Install, upgrade, and uninstall
Note:
To configure server high availability through load balancing, see Configure load balancing in an existing deployment and Deploy and load balance Session Recording in Azure.
To learn more about how to quickly set up and configure Citrix Session Recording and Citrix Session Recording service, see the Citrix Tech Zone article POC Guide: Citrix Session Recording.
You can install the Session Recording server and agent on an Azure AD joined machine and enable Azure AD support for them. Later when you configure various policies and playback permissions from the cloud, you can specify Azure AD users and groups who launch sessions from Azure AD joined machines. The Enable Azure AD support option is not available on the GUI when you install the Session Recording server using the Citrix Virtual Apps and Desktops installer.
This article contains the following sections:
Use Citrix scripts to install the Windows roles and features prerequisites
Install Session Recording using the Citrix Virtual Apps and Desktops installer
Install the Session Recording database on cloud SQL database services
Integrate with Citrix Analytics for Security
Installation checklist
Before you start the installation, complete this list:
✔ | Step |
---|---|
Select the machines on which you want to install each Session Recording component. Ensure that each computer meets the hardware and software requirements for the components to be installed on it. | |
Use your Citrix account credentials to access the Citrix Virtual Apps and Desktops download page and download the product ISO file. Unzip the ISO file or burn a DVD of it. | |
To use the TLS protocol for communication between the Session Recording components, install the correct certificates in your environment. | |
Install any hotfixes required for the Session Recording components. The hotfixes are available from the Citrix Support. | |
Configure the Citrix Director to create and activate the Session Recording policies. For more information, see Configure Director to use the Session Recording Server. |
Note:
- We recommend that you divide the published applications into separate Delivery Groups based on your recording policies. Session sharing for published applications can conflict with the active policy if the applications are in the same Delivery Group. Session Recording matches the active policy with the first published application that a user opens. Starting with the 7.18 release, you can use the dynamic session recording feature to start or stop recording sessions at any time during the sessions. This feature can help to mitigate the conflict issue with the active policy. For more information, see Dynamic session recording.
- If you are planning to use Machine Creation Services (MCS) or Provisioning Services, prepare a unique QMId. Failure to comply can cause recording data losses.
- SQL Server requires TCP/IP, running SQL Server Browser service, and enabled Windows Authentication.
- To use HTTPS, configure server certificates for TLS/HTTPS.
- Ensure that users under Local Users and Groups > Groups > Users have write permission to the
C:\windows\Temp
folder.
(Required only for msi installation) Use Citrix scripts to install the Windows roles and features prerequisites
For Session Recording to work properly, use the following Citrix scripts to install the necessary Windows roles and features prerequisites before installing Session Recording:
-
InstallPrereqsforSessionRecordingAdministration.ps1
<# .Synopsis Installs Prereqs for Session Recording Administration .Description Supports Windows Server 2025, Windows Server 2022, Windows Server 2019. Install below windows feature on this machine: -Application Development -Security - Windows Authentication -Management Tools - IIS 6 Management Compatibility IIS 6 Metabase Compatibility IIS 6 WMI Compatibility IIS 6 Scripting Tools IIS 6 Management Console -Microsoft Message Queuing (MSMQ), with Active Directory integration disabled, and MSMQ HTTP support enabled. #> function AddFeatures($featurename) { try { $feature=Get-WindowsFeature | ? {$_.DisplayName -eq $featurename -or $_.Name -eq $featurename} Add-WindowsFeature $feature } catch { Write-Host "Addition of Windows feature $featurename failed" Exit 1 } Write-Host "Addition of Windows feature $featurename succeeded" } $system= gwmi win32_operatingSystem | select name if (-not (($system -Like '*Microsoft Windows Server 2025*') -or ($system -Like '*Microsoft Windows Server 2022*') -or ($system -Like '*Microsoft Windows Server 2019*'))) { Write-Host("This is not a supported server platform. Installation aborted.") Exit } # Start to install Windows feature Import-Module ServerManager AddFeatures('Web-Asp-Net45') #ASP.NET 4.5 AddFeatures('Web-Mgmt-Console') #IIS Management Console AddFeatures('Web-Windows-Auth') # Windows Authentication AddFeatures('Web-Metabase') #IIS 6 Metabase Compatibility AddFeatures('Web-WMI') #IIS 6 WMI Compatibility AddFeatures('Web-Lgcy-Scripting')#IIS 6 Scripting Tools if (($system -Like '*Microsoft Windows Server 2022*') -or ($system -Like '*Microsoft Windows Server 2019*')) { AddFeatures('Web-Lgcy-Mgmt-Console') #IIS 6 Management Console } AddFeatures('MSMQ-HTTP-Support') #MSMQ HTTP Support AddFeatures('web-websockets') #IIS Web Sockets AddFeatures('NET-WCF-HTTP-Activation45') #http activate <!--NeedCopy-->
-
InstallPrereqsforSessionRecordingAgent.ps1
<# .Synopsis Installs Prereqs for Session Recording Agent .Description Supports Windows Server 2025, Windows Server 2022, Windows Server 2019, windows 11, and Windows 10. Install below windows feature on this machine: -Microsoft Message Queuing (MSMQ), with Active Directory integration disabled, and MSMQ HTTP support enabled. #> function AddFeatures($featurename) { try { $feature=Get-WindowsFeature | ? {$_.DisplayName -eq $featurename -or $_.Name -eq $featurename} Add-WindowsFeature $feature } catch { Write-Host "Addition of Windows feature $featurename failed" Exit 1 } Write-Host "Addition of Windows feature $featurename succeeded" } # Start to install Windows feature $system= gwmi win32_operatingSystem | select name if (-not (($system -Like '*Microsoft Windows Server 2025*') -or ($system -Like '*Microsoft Windows Server 2022*') -or ($system -Like '*Microsoft Windows Server 2019*') -or ($system -Like '*Microsoft Windows 11*') -or ($system -Like '*Microsoft Windows 10*'))) { Write-Host("This is not a supported platform. Installation aborted.") Exit } if ($system -Like '*Microsoft Windows Server*') { Import-Module ServerManager AddFeatures('MSMQ') #Message Queuing AddFeatures('MSMQ-HTTP-Support')#MSMQ HTTP Support } else { try { dism /online /enable-feature /featurename:MSMQ-HTTP /all } catch { Write-Host "Addition of Windows feature MSMQ HTTP Support failed" Exit 1 } write-Host "Addition of Windows feature MSMQ HTTP Support succeeded" } <!--NeedCopy-->
To install the Windows roles and features prerequisites, complete the following steps:
-
On the machine where you plan to install the Session Recording administration components:
-
Make sure that the execution policy is set to RemoteSigned or Unrestricted in PowerShell.
Set-ExecutionPolicy RemoteSigned <!--NeedCopy-->
-
Start a command prompt as an administrator and run the
powershell.exe -file InstallPrereqsforSessionRecordingAdministration.ps1
command.The script displays the features that are successfully added and then stops.
-
After the script runs, make sure that the execution policy is set to a proper value based on your company policy.
-
-
On the machine where you plan to install the Session Recording agent component:
-
Make sure that the execution policy is set to RemoteSigned or Unrestricted in PowerShell.
Set-ExecutionPolicy RemoteSigned <!--NeedCopy-->
-
Start a command prompt as an administrator and run the
powershell.exe -file InstallPrereqsforSessionRecordingAgent.ps1
command.The script displays the features that are successfully added and then stops.
-
After the script runs, make sure that the execution policy is set to a proper value based on company policy.
-
Install Session Recording using the Citrix Virtual Apps and Desktops installer
Citrix Session Recording comprises the following components:
- Session Recording Administration (including the Session Recording database, Session Recording server, and Session Recording policy console)
- Session Recording agent
- Session Recording player
- Session Recording web player
While installing all the components on a single server is acceptable for a proof of concept, we recommend installing them on separate servers as follows:
- Install the Microsoft SQL Server on Machine A.
-
Install the Session Recording server, Session Recording administrator logging, and Session Recording database on Machine B.
Note:
The Session Recording database isn’t an actual database. It is a component that creates and configures the required databases in the Microsoft SQL Server instance during installation.
Installing the Session Recording server lets you install the Session Recording web player automatically.
- Install the Session Recording policy console on Machine C.
- Install the Session Recording player on either Machine C or Machine D.
- Install the Session Recording agent on the VDA.
Install the Session Recording Administration components
Install the Session Recording agent
Install the Session Recording player
Install the Session Recording Administration components
Note:
Before installing the Session Recording Administration components on Windows Server where TLS 1.0 is disabled and the version of the .NET Framework is earlier than 4.6, complete the following steps:
- Install Microsoft OLE DB Driver for SQL Server.
Under the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
registry key, add theSchUseStrongCrypto
DWORD (32-bit) value and set the value data to 1.- Restart Windows Server.
For more information, see Transport Layer Security (TLS) best practices with the .NET Framework.
The Session Recording Administration components include the Session Recording database, Session Recording server, and Session Recording policy console. You can choose the component to install on a server.
Step 1: Download the product software and launch the wizard
- Use your Citrix account credentials to access the Citrix Virtual Apps and Desktops download page and download the product ISO file. Unzip the ISO file or burn a DVD of it.
- Use a local administrator account to log on to the machine where you are installing the Session Recording Administration components. Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.
The installation wizard launches.
Step 2: Choose which product to install
Click Start next to the product to install Citrix Virtual Apps or Citrix Virtual Desktops.
Step 3: Select Session Recording
Select the Session Recording entry.
Step 4: Read and accept the license agreement
On the Software License Agreement page, read the license agreement, accept it, and then click Next.
Step 5: Select the components to install and the installation location
On the Core Components page:
- Location: By default, components are installed in C:\Program Files\Citrix. The default location works for most deployments. You can specify a custom installation location.
- Component: By default, all the check boxes next to the components that can be installed are selected. The installer knows whether it is running on a single-session OS or a multi-session OS. It allows the Session Recording Administration components to be installed on a multi-session OS only. It allows the Session Recording agent to be installed only on a machine that has a VDA installed. If you install the Session Recording agent on a machine that has no VDA installed in advance, the Session Recording Agent option is unavailable.
Select Session Recording Administration and click Next.
Step 6: Select the features to install
On the Features page:
- By default, all the check boxes next to the features that can be installed are selected. Installing all these features on a single server is fine for a proof of concept. For a large production environment, install the Session Recording policy console on a separate server. Install the Session Recording server, administrator logging, and database on another separate server.
-
The Session Recording administrator logging is an optional subfeature of the Session Recording server. Select the Session Recording server before you can select the Session Recording administrator logging. The Session Recording database is a mandatory subfeature of the Session Recording server. When the Session Recording server is selected for installation, the Session Recording database is also selected automatically and cannot be unselected.
- If you select the Session Recording server, the Session Recording web player is installed too.
- To add features on the same server after you select and install features on it, you can only use the msi package. You cannot run the installer again.
-
Session Recording server
The Session Recording server is a server that hosts:
- The Broker. An IIS 6.0+ hosted Web application that serves the following purposes:
- Handling search queries and file download requests from the Session Recording player and web player.
- Handling policy administration requests from the Session Recording policy console.
- Evaluating recording policies for each Citrix Virtual Apps and Desktops or Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) session.
- The Storage Manager. A Windows service that manages the recorded session files received from each Session Recording-enabled VDA.
- Administrator Logging. An optional subcomponent installed with the Session Recording server to log the administration activities. All the logging data is stored in a separate SQL Server database named CitrixSessionRecordingLogging by default. You can customize the database name.
- The Broker. An IIS 6.0+ hosted Web application that serves the following purposes:
-
Session Recording database
-
The Session Recording database isn’t an actual database. It is a component that creates and configures the required databases in the Microsoft SQL Server instance during installation. Session Recording supports three solutions for database high availability based on Microsoft SQL Server. For more information, see Database high availability.
-
You can install the Session Recording database on the following cloud SQL database services:
- Azure SQL Database
- Azure SQL Managed Instance
- SQL Server on Azure Virtual Machines (VMs)
- AWS RDS
- Google Cloud SQL Server
-
-
Session Recording admin logging
We recommend that you install the Session Recording administrator logging together with the Session Recording server at the same time. If you don’t want the administrator logging feature to be enabled, you can disable it on a later page. However, if you choose not to install this feature at the beginning but want to add it later, you can only manually add it by using SessionRecordingAdministrationx64.msi.
-
Session Recording policy console
You can use the Session Recording policy console to configure policies.
Step 6.1: Install the Session Recording server, database, and administrator logging
As described earlier, the Session Recording database is a mandatory subfeature of the Session Recording server and we recommend that you install the Session Recording administrator logging together with the Session Recording server at the same time. Therefore, this section walks you through installing the three components on the same machine.
-
On the Features page, select Session Recording Server and Session Recording Administrator Logging. With Session Recording Server selected, Session Recording Database is also selected automatically. Click Next.
-
On the Database and Server Configuration page, specify the instance name and database name of the Session Recording database, enable SQL Server authentication as needed, and click Next.
Note:
Starting with 2411, in addition to SQL Server authentication, Session Recording supports Entra ID (formerly Azure Active Directory) authentication for cloud-based SQL databases including Azure SQL Database and Azure SQL Managed Instance. For more information, see Install the Session Recording database on Azure SQL Database and Install the Session Recording database on Azure SQL Managed Instance or on AWS RDS.
On the Database and Server Configuration page:
-
Enable SQL Server authentication: This option lets you connect to the Session Recording database using SQL Server authentication.
- Instance name: If the database instance isn’t a named instance, you can use only the computer name of the SQL Server. If you have named the instance during the instance setup, use computer-name\instance-name as the database instance name. To determine the server instance name that you are using, run select @@servername on the SQL Server. The return value is the exact database instance name. If your SQL server uses a custom port instead of the default 1433, append a comma and the custom port to the instance name. For example, type DXSBC-SRD-1,2433 in the Instance name text box, where 2433 denotes the custom port.
-
Database name: Type a custom database name in the Database name text box or use the default database name preset in the text box. Click Test connection to test the connectivity to the SQL Server instance and the validity of the database name.
Note:
The Session Recording server default installation uses HTTPS/TLS to secure communications. If TLS is not configured in the default Internet Information Services (IIS) site of the Session Recording server, use HTTP. To do so, cancel the selection of SSL in the IIS Management Console by navigating to the Session Recording Broker site, opening the SSL settings, and clearing the Require SSL check box.
Important:
A custom database name must contain only A-Z, a-z, 0–9, and underscores, and cannot exceed 123 characters.
You must have the securityadmin and dbcreator server role permissions of the SQL Server instance. If you do not have the permissions, you can:
- Ask the database administrator to assign the permissions for the installation. After the installation completes, the securityadmin and dbcreator server role permissions are no longer necessary and can be safely removed.
-
Or, use the SessionRecordingAdministrationx64.msi package under \x64\Session Recording on the Citrix Virtual Apps and Desktops ISO. During the msi installation, a dialog box prompts for the credentials of a database administrator with the securityadmin and dbcreator server role permissions. Type the correct credentials and then click OK to continue the installation.
The installation creates the Session Recording database and adds the machine account of the Session Recording server as db_owner.
-
-
On the Administration Logging Configuration page, specify configurations for the administration logging feature.
On the Administration Logging Configuration page:
-
The Administration Logging database is installed on the SQL Server instance: This text box is not editable. The SQL Server instance name of the Administration Logging database is automatically grabbed from the instance name that you typed on the Database and Server Configuration page. Starting with the 2411 release, you can install the Session Recording admin logging database on a separate instance from the Session Recording database. To do so, complete the following steps before installing them:
- Go to the machine where you are going to install the Session Recording server.
- Open the Registry Editor.
- Modify the registry:
- Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server
. - Add the
SmAudDatabaseLoggingState
DWORD (32-bit) value and set the value data to1
. - Add the
SmAudDatabaseLoggingInstance
value and set the value data to the instance name where you want to install the Session Recording admin logging database.
- Navigate to
Later when you install the databases, the Session Recording admin logging database is installed on the separate instance specified by the
SmAudDatabaseLoggingInstance
registry value. You must configure the same authentication mode for both databases (SQL Server authentication, Windows authentication, or Microsoft Entra ID authentication) and grant identical user permissions. -
Administrator Logging database name: To install the Session Recording administrator logging feature, type a custom database name for the administrator logging database in this text box or use the default database name CitrixSessionRecordingLogging that is preset in the text box.
Note:
The administrator logging database name must be different from the Session Recording database name that is set in the Database name text box on the previous Database and Server Configuration page.
- After typing the administrator logging database name, click Test connection to test the connectivity to the administrator logging database.
- Enable Administration Logging: By default, the administration logging feature is enabled. You can disable it by clearing the check box.
- Enable mandatory blocking: By default, mandatory blocking is enabled. The normal features might be blocked if logging fails. You can disable mandatory blocking by clearing the check box.
Click Next to continue the installation.
-
-
Review the prerequisites and confirm the installation.
The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.
-
Complete the installation.
The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.
Click Finish to complete the installation of the Session Recording server, database, and administrator logging.
Step 6.2: Install the Session Recording policy console
To install the Session Recording policy console, complete the following steps:
-
On the Features page, select Session Recording Policy Console and click Next.
-
Review the prerequisites and confirm the installation.
The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.
-
Complete the installation.
The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.
Click Finish to complete your installation of the Session Recording policy console.
Step 7: Install Broker_PowerShellSnapIn_x64.msi
Important:
To use the Session Recording policy console, install the Broker PowerShell Snap-in (
Broker_PowerShellSnapIn_x64.msi
) manually. Locate the snap-in on the Citrix Virtual Apps and Desktops ISO (\x64\Citrix Desktop Delivery Controller
) and follow the instructions for installing it. Failure to comply can cause an error.
Install the Session Recording agent
The Session Recording agent is a component installed on each VDA for multi-session OS or single-session OS to enable recording. It is responsible for recording session data.
Step 1: Download the product software and launch the wizard
Use a local administrator account to log on to the machine where you are installing the Session Recording agent. Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.
The installation wizard launches.
Step 2: Choose which product to install
Click Start next to the product to install Citrix Virtual Apps or Citrix Virtual Desktops.
Step 3: Select Session Recording
Select the Session Recording entry.
Step 4: Read and accept the license agreement
On the Software License Agreement page, read the license agreement, accept it, and then click Next
Step 5: Select the component to install and the installation location
Select Session Recording Agent and click Next.
Step 6: Specify the agent configuration
On the Agent Configuration page, complete the following settings:
- Type the computer name of the machine where you installed the Session Recording server and the protocol and port information for connecting to the Session Recording server. If you have not installed Session Recording yet, you can change such information later in Session Recording Agent Properties.
-
If you are installing the Session Recording agent on an Azure AD joined machine, select Enable Azure AD support. To fully enable Azure AD identity support for configuring playback permissions and various Session Recording policies from the cloud, complete the following steps and then restart the VDA:
Note:
Azure AD support is a preview feature. It is available with Session Recording version 2402 and later.
Preview features might not be fully localized and are recommended for use in non‑production environments. Citrix Technical Support doesn’t support issues found with preview features.
-
Use the MSI package to install the Session Recording server on an Azure AD joined machine as well. Select Enable Azure AD support during the MSI installation.
-
Go to the home page for the Full Configuration interface and enable the SessionRecordingSupportAAD and Send User Identity Info In Prepare Session toggles under the Preview features section. To access the home page for the Full Configuration interface, complete the following steps:
- Sign in to Citrix Cloud.
- In the upper left menu, select My Services > DaaS. By default, the home page for the Full Configuration interface appears.
-
Note:
There is a limitation with the test connection function of the installer. It does not support the “HTTPS requires TLS 1.2” scenario. If you use the installer in this scenario, the test connection fails but you can ignore the failure and click Next to continue the installation. It does not affect normal functioning.
Step 7: Review the prerequisites and confirm the installation
The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.
Step 8: Complete the installation
The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.
Click Finish to complete the installation of the Session Recording Agent.
Note:
When Machine Creation Services (MCS) or Citrix Provisioning creates multiple VDAs with a master image and Microsoft Message Queuing (MSMQ) installed, the VDAs might have the same QMId. The same QMId might cause various issues, for example:
- Sessions might not be recorded even if the recording agreement is accepted.
- The Session Recording Server might not be able to receive session logoff signals and therefore, sessions might always be in Live status.
As a workaround, create a unique QMId for each VDA and it differs depending on the deployment methods.
No extra actions are required if single-session OS VDAs with the Session Recording agent installed are created with PVS 7.7 or later and MCS 7.9 or later in the static desktop mode that is, for example, configured to make all changes persistent with a separate Personal vDisk or the local disk of your VDA.
For multi-session OS VDAs created with MCS or PVS and single-session OS VDAs that are configured to discard all changes when a user logs off, use the GenRandomQMID.ps1 script to change the QMId on system startup. Change the power management strategy to ensure that enough VDAs are running before user logon attempts.
To use the GenRandomQMID.ps1 script, do the following:
Ensure that the execution policy is set to RemoteSigned or Unrestricted in PowerShell.
Set-ExecutionPolicy RemoteSigned
Create a scheduled task, set the trigger as on system startup, and run with the SYSTEM account on the PVS or MCS master image machine.
Add the command as a startup task.
powershell .exe -file C:\\GenRandomQMID.ps1
Summary of the GenRandomQMID.ps1 script:
- Remove the current QMId from the registry.
- Add
SysPrep = 1
toHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters
.- Stop related services, including CitrixSmAudAgent and MSMQ.
- To generate a random QMId, start the services that stopped previously.
Example GENRANDOMQMID.PS1:
# Remove old QMId from registry and set SysPrep flag for MSMQ Remove-Itemproperty -Path HKLM:Software\Microsoft\MSMQ\Parameters\MachineCache -Name QMId -Force Set-ItemProperty -Path HKLM:Software\Microsoft\MSMQ\Parameters -Name "SysPrep" -Type DWord -Value 1 # Get dependent services $depServices = Get-Service -name MSMQ -dependentservices | Select -Property Name # Restart MSMQ to get a new QMId Restart-Service -force MSMQ # Start dependent services if ($depServices -ne $null) { foreach ($depService in $depServices) { $startMode = Get-WmiObject win32_service -filter "NAME = '$($depService.Name)'" | Select -Property StartMode if ($startMode.StartMode -eq "Auto") { Start-Service $depService.Name } } } <!--NeedCopy-->
Install the Session Recording player
The Session Recording player is a user interface that you access from a workstation to play recorded session files. Install the Session Recording player on the Session Recording server or on workstations in the domain.
Tip:
- Installing the Session Recording server lets you install the Session Recording web player automatically.
- Before or after you install the Session Recording player, install the Microsoft Visual C++ Redistributable package called VC_redist.x86.exe. You can find the package on the Citrix Virtual Apps and Desktops ISO under \Support\VcRedist.
Step 1: Download the product software and launch the wizard
Use a local administrator account to log on to the machine where you are installing the Session Recording player component. Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.
The installation wizard launches.
Step 2: Choose which product to install
Click Start next to the product to install Citrix Virtual Apps or Citrix Virtual Desktops.
Step 3: Select Session Recording
Select the Session Recording entry.
Step 4: Read and accept the license agreement
On the Software License Agreement page, read the license agreement, accept it, and then click Next.
Step 5: Select the component to install and the installation location
Select Session Recording Player and click Next.
Step 6: Review the prerequisites and confirm the installation
The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.
Step 7: Complete the installation
The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.
Click Finish to complete the installation of the Session Recording player.
Set the access control list (ACL) for Message Queuing (MSMQ)
After installing Session Recording, it is recommended to configure the ACL for MSMQ. For more information, see Security recommendations.
Automate installation
Session Recording supports silent installation with options.
Automate installation of the Session Recording Administration components
Install the complete set of the Session Recording Administration components by using a single command
For example, either of the following commands installs the complete set of the Session Recording Administration components and creates a log file to capture the installation information.
msiexec /i "c:\SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="WNBIO-SRD-1" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" DATABASEUSER="localhost" /q /l*vx "yourinstallationlog"
<!--NeedCopy-->
msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="DatabaseConnectionString" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" AZURESQLSERVICESUPPORT="1" DATABASEUSER="localhost" CLOUDDBSUPPORT="0" AZUREUSERNAME="SQLorEntraIDAdminName" AZUREPASSWORD="SQLorEntraIDAdminPassword" AADPASSWORD="1" SERVICEKEYAUTHENABLE="1" /qn+ /l*vx "yourinstallationlog"
<!--NeedCopy-->
Note:
You can find the
SessionRecordingAdministrationx64.msi
file on the Citrix Virtual Apps and Desktops ISO under\x64\Session Recording
.Regardless of the instance specified by
DATABASEINSTANCE
here, starting with the 2411 release, you can also choose to install the Session Recording admin logging database on a separate instance from the Session Recording database. To do so, complete the following steps before running either of the commands to install them:
- Go to the machine where you are going to install the Session Recording server.
- Open the Registry Editor.
- Modify the registry:
- Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server
.- Add the
SmAudDatabaseLoggingState
DWORD (32-bit) value and set the value data to1
.- Add the
SmAudDatabaseLoggingInstance
value and set the value data to the instance name where you want to install the Session Recording admin logging database.Later when you install the databases, the Session Recording admin logging database is installed on the separate instance specified by the
SmAudDatabaseLoggingInstance
registry value. You must configure the same authentication mode for both databases (SQL Server authentication, Windows authentication, or Microsoft Entra ID authentication) and grant identical user permissions.
Where:
- ADDLOCAL provides the features for you to select. You can select more than one option. SsRecServer is the Session Recording server. PolicyConsole is the Session Recording policy console. SsRecLogging is the Administrator Logging feature. StorageDatabase is the Session Recording database. Session Recording Administrator Logging is an optional subfeature of the Session Recording server. Select the Session Recording server before you can select Session Recording administrator logging.
-
DATABASEINSTANCE is the instance name of the Session Recording database. For example,
.\SQLEXPRESS,computer-name\SQLEXPRESS,computer-name
ortcp:srt-sql-support.public.ca7b16b60789.database.windows.net,3342
if you are using Azure SQL Managed Instance. As described earlier, you can install the Session Recording database and the Session Recording admin logging database on the same instance or separate instances. - DATABASENAME is the database name of the Session Recording database.
- LOGGINGDATABASENAME is the name of the administrator logging database.
-
AZURESQLSERVICESUPPORT determines whether SQL Server authentication is supported. To use SQL Server authentication, set it to
1
. - DATABASEUSER is the computer account of the Session Recording server.
- CLOUDDBSUPPORT determines whether Azure SQL Databases are supported.
-
AZUREUSERNAME is the SQL Server or Microsoft Entra ID administrator name. Starting with 2411, Session Recording supports Entra ID authentication for cloud-based SQL databases including Azure SQL Database and Azure SQL Managed Instance. To use Microsoft Entra ID authentication, complete the following steps:
- Make sure that Visual C++ Redistributable has been installed on the Session Recording server. Otherwise, download and install it from https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170.
- Make sure that the Microsoft ODBC Driver for SQL Server has been installed on the Session Recording server. Otherwise, download and install it from https://learn.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server?view=sql-server-ver16.
- Include the AADPASSWORD parameter and set it to 1 when running the database installation command.
- Create an Entra ID admin and grant it SQL Server administrative permissions. For more information, see the Microsoft documentation: https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-powershell.
- AZUREPASSWORD is the SQL Server or Microsoft Entra ID administrator password.
- AADPASSWORD determines whether Microsoft Entra ID authentication is supported. To use Microsoft Entra ID authentication, set it to 1.
- SERVICEKEYAUTHENABLE enables the service key authentication between the Session Recording agent and the Session Recording server. This parameter is required only when you want to enable Azure AD support and you must set it to 1. Otherwise, do not add this parameter.
- /q specifies quiet mode.
- /l*v specifies verbose logging.
- yourinstallationlog is the location of your installation log file.
Create a master image for deploying the Session Recording server
You might already have the Session Recording database and the administration logging database in place from an existing deployment. For such scenarios, you can now forego database checks when you are installing the Session Recording Administration components using SessionRecordingAdministrationx64.msi. You can create a master image for deploying the Session Recording server easily on many other machines. After deploying the Session Recording server on target machines using the master image, run a command on each machine to connect to the existing Session Recording database and administration logging database. This master image support facilitates deployment and minimizes the potential impact of human error. It applies only to fresh installations and consists of the following steps:
-
Start a command prompt and run a command similar to the following:
msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="sqlnotexists" DATABASENAME="CitrixSessionRecording2" LOGGINGDATABASENAME="CitrixSessionRecordingLogging2" DATABASEUSER="localhost" /q /l*vx "c:\WithLogging.log" IGNOREDBCHECK="True" <!--NeedCopy-->
This command installs the Session Recording Administration components without configuring and testing connectivity to the Session Recording database and the administration logging database.
Set the IGNOREDBCHECK parameter to True and use random values for DATABASEINSTANCE, DATABASENAME, and LOGGINGDATABASENAME.
-
Create a master image on the machine that you are operating.
-
Deploy the master image to other machines for deploying the Session Recording server.
-
On each of the machines, run commands similar to the following:
.\SsRecUtils.exe -modifydbconnectionpara DATABASEINSTANCE DATABASENAME LOGGINGDATABASENAME iisreset /noforce <!--NeedCopy-->
The commands connect the Session Recording server installed earlier to an existing Session Recording database and administration logging database.
You can find the
SsRecUtils.exe
file at\Citrix\SessionRecording\Server\bin\
. Set the DATABASEINSTANCE, DATABASENAME, and LOGGINGDATABASENAME parameters as needed.
Retain databases when uninstalling the Session Recording Administration components
With KEEPDB set to True, the following command retains the Session Recording database and the administration logging database when uninstalling the Session Recording Administration components:
msiexec /x "SessionRecordingAdministrationx64.msi" KEEPDB="True"
<!--NeedCopy-->
Automate installation of the Session Recording player and web player
For example, the following commands install the Session Recording player and web player, respectively.
msiexec /i "c:\SessionRecordingPlayer.msi" /q /l*\vx "yourinstallationlog"
<!--NeedCopy-->
msiexec /i "c:\SessionRecordingWebPlayer.msi" /q /l*vx "yourinstallationlog"
<!--NeedCopy-->
Note:
You can find
SessionRecordingPlayer.msi
on the Citrix Virtual Apps and Desktops ISO under\x86\Session Recording
.You can find
SessionRecordingWebPlayer.msi
on the Citrix Virtual Apps and Desktops ISO under\x64\Session Recording
.
Where:
- /q specifies quiet mode.
- /l*v specifies verbose logging.
- yourinstallationlog is the location of your installation log file.
Automate installation of the Session Recording agent
For example, the following command installs the Session Recording agent and creates a log file to capture the installation information.
msiexec /i SessionRecordingAgentx64.msi /q /l*vx yourinstallationlog SESSIONRECORDINGSERVERNAME=yourservername
SESSIONRECORDINGBROKERPROTOCOL=yourbrokerprotocol SESSIONRECORDINGBROKERPORT=yourbrokerport SESSIONRECORDINGAUTHENTICATION="Citrix Cloud" SESSIONRECORDINGRPC="Websocket" SESSIONRECORDINGIDP="IDP"
<!--NeedCopy-->
Note:
You can find
SessionRecordingAgentx64.msi
on the Citrix Virtual Apps and Desktops ISO under\x64\Session Recording
.
Where:
- yourservername is the NetBIOS name or FQDN of the machine hosting the Session Recording server. If not specified, this value defaults to localhost.
- yourbrokerprotocol is the HTTP or HTTPS that the Session Recording agent uses to communicate with the Session Recording Broker. If not specified, this value defaults to HTTPS.
- yourbrokerport is the port number that the Session Recording agent uses to communicate with the Session Recording Broker. If not specified, this value defaults to zero, which directs the Session Recording Agent to use the default port number for your selected protocol: 80 for HTTP or 443 for HTTPS.
- SESSIONRECORDINGAUTHENTICATION is the authentication type between the Session Recording agent and the Session Recording server. This parameter is required only when you want to enable Azure AD support. To enable Azure AD support, add this parameter and set it to Citrix Cloud.
- SESSIONRECORDINGRPC is the communication method between the Session Recording agent and the Session Recording server. This parameter is required only when you want to enable Azure AD support. To enable Azure AD support, add this parameter and set it to Websocket.
- SESSIONRECORDINGIDP specifies the identity type. This parameter is required only when you want to enable Azure AD support. To enable Azure AD support, add this parameter and set it to IDP.
- /q specifies quiet mode.
- /l*v specifies verbose logging.
- yourinstallationlog is the location of your installation log file.
Upgrade Session Recording
You can upgrade certain deployments to later versions without having to first set up new machines or sites. You can upgrade from the version of Session Recording included in the latest CU of XenApp and XenDesktop 7.6 LTSR, and from any later version, to the latest release of Session Recording.
Note:
When you upgrade Session Recording Administration from 7.6 to 7.13 or later and choose Modify in Session Recording Administration to add the administrator logging service, the SQL Server instance name does not appear on the Administrator Logging Configuration page. The following error message appears when you click Next: Database connection test failed. Please enter correct Database instance name. As a workaround, add the read permission for localhost users to the following SmartAuditor Server registry folder:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server
.You cannot upgrade from a Technical Preview version.
Requirements, preparation, and limitations
- Use the Session Recording installer’s graphical or command-line interface to upgrade the Session Recording components on the machine where you installed the components.
- Before any upgrade activity, back up the database named CitrixSessionRecording in the SQL Server instance. In this way, you can restore it if any issues are discovered after the database upgrade.
- In addition to being a domain user, you must be a local administrator on the machines where you are upgrading the Session Recording components.
- If the Session Recording server and Session Recording database aren’t installed on the same server, you must have the database role permission to upgrade the Session Recording database. Otherwise, you can:
- Ask the database administrator to assign the securityadmin and dbcreator server role permissions for the upgrade. After the upgrade completes, the securityadmin and dbcreator server role permissions are no longer necessary and can be safely removed.
- Or, use the SessionRecordingAdministrationx64.msi package to upgrade. During the msi upgrade, a dialog box prompts for the credentials of a database administrator who has the securityadmin and dbcreator server role permissions. Type the correct credentials and then click OK to continue the upgrade.
- You can choose not to upgrade all Session Recording agents at the same time. Session Recording agent 7.6.0 (and later) is compatible with the latest (current) release of the Session Recording server. However, some new features and bug fixes might not take effect.
- Any sessions started during the upgrade of the Session Recording server are not recorded.
- The Graphics Adjustment option in Session Recording agent Properties is enabled by default after a fresh installation or upgrade to keep compatible with the Desktop Composition Redirection mode. You can disable this option manually after a fresh installation or upgrade.
- The administrator logging feature is not installed after you upgrade Session Recording from a previous release where the feature is unavailable. To add the feature, modify the installation after the upgrade.
- If there are live recording sessions when the upgrade process starts, there is little chance that the recording can be complete.
- Review the following upgrade sequence, so that you can plan and mitigate potential outages.
Upgrade sequence
To upgrade an existing installation, go to each machine where a Session Recording component is installed and then run the Citrix Virtual Apps and Desktops ISO.
Tip:
Go to the Citrix Virtual Apps and Desktops download page to download the appropriate version of Citrix Virtual Apps and Desktops.
Upgrading an existing installation generally follows the following sequence:
-
Upgrade the Session Recording server component.
If there is more than one Session Recording server, first upgrade the one where the Session Recording database component is installed. After that, upgrade the rest Session Recording servers.
To do so, complete the following steps:
- Stop the Session Recording Storage Manager service manually on the Session Recording server.
- Through the Internet Information Services (IIS) Manager, ensure that the Session Recording Broker is running.
- Run the Citrix Virtual Apps and Desktops ISO and select the Session Recording entry to upgrade.
- The Session Recording service is back online automatically when the upgrade of the Session Recording server is completed.
- Upgrade the Session Recording agent (on the master image).
- Upgrade the Session Recording policy console with or after the Session Recording server.
- Upgrade the Session Recording player.
Install the Session Recording database on cloud SQL database services
This section describes how to install the Session Recording database on the following cloud SQL database services:
- Azure SQL Database
- Azure SQL Managed Instance
- SQL Server on Azure VMs
- AWS RDS
- Google Cloud SQL Server
Install the Session Recording database on Azure SQL Database
-
Create an Azure SQL Database.
- Sign in to the Azure portal using your Azure account.
- From the portal menu, select Create a resource.
- In the portal search box, enter SQL database.
- From the list of search results, select SQL databases.
- Click Create to create an Azure SQL Database.
-
In the Create SQL Database section, provide the following information:
- Subscription: Select the Azure subscription that you want.
- Resource Group: Select Create new or choose an existing resource group.
- Database Name: A unique name is required.
-
Server: Select Create new, and fill out the New Server form with the following values:
- Server name: Enter a unique name. Server names must be globally unique for all servers in Azure.
- Location: Select a location from the drop-down list.
- Authentication method: Select Use SQL authentication, Entra ID authentication, or both.
- Server admin login: Enter a SQL Server or Microsoft Entra ID administrator name. Starting with 2411, Session Recording supports Entra ID authentication for cloud-based SQL databases including Azure SQL Database and Azure SQL Managed Instance. For more information about Microsoft Entra ID authentication, see the command parameter descriptions in this article.
- Password: Enter a SQL Server or Microsoft Entra ID administrator password that meets requirements and enter it again in the Confirm password field.
- Select OK.
After providing the preceding information, click Review + Create. Click the Create button to complete the Azure SQL Database.
- Repeat Step 1 to create a different Azure SQL Database on the same Server.
- Get the server connection string for the created Azure SQL Databases.
- In the Azure portal, search for and click either of the Azure SQL Databases that you have created.
- Click Connection strings from the left navigation.
- Keep a record of the Server string that is to be used as the instance name of the Session Recording database and the Session Recording logging database later.
-
Run a command similar to the following to install the Session Recording database on the Azure SQL Database that you have created earlier.
Note:
On Azure SQL Database, installation of the Session Recording database can be done only by running a command similar to the following.
msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="DatabaseConnectionString" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" AZURESQLSERVICESUPPORT="1" DATABASEUSER="localhost" CLOUDDBSUPPORT="0" AZUREUSERNAME="SQLorEntraIDAdminName" AZUREPASSWORD="SQLorEntraIDAdminPassword" AADPASSWORD="1" /qn+ /l*vx "yourinstallationlog"
Where:
- ADDLOCAL provides the features for you to select. You can select more than one option. SsRecServer is the Session Recording server. PolicyConsole is the Session Recording policy console. SsRecLogging is the Administrator Logging feature. StorageDatabase is the Session Recording database. Session Recording Administrator Logging is an optional subfeature of the Session Recording server. Select the Session Recording server before you can select Session Recording administrator logging.
- DATABASEINSTANCE is the instance name of the Session Recording database, which is specified by the Azure SQL Database connection string.
- DATABASENAME is the database name of the Session Recording database.
- LOGGINGDATABASENAME is the name of the administrator logging database.
- AZURESQLSERVICESUPPORT determines whether SQL Server authentication is supported. To use SQL Server authentication, set it to 1.
- CLOUDDBSUPPORT determines whether Azure SQL Databases are supported.
- DATABASEUSER is the computer account of the Session Recording server.
-
AZUREUSERNAME is the SQL Server or Microsoft Entra ID administrator name. Starting with 2411, Session Recording supports Entra ID authentication for cloud-based SQL databases including Azure SQL Database and Azure SQL Managed Instance. To use Microsoft Entra ID authentication, complete the following steps:
- Make sure that Visual C++ Redistributable has been installed on the Session Recording server. Otherwise, download and install it from https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170.
- Make sure that the Microsoft ODBC Driver for SQL Server has been installed on the Session Recording server. Otherwise, download and install it from https://learn.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server?view=sql-server-ver16.
- Include the AADPASSWORD parameter and set it to 1 when running the database installation command.
- Create an Entra ID admin and grant it SQL Server administrative permissions. For more information, see the Microsoft documentation: https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-powershell.
- AZUREPASSWORD is the SQL Server or Microsoft Entra ID administrator password.
- AADPASSWORD determines whether Microsoft Entra ID authentication is supported. To use Microsoft Entra ID authentication, set it to 1.
- /q specifies quiet mode.
- /l*v specifies verbose logging.
- yourinstallationlog is the location of your installation log file.
Install the Session Recording database on Azure SQL Managed Instance or on AWS RDS
Tip:
On Azure SQL Managed Instance and on AWS RDS, you can install the Session Recording database by:
Double-clicking and running the SessionRecordingAdministrationx64.msi package.
Running a command similar to the following:
msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="DatabaseConnectionString "DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" AZURESQLSERVICESUPPORT="1" CLOUDDBSUPPORT="1" AZUREUSERNAME="SQLorEntraIDAdminName" AZUREPASSWORD="SQLorEntraIDAdminPassword" AADPASSWORD="1"/qn+ /l*vx "yourinstallationlog" <!--NeedCopy-->
-
Create an Azure SQL Managed instance or create a SQL Server instance through the Amazon RDS console.
-
(For Azure SQL only) Keep a record of the Server strings that appear in the properties panel. The strings are the instance name of the Session Recording database. For an example, see the following screen capture.
-
(For AWS RDS only) Keep a record of the Endpoint and Port information. We use it as the instance name of your database, in the format of <Endpoint, Port>.
-
Run SessionRecordingAdministrationx64.msi to install the Session Recording database.
Select the Enable SQL Server authentication check box and fill in the SQL Server administrator name and password. Make other required configurations.
Note:
-
If you change the SQL Server administrator password, you must update the password in Session Recording Server Properties. When you open Session Recording Server Properties, an error message appears. Click OK to proceed, select the Cloud DB tab, and type the new SQL Server administrator password. Restart the Citrix Session Recording Analytics service, the Citrix Session Recording Storage Manager service, and the IIS service.
-
In addition to SQL Server authentication, Session Recording supports Entra ID (formerly Azure Active Directory) authentication for cloud-based SQL databases, including Azure SQL Database and Azure SQL Managed Instance. To use Microsoft Entra ID authentication, install the database through the command line and follow the instructions described earlier in this article.
-
Azure AD authentication is not supported.
-
Migrate an on-premises database to cloud SQL Managed Instance
-
Migrate your on-premises database according to https://docs.microsoft.com/en-us/data-migration/ or https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/migrate-an-on-premises-microsoft-sql-server-database-to-amazon-rds-for-sql-server.html.
-
To make Session Recording work properly after the migration, run SsRecUtils.exe on the Session Recording server.
C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -modifyazuredbconnectionpara {Database Instance} {Session Recording Database Name} {Session Recording Logging Database Name} {AzureAdminName}{AzureAdminPassword} iisreset /noforce
-
On the Session Recording server, restart the Citrix Session Recording Analytics service, the Citrix Session Recording Storage Manager service, and the IIS service.
Migrate a production database from Azure SQL Managed Instance to an on-premises database
-
Migrate the database according to https://docs.microsoft.com/en-us/data-migration/.
-
To make Session Recording work properly after the migration, run SsRecUtils.exe on the Session Recording server.
C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -modifydbconnectionpara {Database Instance} {Session Recording Database Name} {Session Recording Logging Database Name} iisreset /noforce
-
On the Session Recording server, restart the Citrix Session Recording Analytics service, the Citrix Session Recording Storage Manager service, and the IIS service.
Install the Session Recording database on SQL Server on Azure VMs
On SQL Server on Azure VMs, you can install the Session Recording database by double-clicking and running the SessionRecordingAdministrationx64.msi package or by using the Citrix Virtual Apps and Desktops installer.
- Check out an Azure SQL VM.
- Configure the VM and add it to the domain where you install the Session Recording components.
- Use the VM’s FQDN as the instance name during the installation of the Session Recording database. Note: If you are using SessionRecordingAdministrationx64.msi for the installation, clear the Enable SQL Server authentication check box.
- Follow the installation user interface to complete installing the Session Recording database.
Install the Session Recording database on Google Cloud SQL Server
Tip:
On Google Cloud SQL Server, installation of the Session Recording database can be done by running a command similar to the following or by double-clicking and running the SessionRecordingAdministrationx64.msi package. For a description of the command parameters, see the preceding Automate installation section in this article.
msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="CloudSQL" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" AZURESQLSERVICESUPPORT="1" AZUREUSERNAME="CloudSQLAdminName" AZUREPASSWORD="CloudSQLAdminPassword" /q /l*vx "c:\WithLogging.log" <!--NeedCopy-->
This section details the installation method by using SessionRecordingAdministrationx64.msi that you can find on the Citrix Virtual Apps and Desktops ISO under \x64\Session Recording.
-
Create a SQL Server instance in Google Cloud.
- Go to the Google Cloud console and open the SQL instances page.
-
Click CREATE INSTANCE. For example:
-
Choose SQL Server as your database engine.
-
Fill in the Instance ID field and enter a password for the user. Keep a record of the password. Select a SQL Server version for your instance. Do other configurations as needed. For example:
-
Assign the instance a public IP address and set an authorized network that can connect to the instance. In the Network field, enter the IP address of the machine where the Session Recording server is installed. For example:
-
Click CREATE INSTANCE and wait for a few minutes.
-
On the page of the newly created instance, find the public IP address and keep a record of it.
-
Run SessionRecordingAdministrationx64.msi to install the Session Recording database.
On the following page during the installation, make the following configurations:
- Select the Enable SQL Server authentication check box.
- In the Instance name field, enter the public IP address of the SQL Server instance that you created earlier.
- Fill in the SQL Server administrator name and password.
Uninstall Session Recording
To remove the Session Recording components from a server or workstation, use the uninstall or remove programs option available from the Windows Control Panel. To remove the Session Recording database, you must have the same securityadmin and dbcreator SQL Server role permissions as when you installed it.
For security reasons, the administrator logging database is not removed after the components are uninstalled.
Integrate with Citrix Analytics for Security
You can configure Session Recording servers to send user events to Citrix Analytics for Security, which processes the user events to provide actionable insights into user behaviors.
Prerequisites
Before you begin, ensure the following:
-
The Session Recording server must be able to connect to the following addresses:
-
The Session Recording deployment must have port 443 open for outbound internet connections. Any proxy servers on the network must allow this communication with Citrix Analytics for Security.
-
If you are using Citrix Virtual Apps and Desktops 7 1912 LTSR, the supported Session Recording version is 2103 or later.
Connect your Session Recording server to Citrix Analytics for Security
-
Sign in to Citrix Cloud.
-
Find Citrix Analytics for Security and click Manage.
-
From the top bar, click Settings > Data Sources.
-
On the Virtual Apps and Desktops- Session Recording site card, click Connect Session Recording server.
-
On the Connect Session Recording Server page, review the checklist, and select all the mandatory requirements. If you do not select a mandatory requirement, the Download File option is disabled.
-
If you have proxy servers in your network, enter the proxy address in the SsRecStorageManager.exe.config file in your Session Recording server.
You can find the configuration file at
<Session Recording server installation path>\bin\SsRecStorageManager.exe.config
For example:
C:\Program Files\Citrix\SessionRecording\Server\Bin\SsRecStorageManager.exe.config
-
Click Download File to download the SessionRecordingConfigurationFile.json file.
Note:
The file contains sensitive information. Keep the file in a safe and secure location.
-
Copy the file to the Session Recording server that you want to connect to Citrix Analytics for Security.
-
If you have multiple Session Recording servers in your deployment, you must copy the file in each server that you want to connect and follow the steps to configure each server.
-
On the Session Recording server, run the following command to import the settings:
<Session Recording server installation path>\bin\SsRecUtils.exe -Import_SRCasConfigurations <configuration file path> <!--NeedCopy-->
For example:
C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -Import_SRCasConfigurations C:\Users\administrator\Downloads\SessionRecordingConfigurationFile.json <!--NeedCopy-->
-
Restart the following services:
-
Citrix Session Recording Analytics Service
-
Citrix Session Recording Storage Manager
-
-
After configuration is successful, go to Citrix Analytics for Security to view the connected Session Recording server. Click Turn On Data Processing to allow Citrix Analytics for Security to process the data.
Note:
If you are using Session Recording server version 2103 or 2104, you must first launch a Virtual Apps and Desktops session to view the connected Session Recording server on Citrix Analytics for Security. Otherwise the connected Session Recording server fails to get displayed. This requirement is not applicable for Session Recording server version 2106 and later.
View the connected deployments
The server deployments appear on the Session Recording site card only if the configuration is successful. The site card shows the number of configured servers that have established connections with Citrix Analytics for Security.
If you don’t see your Session Recording servers even after the configuration was successful, refer to the troubleshooting section at Configured Session Recording server fails to connect.
On the site card, click the number of deployments to view the connected server groups with Citrix Analytics for Security. For example, click 1 Session Recording Deployment to view the connected server or server groups. Each Session Recording server is represented by a base URL and a ServerGroupID.
View received events
The site card displays the connected Session Recording deployments and the events received from these deployments for the last one hour, which is the default time selection. You can also select 1 week (1 W) and view the data. Click the number of received events to view the events on the self-service search page.
After you have enabled data processing, the site card might display the No data received status. This status appears for two reasons:
-
If you have turned on data processing for the first time, the events take some time to reach the event hub in Citrix Analytics. When Citrix Analytics receives the events, the status changes to Data processing on. If the status does not change after some time, refresh the Data Sources page.
-
Citrix Analytics has not received any events from the data source in the last one hour.
Add Session Recording servers
To add a Session Recording server, do one of the following:
-
On the Connected Session Recording Deployments page, click Connect to Session recording server.
-
On the Virtual Apps and Desktops- Session Recording site card, click the vertical ellipsis (⋮) and then select Connect Session Recording server.
Follow the steps to download the configuration file and configure a Session Recording server.
Remove Session Recording servers
To remove a Session Recording server:
-
On Citrix Analytics for Security, go to the Connected Session Recording Deployments page and select the server deployment that you want to remove.
-
Click the vertical ellipses (⋮) and select Remove Session Recording server from Analytics.
-
On the Session Recording server that you have removed from Citrix Analytics, run the following command:
<Session Recording server installation path>\bin\SsRecUtils.exe -Remove_SRCasConfigurations <!--NeedCopy-->
For example:
C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -Remove_SRCasConfigurations <!--NeedCopy-->
Turn on or off data processing on the data source
You can stop the data processing at any time for a particular data source- Director and Workspace app. On the data source site card, click the vertical ellipsis (⋮) and then select Turn off data processing. Citrix Analytics stops processing data for that data source. You can also stop the data processing from the Virtual Apps and Desktops site card. This option applies to both data sources- Director and Workspace app. To enable data processing again, click Turn On Data Processing.
Configured Session Recording server fails to connect
Your Session Recording server fails to connect to Citrix Analytics after configuration. Therefore, you don’t see the configured server on the Session Recording site card.
To troubleshoot this issue, do the following:
-
On your configured Session Recording server, run the following PowerShell command to check the Client Machine Identification (CMID):
Get-WmiObject -class SoftwareLicensingService | select Clientmachineid <!--NeedCopy-->
-
If CMID is empty, add the following registry files in the specified paths:
Registry name Registry path Key type Value AuditorUniqueID
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server\
String Enter your UUID. EnableCASUseAuditorUniqueID
Computer/HKEY_LOCAL_MACHINE/SOFTWARE/Citrix/SmartAuditor/Server/
REG_DWORD 1 -
Restart the following services:
-
Citrix Session Recording Analytics Service
-
Citrix Session Recording Storage Manager
-
In this article
- Installation checklist
- (Required only for msi installation) Use Citrix scripts to install the Windows roles and features prerequisites
- Install Session Recording using the Citrix Virtual Apps and Desktops installer
- Set the access control list (ACL) for Message Queuing (MSMQ)
- Automate installation
- Upgrade Session Recording
-
Install the Session Recording database on cloud SQL database services
- Install the Session Recording database on Azure SQL Database
- Install the Session Recording database on Azure SQL Managed Instance or on AWS RDS
- Migrate an on-premises database to cloud SQL Managed Instance
- Migrate a production database from Azure SQL Managed Instance to an on-premises database
- Install the Session Recording database on SQL Server on Azure VMs
- Install the Session Recording database on Google Cloud SQL Server
- Uninstall Session Recording
-
Integrate with Citrix Analytics for Security
- Prerequisites
- Connect your Session Recording server to Citrix Analytics for Security
- View the connected deployments
- View received events
- Add Session Recording servers
- Remove Session Recording servers
- Turn on or off data processing on the data source
- Configured Session Recording server fails to connect