What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Microsoft RDGateway Sensors

Votes:

0

We have several Microsoft RDGateway deployments that we manage/monitor. These deployments typically consist of a RDGateway Server, a Session Broker and then multiple Session Hosts (terminal servers). The RDGateway provides secure access into the environment. Monitoring the following would be nice:

Logon Success (Security Event ID 4624) with ability to grab public IP information and user information Logon Failures (Security Event ID 4625) with ability to grab public IP information and user information RDGateway performance data such as concurrent session count, session latency/user RDGateway system resources consumed by user

Ideally, it would be nice to have a mechanism that tests the RDGateway login process which tracks login time (meaning time it takes for a user to successfully get through the login process), if the login process fails due to resource unavailability reasons. Currently I believe this can be done for logins directly into a Session Host but not when going through an RDGateway.

rdgateway rds sensor-request

Created on Feb 14, 2019 3:53:34 PM



2 Replies

Votes:

0

Hello,

Thank you for using our PRTG Network Monitor.

Unfortunately we do not have a native sensor that to do all of that in RDGateway monitoring, nor do we have any in the script world. Parts of the requirement should be possible with the Eventlog Sensor.

In case the Event Log Sensor does not work, and also for the rest of the requirements, to be honest with you, we simply have to recommend a self-written [[: https://www.paessler.com/manuals/prtg/exe_script_sensor.htm|Custom Exe/Script-Sensor]].

Please let us know if you need anything else.

Created on Feb 15, 2019 12:23:23 PM by Torsten Lindner [Paessler Support]



Votes:

0

Hi Chad,

Honestly - what you want can't really be done by PRTG - at least not the way you requested it.

  • Logon success
    • grab public IP and user
  • Logon error
    • grab public IP and user
  • performance data of current session
    • session latency
    • gateway resources consumed by user
  • login time to logon to the GW/RDS farm

What you want there are multiple things and partly have no really to do with the GW.

A simulated logon would need either the gateway being able to process internal requests or the probe contacting it externally. How ever, this is going through the RDP protocol and would simulate a complete logon of a user / to have this accurate this logon session would need to be logged of afterwards and then you have additional factors like the CPU load of the casually targeted session host etc. that might influence the recorded time or GPOs that need to be processed etc...

Honestly - this is almost not possible to simulate - there are so many parts to it and this would mean you need to develop against the RDP protocol and then simulate various interactions and find out if the logon process actually finished at all..

The session latency is relative between the client and the target session host - while the GW interacts as a man in the middle. I am not aware that the GW knows about any of the latency of an ongoing session and eventually you have the issue that the client might be behind a weak internet connection or e.g. the GW resides in USA while the client resides in Germany - this would mean the distance comes to play and adding a huge latency (I would expect a minimum of 120ms delay) etc... - this is therefor a way to relative value that would be very hard to interpret. If at all, you might get it from the session on the host rather then from the GW - never looked in to that specific value though, see reasons mentioned already.

Gateway resources consumed? Yeah - non? This is so minimal - eventually the bandwidth of your internet connection and possibly IDS/IPS (CPU/RAM) of your FW are more affected by this then the GW itself. Simply monitor CPU/RAM of the GW server - you will see it remains pretty bored...

About you logon-success and logon-failures.. Now it becomes interesting...

The GW interacts with a NPS/RADIUS servers. Now RADIUS will interact with the Eventlog - more or less - the events you mention are going to be recorded in the Security Log of the RADIUS server - this might or might not be the GW. How ever - RADIUS can report to a SQL database - you then can create a script that runs against the SQL database and this script e.g. looks for logon success/failure entries - I am right now not sure if the GW will do an RADIUS accounting like procedure where you can see if a session is still ongoing - possibly - therefor you would be able to get information about how many sessions are ongoing right now.

https://www.it-admins.com/microsoft-radius-nps-sql-logging/ - this link should help you here...

There might also be a PowerShell command or WMI query that could give you the amount of ACTIVE sessions.

Won't promise I dig a bit deeper in to this - I always meant to do something with the GW in regards to ongoing sessions and failures but it never happened.. so I might.. but for now I wait for you and what you come up with :-)

Regards

- a fellow PRTG user -

Florian Rossmark

www.it-admins.com

Created on Feb 15, 2019 3:21:17 PM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.