I just wanted to make the community aware of a technical issue that we have been seeing over the past two days. There is a bug in Windows 2008/2008 R2 which causes the LSA service (LSASS.exe) to crash if too many authentication requests are hitting it simultaneously. When this service crashes the server has to reboot in order to recover from the condition.
This is caused by a sharp uptick in brute force/scanning activity for Remote Desktop on port 3389. This is a pretty severe denial of service. Microsoft launched hot fixes for this problem a while back but it doesn't look like it ever made it into Windows update.
This article from Parallels actually does a fairly good job of explaining the issue.