Remote Desktop Services Logging

If you’ve ever had to troubleshoot problems in Remote Desktop Servers in a busy environment it can be maddening. When you have a lot of users it can be difficult to track down the problem. In an RDP/Terminal Services environment, sometimes the most import thing is to identify a specific users Logon, Logoff, and Disconnect events. Initially it may seem that there’s not clear Remote Desktop Services logging. But it is there, it’s just buried in the Event Log. Here’s how to find and decipher¬†Remote Desktop Services Logging.

Finding Remote Desktop Services Logging

Remote Desktop Services LoggingIn Windows Server 2008/ Windows 7 and up the import Remote Desktop Services logs are located in the following location.

Open Event Viewer, expand Applications and Services Logs, expand Microsoft, expand TerminalServices-LocalSessionManager, select Operations.

In this log you’ll see all of the Remote Desktop Services logging events for this machine.

In Windows Server 2008, navigate to Event Viewer, Applications and Services Logs, Microsoft, Windows, TerminalServices-LocalSessionManager

Understanding Remote Desktop Services Logging

Within the¬†TerminalServices-LocalSessionManager Operations log you’ll find a number of helpful log events. Here are the important ones to help with troubleshooting.

  • Event ID 21: User Logon – This event happens when a user logs into the server or desktop via Remote Desktop Services. The client IP address and username is captured.
  • Event ID 23: User Logoff – This event occurs when a user logs off from a Remote Desktop Services session on a server or desktop.
  • Event ID 24: User Disconnect – This happens when a user’s client is disconnected from the server. This can happen if there’s a network disruption, something on the server causes a disconnect, or if the user just closes the client without logging out.


My name is Edgar Frost, I have 40 years of experience working in Information Technology. Starting with the mainframe, and also working with distributed technologies, LDAP, and Siteminder. My goal is to bring an Enterprise mindset to technology.
We will be happy to hear your thoughts

      Leave a reply