How to get the Client IP Address in Azure Virtual Desktop
While migrating Virtual Desktop Environments to AVD, I got another challenge from the past: Sometimes, companies use the client IP address to identify the user’s location to map a specific printer in the location.
Unfortunately, AVD didn’t provide this client’s IP address. Even the property of WTSQuerySessionInformation is empty. I only get the internet-faced IP address if I try to use the diagnostic settings. But not the client’s own address.
But there is a solution/workaround: If clients are using RDP Shortpath (public or private), we can grab the information locally to do some printer mappings. The good thing is that RDP Shortpath is enabled by default (except for the HTML 5 web client).
The RDAgent, installed on each session host, reports a lot of data to the backend (logs). You can configure the diagnostic settings to store this data to log analytics or some other data stores. Some of those logs are also on the session host in the event log.
The event log “RemoteDesktopServices” contains the log entries. The source “Microsoft.RDInfra.Diagnostics.DataSink.RestPipelineSink” contains data about RDP Shortpath connection, including the IP address of the client:
We can use the activity ID to match the information to a specific user on the host. The correlation user/activity ID is stored in the log from the source “Microsoft.RDInfra.RDAgent.ConnectionTrackingService.DefaultConnectionTrackingService”.
I built a small tool to read the event log continuously. AvdClientIp reads the single entries, extracts the data, and matches the data by the activity ID.
The installation of AvdClientIp will create a scheduled task with the name “ITPC-AVD-ClientIP”. This task starts with the computer and monitors the RemoteDesktopServices event log. If a client IP is detected, the tool writes the client IP into the users’ registry in HKEY_CURRENT_USER\Volatile Environment
- ClientIpValue -> IPv4
- ClientIpUTC -> The timestamp
Logging and configuration
The default configuration can be changed by setting the following values to the registry HKLM:\SOFTWARE\ITProCloud\AvdClientIp
|HideUserNamesInLogfile||Reg_DWORD||Hides the user names in the logfile||0=false|
AvdClientIp writes a log file to *%AppData%\ITProCloud\AvdClientIp.log. *
Note: It would be much better if the RDAgent would store this information directly in the registry or provide the information with the WTSQuerySessionInformation. So, use this tool as a workaround until we get the data natively.
It would be much better if the RDAgent would store this information directly in the registry or provide the information with the WTSQuerySessionInformation. So, use this tool as a workaround until we get the data natively.
A big thank to Jörg Hoffmann finding the right logs 👍
Please feel free to send me ideas for improvements.