Monitoring Active Connections Through a TS Gateway Server
Applies To: Windows Server 2008
After you have configured Terminal Services clients to connect to remote computers on the network through TS Gateway, you can monitor active connections. This section provides the following information about monitoring active connections through a TS Gateway server:
Specify TS Gateway events to log
View details about active connections through a TS Gateway server
Specify TS Gateway events to log
By using TS Gateway Manager, you can specify the types of events that you want to monitor, such as unsuccessful or successful connection attempts to internal network computers through a TS Gateway server.
When these events occur, you can monitor the corresponding events by using Windows Event Viewer. TS Gateway server events are stored in Event Viewer under Application and Services Logs\Microsoft\Windows\Terminal Services-Gateway\.
To specify TS Gateway events to log
Open TS Gateway Manager.
In the console tree, click to select the node that represents your TS Gateway server, which is named for the computer on which the TS Gateway server is running.
With the name of the TS Gateway server highlighted in the console tree, right-click the name of the server, and then click Properties.
On the Auditing tab, select or clear the appropriate check boxes to specify the events that you want to monitor for TS Gateway.
The following table lists and describes the TS Gateway event types that you can monitor.
Table 1: TS Gateway Event Types
| Event name | Description | Event ID |
|---|---|---|
Successful User Disconnection from the Resource |
By monitoring the timestamp for this event and the related Successful User Connection to the Resource event, you can verify the user session time and the amount of data (in kilobytes) that was sent and received by the remote client through the TS Gateway server. |
303: When the client disconnects from the resource 202: When an administrator disconnects the client |
Failed User Connection to the Resource |
The remote client met the conditions specified in the TS CAP and the TS RAP, but could not connect to the internal network resource (computer) through the TS Gateway server because the remote computer was unavailable. By auditing this event, you can determine which connectivity issues are caused by problems with Terminal Services and Remote Desktop rather than the TS Gateway server. |
304 |
Failed Connection Authorization |
The remote client could not connect to a TS Gateway server because the client did not meet the conditions specified in the TS CAPs. |
201 |
Failed Resource Authorization |
The remote client could not connect through a TS Gateway server to the specified computer because no TS RAPs are configured to allow the user access to the specified computer. For example, as mentioned earlier, this issue might occur if the user attempts to connect to the computer by using its NetBIOS name when the TS RAP configured on the TS Gateway server uses an FQDN name for the computer. |
301 |
Successful User Connection to the Resource |
The remote client successfully connected to a computer through the TS Gateway server. |
302 |
Successful Connection Authorization |
The remote client successfully connected to the TS Gateway server because the client met the conditions specified in at least one TS CAP. |
200 |
Successful Resource Authorization |
The remote client successfully connected through the TS Gateway server to the specified internal network resource because the client met the conditions specified in at least one TS RAP. |
300 |
View details about active connections through a TS Gateway server
You can use TS Gateway Manager to view information about active connections from Terminal Services clients to internal network resources through a TS Gateway server. This information is displayed in the Monitoring details pane and includes:
| Event name | Description | ||
|---|---|---|---|
Connection ID |
In the format <a:b> where "a" is the tunnel ID that uniquely identifies a specific connection to the TS Gateway server and "b" is the channel ID. The tunnel ID represents the number of connections that the TS Gateway server has received since the Terminal Services Gateway service has been running. Each time the TS Gateway server receives a new connection, the tunnel ID is incremented by 1. |
||
User ID |
The domain and user ID of the user logged on to the client, in the format <domain\userID>. |
||
User Name |
The full name of the user logged on to the client.
|
||
Connected On |
The date and time when the connection was initiated. |
||
Connection Duration |
The length of time that the connection was active. |
||
Idle Time |
The length of time that the connection is idle, if applicable. |
||
Target Computer |
The name of the internal network computer to which the client is connected. |
||
Client IP Address |
The IP address of the client. Note If your network configuration includes proxy servers, the IP address that appears in this column will reflect the IP address of the proxy server, rather than the IP address of the Terminal Services client.
|
||
Target Port |
The port on the internal network computer to which the client is connected. |
.gif)
NoteUse the following procedure to view details about active connections through a TS Gateway server.
To view details about active connections through a TS Gateway server
Open TS Gateway Manager.
In the console tree, click to select the node that represents your TS Gateway server, which is named for the computer on which the TS Gateway server is running.
In the console tree, click Monitoring.
The TS Gateway Manager results pane displays a summary of the number of connections from remote users to computers on the internal network. Specific connections, if any, are listed below the summary.
When you click a connection, the connection details appear in the lower pane. If necessary, you can disconnect a specific connection or all TS Gateway connections for a user.
To refresh the display of connection status, in the Actions pane, click Refresh.