Solved

Where is the client name or client computer name logged for Remote Desktop Session

Posted on 2013-01-23
14
3,144 Views
Last Modified: 2014-10-09
Hello Experts,

I have a situation where knowing the name of the computer/client that logged into a terminal server would be most helpful.  We currently have a W2008 R2 RDS Gateway that controls access to a W2008 R2 terminal server.  When I look at current session in the Remote Desktop Session Manager I can see the client name.  However, after the user logs off I can't seem to find a record of that client/computer name in any of the logs.  I can find lots of information about the user but not about what client/computer the user was using.

Is there a log that records this information?

Thanks,
karislove
0
Comment
Question by:karislove
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +1
14 Comments
 
LVL 3

Expert Comment

by:ecebollero
ID: 38811294
(Server 2008 R2)

1. Open Server Manager > Diagnostics > Event Viewer > Applications and Service Logs > Microsoft > Windows > TerminalServices-LocalSessionManager
2. Click on either Admin or Operational

In the individual log files you'll find all the information you need.

(Disregard - just tested locally and not seeing "client" computer information in the log file - sorry.)
0
 

Author Comment

by:karislove
ID: 38811342
ecebollero.

I hit that wall also.  Thanks for trying.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 38812537
Hi. Looked into it on Server 2012.
In the same log, see RemoteDesktopServices-RdpCoreTS
There you will find entries like
"The server accepted a new TCP connection from client 192.168.178.114:53419"

By the way, why is this info security related?
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:karislove
ID: 38812658
McKnife,

Thanks for the tip.  I checked out a 2012 install that I have and the log is there.  However, the log is not present in 2008 R2.

Also, IP address is not what I am looking for.  I can get that multiple places.  I am looking for the client\computer name.

The reason it is in Security is because I thought that security experts might be familiar with this for auditing purposes.

karislove
0
 
LVL 3

Expert Comment

by:ecebollero
ID: 38822022
I don't have access to verify this, but wouldn't your DNS server capture the name of the client in the Reverse Lookup Zone?
0
 
LVL 55

Expert Comment

by:McKnife
ID: 38822190
... and if it's a non-static DHPCP address, you will be able to look into the logs of the DHCP to resolve the number to a name.
0
 

Author Comment

by:karislove
ID: 38822322
McKnife,

These computers are not domain joined computers.  Will the RDS Gateway capture that information from a computer that is not part of the domain?  If so where do I go to find it?

karislove
0
 
LVL 55

Expert Comment

by:McKnife
ID: 38822347
Please tell us if a DCHP server is in use or not. I don't see what the gateway should want with that information, so I tend to "no".
0
 

Author Comment

by:karislove
ID: 38822504
The clients that are connecting to the RDS gateway do not use the DHCP server on the gateway's domain.  The clients connecting to the gateway use the DHCP server of whatever network they use to get internet access.

Is that what you are looking for?

karislove
0
 
LVL 55

Accepted Solution

by:
McKnife earned 500 total points
ID: 38822511
Yes. I see no way to get hold of the clients' computer's names.
0
 

Author Comment

by:karislove
ID: 38822556
That's unfortunate.  The client name is right there in the session manager on the terminal server while they are connected.  You would think that would be something to log.

Thanks for giving it a go.

karislove
0
 

Expert Comment

by:djtj74
ID: 40356987
Hello Karislove.

Did you ever succeed to find this answer. I am loggin at the same now. And are stuck.

Please let me knoe.

Best regards,
Thomas.
0
 

Author Comment

by:karislove
ID: 40357077
djtj74

Unfortunately, no.  I had to let this go.  I never found a way to determine which machine is connecting to the RDS gateway.  I had to come up with a bastardized method of controlling access from some machines.  Not a good solution but it is working at the moment.

karislove
0
 

Expert Comment

by:djtj74
ID: 40370572
Karislove, Thanks for answering.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question