Remote-access Guide

event id 20192 remote access

by Dr. Edison Cormier Published 3 years ago Updated 2 years ago
image

Event Source: RemoteAccess Event Category: None Event ID: 20192 Date: 6/9/2012 Time: 2:25:49 PM User: N/A Computer: [ServerNameHere]

Event ID - 20192. A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate. No L2TP calls will be accepted.

Full Answer

What does the sessionid and event ID 21 mean?

For remote RDP logons, take note of the SessionID as a means of tracking/associating additional Event Log activity with this user’s RDP session. TL;DR: Indicates successful RDP logon and session instantiation, so long as the “Source Network Address” is NOT “LOCAL”. Notes: This typically immediately proceeds an Event ID 21.

What does the “source network address” of event ID 21 mean?

This event with a “Source Network Address” of “LOCAL” will also be generated upon system (re)boot/initialization (shortly after the preceding associated Event ID 21). TL;DR: Indicates successful RDP logon and shell (i.e. Windows GUI Desktop) start, so long as the “Source Network Address” is NOT “LOCAL”.

What is event ID 39 and 40 in RDP?

Typically paired with Event ID 24 and likely Event ID’s 39 and 40. The SessionName, ClientAddress, and LogonID can all be useful for identifying the source and associated activity. TL;DR: The user disconnected from from an RDP session.

What is an event log ID?

This ID is unique for each logon session and is also present in various other Event Log entries, making it theoretically useful for tracking/delineating a specific user’s activities, particularly on systems allowing multiple logged on users.

image

Network Connection

This section covers the first indications of an RDP logon – the initial network connection to a machine.

Authentication

This section covers the authentication portion of the RDP connection – whether or not the logon is allowed based on success/failure of username/password combo.

Logon

This section covers the ensuing (post-authentication) events that occur upon successful authentication and logon to the system.

Logoff

This section covers the events that occur after a purposeful (Start -> Disconnect, Start -> Logoff) logoff.

Wrap-Up

Hopefully that provides a little better insight into some of the most common and (IME) most empirically useful RDP-related Event logs, when/where you might encounter them, what they mean, what they look like, and (most importantly) how they all fit together.

image

Popular Posts:

  • 1. plex remote access connects for a second and then disconnects
  • 2. does my anti virus block remote access
  • 3. mosquitto remote access
  • 4. ipad remote access to pc
  • 5. palo alto remote access vpn with two-factor authentication
  • 6. how to set up remote access to a monitor
  • 7. bell call answer remote access
  • 8. pmacs remote access
  • 9. lonza remote access
  • 10. duke maestro remote access
    • A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9