Monitoring Active Connections Through a TS Gateway Server

Applies To: Windows Server 2008

After you have configured Terminal Services clients to connect to remote computers on the network through TS Gateway, you can monitor active connections. This section provides the following information about monitoring active connections through a TS Gateway server:

  • Specify TS Gateway events to log

  • View details about active connections through a TS Gateway server

Specify TS Gateway events to log

By using TS Gateway Manager, you can specify the types of events that you want to monitor, such as unsuccessful or successful connection attempts to internal network computers through a TS Gateway server.

When these events occur, you can monitor the corresponding events by using Windows Event Viewer. TS Gateway server events are stored in Event Viewer under Application and Services Logs\Microsoft\Windows\Terminal Services-Gateway\.

To specify TS Gateway events to log

  1. Open TS Gateway Manager.

  2. In the console tree, click to select the node that represents your TS Gateway server, which is named for the computer on which the TS Gateway server is running.

  3. With the name of the TS Gateway server highlighted in the console tree, right-click the name of the server, and then click Properties.

  4. On the Auditing tab, select or clear the appropriate check boxes to specify the events that you want to monitor for TS Gateway.

The following table lists and describes the TS Gateway event types that you can monitor.

Table 1: TS Gateway Event Types

Event name Description Event ID

Successful User Disconnection from the Resource

By monitoring the timestamp for this event and the related Successful User Connection to the Resource event, you can verify the user session time and the amount of data (in kilobytes) that was sent and received by the remote client through the TS Gateway server.

303: When the client disconnects from the resource

202: When an administrator disconnects the client

Failed User Connection to the Resource

The remote client met the conditions specified in the TS CAP and the TS RAP, but could not connect to the internal network resource (computer) through the TS Gateway server because the remote computer was unavailable.

By auditing this event, you can determine which connectivity issues are caused by problems with Terminal Services and Remote Desktop rather than the TS Gateway server.

304

Failed Connection Authorization

The remote client could not connect to a TS Gateway server because the client did not meet the conditions specified in the TS CAPs.

201

Failed Resource Authorization

The remote client could not connect through a TS Gateway server to the specified computer because no TS RAPs are configured to allow the user access to the specified computer.

For example, as mentioned earlier, this issue might occur if the user attempts to connect to the computer by using its NetBIOS name when the TS RAP configured on the TS Gateway server uses an FQDN name for the computer.

301

Successful User Connection to the Resource

The remote client successfully connected to a computer through the TS Gateway server.

302

Successful Connection Authorization

The remote client successfully connected to the TS Gateway server because the client met the conditions specified in at least one TS CAP.

200

Successful Resource Authorization

The remote client successfully connected through the TS Gateway server to the specified internal network resource because the client met the conditions specified in at least one TS RAP.

300

View details about active connections through a TS Gateway server

You can use TS Gateway Manager to view information about active connections from Terminal Services clients to internal network resources through a TS Gateway server. This information is displayed in the Monitoring details pane and includes:

Event name Description

Connection ID

In the format <a:b> where "a" is the tunnel ID that uniquely identifies a specific connection to the TS Gateway server and "b" is the channel ID. The tunnel ID represents the number of connections that the TS Gateway server has received since the Terminal Services Gateway service has been running. Each time the TS Gateway server receives a new connection, the tunnel ID is incremented by 1.

User ID

The domain and user ID of the user logged on to the client, in the format <domain\userID>.

User Name

The full name of the user logged on to the client.

Note
You can only view the full name of the user if you are logged on to the TS Gateway server as a domain user. If you are logged on as member of the local administrators group, you can view the full name of the user in the User ID column.

Connected On

The date and time when the connection was initiated.

Connection Duration

The length of time that the connection was active.

Idle Time

The length of time that the connection is idle, if applicable.

Target Computer

The name of the internal network computer to which the client is connected.

Client IP Address

The IP address of the client.

Note

If your network configuration includes proxy servers, the IP address that appears in this column will reflect the IP address of the proxy server, rather than the IP address of the Terminal Services client.

Target Port

The port on the internal network computer to which the client is connected.

Use the following procedure to view details about active connections through a TS Gateway server.

To view details about active connections through a TS Gateway server

  1. Open TS Gateway Manager.

  2. In the console tree, click to select the node that represents your TS Gateway server, which is named for the computer on which the TS Gateway server is running.

  3. In the console tree, click Monitoring.

    The TS Gateway Manager results pane displays a summary of the number of connections from remote users to computers on the internal network. Specific connections, if any, are listed below the summary.

    When you click a connection, the connection details appear in the lower pane. If necessary, you can disconnect a specific connection or all TS Gateway connections for a user.

  4. To refresh the display of connection status, in the Actions pane, click Refresh.