How can I stop random login attempts against my Windows Server 2008 R2?

Errrrr, I think someone is brute forcing your network.

Get some downtime, then Take out your internet and see if it continues.

I might go this route :

https://www.netwrix.com/kb/1587

This is a very good application to identify these types of issues log term.

Just a suggestion. Check your firewall see if you can identify the source IP and block it.

I'm getting 30 to 40 of these every minute.  I can't see anything in either my SonicWall logs or my Symantec Endpoint Security logs that occurs this frequently.  At the same time, I have about 10 users actively connected to and using my system, so these "login attempts" (or whatever they are) are not affecting my RemoteApp software that I provide to my customer.  This all started around 10:20 PM last night (9/19) and hasn't stopped since!

You are definitely right about the port being used to attempt to gain access.  I don't use 3389, but that's irrelevant since they've found the port that I do use.  I have a "backup" server on a separate network that's configured identically to my production server, so I'm able to reconfigure things on the backup network without impacting my customers using the primary network.  As soon as I reconfigured my firewall on my backup network, the attacks stopped (or, more correctly, stopped appearing in my Security event log) and as soon as I configured my firewall back to the actual port I use, the attacks started to show up immediately in that same log.

I have over 500 legitimate users (only 12-15 concurrently using my system) that require access to my "hosting" platform so it's impractical to restrict IP addresses.  While this is not impacting my production users, it's unnerving (for lack of a better word...) to see all of this incoming traffic even though I really don't believe that they'll ever be able to gain access, but, who knows!?  Is there any other known solution to blocking these attempts without disrupting my entire hosting environment?

After realizing that the "intruders" were using my RDP port, I monitored the packets running thru my SonicWall firewall device and basically found three different IP address ranges that these attacks were coming from.  One from Latvia, and the other two from either the Russian Federation or the Netherlands (depending on which IP Locator service you want to believe...).  So I blocked the entire ranges within my SonicWall and these attacks are no longer getting to my server.  Obviously, this is something I'll have to keep an eye on in the future, but, for the moment this issue has been resolved.  Thanks to all!!!