Session Recording

Agent cannot connect to the Server

When the Session Recording Agent cannot connect to the Session Recording Server, the Exception caught while sending poll messages to Session Recording Broker event message is logged, followed by the exception text. The exception text provides reasons why the connection failed. The reasons include:

  • The underlying connection was closed. Could not establish a trust relationship for the SSL/TLS secure channel. This exception means that the Session Recording Server is using a certificate signed by a CA that the server hosting the Session Recording Agent does not trust or the server hosting the Session Recording Agent does not have a CA certificate. Alternatively, the certificate might have expired or been revoked.

    Solution: Verify that the correct CA certificate is installed on the server hosting the Session Recording Agent or use a CA that is trusted.

  • The remote server returned an error: (403) forbidden. This standard HTTPS error occurs when you attempt to connect using HTTP that is unsecure. The machine hosting the Session Recording Server rejects the connection because it accepts only secure connections.

    Solution: Use Session Recording Agent Properties to change the Session Recording Broker protocol to HTTPS.

  • The Session Recording Broker returned an unknown error while evaluating a record policy query. Error code 5 (Access Denied). For more information, see the Event log on the Session Recording Server. This error occurs when sessions are started and a request for a record policy evaluation is made. The error is a result of the Authenticated Users group (the default member) being removed from the Policy Query role of the Session Recording Authorization Console.

    Solution: Add the Authenticated Users group back to this role, or add each server hosting each Session Recording Agent to the PolicyQuery role.

  • The underlying connection was closed. A connection that was expected to be kept alive was closed by the server. This error means that the Session Recording Server is down or unavailable to accept requests. The IIS might be offline or restarted, or the entire server might be offline.

    Solution: Verify that the Session Recording Server is started, IIS is running on the server, and the server is connected to the network.

  • The remote server returned an error: 401 (Unauthorized). This error manifests itself in the following ways:

    • On startup of the Session Recording Agent Service, an error describing the 401 error is recorded in the event log.
    • Policy query fails on the Session Recording Agent.
    • Session recordings are not captured on the Session Recording Agent.

    Solution: Ensure that the NT AUTHORITY\Authenticated Users group is a member of the local Users group on the Session Recording Agent. Image of local users group

Agent cannot connect to the Server