Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.

I am a technician for a IT support company.  Most of my clients have one server that is a DC and up to 30 workstations.  

Recently all the servers have had the following event:

Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.

The problem with this event is that no one connects using terminal services or RDP within the site or from off site.  

I am not sure if someone is trying to hack in or not.  We as a company to have RDP capablities to our clients sites, but no one from our company was trying to remote in at the times the event take place.  

The event happens every six seconds for about an hour several time through out the day and night.
syntecAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
makyjConnect With a Mentor Commented:
Depends on which version your DC is running.

You could

a)  Set up a RD Gateway on your (assuming) exchange server (need Server08 as a minimum IIRC) - this is seamless to the user RDPing in, and works well
b)  Set up TS Web Access (need Server08 as a minimum IIRC)
b)  VPN in and then RDP to server (works well in pre-Server08 OS)
c)  Change the port number of RDP to eg 33891 (not the best option, but a quick fix...)

Hope that helps...
0
 
setasoujiroCommented:
you say you have RDP to the client, does that mean that the server is just floating around with RDP open on the internet?
0
 
syntecAuthor Commented:
It depends on what you mean by floating around?  I wouldn't say it is open.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
syntecAuthor Commented:
We use  a dns name to access the ip address and have RDP forwarded to the server.
0
 
syntecAuthor Commented:
hack attempts are being made.  What is a better way to set up remote access?
0
 
setasoujiroCommented:
you should NEVER leave rdp open to the internet, not on another port or anything.

makyj is right about the RDG
But I would advise buying a small hardware firewall, which can do VPN as well
example Watchguard XTM22 (costs around 600$)

and if that really isn't an option, then you better use something like logmein , this way you're "secured"
0
All Courses

From novice to tech pro — start learning today.