Avatar of hudsoncid
 asked on

Terminal Server: Log external client IP address

Greetings Gurus,

We are running remote desktop services on Windows Server 2008 R2.

I would like to log the external (WAN) IP address of clients that are connecting to the server, each time a user connects. Currently I am using the GETTSCIP tool from CTRL-ALT-DEL, as part of the user login scripts, and appending the IP address results to a text file for each user (%username%iplog.txt). The trouble is it's logging the users NAT address instead of the WAN address, rendering my tracking mostly useless.

I have searched the web for an application, or simple script function, that would help me accomplish this. Unfortunately I find the same reference to the GETTSCIP tool, or to Visual Basic scripts that are quite a bit above my comfort level. My current login script is effectively the same as an old DOS batch file, with NET USE commands, and so forth.

Can anyone suggest a tool, script, or even eventlog feature that would help me collect this date? I'd certainly appreciate any suggestions or guidance you have to offer.
Windows Server 2008Remote Access

Avatar of undefined
Last Comment

8/22/2022 - Mon

If these remote users are connecting via VPN, then and your terminal server is on the private LAN, then you have a lot of work ahead of you.

The problem there is, only your VPN server device (such as a Cisco Router or ASA appliance) has knowledge of the user's true WAN IP address. Once the VPN connection is established, and the remote user receives a VPN IP address (i.e. NAT address), all other computers/servers on the local network only see that NAT address. Only the VPN server knows the true public IP address of that user.

Thanks for the response. We are a pretty small shop, so the external users are connection using RDP clients on their PC or Macs. We don't employ any VPN technology at the current time.

Are you saying that your log is only picking up the NAT IP address of the user's PC - from their HOME network?

Maybe describe the topology a little more:

1. Is the Terminal Server behind a firewall?

2. Does the Terminal server have a "public IP address" - or only a private IP address?

3. Is there a Remote Desktop Gateway server anywhere in this equation?

4. To what, are the remote users pointing their RDP clients to?  (i.e. a public IP address or a hostname?)
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Yes, that is correct. When the login script runs it is reporting the users' NAT address on their own network, instead of the public address assigned to their firewall\device.

1: The terminal server is behind a firewall, and has been assigned a static address on our private network (192.0.168.x).
2: The terminal server has also been assigned a public static IP address
3: We are not using a remote desktop gateway, just the stand alone terminal server
4: The remote users are pointing to the host name (ts1 when they connect

@Netflo, yes that's exactly what we needed!  Thanks for your help.