Solved

Terminal Services logon attempt time outs Event ID 1012

Posted on 2014-04-15
2
2,031 Views
Last Modified: 2014-04-15
Hello Experts,  I have several PC that are showing multiple Terminal Services Remote Desktop disconnects with the following message for event ID 1012.  Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.  It looks some type of brute force attack on my network.  I am behind a Sonicwall TZ210 firewall.  How do I prevent these attacks.  Please advise.
0
Comment
Question by:submarinerssbn731
2 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 40001418
We had the exact same problem, I suggest setting up a Nat in Sonicwall for RDP/TS logins.

We contacted Sonicwall support with the idea, they implemented it in a few minutes and it worked great.

User changes their RDP dialogue box so it looks like this:

Computer: x.x.x.x:26000
Username: domain\username

You set a new port
(only for the sonicwall nat). That port is then translated to 3380 or 3390 and is forwarded to the same server in your network as before.  This hides the RDP/TS port from hackers.

Also, put your Sonicwall in Stealth Mode. This is available in the options.

You need to make that change to all user's RDP settings after making the Sonicwall change. This worked very well for us.

The only other option is to purchase VPN licenses and set that up for RDP connections.
0
 

Author Closing Comment

by:submarinerssbn731
ID: 40002221
Great answer!!! My firewall tech is imple
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
OnPage: Incident management and secure messaging on your smartphone
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question