Solved

Where is the client name or client computer name logged for Remote Desktop Session

Posted on 2013-01-23
14
2,771 Views
Last Modified: 2014-10-09
Hello Experts,

I have a situation where knowing the name of the computer/client that logged into a terminal server would be most helpful.  We currently have a W2008 R2 RDS Gateway that controls access to a W2008 R2 terminal server.  When I look at current session in the Remote Desktop Session Manager I can see the client name.  However, after the user logs off I can't seem to find a record of that client/computer name in any of the logs.  I can find lots of information about the user but not about what client/computer the user was using.

Is there a log that records this information?

Thanks,
karislove
0
Comment
Question by:karislove
  • 6
  • 4
  • 2
  • +1
14 Comments
 
LVL 3

Expert Comment

by:ecebollero
ID: 38811294
(Server 2008 R2)

1. Open Server Manager > Diagnostics > Event Viewer > Applications and Service Logs > Microsoft > Windows > TerminalServices-LocalSessionManager
2. Click on either Admin or Operational

In the individual log files you'll find all the information you need.

(Disregard - just tested locally and not seeing "client" computer information in the log file - sorry.)
0
 

Author Comment

by:karislove
ID: 38811342
ecebollero.

I hit that wall also.  Thanks for trying.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 38812537
Hi. Looked into it on Server 2012.
In the same log, see RemoteDesktopServices-RdpCoreTS
There you will find entries like
"The server accepted a new TCP connection from client 192.168.178.114:53419"

By the way, why is this info security related?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:karislove
ID: 38812658
McKnife,

Thanks for the tip.  I checked out a 2012 install that I have and the log is there.  However, the log is not present in 2008 R2.

Also, IP address is not what I am looking for.  I can get that multiple places.  I am looking for the client\computer name.

The reason it is in Security is because I thought that security experts might be familiar with this for auditing purposes.

karislove
0
 
LVL 3

Expert Comment

by:ecebollero
ID: 38822022
I don't have access to verify this, but wouldn't your DNS server capture the name of the client in the Reverse Lookup Zone?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 38822190
... and if it's a non-static DHPCP address, you will be able to look into the logs of the DHCP to resolve the number to a name.
0
 

Author Comment

by:karislove
ID: 38822322
McKnife,

These computers are not domain joined computers.  Will the RDS Gateway capture that information from a computer that is not part of the domain?  If so where do I go to find it?

karislove
0
 
LVL 54

Expert Comment

by:McKnife
ID: 38822347
Please tell us if a DCHP server is in use or not. I don't see what the gateway should want with that information, so I tend to "no".
0
 

Author Comment

by:karislove
ID: 38822504
The clients that are connecting to the RDS gateway do not use the DHCP server on the gateway's domain.  The clients connecting to the gateway use the DHCP server of whatever network they use to get internet access.

Is that what you are looking for?

karislove
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 38822511
Yes. I see no way to get hold of the clients' computer's names.
0
 

Author Comment

by:karislove
ID: 38822556
That's unfortunate.  The client name is right there in the session manager on the terminal server while they are connected.  You would think that would be something to log.

Thanks for giving it a go.

karislove
0
 

Expert Comment

by:djtj74
ID: 40356987
Hello Karislove.

Did you ever succeed to find this answer. I am loggin at the same now. And are stuck.

Please let me knoe.

Best regards,
Thomas.
0
 

Author Comment

by:karislove
ID: 40357077
djtj74

Unfortunately, no.  I had to let this go.  I never found a way to determine which machine is connecting to the RDS gateway.  I had to come up with a bastardized method of controlling access from some machines.  Not a good solution but it is working at the moment.

karislove
0
 

Expert Comment

by:djtj74
ID: 40370572
Karislove, Thanks for answering.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2012 R2 TLS 1.2? 2 41
what about DCpro 2 30
Remove Extension 3 38
What the steps to diagnose DC replication? 3 13
Let’s list some of the technologies that enable smooth teleworking. 
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question