Terminal Services / Max # of Connections

Background

This last weekend, I tried connecting to one of our Lab computers and got one of those messages stating that we have reached the maximum number of connections allowed.

TroubleShooting

Confirmation

Task Manager

As I happen to be physically close to the computers, I walked over and logged on the console.

Launched Task Manager and confirmed that we indeed have ongoing sessions.

Image

Explanation

  1. In the screenshot above, yours truly is logged on from the console
  2. Whereas, os and string are remotely connected

 

Remediation

Sessions

Thankfully, the connected sessions bored usernames that I was not familiar with.

And, so acquiescing to disconnecting them was easy.

Computer Management

Next in line is to disable the account.  As they were local and not Active Directory accounts, launched Computer Management and disabled each off the ill gotten accounts.

Image

Terminal Services

Registry

Next in line is to change the network port that Terminal Services is listening on.  As we all know Terminal Services, TS, default port is 3389.

Accessed Windows Registry and changed it to a previously unused port.

As we are really not able to simply restart Terminal Services for the change to take effect, rebooted the box.

Image
Image – Before

Image – After

Windows Firewall

New Port

Configured local Windows Firewall to allow incoming connections to the new port.

Logging

Re-enabled Windows Firewall logging for failed connections.

Plans

Windows Firewall

Rather than allow the whole internet access to new network port, make a list of Internet subnets that we usually connect from and allow those alone.

Network Firewall

Review our Network router and likewise tighten its network availability, as well.

Local Windows Accounts

Be more proactive about monitoring local Windows SAM Accounts.  Investigate whether we can be alerted when new ones are created.

Moral of the Story

The same ease that you allow for your usage is the same ease passer bys can access your resources.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s