Solved

Terminal Services logon attempt time outs Event ID 1012

Posted on 2014-04-15
2
1,889 Views
Last Modified: 2014-04-15
Hello Experts,  I have several PC that are showing multiple Terminal Services Remote Desktop disconnects with the following message for event ID 1012.  Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.  It looks some type of brute force attack on my network.  I am behind a Sonicwall TZ210 firewall.  How do I prevent these attacks.  Please advise.
0
Comment
Question by:submarinerssbn731
2 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 40001418
We had the exact same problem, I suggest setting up a Nat in Sonicwall for RDP/TS logins.

We contacted Sonicwall support with the idea, they implemented it in a few minutes and it worked great.

User changes their RDP dialogue box so it looks like this:

Computer: x.x.x.x:26000
Username: domain\username

You set a new port
(only for the sonicwall nat). That port is then translated to 3380 or 3390 and is forwarded to the same server in your network as before.  This hides the RDP/TS port from hackers.

Also, put your Sonicwall in Stealth Mode. This is available in the options.

You need to make that change to all user's RDP settings after making the Sonicwall change. This worked very well for us.

The only other option is to purchase VPN licenses and set that up for RDP connections.
0
 

Author Closing Comment

by:submarinerssbn731
ID: 40002221
Great answer!!! My firewall tech is imple
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now