Q: Is there a way to look at all the previous connections to my Remote Desktop Services Gateway?
A: Each connection via Remote Desktop Services (RDS) Gateway will result in a number of logs in \Applications and Services Logs\Microsoft\Windows\TerminalServices-Gateway\Operational. A 302 log is generated at connection time; the most interesting log is 303—which shows details of the connection, including the amount of data transferred, the duration of the connection, and the protocol used. Collecting the 303 logs is a good way to gain insight. The following is an example of a 303 log.
Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational Source: Microsoft-Windows-TerminalServices-Gateway Date: 1/23/2014 12:35:46 PM Event ID: 303 Task Category: (3) Level: Information Keywords: (16777216) User: NETWORK SERVICE Computer: savdalrdsgw Description: The user "SAVILLTECH\Administrator", on client computer "x.x.x.x", disconnected from the following network resource: "savdalrds01". Before the user disconnected, the client transferred 1394115 bytes and received 22817836 bytes. The client session duration was 1779 seconds. Connection protocol used: "HTTP".
Behind the scenes in Windows Server 2012 are multiple connections (two UDP and two HTTP—which are reported as one). The HTTP connection gives you the correct data because it's the first connection created and is present throughout the entire connection.