Articles

Run Windows on a DigitalOcean Droplet and Connect via RDP (2026)

April 16, 2026 6 min read

Running Windows on a DigitalOcean Droplet and connecting via RDP is less about a specific error and more about understanding a few key pieces that make the whole thing click.

Let’s get this Windows VM spinning on DigitalOcean and then hop into it like you’re at your own desk.

1. Spinning Up Your Windows Droplet

DigitalOcean doesn’t offer Windows as a one-click image in their standard Droplet creation. You’ll need to use a custom image. The easiest way to get started is by using a pre-built Windows Server image from DigitalOcean’s Marketplace.

Action:

  1. Navigate to the DigitalOcean control panel.
  2. Click "Create" -> "Droplets".
  3. Under "Choose an image," select the "Marketplace" tab.
  4. Search for "Windows Server" (e.g., "Windows Server 2022").
  5. Choose a plan. For Windows, I’d recommend at least 4GB RAM and 2 vCPUs to avoid sluggishness. A 160GB SSD is a good starting point for storage.
  6. Select your datacenter region.
  7. Choose authentication. For Windows, you’ll want to set a strong password. SSH keys are for Linux.
  8. Configure options like monitoring, backups, and user data if needed.
  9. Give your Droplet a hostname (e.g., win-rdp-server).
  10. Click "Create Droplet."

Once the Droplet is created, DigitalOcean will email you the root password. Store this securely! You’ll need it to log in.

2. Initial Server Configuration (Windows First Boot)

When your Droplet boots up, it’s essentially a fresh Windows Server install. The first thing you need to do is set up the Remote Desktop Protocol (RDP) service and ensure it’s accessible.

Action:

  1. Find your Droplet’s IP Address: On your DigitalOcean dashboard, locate your new Windows Droplet and copy its public IPv4 address.
  2. Connect via RDP:
    • Open the "Remote Desktop Connection" application on your Windows machine.
    • Enter your Droplet’s IP address.
    • Click "Connect."
    • You’ll get a certificate warning; click "Yes" to proceed.
    • When prompted for credentials:
      • Username: Administrator
      • Password: The root password emailed by DigitalOcean.
  3. Configure RDP:
    • Once logged in, you’ll see the Windows Server desktop.
    • Open "Server Manager" (it usually opens by default).
    • Click "Local Server" in the left pane.
    • On the right, under "Properties," find "Remote Desktop." It will likely say "Disabled." Click the link next to it.
    • In the "System Properties" window, go to the "Remote" tab.
    • Ensure "Allow remote connections to this computer" is checked.
    • Crucially, check "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)." This is a security best practice.
    • Click "Select Users…" to add specific users who can connect via RDP. By default, the Administrator account can connect.
    • Click "OK" twice to close the windows.
  4. Firewall Rules: Windows Firewall needs to allow RDP traffic.
    • Open "Windows Defender Firewall with Advanced Security."
    • Click "Inbound Rules."
    • Look for "Remote Desktop - User Mode (TCP-In)." Ensure it’s enabled for the correct network profile (usually "Domain" and "Private" if you’ve configured it as such, but for a public IP, you might need to ensure it’s active). If it’s not there, you’ll need to create it.
    • To create the rule if missing:
      • Click "New Rule…" in the right pane.
      • Rule Type: "Port"
      • Protocol and Ports: "TCP," Specific local ports: 3389 (the default RDP port).
      • Action: "Allow the connection."
      • Profile: Select all applicable (Domain, Private, Public).
      • Name: "Allow RDP TCP 3389"
      • Click "Finish."

3. DigitalOcean Firewall Configuration

Even if Windows Firewall is configured, you need to allow RDP traffic at the DigitalOcean infrastructure level. This is done via the Droplet’s firewall.

Action:

  1. Go back to your Droplet’s page in the DigitalOcean dashboard.
  2. Click the "Networking" tab.
  3. Under "Firewalls," click "Add Firewall."
  4. Give your firewall a name (e.g., windows-rdp-firewall).
  5. Inbound Rules:
    • Type: Custom
    • Protocol: TCP
    • Port Range: 3389
    • Sources: You can restrict this to your specific IP address for better security or 0.0.0.0/0 to allow from anywhere (less secure, but simpler for initial setup).
    • Click "Create Firewall."
  6. Apply the Firewall: Go back to your Droplet’s page, click "More" -> "Manage Firewalls," and select the firewall you just created to apply it to your Droplet.

4. Connecting via RDP

Now that the server is configured and the firewall is open, you should be able to connect.

Action:

  1. Open "Remote Desktop Connection" on your local machine.
  2. Enter your Droplet’s IP address.
  3. Click "Connect."
  4. Enter Administrator and your password.

You should now be logged into your Windows Server instance on DigitalOcean.

Common Pitfalls and Troubleshooting

  • "Remote Desktop can’t find the computer…":
    • Cause: Incorrect IP address or the Droplet hasn’t fully provisioned/booted.
    • Diagnosis: Double-check the IP address on your DigitalOcean dashboard. Ping the IP from your local machine (ping <droplet_ip>). If ping fails, it’s likely a network issue or the server isn’t up.
    • Fix: Ensure the IP is correct. If ping fails, wait a few minutes and try again. If still no luck, check DigitalOcean firewall rules.
  • "Remote Desktop can’t connect to the remote computer…":
    • Cause: RDP service is not running, or a firewall is blocking port 3389. This could be Windows Firewall or the DigitalOcean firewall.
    • Diagnosis:
      • DigitalOcean Firewall: Verify the firewall rule exists and is applied to the Droplet, allowing TCP on port 3389 from your IP.
      • Windows Firewall: Log in via console access (if available, or re-deploy if you can’t get in) and check the "Windows Defender Firewall with Advanced Security" inbound rules.
      • RDP Service: Open services.msc on the server and ensure "Remote Desktop Services" is running.
    • Fix: Ensure DigitalOcean firewall allows TCP 3389. Enable the "Remote Desktop" inbound rule in Windows Firewall. Start the "Remote Desktop Services" if it’s stopped.
  • "An authentication error has occurred…":
    • Cause: Incorrect username or password.
    • Diagnosis: Double-check the username (Administrator) and the password you received from DigitalOcean. Passwords are case-sensitive.
    • Fix: Copy and paste the password carefully. If you’ve lost it, you can reset the root password in DigitalOcean’s Droplet recovery options, which will require a reboot and console access.
  • Slow RDP Performance:
    • Cause: Insufficient Droplet resources (CPU/RAM), or network latency.
    • Diagnosis: Monitor CPU and RAM usage in Task Manager on the Windows server. Check your local internet speed.
    • Fix: Upgrade your Droplet plan to one with more CPU and RAM. If network latency is high, try choosing a DigitalOcean region closer to your physical location.
  • "Network Level Authentication (NLA) is required…":
    • Cause: Your local RDP client is not configured to use NLA, or the server has NLA disabled.
    • Diagnosis: On the Windows Server, ensure "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)" is checked in System Properties -> Remote. On your local RDP client, under "Show Options" -> "Experience," ensure "Experience Remote Desktop settings" are set to a reasonable level (or check "Always ask for credentials" under the "General" tab).
    • Fix: Ensure NLA is enabled on the server and your client supports it.

The next hurdle you’ll likely encounter is setting up user accounts and managing permissions beyond the initial Administrator, or perhaps configuring shared folders between your local machine and the Droplet.

Want structured learning?

Take the full Digitalocean course →