı oldu mu?