Unable to logon using terminal server connection

I have several W2K3 SP2 servers, admin TS enabled. I discovered this morning, I was unable to logon into some of them. I've a couple of Citrix servers in different farms, a SAP (IA64) app server and a cvs server. All of them show same sympthoms; remote connections are refused. I've been able to logon locally, and terminal server service is up, there are no users (so connections are not depleted).

There are no errors in log in most servers. One of the Citrix ones, reported following errors:

Event ID    50
Source  TermDD
Type    Error
Description The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.

and

Event ID    1006
Source  TermService
Type    Error
Description The terminal server received large number of incomplete connections.  The system may be under attack.

Anyway, I suppose these errors appear because server isn't working, and Citrix users try to logon massively. (I nmap'ed server and port seems up).

I've solved this problem rebooting before, but with so many servers affected it seems like a crappy workaround. Any idea about troubleshooting it properly?

Solution 1:

Just wondering whether rebooting does fix the issue (even temporarily)?

Also, in the event of someone trying to brute force attack the rdp port to find the password of a user which can remotely login: Check to make sure that Group/Account policies haven't locked the account out of remote access. (Should this feature be enabled)

Good Luck!