Question : Problem: Ternminal Server does not allow any connections

Main server SBS 2000 w/ service packs.  Terminal server Win2003 R2 SP2 is a member server of the SBS domain.  Firewall with port forwarding:  3389 to TS Server, 1723 to SBS server.  I have a user (we shall call the user Anne) who will RDC to the my.domain.com address, which the Firewall port forwards Terminal Server internal IP address.  This works 50% of the time.  The other 50% of the time, ALL users are locked out of RDC.  When these random lockouts occur, I can still use a VPN tunnel to the SBS serve, and then RDC into the Terminal server.  The event logs show no errors (about the lock out), the Firewall logs report nothing.

Answer : Problem: Ternminal Server does not allow any connections

You need to figure out where the connection is failing when the errors happen... the next time the users are locked out and unable to connect, see if you can log into you firewall and run a packet trace to see if the RDP packets are being sent on by the firewall to the TS Server.

If they aren't, then you know your problem is there. If they are, then it's likely to be your TS that isn't accepting the connections and you can strat troubleshooting there.

On the other hand, there are several other things that you can do as well... try RDP'ing to the IP instead of the domain name, ensure that your LAN IPs are unique so the traffic is being sent to the right place, try putting a hub between your firewall and switch and leave a laptop running a packet capture plugged into that hub - this way you'll have a record of the traffic that was passing from firewall -> LAN when the issue next occurs... use wireshark or ethereal, you should be able to define capture filters that will keep the logs from going massive.

Also, look at the logs on the server just to make sure that there are no indications in any of the logs about TS, even simple things like TS Licencing issues etc.

Are all your remote users on one site? Is it possible that the problem lies at the other end, and not this one?

Also, when you say "locked out" I assume you mean that there's no response at all to an attempted Remote Desktop connection? Can you confirm exactly what happens when you try and connect...