Solved

Terminal Services logon attempt time outs Event ID 1012

Posted on 2014-04-15
2
1,988 Views
Last Modified: 2014-04-15
Hello Experts,  I have several PC that are showing multiple Terminal Services Remote Desktop disconnects with the following message for event ID 1012.  Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.  It looks some type of brute force attack on my network.  I am behind a Sonicwall TZ210 firewall.  How do I prevent these attacks.  Please advise.
0
Comment
Question by:submarinerssbn731
2 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 40001418
We had the exact same problem, I suggest setting up a Nat in Sonicwall for RDP/TS logins.

We contacted Sonicwall support with the idea, they implemented it in a few minutes and it worked great.

User changes their RDP dialogue box so it looks like this:

Computer: x.x.x.x:26000
Username: domain\username

You set a new port
(only for the sonicwall nat). That port is then translated to 3380 or 3390 and is forwarded to the same server in your network as before.  This hides the RDP/TS port from hackers.

Also, put your Sonicwall in Stealth Mode. This is available in the options.

You need to make that change to all user's RDP settings after making the Sonicwall change. This worked very well for us.

The only other option is to purchase VPN licenses and set that up for RDP connections.
0
 

Author Closing Comment

by:submarinerssbn731
ID: 40002221
Great answer!!! My firewall tech is imple
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question