Link to home
Create AccountLog in
Avatar of hudsoncid

asked on

Terminal Server: Log external client IP address

Greetings Gurus,

We are running remote desktop services on Windows Server 2008 R2.

I would like to log the external (WAN) IP address of clients that are connecting to the server, each time a user connects. Currently I am using the GETTSCIP tool from CTRL-ALT-DEL, as part of the user login scripts, and appending the IP address results to a text file for each user (%username%iplog.txt). The trouble is it's logging the users NAT address instead of the WAN address, rendering my tracking mostly useless.

I have searched the web for an application, or simple script function, that would help me accomplish this. Unfortunately I find the same reference to the GETTSCIP tool, or to Visual Basic scripts that are quite a bit above my comfort level. My current login script is effectively the same as an old DOS batch file, with NET USE commands, and so forth.

Can anyone suggest a tool, script, or even eventlog feature that would help me collect this date? I'd certainly appreciate any suggestions or guidance you have to offer.
Avatar of neilpage99
Flag of United States of America image

If these remote users are connecting via VPN, then and your terminal server is on the private LAN, then you have a lot of work ahead of you.

The problem there is, only your VPN server device (such as a Cisco Router or ASA appliance) has knowledge of the user's true WAN IP address. Once the VPN connection is established, and the remote user receives a VPN IP address (i.e. NAT address), all other computers/servers on the local network only see that NAT address. Only the VPN server knows the true public IP address of that user.
Avatar of hudsoncid


Thanks for the response. We are a pretty small shop, so the external users are connection using RDP clients on their PC or Macs. We don't employ any VPN technology at the current time.
Are you saying that your log is only picking up the NAT IP address of the user's PC - from their HOME network?

Maybe describe the topology a little more:

1. Is the Terminal Server behind a firewall?

2. Does the Terminal server have a "public IP address" - or only a private IP address?

3. Is there a Remote Desktop Gateway server anywhere in this equation?

4. To what, are the remote users pointing their RDP clients to?  (i.e. a public IP address or a hostname?)
Avatar of Netflo
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Yes, that is correct. When the login script runs it is reporting the users' NAT address on their own network, instead of the public address assigned to their firewall\device.

1: The terminal server is behind a firewall, and has been assigned a static address on our private network (192.0.168.x).
2: The terminal server has also been assigned a public static IP address
3: We are not using a remote desktop gateway, just the stand alone terminal server
4: The remote users are pointing to the host name (ts1 when they connect
@Netflo, yes that's exactly what we needed!  Thanks for your help.