We have an application that runs on our RDS/TS servers that uses Powershell to query the OS to obtain the RDP clients IP to determine which location they are at, and offer up printers available at that site. This has been working great, but we've come across an issue.

Some of our client networks happen to have overlapping subnets with us, so their network is NATTED to a non-overlapping subnet. The issue our application is having is when we query for the clients IP, we're getting the true IP of the client and not the NATTED address that is actually connected to the RDS/TS server.

It seems this information should be obtainable. While researching, I've seen several suggestions of using NETSTAT, but I need to associate that output with RDS/TS sessions.

Denny

I recommend posting in the RDS forum for this.

Hi Denny,

If you can filter the logon type 10 in event log 4624 to get the client ip address, you can use powershell to parse event log, for more detailed information, please refer to the script below:

http://blogs.technet.com/b/heyscriptingguy/archive/2011/01/24/use-powershell-cmdlet-to-filter-event-log-for-easy-parsing.aspx

https://github.com/Jackbennett/powershell/blob/master/util/Get-LogonHistory.ps1

If there is anything else regarding this issue, please feel free to post back.

Best Regards,

Anna Wang

One method that can work:

netstat -n |?{$_ -match '3389'}|%{$_ -match '(?<ip>\d+\.\d+\.\d+\.\d+):3389'}
$matches['ip']

If you are behind a gateway or have any form of redirection you cannot get the true address.