Where is the client name or client computer name logged for Remote Desktop Session

Hello Experts,

I have a situation where knowing the name of the computer/client that logged into a terminal server would be most helpful.  We currently have a W2008 R2 RDS Gateway that controls access to a W2008 R2 terminal server.  When I look at current session in the Remote Desktop Session Manager I can see the client name.  However, after the user logs off I can't seem to find a record of that client/computer name in any of the logs.  I can find lots of information about the user but not about what client/computer the user was using.

Is there a log that records this information?

Thanks,
karislove
karisloveAsked:
Who is Participating?
 
McKnifeConnect With a Mentor Commented:
Yes. I see no way to get hold of the clients' computer's names.
0
 
ecebolleroCommented:
(Server 2008 R2)

1. Open Server Manager > Diagnostics > Event Viewer > Applications and Service Logs > Microsoft > Windows > TerminalServices-LocalSessionManager
2. Click on either Admin or Operational

In the individual log files you'll find all the information you need.

(Disregard - just tested locally and not seeing "client" computer information in the log file - sorry.)
0
 
karisloveAuthor Commented:
ecebollero.

I hit that wall also.  Thanks for trying.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
McKnifeCommented:
Hi. Looked into it on Server 2012.
In the same log, see RemoteDesktopServices-RdpCoreTS
There you will find entries like
"The server accepted a new TCP connection from client 192.168.178.114:53419"

By the way, why is this info security related?
0
 
karisloveAuthor Commented:
McKnife,

Thanks for the tip.  I checked out a 2012 install that I have and the log is there.  However, the log is not present in 2008 R2.

Also, IP address is not what I am looking for.  I can get that multiple places.  I am looking for the client\computer name.

The reason it is in Security is because I thought that security experts might be familiar with this for auditing purposes.

karislove
0
 
ecebolleroCommented:
I don't have access to verify this, but wouldn't your DNS server capture the name of the client in the Reverse Lookup Zone?
0
 
McKnifeCommented:
... and if it's a non-static DHPCP address, you will be able to look into the logs of the DHCP to resolve the number to a name.
0
 
karisloveAuthor Commented:
McKnife,

These computers are not domain joined computers.  Will the RDS Gateway capture that information from a computer that is not part of the domain?  If so where do I go to find it?

karislove
0
 
McKnifeCommented:
Please tell us if a DCHP server is in use or not. I don't see what the gateway should want with that information, so I tend to "no".
0
 
karisloveAuthor Commented:
The clients that are connecting to the RDS gateway do not use the DHCP server on the gateway's domain.  The clients connecting to the gateway use the DHCP server of whatever network they use to get internet access.

Is that what you are looking for?

karislove
0
 
karisloveAuthor Commented:
That's unfortunate.  The client name is right there in the session manager on the terminal server while they are connected.  You would think that would be something to log.

Thanks for giving it a go.

karislove
0
 
djtj74Commented:
Hello Karislove.

Did you ever succeed to find this answer. I am loggin at the same now. And are stuck.

Please let me knoe.

Best regards,
Thomas.
0
 
karisloveAuthor Commented:
djtj74

Unfortunately, no.  I had to let this go.  I never found a way to determine which machine is connecting to the RDS gateway.  I had to come up with a bastardized method of controlling access from some machines.  Not a good solution but it is working at the moment.

karislove
0
 
djtj74Commented:
Karislove, Thanks for answering.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.