[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 11071
  • Last Modified:

Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.

I am a technician for a IT support company.  Most of my clients have one server that is a DC and up to 30 workstations.  

Recently all the servers have had the following event:

Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.

The problem with this event is that no one connects using terminal services or RDP within the site or from off site.  

I am not sure if someone is trying to hack in or not.  We as a company to have RDP capablities to our clients sites, but no one from our company was trying to remote in at the times the event take place.  

The event happens every six seconds for about an hour several time through out the day and night.
0
syntec
Asked:
syntec
  • 3
  • 2
1 Solution
 
setasoujiroCommented:
you say you have RDP to the client, does that mean that the server is just floating around with RDP open on the internet?
0
 
syntecAuthor Commented:
It depends on what you mean by floating around?  I wouldn't say it is open.
0
 
syntecAuthor Commented:
We use  a dns name to access the ip address and have RDP forwarded to the server.
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
syntecAuthor Commented:
hack attempts are being made.  What is a better way to set up remote access?
0
 
makyjCommented:
Depends on which version your DC is running.

You could

a)  Set up a RD Gateway on your (assuming) exchange server (need Server08 as a minimum IIRC) - this is seamless to the user RDPing in, and works well
b)  Set up TS Web Access (need Server08 as a minimum IIRC)
b)  VPN in and then RDP to server (works well in pre-Server08 OS)
c)  Change the port number of RDP to eg 33891 (not the best option, but a quick fix...)

Hope that helps...
0
 
setasoujiroCommented:
you should NEVER leave rdp open to the internet, not on another port or anything.

makyj is right about the RDG
But I would advise buying a small hardware firewall, which can do VPN as well
example Watchguard XTM22 (costs around 600$)

and if that really isn't an option, then you better use something like logmein , this way you're "secured"
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now