Windows RDP generally uses 3389 or 3390. Have you also tried permitting port 3390? If that does not do the trick, then I would recommend running command "debug flow drop" to find out what ports are getting dropped. Then permit those ports that are getting dropped.
You can also do an explicit deny after every interface (from Trust to Un-trust for example you should Deny and log) This will allow your logs to tell you what Action (Packet Dropped), what Protocol, what Destination Port and what Rule is causing this issue.