Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.

Posted on 2011-09-13
Last Modified: 2013-11-21
I am a technician for a IT support company.  Most of my clients have one server that is a DC and up to 30 workstations.  

Recently all the servers have had the following event:

Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.

The problem with this event is that no one connects using terminal services or RDP within the site or from off site.  

I am not sure if someone is trying to hack in or not.  We as a company to have RDP capablities to our clients sites, but no one from our company was trying to remote in at the times the event take place.  

The event happens every six seconds for about an hour several time through out the day and night.
Question by:syntec
  • 3
  • 2
LVL 14

Expert Comment

ID: 36529843
you say you have RDP to the client, does that mean that the server is just floating around with RDP open on the internet?

Author Comment

ID: 36529881
It depends on what you mean by floating around?  I wouldn't say it is open.

Author Comment

ID: 36530045
We use  a dns name to access the ip address and have RDP forwarded to the server.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 36530619
hack attempts are being made.  What is a better way to set up remote access?

Accepted Solution

makyj earned 500 total points
ID: 36533763
Depends on which version your DC is running.

You could

a)  Set up a RD Gateway on your (assuming) exchange server (need Server08 as a minimum IIRC) - this is seamless to the user RDPing in, and works well
b)  Set up TS Web Access (need Server08 as a minimum IIRC)
b)  VPN in and then RDP to server (works well in pre-Server08 OS)
c)  Change the port number of RDP to eg 33891 (not the best option, but a quick fix...)

Hope that helps...
LVL 14

Expert Comment

ID: 36534116
you should NEVER leave rdp open to the internet, not on another port or anything.

makyj is right about the RDG
But I would advise buying a small hardware firewall, which can do VPN as well
example Watchguard XTM22 (costs around 600$)

and if that really isn't an option, then you better use something like logmein , this way you're "secured"

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Forcibly removing a 2003 server from the Domain 4 46
need help with active directory 4 44
Set Folder Permissions to Prevent Move and Delete 1 27
Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now