It is not possible to apply fail2ban to xRDP port since xRDP does not keep a log of IPs from connection requests. ssh tunneling can be used to secure RDP against brute force attacks. Follow the steps below.
Create and save PuTTY session for ssh tunnel
> Session > Host Name: Server IP address or domain name > Session > Port: 22 > Session > Connection type: SSH
> Connection > SSH > Tunnels > Source port: <port> # <port>: any open port on client > Connection > SSH > Tunnels > Source port > Destination: localhost:3389
Open PuTTY session and input credentials to establish connection
Open Remote Desktop Connection and connect
> Computer: localhost:<port>
Create or modify existing Remmina remote desktop file
> Remote Desktop Preference > SSH > Enable SSH tunnel > Remote Desktop Preference > SSH > Custom: :22
Server configuration (Linux only)
Set universal firewall (UFW) to block all incoming traffic from port 3389
Insert the following under [Globals] of /etc/xrdp/xrdp.ini
This only allows connection from localhost
update: Option 2 (xrdp.ini) may cause issues, use Option 1 (firewall method)
If you use custom ports for SSH and RDP, replace port numbers 22 and 3389 from above with custom port numbers.