Titan and Cornerstone have anti-hammering, IP Address, and DdoS features to protect the server from being attacked.
There may be times when a client attempts to connect too frequently within a short period of time. When this happens the server could trigger a false-positive and ban the client IP address from the server for a short, or indefinite period of time.
To diagnose this situation, try restarting the Titan/Cornerstone service. If the user is then able to connect again, but is later unable to connect, then it's most likely that the user client IP address has been banned for a short period of time.
If recycling the Titan/Cornerstone service does not clear the ban, then the user's IP address has probably been added to the IP Address List as a banned IP address.
Finally, you can also set the Logging Level to 'Debug' mode in the Admin Console and then have the client attempt to log in to the server. If the user is not able to connect, check the logfile for words 'Banned', 'Hacking', 'Hammering', 'Refused' which will help narrow down the exact reason for the connection refusal.
To change this behavior, modifications will need to be made to the threshold levels of the Flood Protection/DoS settings in the Titan/Cornerstone Admin Console. Launch the Admin Console, then select the Security node in the tree list for your server. On the right, select the Flood Protection/DoS tab and increase the thresholds Flood Protection and/or Hacking ratios. If you have many connections arriving in a short window, the Flood Protection settings are probably being triggered, so increase the values for the # of connections and decrease the time period in seconds.