Can anyone make a suggestion for the best way to log connections and disconnections from Windows workstations to a Windows Server 2003 file share?
We're having some issues with workstations that have a drive mapped to a server that seem to work fine for awhile and then suddenly appear to get disconnected from the server (with files open). Needless to say this causes some data corruption and error messages.
It would help me to troubleshoot the problem if we could somehow monitor and log the session connections and disconnections, to attempt to correlate the connectivity issues with what actions the user is taking at the time and what the server is doing. I just haven't been able to find a way to do this. Specifically I'm talking about the same information that is displayed in the Computer Management control panel applet in the "System Tools|Shared Folders|Sessions" page.
Thanks!
One option would be to turn on File and\or Folder Access Auditing on the server so that when a user accesses a file an event is written to the event log. Then, for Windows Server 2003 you can use EventTriggers to run a script to do something (i.e. email you or write to an excel file or SQL DB) when the event you're looking for is triggered with pertinent info (like time\date, user, file, action etc).
Some key websites to do this:
If you want some script examples I can forward you some as well.
I don't think you're going to find anything that's going to be able to do this in real time, in a way that's going to be easily identifiable and analyzed. The closest I think you'll get is if you run a packet capture on the server and look for things like RST's, or look for established sessions that suddenly disappear or drop.