I have a small business server 2003 that disconnects everybody from the server about every other day. In the system event log I am not seeing any errors but I am seeing at least 3 terminal service session login attempts every minute. The termservice event ID is 1012 "Remote session from client name exceeded maximum allowed login attempts. The session was forcibly terminated" I am guessing that with multiple failed login attempts the server is blocking all logins. I looked up the ID 1012 and it says that it is normal. I have never seen it before so it doesnt look very normal to me.