Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.

Posted on 2011-09-13
Last Modified: 2013-11-21
I am a technician for a IT support company.  Most of my clients have one server that is a DC and up to 30 workstations.  

Recently all the servers have had the following event:

Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.

The problem with this event is that no one connects using terminal services or RDP within the site or from off site.  

I am not sure if someone is trying to hack in or not.  We as a company to have RDP capablities to our clients sites, but no one from our company was trying to remote in at the times the event take place.  

The event happens every six seconds for about an hour several time through out the day and night.
Question by:syntec
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 14

Expert Comment

ID: 36529843
you say you have RDP to the client, does that mean that the server is just floating around with RDP open on the internet?

Author Comment

ID: 36529881
It depends on what you mean by floating around?  I wouldn't say it is open.

Author Comment

ID: 36530045
We use  a dns name to access the ip address and have RDP forwarded to the server.
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  


Author Comment

ID: 36530619
hack attempts are being made.  What is a better way to set up remote access?

Accepted Solution

makyj earned 500 total points
ID: 36533763
Depends on which version your DC is running.

You could

a)  Set up a RD Gateway on your (assuming) exchange server (need Server08 as a minimum IIRC) - this is seamless to the user RDPing in, and works well
b)  Set up TS Web Access (need Server08 as a minimum IIRC)
b)  VPN in and then RDP to server (works well in pre-Server08 OS)
c)  Change the port number of RDP to eg 33891 (not the best option, but a quick fix...)

Hope that helps...
LVL 14

Expert Comment

ID: 36534116
you should NEVER leave rdp open to the internet, not on another port or anything.

makyj is right about the RDG
But I would advise buying a small hardware firewall, which can do VPN as well
example Watchguard XTM22 (costs around 600$)

and if that really isn't an option, then you better use something like logmein , this way you're "secured"

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Server Backup - listing of files that were backed up 26 129
VMWare Calculate number of processors 10 101
Monitoring solutions 8 76
Need help Creating a Powershell script 8 59
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Know what services you can and cannot, should and should not combine on your server.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question