Recently while trying to 'Remote Desktop' into a remote server on a VPN I got the dreaded "Terminal Server has exceeded the maximum number of allowed connections".

I contacted the Admin at the remote site, he poked around a bit in the Remote Desktops Management MMC - but couldn't see ANY connections.

Then I stumbled upon this great article from Scott Forsyth - showing spiffy command line options (available even in XP) that let you do some better interogation.

Querying with qwinsta /server:vpnIPAddyHere I was able to see two disconnected winstations/sessions, nuked them, and then got on.

Only, there was ONE little trick that I had to pull off. Since I was connecting via VPN, I wasn't a member of the remote domain - in fact, my login to the remote box was limited to only one machine (a SQL Server).  So qwinsta wouldn't work - as I didn't have permission to access it.

The solution? Simple: open up Windows Explorer to \\remoteMachineName\c$ (or some other share). In order to connect to a share you have to pass in credentials and get a Kerberos ticket. Once that's in place, it's good for roughly 10 hours in most cases... and once you have that ticket it then gets bundled with your subsequent requests with qwinsta and rwinsta. (Okay... so maybe that's not hacking... but it does solve the issue of qwinsta and rwinsta not letting you pass in optional credentials.)
 

Spiffy - and thanks to Scott for the excellent overview of those tools. Total life saver.