Clients IP-address while running under Windows Terminal Server
Pawel Finkielman
Is there any way to programmatically detect clients Ip address while
running under Windows Terminal Server?
I can see by using netstat -n all TCP connection with local and
foreign IP address, but which address is the address of the client I'm
actually running ?
Pawel
Vic Djajamihardja
The name of the client session you are on is in the system environment
variable CLIENTNAME.
eg %CLIENTNAME%
.....in batch files
Set WshShell = WScript.CreateObject("WScript.Shell")
Set WshSysEnv = WshShell.Environment("SYSTEM")
sClientName= WshSysEnv("CLIENTNAME")
..... in vbscript
You can use whatever name resolution you like to resolve this to an IP
address. (If you're lazy like me, just use ping. :-)
--
Adios,
Vic Djajamihardja
vic-at-jaratech-dot-com-dot-au
"Pawel Finkielman" <pa...@finkielman.dk> wrote in message
news:391d84cb...@news.worldonline.dk...
Pawel Finkielman
<ne...@jaratech.com.au> wrote:
>The name of the client session you are on is in the system environment variable CLIENTNAME.
>You can use whatever name resolution you like to resolve this to an IP
>address. (If you're lazy like me, just use ping. :-)
Hi Vic,
I was trying this solution, but it doesn't work, at least not under
Windows 2000, TS edition.
CLIENT name gives me the local workstation name like "PawelsPC" which
is unknown as a host. This is because I'm dialling in through an
Internet provider who assigns a dynamic IP-address to me. And it is
this "public" IP-address I'm looking for, not the one of my PC.
Do you have any other suggestions?
Thanks
Pawel
Vic Djajamihardja
Vic Djajamihardja
I assumed you were talking about logging in through a LAN. If you're going
over the internet, I may not be terribly much help as I don't have much
experience in that area. If you're using AD then I'm possibly even less
help ;-)
The only suggestion I can make is to add your AD domain suffix to the ping
command. Here I'm on a jaratech.dom domain (artificial domain name) and a
ping to (my "office" pc) office.jaratech.dom succeeds where a ping to office
alone fails without a WINS server. This may not work given the little I
understand of AD and dynamic DNS on W2K, but it's worth a shot (take 10
seconds to check....). If the problem is that you're getting the wrong IP
address (but the ping works), you may want to try a tracert to find the path
to your pc and see where your public IP address is in the chain and parse
accordingly.
If you're using the internet connector for WTS allowing anonymous access,
then I'm genuinely clueless :-)
The fact that your IP is dynamic really shouldn't make a difference, after
all, the server has got to know how to get info back to you.....
I suggest you wander over to the tcpip networking NGs. The gurus over there
may be able to help you more.......
--
Adios,
Vic Djajamihardja
vic-at-jaratech-dot-com-dot-au
"Pawel Finkielman" <pa...@finkielman.dk> wrote in message
Ludek
option
This function with this option DID NOT work with NT4 TS ( bug Q238143) but
as I know it should
work correctly unde w2000 ts
WTS sdk with wts api descryption and examples was included with TS sp4 CD
good luck
Ludek
Pawel Finkielman <pa...@finkielman.dk> wrote in message
Pawel Finkielman
does, the local workstation name like "PawelsPC" which
is unknown as a host. This is because I'm dialling in through an
Internet provider who assigns a dynamic IP-address to me. And it is
this "public" IP-address I'm looking for, not the one of my PC.
Why this lib returns a private IP address, is a mystery to me, I can't
see any usage for it. I wonder what those MS folks have had in mind.
Any other suggestions ?
On Mon, 15 May 2000 09:57:37 +0200, "Ludek" <lu...@kapital.com.pl>
wrote:
Ludek
You mean that you get with this function static ip of your station not the
ip you are connected to TS with ???
I just wanted to change to win2000 to have this functionality but as I see
it still does not work properly.
let me know what you find about it lu...@kapital.com.pl
Thanks
Ludek
If so
Pawel Finkielman <pa...@finkielman.dk> wrote in message
news:3920386...@news.worldonline.dk...
Pawel Finkielman
and I believe you are referring to MS article Q238143. Unfortunately,
I don't know what MS means by "However, on Windows NT Server version
4.0, Terminal Server Edition (TS4), the client address field is
invalid ".
Because the suggested workaround don't help on private/public IP
address problem, so they might refer to something else. Using the
WTSQuerySessionInformation function with the WTSClientName filtering
flag to get the client name will just return something like "PawelsPC"
which is the local name for my PC, and it can't be used in call to
gethostbyname.
Is it yours understanding, that showing the private IP-address on NT4
TSE is a bug?
BTW, I will be back to you if I ever run in to an answer.
Pawel
On Tue, 16 May 2000 11:10:20 +0200, "Ludek" <lu...@kapital.com.pl>
wrote:
Ludek
these are diffrent params to function WTSQuerySessionInformation
WTSClientName was working on nt4ts OK and WTSclientAdress was NOT
Did you check WTSQuerySessionInformation with WTSclientAddress on win2000???
thanks
Ludek
Pawel Finkielman <pa...@finkielman.dk> wrote in message
news:3921afbd...@news.worldonline.dk...
Vic Djajamihardja
I've been following your thread with Ludek and I've done some looking about
for ideas.
The first thing I will say is that I'm waaay out of my depth here in a lot
of respects (lowly VB programmer), but the problem interests me :-)
You haven't given a lot of details about the connectivity between the server
and your PC, so I've worked on the assumption that it's a straight tcpip
connection - no VPN, PPTP or other fancy things. I'll also take your word
for it that the API is not doing what you want (I've read it and that's
about it)
Firstly...
You can identify sessions through the API or query user/session etc. This
gives you information such as sessionid, clientname, logon time, user etc.
I assume through sockets you can also get the equivalent information to
netstat -n .
You've got the session info and you've got the connections, but you can't
link the two - hence the problem.
From what I've read about the WTS architecture ("Terminal Server
Architecture" from MS), to get first hand information the RDP stack instance
handoff to a Win32k user session you're going to have to get
information/notification from terminal server listener thread (uses
Termdd.sys). I'm not going to even pretend I know how to do this or even if
it's possible. If you can somehow monitor this listening thread, then the
solution should be easy ;-)
However, you may not need to do this. One possible way to get the
information you want is to use both the WTS API and Sockets. I'm about to
go into hypothetical territory (for me) here so don't laugh too loud if I'm
speaking rubbish :-)
Your program will probably be a service or whatever it takes for the thing
to be running all the time as the following relies on monitoring state.
We need a way to check the state of the TCPIP connections at any time. I'll
assume that you know a way to get a list of TCP sessions like that you get
with netstat -p tcp. Given that WTS uses port 3389 for the listener thread,
I'm guessing that's all you have to watch.
Your program will have to maintain some sort of list of connections on port
3389 and you will also have to derive the foreign address (a la netstat) to
associate with each connection object (or structure....whatever). You'll
also probably want the foreign port number as well as that differentiates
connections from the same foreign host.
Lets assume you use a CConnection object with UserName, ForeignHost,
ForeignPort and AttachedSession properties.
Any time a new connection is detected, a new CConnection will have to be
added to your list representing the state of active TCP connections. We'll
call this function RegisterNewConnection. This function compares the list
of current established port 3389 connections with the last known list and
creates the required new CConnection in the list. AttachedSession &
UserName will be null by default.
WTS creates two client sessions by default which sit idle until a successful
connection (rdp stack instance handoff) at which time (I think) a new one
will be created. Each of these has a session number >0 and a winstationname
of null/nothing as far as I can tell.
Now, you could use the WTSWaitSystemEvent with WTS_EVENT_ALL mask to monitor
incoming TCP connections. From tests I've done anytime a connection is
attempted on port 3389, the state of one of the idle sessions changes to
WTSConnectQuery. (Try telnetting to Server:3389 and watching with Query
Session). At this time, call your RegisterNewConnection and with the new
connection, set the Attached Session to the SessionID that's in the
WTSConnectQuery state.
Now you have your association between SessionID and CConnection.
From here you can use the WTS_EVENT_LOGON to associate a user to a
CConnection and other WTS_CONNECTSTATE_CLASS events to maintain your list.
From here on it's easy ;-)
--
HTH,
Vic Djajamihardja
vic-at-jaratech-dot-com-dot-au
"Pawel Finkielman" <pa...@finkielman.dk> wrote in message
Pawel Finkielman
Thanks for the idea, I will try it this weekend. I have been thinking
in same direction, having a list of all relevant connections and
thereby identifying new ones. However I wasn't thinking of
"WTSWaitSystemEven" , and therefore I always run into the
synchronisation problem. I couldn't be sure who is who if I got 2
simultaneous connections. I hope with the "WTSWaitSystemEven" it can
be solved, even I still would like to have a synchronisation-point,
which could block an other connection till I have resolved my list
problem. Getting the list information will be time consuming as the
list grows, and I don't know how efficient the call to MIB-api is.
Anyway it's worth trying, and again thanks for your idea.
Pawel
Hi Vic,
Thanks for the idea, I will try it this weekend. I have been thinking
in same direction, having a list of all relevant connections and
thereby identifying new ones. However I wasn't thinking of
"WTSWaitSystemEven" , and therefore I always run into the
synchronisation problem. I couldn't be sure who is who if I got 2
simultaneous connections. I hope with the "WTSWaitSystemEven" it can
be solved, even I still would like to have a synchronisation-point,
which could block an other connection till I have resolved my list
problem. Getting the list information will be time consuming as the
list grows, and I don't know how efficient the call to MIB-api is.
Anyway it's worth trying, and again thanks for your idea.
Pawel
Pawel Finkielman
2000.
But let me be more specific:
I have a server called 'MyServer' which runs win2000 TSE.
Scenario:
I’m on a pc called 'pawelsPc' on network, private that is, which has
IP-address 172.18.20.10. The company has lot of PC’s, all in the range
of : 172.18.xx.yy.
This is on the private side of the gateway. The gateway has public
address like 129.142.41.131.
Upon login to 'MyServer', WtsAdmin application and WtsApi32.dll shows:
WTSClientName = 'PawelsPc'
WTSclientAdress = 172.18.20.10.
Unfortunately I can’t ping 'PawelsPc' nor can I ping 172.18.20.10.
Those are private properties, and there could be 1000’s of them out
there.
When I use netstat -n in the client login session, I can se the
address 129.142.41.131 and I can ping it.
What I need in the session is, either the WTSclinetName to return
'Gatewayname' or it’s IP address.
My problem is that I can’t see 'who I am' in terms of public names or
addresses.
Pawel
Ludek
thanks
Ludek
Pawel Finkielman <pa...@finkielman.dk> wrote in message
news:39251cca...@news.worldonline.dk...
Pawel Finkielman
Vic Djajamihardja
Found this recently..... may help...
http://www.sysinternals.com/tcpview.htm
Pawel Finkielman
Thanks, I've seen it before, it's almost like the "nettools" from the
MFC examples.
BTW, the idea of having lists of entries and calculate who is who, I
gave up on it, as I couldn't
control MIB-lib (the one used in TCPView) in a stressed situation with
two or more clients logins at the same time. Now I will try to see if
there is any help in performance library, the one which keeps track of
processes in a sessions etc.
Ever heard about Inzider (http://ntsecurity.nu) ?
Pawel