I am a technician for a IT support company. Most of my clients have one server that is a DC and up to 30 workstations.
Recently all the servers have had the following event:
Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.
The problem with this event is that no one connects using terminal services or RDP within the site or from off site.
I am not sure if someone is trying to hack in or not. We as a company to have RDP capablities to our clients sites, but no one from our company was trying to remote in at the times the event take place.
The event happens every six seconds for about an hour several time through out the day and night.