Session Recording

Verify component connections

During the setup of Session Recording, the components might not connect to other components. All the components communicate with the Session Recording Server (Broker). By default, the Broker (an IIS component) is secured using the IIS default website certificate. If one component cannot connect to the Session Recording Server, the other components might also fail when attempting to connect.

The Session Recording Agent and the Session Recording Server (Storage Manager and Broker) log connection errors in the applications event log in the Event Viewer of the machine hosting the Session Recording Server. The Session Recording Policy Console and The Session Recording Player display connection error messages on screen when they fail to connect.

Verify that the Session Recording Agent is connected

  1. Log on to the server where the Session Recording Agent is installed.
  2. From the Start menu, choose Session Recording Agent Properties.
  3. In Session Recording Agent Properties, click Connection.
  4. Verify that the correct FQDN is entered in the Session Recording Server field.
  5. Verify that the server given as the value for the Session Recording Server is accessible to your VDA for multi-session OS.

Note: Check the application event log for errors and warnings.

Verify that the Session Recording Server is connected

Caution:

Using Registry Editor can cause serious problems that might require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.**

  1. Log on to the machine hosting the Session Recording Server.
  2. Open the Registry Editor.
  3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.
  4. Verify that the SmAudDatabaseInstance value correctly references the Session Recording Database you installed on your SQL Server instance.

Verify that the Session Recording Database is connected

  1. Using a SQL Management tool, open your SQL instance that contains the Session Recording Database you installed.
  2. Open the Security permissions of the Session Recording Database.
  3. Verify that the Session Recording Computer Account has access to the database. For example, if the machine hosting the Session Recording Server is named SsRecSrv in the MIS domain, the computer account in your database must be configured as MIS\SsRecSrv$. This value is configured during the Session Recording Database installation.

Test IIS connectivity

Testing connections to the Session Recording Server IIS site by using a Web browser to access the Session Recording Broker webpage can help you determine whether problems with communication between Session Recording components stem from misconfigured protocol configuration, certification issues, or problems starting Session Recording Broker.

To verify IIS connectivity for the Session Recording Agent:

  1. Log on to the server where the Session Recording Agent is installed.
  2. Open a Web browser and type the following address:
    • For HTTPS: https://servername/SessionRecordingBroker/RecordPolicy.rem?wsdl, where servername is the name of the machine hosting the Session Recording Server.
    • For HTTP: http://servername/SessionRecordingBroker/RecordPolicy.rem?wsdl, where servername is the name of the machine hosting the Session Recording Server.
  3. If you are prompted for NT LAN Manager (NTLM) authentication, log on with a domain administrator account.

To verify IIS connectivity for the Session Recording Player:

  1. Log on to the workstation where the Session Recording Player is installed.
  2. Open a Web browser and type the following address:
    • For HTTPS: https://servername/SessionRecordingBroker/Player.rem?wsdl, where servername is the name of the machine hosting the Session Recording Server
    • For HTTP: http://servername/SessionRecordingBroker/Player.rem?wsdl, where servername is the name of the machine hosting the Session Recording Server
  3. If you are prompted for NT LAN Manager (NTLM) authentication, log on with a domain administrator account.

To verify IIS connectivity for the Session Recording Policy Console:

  1. Log on to the server where the Session Recording Policy Console is installed.
  2. Open a Web browser and type the following address:
    • For HTTPS: https://servername/SessionRecordingBroker/PolicyAdministration.rem?wsdl, where servername is the name of the machine hosting the Session Recording Server
    • For HTTP: http://servername/SessionRecordingBroker/PolicyAdministration.rem?wsdl, where servername is the name of the machine hosting the Session Recording Server
  3. If you are prompted for NT LAN Manager (NTLM) authentication, log on with a domain administrator account.

If you see an XML document within your browser, it verifies that the machine running the Session Recording Policy Console is connected to the machine hosting the Session Recording Server using the configured protocol.

Troubleshoot certificate issues

If you are using HTTPS as your communication protocol, the machine hosting the Session Recording Server must be configured with a server certificate. All component connections to the Session Recording Server must have root certificate authority (CA). Otherwise, attempted connections between the components fail.

You can test your certificates by accessing the Session Recording Broker webpage as you would when testing IIS connectivity. If you are able to access the XML page for each component, the certificates are configured correctly.

Here are some common ways certificate issues cause connections to fail:

  • Invalid or missing certificates. If the server running the Session Recording Agent does not have a root certificate to trust the server certificate and cannot trust and connect to the Session Recording Server over HTTPS, causing connectivity to fail, verify that all components trust the server certificate on the Session Recording Server.
  • Inconsistent naming. If the server certificate assigned to the machine hosting the Session Recording Server is created using an FQDN, all connecting components must use the FQDN when connecting to the Session Recording Server. If a NetBIOS name is used, configure the components with a NetBIOS name for the Session Recording Server.
  • Expired certificates. If a server certificate expired, connectivity to the Session Recording Server through HTTPS fails. Verify the server certificate assigned to the machine hosting the Session Recording Server is valid and has not expired. If the same certificate is used for the digital signing of session recordings, the event log of the machine hosting the Session Recording Server provides error messages that the certificate expired or warning messages when it is about to expire.
Verify component connections