3

We use mstsc.exe to establish RDP connections to other servers in batch files, which are then terminated after some tasks have been run. This basically works fine, but every now and then it takes mstsc.exe extraordinarily long to set up the connection. Is there a way to check / hint that mstsc has finished the set up of the link successfully and that the RDP connection can be used?

SamErde
  • 3,409
  • 3
  • 24
  • 44
AlvaHenrik
  • 133
  • 4

2 Answers2

4

You can check if the RDP logon was sucessful by querying the security log of the target system. Logon events are ID 4624, RDP logons are type 10. Other logon types https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4624

$user2find = "santaClaus"
$target = "server1234"
Get-winevent -comp $target -FilterHashtable @{Logname='security'; ID=4624; starttime=(get-date).addMinutes(-5)} | where {$_.properties[8].value -eq 10 -and $_.properties[5].value -eq $user2find}
Clayton
  • 4,523
  • 17
  • 24
  • Thanks that works great. Had to add a little code for the credentials issue but it does exactly what I needed. – AlvaHenrik Dec 27 '17 at 15:34
0

If you're using batch files, then netstat is probably your go-to tool. Assuming you are running mstsc /admin /v:SERVERNAME, you could follow that line with the command:

netstat | findstr "ms-wbt-server"

"ms-wbt-server" indicates an RDP connection, and you can check the %errorlevel% output of the findstr command to see if the string was found. If the error level is 0, it was found and you can proceed; if the error level is 1, the string was not found.

SamErde
  • 3,409
  • 3
  • 24
  • 44
  • hm, thanks a lot for your answer but in my case I'm afraid it's not that helpful. Playing around with it I realized that this TCP connection is established long before the RDP connection is ready to use. So if the delay is caused by the RDP handshake it will not work. – AlvaHenrik Dec 27 '17 at 14:40
  • I'm curious how you are utilizing an RDP connection to run command-line tools...or at least that's what it sounds like you are trying to do. Also, this command was suggested because you said you were using batch files. I would have gone with a totally different approach if you indicated PowerShell. :) – SamErde Dec 28 '17 at 17:35
  • It's even worse. We use a command line tools from HP ALM that allows you to run tests on remote machines. But for this to work there has to be an already established RDP connection to that remote machine. So what we do is we start RDP with mstsc.exe, then wait and pray and then use that tool from HP. When it has finished we kill the RDP connection again. It's a really weird setup. :-) – AlvaHenrik Dec 28 '17 at 17:49
  • 1
    *Runs away sobbing* – SamErde Dec 29 '17 at 18:02