Terminal Services logon attempt time outs Event ID 1012

Hello Experts,  I have several PC that are showing multiple Terminal Services Remote Desktop disconnects with the following message for event ID 1012.  Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.  It looks some type of brute force attack on my network.  I am behind a Sonicwall TZ210 firewall.  How do I prevent these attacks.  Please advise.
Steve EckermanSystems AdministratorAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Tony GiangrecoConnect With a Mentor Commented:
We had the exact same problem, I suggest setting up a Nat in Sonicwall for RDP/TS logins.

We contacted Sonicwall support with the idea, they implemented it in a few minutes and it worked great.

User changes their RDP dialogue box so it looks like this:

Computer: x.x.x.x:26000
Username: domain\username

You set a new port
(only for the sonicwall nat). That port is then translated to 3380 or 3390 and is forwarded to the same server in your network as before.  This hides the RDP/TS port from hackers.

Also, put your Sonicwall in Stealth Mode. This is available in the options.

You need to make that change to all user's RDP settings after making the Sonicwall change. This worked very well for us.

The only other option is to purchase VPN licenses and set that up for RDP connections.
0
 
Steve EckermanSystems AdministratorAuthor Commented:
Great answer!!! My firewall tech is imple
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.