Solved

Terminal Services logon attempt time outs Event ID 1012

Posted on 2014-04-15
2
2,085 Views
Last Modified: 2014-04-15
Hello Experts,  I have several PC that are showing multiple Terminal Services Remote Desktop disconnects with the following message for event ID 1012.  Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.  It looks some type of brute force attack on my network.  I am behind a Sonicwall TZ210 firewall.  How do I prevent these attacks.  Please advise.
0
Comment
Question by:submarinerssbn731
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 40001418
We had the exact same problem, I suggest setting up a Nat in Sonicwall for RDP/TS logins.

We contacted Sonicwall support with the idea, they implemented it in a few minutes and it worked great.

User changes their RDP dialogue box so it looks like this:

Computer: x.x.x.x:26000
Username: domain\username

You set a new port
(only for the sonicwall nat). That port is then translated to 3380 or 3390 and is forwarded to the same server in your network as before.  This hides the RDP/TS port from hackers.

Also, put your Sonicwall in Stealth Mode. This is available in the options.

You need to make that change to all user's RDP settings after making the Sonicwall change. This worked very well for us.

The only other option is to purchase VPN licenses and set that up for RDP connections.
0
 

Author Closing Comment

by:submarinerssbn731
ID: 40002221
Great answer!!! My firewall tech is imple
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question