Session Recording

Install, upgrade, and uninstall

Note:

To configure server high availability through load balancing, see Configure load balancing in an existing deployment and Deploy and load balance Session Recording in Azure.

To learn more about how to quickly set up and configure Citrix Session Recording and Citrix Session Recording service, see the Citrix Tech Zone article POC Guide: Citrix Session Recording.

You can install the Session Recording server and agent on an Azure AD joined machine and enable Azure AD support for them. Later when you configure various policies and playback permissions from the cloud, you can specify Azure AD users and groups who launch sessions from Azure AD joined machines. The Enable Azure AD support option is not available on the GUI when you install the Session Recording server using the Citrix Virtual Apps and Desktops installer.

This article contains the following sections:

Installation checklist

Use Citrix scripts to install the Windows roles and features prerequisites

Install Session Recording using the Citrix Virtual Apps and Desktops installer

Automate installation

Install the Session Recording database on cloud SQL database services

Upgrade Session Recording

Uninstall Session Recording

Integrate with Citrix Analytics for Security

Installation checklist

Before you start the installation, complete this list:

Step
  Select the machines on which you want to install each Session Recording component. Ensure that each computer meets the hardware and software requirements for the components to be installed on it.
  Use your Citrix account credentials to access the Citrix Virtual Apps and Desktops download page and download the product ISO file. Unzip the ISO file or burn a DVD of it.
  To use the TLS protocol for communication between the Session Recording components, install the correct certificates in your environment.
  Install any hotfixes required for the Session Recording components. The hotfixes are available from the Citrix Support.
  Configure the Citrix Director to create and activate the Session Recording policies. For more information, see Configure Director to use the Session Recording Server.

Note:

  • We recommend that you divide the published applications into separate Delivery Groups based on your recording policies. Session sharing for published applications can conflict with the active policy if the applications are in the same Delivery Group. Session Recording matches the active policy with the first published application that a user opens. Starting with the 7.18 release, you can use the dynamic session recording feature to start or stop recording sessions at any time during the sessions. This feature can help to mitigate the conflict issue with the active policy. For more information, see Dynamic session recording.
  • If you are planning to use Machine Creation Services (MCS) or Provisioning Services, prepare a unique QMId. Failure to comply can cause recording data losses.
  • SQL Server requires TCP/IP, running SQL Server Browser service, and enabled Windows Authentication.
  • To use HTTPS, configure server certificates for TLS/HTTPS.
  • Ensure that users under Local Users and Groups > Groups > Users have write permission to the C:\windows\Temp folder.

(Required only for msi installation) Use Citrix scripts to install the Windows roles and features prerequisites

For Session Recording to work properly, use the following Citrix scripts to install the necessary Windows roles and features prerequisites before installing Session Recording:

  • InstallPrereqsforSessionRecordingAdministration.ps1

     <#
     .Synopsis
         Installs Prereqs for Session Recording Administration
     .Description
         Supports Windows Server 2025, Windows Server 2022, Windows Server 2019.
         Install below windows feature on this machine:
         -Application Development
         -Security - Windows Authentication
         -Management Tools - IIS 6 Management Compatibility
             IIS 6 Metabase Compatibility
             IIS 6 WMI Compatibility
             IIS 6 Scripting Tools
             IIS 6 Management Console
         -Microsoft Message Queuing (MSMQ), with Active Directory integration disabled, and MSMQ HTTP support enabled.
     #>
     function AddFeatures($featurename)
     {
         try
         {
             $feature=Get-WindowsFeature | ? {$_.DisplayName -eq $featurename -or $_.Name -eq $featurename}
             Add-WindowsFeature $feature
         }
         catch
         {
             Write-Host "Addition of Windows feature $featurename failed"
             Exit 1
         }
         Write-Host "Addition of Windows feature $featurename succeeded"
     }
    
     $system= gwmi win32_operatingSystem | select name
    
     if (-not (($system -Like '*Microsoft Windows Server 2025*') -or ($system -Like '*Microsoft Windows Server 2022*') -or ($system -Like '*Microsoft Windows Server 2019*')))
     {
         Write-Host("This is not a supported server platform. Installation aborted.")
         Exit
     }
    
     # Start to install Windows feature
     Import-Module ServerManager
    
     AddFeatures('Web-Asp-Net45') #ASP.NET 4.5
     AddFeatures('Web-Mgmt-Console') #IIS Management Console
     AddFeatures('Web-Windows-Auth') # Windows Authentication
     AddFeatures('Web-Metabase') #IIS 6 Metabase Compatibility
     AddFeatures('Web-WMI') #IIS 6 WMI Compatibility
     AddFeatures('Web-Lgcy-Scripting')#IIS 6 Scripting Tools
     if (($system -Like '*Microsoft Windows Server 2022*') -or ($system -Like '*Microsoft Windows Server 2019*'))
     {
         AddFeatures('Web-Lgcy-Mgmt-Console') #IIS 6 Management Console
     }
    
     AddFeatures('MSMQ-HTTP-Support') #MSMQ HTTP Support
     AddFeatures('web-websockets') #IIS Web Sockets
     AddFeatures('NET-WCF-HTTP-Activation45') #http activate
     <!--NeedCopy-->
    
  • InstallPrereqsforSessionRecordingAgent.ps1

     <#
     .Synopsis
         Installs Prereqs for Session Recording Agent
     .Description
         Supports  Windows Server 2025, Windows Server 2022, Windows Server 2019, windows 11, and Windows 10.
         Install below windows feature on this machine:
         -Microsoft Message Queuing (MSMQ), with Active Directory integration disabled, and MSMQ HTTP support enabled.
     #>
     function AddFeatures($featurename)
     {
         try
         {
             $feature=Get-WindowsFeature | ? {$_.DisplayName -eq $featurename -or $_.Name -eq $featurename}
             Add-WindowsFeature $feature
         }
         catch
         {
             Write-Host "Addition of Windows feature $featurename failed"
             Exit 1
         }
         Write-Host "Addition of Windows feature $featurename succeeded"
     }
    
     # Start to install Windows feature
     $system= gwmi win32_operatingSystem | select name
    
     if (-not (($system -Like '*Microsoft Windows Server 2025*') -or ($system -Like '*Microsoft Windows Server 2022*') -or ($system -Like '*Microsoft Windows Server 2019*') -or ($system -Like '*Microsoft Windows 11*') -or ($system -Like '*Microsoft Windows 10*')))
     {
         Write-Host("This is not a supported platform. Installation aborted.")
         Exit
     }
    
     if ($system -Like '*Microsoft Windows Server*')
     {
         Import-Module ServerManager
         AddFeatures('MSMQ') #Message Queuing
         AddFeatures('MSMQ-HTTP-Support')#MSMQ HTTP Support
     }
     else
     {
         try
         {
             dism /online /enable-feature /featurename:MSMQ-HTTP /all
         }
         catch
         {
             Write-Host "Addition of Windows feature MSMQ HTTP Support failed"
             Exit 1
         }
         write-Host "Addition of Windows feature MSMQ HTTP Support succeeded"
     }
     <!--NeedCopy-->
    

To install the Windows roles and features prerequisites, complete the following steps:

  1. On the machine where you plan to install the Session Recording administration components:

    1. Make sure that the execution policy is set to RemoteSigned or Unrestricted in PowerShell.

      Set-ExecutionPolicy RemoteSigned
      <!--NeedCopy-->
      
    2. Start a command prompt as an administrator and run the powershell.exe -file InstallPrereqsforSessionRecordingAdministration.ps1 command.

      The script displays the features that are successfully added and then stops.

    3. After the script runs, make sure that the execution policy is set to a proper value based on your company policy.

  2. On the machine where you plan to install the Session Recording agent component:

    1. Make sure that the execution policy is set to RemoteSigned or Unrestricted in PowerShell.

      Set-ExecutionPolicy RemoteSigned
      <!--NeedCopy-->
      
    2. Start a command prompt as an administrator and run the powershell.exe -file InstallPrereqsforSessionRecordingAgent.ps1 command.

      The script displays the features that are successfully added and then stops.

    3. After the script runs, make sure that the execution policy is set to a proper value based on company policy.

Install Session Recording using the Citrix Virtual Apps and Desktops installer

Citrix Session Recording comprises the following components:

  • Session Recording Administration (including the Session Recording database, Session Recording server, and Session Recording policy console)
  • Session Recording agent
  • Session Recording player
  • Session Recording web player

While installing all the components on a single server is acceptable for a proof of concept, we recommend installing them on separate servers as follows:

  • Install the Microsoft SQL Server on Machine A.
  • Install the Session Recording server, Session Recording administrator logging, and Session Recording database on Machine B.

    Note:

    The Session Recording database isn’t an actual database. It is a component that creates and configures the required databases in the Microsoft SQL Server instance during installation.

    Installing the Session Recording server lets you install the Session Recording web player automatically.

  • Install the Session Recording policy console on Machine C.
  • Install the Session Recording player on either Machine C or Machine D.
  • Install the Session Recording agent on the VDA.

Install the Session Recording Administration components

Install the Session Recording agent

Install the Session Recording player

Install the Session Recording Administration components

Note:

Before installing the Session Recording Administration components on Windows Server where TLS 1.0 is disabled and the version of the .NET Framework is earlier than 4.6, complete the following steps:

  1. Install Microsoft OLE DB Driver for SQL Server.
  2. Under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 registry key, add the SchUseStrongCrypto DWORD (32-bit) value and set the value data to 1.

  3. Restart Windows Server.

For more information, see Transport Layer Security (TLS) best practices with the .NET Framework.

The Session Recording Administration components include the Session Recording database, Session Recording server, and Session Recording policy console. You can choose the component to install on a server.

Step 1: Download the product software and launch the wizard

  1. Use your Citrix account credentials to access the Citrix Virtual Apps and Desktops download page and download the product ISO file. Unzip the ISO file or burn a DVD of it.
  2. Use a local administrator account to log on to the machine where you are installing the Session Recording Administration components. Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.
    The installation wizard launches.

Step 2: Choose which product to install

Choose which product to install

Click Start next to the product to install Citrix Virtual Apps or Citrix Virtual Desktops.

Step 3: Select Session Recording

Select Session Recording

Select the Session Recording entry.

Step 4: Read and accept the license agreement

Installation agreement

On the Software License Agreement page, read the license agreement, accept it, and then click Next.

Step 5: Select the components to install and the installation location

Select components and the installation path

On the Core Components page:

  • Location: By default, components are installed in C:\Program Files\Citrix. The default location works for most deployments. You can specify a custom installation location.
  • Component: By default, all the check boxes next to the components that can be installed are selected. The installer knows whether it is running on a single-session OS or a multi-session OS. It allows the Session Recording Administration components to be installed on a multi-session OS only. It allows the Session Recording agent to be installed only on a machine that has a VDA installed. If you install the Session Recording agent on a machine that has no VDA installed in advance, the Session Recording Agent option is unavailable.

Select Session Recording Administration and click Next.

Session Recording administration being selected

Step 6: Select the features to install

Select features to install

On the Features page:

  • By default, all the check boxes next to the features that can be installed are selected. Installing all these features on a single server is fine for a proof of concept. For a large production environment, install the Session Recording policy console on a separate server. Install the Session Recording server, administrator logging, and database on another separate server.
  • The Session Recording administrator logging is an optional subfeature of the Session Recording server. Select the Session Recording server before you can select the Session Recording administrator logging. The Session Recording database is a mandatory subfeature of the Session Recording server. When the Session Recording server is selected for installation, the Session Recording database is also selected automatically and cannot be unselected.

    Session Recording server unselected

    Session Recording server selected

  • If you select the Session Recording server, the Session Recording web player is installed too.
  • To add features on the same server after you select and install features on it, you can only use the msi package. You cannot run the installer again.
  • Session Recording server

    The Session Recording server is a server that hosts:

    • The Broker. An IIS 6.0+ hosted Web application that serves the following purposes:
      • Handling search queries and file download requests from the Session Recording player and web player.
      • Handling policy administration requests from the Session Recording policy console.
      • Evaluating recording policies for each Citrix Virtual Apps and Desktops or Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) session.
    • The Storage Manager. A Windows service that manages the recorded session files received from each Session Recording-enabled VDA.
    • Administrator Logging. An optional subcomponent installed with the Session Recording server to log the administration activities. All the logging data is stored in a separate SQL Server database named CitrixSessionRecordingLogging by default. You can customize the database name.
  • Session Recording database

    • The Session Recording database isn’t an actual database. It is a component that creates and configures the required databases in the Microsoft SQL Server instance during installation. Session Recording supports three solutions for database high availability based on Microsoft SQL Server. For more information, see Database high availability.

    • You can install the Session Recording database on the following cloud SQL database services:

      • Azure SQL Database
      • Azure SQL Managed Instance
      • SQL Server on Azure Virtual Machines (VMs)
      • AWS RDS
      • Google Cloud SQL Server
  • Session Recording admin logging

    We recommend that you install the Session Recording administrator logging together with the Session Recording server at the same time. If you don’t want the administrator logging feature to be enabled, you can disable it on a later page. However, if you choose not to install this feature at the beginning but want to add it later, you can only manually add it by using SessionRecordingAdministrationx64.msi.

  • Session Recording policy console

    You can use the Session Recording policy console to configure policies.

Step 6.1: Install the Session Recording server, database, and administrator logging

As described earlier, the Session Recording database is a mandatory subfeature of the Session Recording server and we recommend that you install the Session Recording administrator logging together with the Session Recording server at the same time. Therefore, this section walks you through installing the three components on the same machine.

  1. On the Features page, select Session Recording Server and Session Recording Administrator Logging. With Session Recording Server selected, Session Recording Database is also selected automatically. Click Next.

    Session Recording server selected

  2. On the Database and Server Configuration page, specify the instance name and database name of the Session Recording database, enable SQL Server authentication as needed, and click Next.

    Database and Server Configuration page

    Note:

    Starting with 2411, in addition to SQL Server authentication, Session Recording supports Entra ID (formerly Azure Active Directory) authentication for cloud-based SQL databases including Azure SQL Database and Azure SQL Managed Instance. For more information, see Install the Session Recording database on Azure SQL Database and Install the Session Recording database on Azure SQL Managed Instance or on AWS RDS.

    On the Database and Server Configuration page:

    • Enable SQL Server authentication: This option lets you connect to the Session Recording database using SQL Server authentication.

      Enable SQL Server authentication

    • Instance name: If the database instance isn’t a named instance, you can use only the computer name of the SQL Server. If you have named the instance during the instance setup, use computer-name\instance-name as the database instance name. To determine the server instance name that you are using, run select @@servername on the SQL Server. The return value is the exact database instance name. If your SQL server uses a custom port instead of the default 1433, append a comma and the custom port to the instance name. For example, type DXSBC-SRD-1,2433 in the Instance name text box, where 2433 denotes the custom port.
    • Database name: Type a custom database name in the Database name text box or use the default database name preset in the text box. Click Test connection to test the connectivity to the SQL Server instance and the validity of the database name.

      Note:

      The Session Recording server default installation uses HTTPS/TLS to secure communications. If TLS is not configured in the default Internet Information Services (IIS) site of the Session Recording server, use HTTP. To do so, cancel the selection of SSL in the IIS Management Console by navigating to the Session Recording Broker site, opening the SSL settings, and clearing the Require SSL check box.

      Important:

      A custom database name must contain only A-Z, a-z, 0–9, and underscores, and cannot exceed 123 characters.

      You must have the securityadmin and dbcreator server role permissions of the SQL Server instance. If you do not have the permissions, you can:

      • Ask the database administrator to assign the permissions for the installation. After the installation completes, the securityadmin and dbcreator server role permissions are no longer necessary and can be safely removed.
      • Or, use the SessionRecordingAdministrationx64.msi package under \x64\Session Recording on the Citrix Virtual Apps and Desktops ISO. During the msi installation, a dialog box prompts for the credentials of a database administrator with the securityadmin and dbcreator server role permissions. Type the correct credentials and then click OK to continue the installation.

        The installation creates the Session Recording database and adds the machine account of the Session Recording server as db_owner.

  3. On the Administration Logging Configuration page, specify configurations for the administration logging feature.

    Administration Logging Configuration page

    On the Administration Logging Configuration page:

    • The Administration Logging database is installed on the SQL Server instance: This text box is not editable. The SQL Server instance name of the Administration Logging database is automatically grabbed from the instance name that you typed on the Database and Server Configuration page. Starting with the 2411 release, you can install the Session Recording admin logging database on a separate instance from the Session Recording database. To do so, complete the following steps before installing them:

      1. Go to the machine where you are going to install the Session Recording server.
      2. Open the Registry Editor.
      3. Modify the registry:
        • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.
        • Add the SmAudDatabaseLoggingState DWORD (32-bit) value and set the value data to 1.
        • Add the SmAudDatabaseLoggingInstance value and set the value data to the instance name where you want to install the Session Recording admin logging database.

      Later when you install the databases, the Session Recording admin logging database is installed on the separate instance specified by the SmAudDatabaseLoggingInstance registry value. You must configure the same authentication mode for both databases (SQL Server authentication, Windows authentication, or Microsoft Entra ID authentication) and grant identical user permissions.

    • Administrator Logging database name: To install the Session Recording administrator logging feature, type a custom database name for the administrator logging database in this text box or use the default database name CitrixSessionRecordingLogging that is preset in the text box.

      Note:

      The administrator logging database name must be different from the Session Recording database name that is set in the Database name text box on the previous Database and Server Configuration page.

    • After typing the administrator logging database name, click Test connection to test the connectivity to the administrator logging database.
    • Enable Administration Logging: By default, the administration logging feature is enabled. You can disable it by clearing the check box.
    • Enable mandatory blocking: By default, mandatory blocking is enabled. The normal features might be blocked if logging fails. You can disable mandatory blocking by clearing the check box.

    Click Next to continue the installation.

  4. Review the prerequisites and confirm the installation.

    Installation summary

    The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.

  5. Complete the installation.

    Finish installation

    The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.

    Click Finish to complete the installation of the Session Recording server, database, and administrator logging.

Step 6.2: Install the Session Recording policy console

To install the Session Recording policy console, complete the following steps:

  1. On the Features page, select Session Recording Policy Console and click Next.

    Policy console unselected

  2. Review the prerequisites and confirm the installation.

    Policy console installation summary

    The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.

  3. Complete the installation.

    Complete policy console installation

    The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.

    Click Finish to complete your installation of the Session Recording policy console.

Step 7: Install Broker_PowerShellSnapIn_x64.msi

Important:

To use the Session Recording policy console, install the Broker PowerShell Snap-in (Broker_PowerShellSnapIn_x64.msi) manually. Locate the snap-in on the Citrix Virtual Apps and Desktops ISO (\x64\Citrix Desktop Delivery Controller) and follow the instructions for installing it. Failure to comply can cause an error.

Install the Session Recording agent

The Session Recording agent is a component installed on each VDA for multi-session OS or single-session OS to enable recording. It is responsible for recording session data.

Step 1: Download the product software and launch the wizard

Use a local administrator account to log on to the machine where you are installing the Session Recording agent. Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.

The installation wizard launches.

Step 2: Choose which product to install

Choose which product to install

Click Start next to the product to install Citrix Virtual Apps or Citrix Virtual Desktops.

Step 3: Select Session Recording

Select Session Recording agent to install

Select the Session Recording entry.

Step 4: Read and accept the license agreement

Installation agreement

On the Software License Agreement page, read the license agreement, accept it, and then click Next

Step 5: Select the component to install and the installation location

Select the agent to install

Select Session Recording Agent and click Next.

Step 6: Specify the agent configuration

Agent configuration

On the Agent Configuration page, complete the following settings:

  • Type the computer name of the machine where you installed the Session Recording server and the protocol and port information for connecting to the Session Recording server. If you have not installed Session Recording yet, you can change such information later in Session Recording Agent Properties.
  • If you are installing the Session Recording agent on an Azure AD joined machine, select Enable Azure AD support. To fully enable Azure AD identity support for configuring playback permissions and various Session Recording policies from the cloud, complete the following steps and then restart the VDA:

    Note:

    Azure AD support is a preview feature. It is available with Session Recording version 2402 and later.

    Preview features might not be fully localized and are recommended for use in non‑production environments. Citrix Technical Support doesn’t support issues found with preview features.

    • Use the MSI package to install the Session Recording server on an Azure AD joined machine as well. Select Enable Azure AD support during the MSI installation.

      Enable Azure AD support during server MSI installation

    • Connect Citrix Cloud to Azure AD.

    • Go to the home page for the Full Configuration interface and enable the SessionRecordingSupportAAD and Send User Identity Info In Prepare Session toggles under the Preview features section. To access the home page for the Full Configuration interface, complete the following steps:

      1. Sign in to Citrix Cloud.
      2. In the upper left menu, select My Services > DaaS. By default, the home page for the Full Configuration interface appears.

Note:

There is a limitation with the test connection function of the installer. It does not support the “HTTPS requires TLS 1.2” scenario. If you use the installer in this scenario, the test connection fails but you can ignore the failure and click Next to continue the installation. It does not affect normal functioning.

Step 7: Review the prerequisites and confirm the installation

Agent installation summary

The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.

Step 8: Complete the installation

Agent installation complete

The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.

Click Finish to complete the installation of the Session Recording Agent.

Note:

When Machine Creation Services (MCS) or Citrix Provisioning creates multiple VDAs with a master image and Microsoft Message Queuing (MSMQ) installed, the VDAs might have the same QMId. The same QMId might cause various issues, for example:

  • Sessions might not be recorded even if the recording agreement is accepted.
  • The Session Recording Server might not be able to receive session logoff signals and therefore, sessions might always be in Live status.

As a workaround, create a unique QMId for each VDA and it differs depending on the deployment methods.

No extra actions are required if single-session OS VDAs with the Session Recording agent installed are created with PVS 7.7 or later and MCS 7.9 or later in the static desktop mode that is, for example, configured to make all changes persistent with a separate Personal vDisk or the local disk of your VDA.

For multi-session OS VDAs created with MCS or PVS and single-session OS VDAs that are configured to discard all changes when a user logs off, use the GenRandomQMID.ps1 script to change the QMId on system startup. Change the power management strategy to ensure that enough VDAs are running before user logon attempts.

To use the GenRandomQMID.ps1 script, do the following:

  1. Ensure that the execution policy is set to RemoteSigned or Unrestricted in PowerShell.

    Set-ExecutionPolicy RemoteSigned

  2. Create a scheduled task, set the trigger as on system startup, and run with the SYSTEM account on the PVS or MCS master image machine.

  3. Add the command as a startup task.

    powershell .exe -file C:\\GenRandomQMID.ps1

Summary of the GenRandomQMID.ps1 script:

  1. Remove the current QMId from the registry.
  2. Add SysPrep = 1 to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters.
  3. Stop related services, including CitrixSmAudAgent and MSMQ.
  4. To generate a random QMId, start the services that stopped previously.

Example GENRANDOMQMID.PS1:

# Remove old QMId from registry and set SysPrep flag for MSMQ

Remove-Itemproperty -Path HKLM:Software\Microsoft\MSMQ\Parameters\MachineCache -Name QMId -Force

Set-ItemProperty -Path HKLM:Software\Microsoft\MSMQ\Parameters -Name "SysPrep" -Type DWord -Value 1

# Get dependent services

$depServices = Get-Service -name MSMQ -dependentservices | Select -Property Name

# Restart MSMQ to get a new QMId

Restart-Service -force MSMQ

# Start dependent services

if ($depServices -ne $null) {

    foreach ($depService in $depServices) {

        $startMode = Get-WmiObject win32_service -filter "NAME = '$($depService.Name)'" | Select -Property StartMode

         if ($startMode.StartMode -eq "Auto") {

             Start-Service $depService.Name
         }
}

}
<!--NeedCopy-->

Install the Session Recording player

The Session Recording player is a user interface that you access from a workstation to play recorded session files. Install the Session Recording player on the Session Recording server or on workstations in the domain.

Tip:

  • Installing the Session Recording server lets you install the Session Recording web player automatically.
  • Before or after you install the Session Recording player, install the Microsoft Visual C++ Redistributable package called VC_redist.x86.exe. You can find the package on the Citrix Virtual Apps and Desktops ISO under \Support\VcRedist.

Step 1: Download the product software and launch the wizard

Use a local administrator account to log on to the machine where you are installing the Session Recording player component. Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.

The installation wizard launches.

Step 2: Choose which product to install

Choose which product to install

Click Start next to the product to install Citrix Virtual Apps or Citrix Virtual Desktops.

Step 3: Select Session Recording

Select Session Recording

Select the Session Recording entry.

Step 4: Read and accept the license agreement

Installation agreement

On the Software License Agreement page, read the license agreement, accept it, and then click Next.

Step 5: Select the component to install and the installation location

Select the player to install

Select Session Recording Player and click Next.

Step 6: Review the prerequisites and confirm the installation

Player installation summary

The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.

Step 7: Complete the installation

Player installation complete

The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.

Click Finish to complete the installation of the Session Recording player.

Set the access control list (ACL) for Message Queuing (MSMQ)

After installing Session Recording, it is recommended to configure the ACL for MSMQ. For more information, see Security recommendations.

Automate installation

Session Recording supports silent installation with options.

Automate installation of the Session Recording Administration components

Install the complete set of the Session Recording Administration components by using a single command

For example, either of the following commands installs the complete set of the Session Recording Administration components and creates a log file to capture the installation information.

msiexec /i "c:\SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="WNBIO-SRD-1" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" DATABASEUSER="localhost" /q /l*vx "yourinstallationlog"
<!--NeedCopy-->
msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="DatabaseConnectionString" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" AZURESQLSERVICESUPPORT="1" DATABASEUSER="localhost" CLOUDDBSUPPORT="0" AZUREUSERNAME="SQLorEntraIDAdminName" AZUREPASSWORD="SQLorEntraIDAdminPassword" AADPASSWORD="1" SERVICEKEYAUTHENABLE="1" /qn+ /l*vx "yourinstallationlog"
<!--NeedCopy-->

Note:

You can find the SessionRecordingAdministrationx64.msi file on the Citrix Virtual Apps and Desktops ISO under \x64\Session Recording.

Regardless of the instance specified by DATABASEINSTANCE here, starting with the 2411 release, you can also choose to install the Session Recording admin logging database on a separate instance from the Session Recording database. To do so, complete the following steps before running either of the commands to install them:

  1. Go to the machine where you are going to install the Session Recording server.
  2. Open the Registry Editor.
  3. Modify the registry:
    • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.
    • Add the SmAudDatabaseLoggingState DWORD (32-bit) value and set the value data to 1.
    • Add the SmAudDatabaseLoggingInstance value and set the value data to the instance name where you want to install the Session Recording admin logging database.

    Later when you install the databases, the Session Recording admin logging database is installed on the separate instance specified by the SmAudDatabaseLoggingInstance registry value. You must configure the same authentication mode for both databases (SQL Server authentication, Windows authentication, or Microsoft Entra ID authentication) and grant identical user permissions.

Where:

  • ADDLOCAL provides the features for you to select. You can select more than one option. SsRecServer is the Session Recording server. PolicyConsole is the Session Recording policy console. SsRecLogging is the Administrator Logging feature. StorageDatabase is the Session Recording database. Session Recording Administrator Logging is an optional subfeature of the Session Recording server. Select the Session Recording server before you can select Session Recording administrator logging.
  • DATABASEINSTANCE is the instance name of the Session Recording database. For example,.\SQLEXPRESS,computer-name\SQLEXPRESS,computer-name or tcp:srt-sql-support.public.ca7b16b60789.database.windows.net,3342 if you are using Azure SQL Managed Instance. As described earlier, you can install the Session Recording database and the Session Recording admin logging database on the same instance or separate instances.
  • DATABASENAME is the database name of the Session Recording database.
  • LOGGINGDATABASENAME is the name of the administrator logging database.
  • AZURESQLSERVICESUPPORT determines whether SQL Server authentication is supported. To use SQL Server authentication, set it to 1.
  • DATABASEUSER is the computer account of the Session Recording server.
  • CLOUDDBSUPPORT determines whether Azure SQL Databases are supported.
  • AZUREUSERNAME is the SQL Server or Microsoft Entra ID administrator name. Starting with 2411, Session Recording supports Entra ID authentication for cloud-based SQL databases including Azure SQL Database and Azure SQL Managed Instance. To use Microsoft Entra ID authentication, complete the following steps:

    1. Make sure that Visual C++ Redistributable has been installed on the Session Recording server. Otherwise, download and install it from https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170.
    2. Make sure that the Microsoft ODBC Driver for SQL Server has been installed on the Session Recording server. Otherwise, download and install it from https://learn.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server?view=sql-server-ver16.
    3. Include the AADPASSWORD parameter and set it to 1 when running the database installation command.
    4. Create an Entra ID admin and grant it SQL Server administrative permissions. For more information, see the Microsoft documentation: https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-powershell.
  • AZUREPASSWORD is the SQL Server or Microsoft Entra ID administrator password.
  • AADPASSWORD determines whether Microsoft Entra ID authentication is supported. To use Microsoft Entra ID authentication, set it to 1.
  • SERVICEKEYAUTHENABLE enables the service key authentication between the Session Recording agent and the Session Recording server. This parameter is required only when you want to enable Azure AD support and you must set it to 1. Otherwise, do not add this parameter.
  • /q specifies quiet mode.
  • /l*v specifies verbose logging.
  • yourinstallationlog is the location of your installation log file.

Create a master image for deploying the Session Recording server

You might already have the Session Recording database and the administration logging database in place from an existing deployment. For such scenarios, you can now forego database checks when you are installing the Session Recording Administration components using SessionRecordingAdministrationx64.msi. You can create a master image for deploying the Session Recording server easily on many other machines. After deploying the Session Recording server on target machines using the master image, run a command on each machine to connect to the existing Session Recording database and administration logging database. This master image support facilitates deployment and minimizes the potential impact of human error. It applies only to fresh installations and consists of the following steps:

  1. Start a command prompt and run a command similar to the following:

    msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="sqlnotexists" DATABASENAME="CitrixSessionRecording2" LOGGINGDATABASENAME="CitrixSessionRecordingLogging2" DATABASEUSER="localhost" /q /l*vx "c:\WithLogging.log" IGNOREDBCHECK="True"
    <!--NeedCopy-->
    

    This command installs the Session Recording Administration components without configuring and testing connectivity to the Session Recording database and the administration logging database.

    Set the IGNOREDBCHECK parameter to True and use random values for DATABASEINSTANCE, DATABASENAME, and LOGGINGDATABASENAME.

  2. Create a master image on the machine that you are operating.

  3. Deploy the master image to other machines for deploying the Session Recording server.

  4. On each of the machines, run commands similar to the following:

    .\SsRecUtils.exe -modifydbconnectionpara DATABASEINSTANCE DATABASENAME LOGGINGDATABASENAME
    
    iisreset /noforce
    <!--NeedCopy-->
    

    The commands connect the Session Recording server installed earlier to an existing Session Recording database and administration logging database.

    You can find the SsRecUtils.exe file at \Citrix\SessionRecording\Server\bin\. Set the DATABASEINSTANCE, DATABASENAME, and LOGGINGDATABASENAME parameters as needed.

Retain databases when uninstalling the Session Recording Administration components

With KEEPDB set to True, the following command retains the Session Recording database and the administration logging database when uninstalling the Session Recording Administration components:

msiexec /x "SessionRecordingAdministrationx64.msi" KEEPDB="True"
<!--NeedCopy-->

Automate installation of the Session Recording player and web player

For example, the following commands install the Session Recording player and web player, respectively.

msiexec /i "c:\SessionRecordingPlayer.msi" /q /l*\vx "yourinstallationlog"
<!--NeedCopy-->
msiexec /i "c:\SessionRecordingWebPlayer.msi" /q /l*vx "yourinstallationlog"
<!--NeedCopy-->

Note:

You can find SessionRecordingPlayer.msi on the Citrix Virtual Apps and Desktops ISO under \x86\Session Recording.

You can find SessionRecordingWebPlayer.msi on the Citrix Virtual Apps and Desktops ISO under \x64\Session Recording.

Where:

  • /q specifies quiet mode.
  • /l*v specifies verbose logging.
  • yourinstallationlog is the location of your installation log file.

Automate installation of the Session Recording agent

For example, the following command installs the Session Recording agent and creates a log file to capture the installation information.

msiexec /i SessionRecordingAgentx64.msi /q /l*vx yourinstallationlog SESSIONRECORDINGSERVERNAME=yourservername
SESSIONRECORDINGBROKERPROTOCOL=yourbrokerprotocol SESSIONRECORDINGBROKERPORT=yourbrokerport SESSIONRECORDINGAUTHENTICATION="Citrix Cloud" SESSIONRECORDINGRPC="Websocket" SESSIONRECORDINGIDP="IDP"
<!--NeedCopy-->

Note:

You can find SessionRecordingAgentx64.msi on the Citrix Virtual Apps and Desktops ISO under \x64\Session Recording.

Where:

  • yourservername is the NetBIOS name or FQDN of the machine hosting the Session Recording server. If not specified, this value defaults to localhost.
  • yourbrokerprotocol is the HTTP or HTTPS that the Session Recording agent uses to communicate with the Session Recording Broker. If not specified, this value defaults to HTTPS.
  • yourbrokerport is the port number that the Session Recording agent uses to communicate with the Session Recording Broker. If not specified, this value defaults to zero, which directs the Session Recording Agent to use the default port number for your selected protocol: 80 for HTTP or 443 for HTTPS.
  • SESSIONRECORDINGAUTHENTICATION is the authentication type between the Session Recording agent and the Session Recording server. This parameter is required only when you want to enable Azure AD support. To enable Azure AD support, add this parameter and set it to Citrix Cloud.
  • SESSIONRECORDINGRPC is the communication method between the Session Recording agent and the Session Recording server. This parameter is required only when you want to enable Azure AD support. To enable Azure AD support, add this parameter and set it to Websocket.
  • SESSIONRECORDINGIDP specifies the identity type. This parameter is required only when you want to enable Azure AD support. To enable Azure AD support, add this parameter and set it to IDP.
  • /q specifies quiet mode.
  • /l*v specifies verbose logging.
  • yourinstallationlog is the location of your installation log file.

Upgrade Session Recording

You can upgrade certain deployments to later versions without having to first set up new machines or sites. You can upgrade from the version of Session Recording included in the latest CU of XenApp and XenDesktop 7.6 LTSR, and from any later version, to the latest release of Session Recording.

Note:

When you upgrade Session Recording Administration from 7.6 to 7.13 or later and choose Modify in Session Recording Administration to add the administrator logging service, the SQL Server instance name does not appear on the Administrator Logging Configuration page. The following error message appears when you click Next: Database connection test failed. Please enter correct Database instance name. As a workaround, add the read permission for localhost users to the following SmartAuditor Server registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.

You cannot upgrade from a Technical Preview version.

Requirements, preparation, and limitations

  • Use the Session Recording installer’s graphical or command-line interface to upgrade the Session Recording components on the machine where you installed the components.
  • Before any upgrade activity, back up the database named CitrixSessionRecording in the SQL Server instance. In this way, you can restore it if any issues are discovered after the database upgrade.
  • In addition to being a domain user, you must be a local administrator on the machines where you are upgrading the Session Recording components.
  • If the Session Recording server and Session Recording database aren’t installed on the same server, you must have the database role permission to upgrade the Session Recording database. Otherwise, you can:
    • Ask the database administrator to assign the securityadmin and dbcreator server role permissions for the upgrade. After the upgrade completes, the securityadmin and dbcreator server role permissions are no longer necessary and can be safely removed.
    • Or, use the SessionRecordingAdministrationx64.msi package to upgrade. During the msi upgrade, a dialog box prompts for the credentials of a database administrator who has the securityadmin and dbcreator server role permissions. Type the correct credentials and then click OK to continue the upgrade.
  • You can choose not to upgrade all Session Recording agents at the same time. Session Recording agent 7.6.0 (and later) is compatible with the latest (current) release of the Session Recording server. However, some new features and bug fixes might not take effect.
  • Any sessions started during the upgrade of the Session Recording server are not recorded.
  • The Graphics Adjustment option in Session Recording agent Properties is enabled by default after a fresh installation or upgrade to keep compatible with the Desktop Composition Redirection mode. You can disable this option manually after a fresh installation or upgrade.
  • The administrator logging feature is not installed after you upgrade Session Recording from a previous release where the feature is unavailable. To add the feature, modify the installation after the upgrade.
  • If there are live recording sessions when the upgrade process starts, there is little chance that the recording can be complete.
  • Review the following upgrade sequence, so that you can plan and mitigate potential outages.

Upgrade sequence

To upgrade an existing installation, go to each machine where a Session Recording component is installed and then run the Citrix Virtual Apps and Desktops ISO.

Tip:

Go to the Citrix Virtual Apps and Desktops download page to download the appropriate version of Citrix Virtual Apps and Desktops.

Upgrading an existing installation generally follows the following sequence:

  1. Upgrade the Session Recording server component.

    If there is more than one Session Recording server, first upgrade the one where the Session Recording database component is installed. After that, upgrade the rest Session Recording servers.

    To do so, complete the following steps:

    1. Stop the Session Recording Storage Manager service manually on the Session Recording server.
    2. Through the Internet Information Services (IIS) Manager, ensure that the Session Recording Broker is running.
    3. Run the Citrix Virtual Apps and Desktops ISO and select the Session Recording entry to upgrade.
  2. The Session Recording service is back online automatically when the upgrade of the Session Recording server is completed.
  3. Upgrade the Session Recording agent (on the master image).
  4. Upgrade the Session Recording policy console with or after the Session Recording server.
  5. Upgrade the Session Recording player.

Install the Session Recording database on cloud SQL database services

This section describes how to install the Session Recording database on the following cloud SQL database services:

  • Azure SQL Database
  • Azure SQL Managed Instance
  • SQL Server on Azure VMs
  • AWS RDS
  • Google Cloud SQL Server

Install the Session Recording database on Azure SQL Database

  1. Create an Azure SQL Database.

    1. Sign in to the Azure portal using your Azure account.
    2. From the portal menu, select Create a resource.
    3. In the portal search box, enter SQL database.
    4. From the list of search results, select SQL databases.
    5. Click Create to create an Azure SQL Database.
    6. In the Create SQL Database section, provide the following information:

      • Subscription: Select the Azure subscription that you want.
      • Resource Group: Select Create new or choose an existing resource group.
      • Database Name: A unique name is required.
      • Server: Select Create new, and fill out the New Server form with the following values:
        • Server name: Enter a unique name. Server names must be globally unique for all servers in Azure.
        • Location: Select a location from the drop-down list.
        • Authentication method: Select Use SQL authentication, Entra ID authentication, or both.
        • Server admin login: Enter a SQL Server or Microsoft Entra ID administrator name. Starting with 2411, Session Recording supports Entra ID authentication for cloud-based SQL databases including Azure SQL Database and Azure SQL Managed Instance. For more information about Microsoft Entra ID authentication, see the command parameter descriptions in this article.
        • Password: Enter a SQL Server or Microsoft Entra ID administrator password that meets requirements and enter it again in the Confirm password field.
        • Select OK.

      After providing the preceding information, click Review + Create. Click the Create button to complete the Azure SQL Database.

  2. Repeat Step 1 to create a different Azure SQL Database on the same Server.
  3. Get the server connection string for the created Azure SQL Databases.
    1. In the Azure portal, search for and click either of the Azure SQL Databases that you have created.
    2. Click Connection strings from the left navigation.
    3. Keep a record of the Server string that is to be used as the instance name of the Session Recording database and the Session Recording logging database later.
  4. Run a command similar to the following to install the Session Recording database on the Azure SQL Database that you have created earlier.

    Note:

    On Azure SQL Database, installation of the Session Recording database can be done only by running a command similar to the following.

    msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="DatabaseConnectionString" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" AZURESQLSERVICESUPPORT="1" DATABASEUSER="localhost" CLOUDDBSUPPORT="0" AZUREUSERNAME="SQLorEntraIDAdminName" AZUREPASSWORD="SQLorEntraIDAdminPassword" AADPASSWORD="1" /qn+ /l*vx "yourinstallationlog"

    Where:

    • ADDLOCAL provides the features for you to select. You can select more than one option. SsRecServer is the Session Recording server. PolicyConsole is the Session Recording policy console. SsRecLogging is the Administrator Logging feature. StorageDatabase is the Session Recording database. Session Recording Administrator Logging is an optional subfeature of the Session Recording server. Select the Session Recording server before you can select Session Recording administrator logging.
    • DATABASEINSTANCE is the instance name of the Session Recording database, which is specified by the Azure SQL Database connection string.
    • DATABASENAME is the database name of the Session Recording database.
    • LOGGINGDATABASENAME is the name of the administrator logging database.
    • AZURESQLSERVICESUPPORT determines whether SQL Server authentication is supported. To use SQL Server authentication, set it to 1.
    • CLOUDDBSUPPORT determines whether Azure SQL Databases are supported.
    • DATABASEUSER is the computer account of the Session Recording server.
    • AZUREUSERNAME is the SQL Server or Microsoft Entra ID administrator name. Starting with 2411, Session Recording supports Entra ID authentication for cloud-based SQL databases including Azure SQL Database and Azure SQL Managed Instance. To use Microsoft Entra ID authentication, complete the following steps:

      1. Make sure that Visual C++ Redistributable has been installed on the Session Recording server. Otherwise, download and install it from https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170.
      2. Make sure that the Microsoft ODBC Driver for SQL Server has been installed on the Session Recording server. Otherwise, download and install it from https://learn.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server?view=sql-server-ver16.
      3. Include the AADPASSWORD parameter and set it to 1 when running the database installation command.
      4. Create an Entra ID admin and grant it SQL Server administrative permissions. For more information, see the Microsoft documentation: https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-powershell.
    • AZUREPASSWORD is the SQL Server or Microsoft Entra ID administrator password.
    • AADPASSWORD determines whether Microsoft Entra ID authentication is supported. To use Microsoft Entra ID authentication, set it to 1.
    • /q specifies quiet mode.
    • /l*v specifies verbose logging.
    • yourinstallationlog is the location of your installation log file.

Install the Session Recording database on Azure SQL Managed Instance or on AWS RDS

Tip:

On Azure SQL Managed Instance and on AWS RDS, you can install the Session Recording database by:

  • Double-clicking and running the SessionRecordingAdministrationx64.msi package.

  • Running a command similar to the following:

     msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="DatabaseConnectionString "DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" AZURESQLSERVICESUPPORT="1" CLOUDDBSUPPORT="1" AZUREUSERNAME="SQLorEntraIDAdminName" AZUREPASSWORD="SQLorEntraIDAdminPassword" AADPASSWORD="1"/qn+ /l*vx "yourinstallationlog"
     <!--NeedCopy-->
    
  1. Create an Azure SQL Managed instance or create a SQL Server instance through the Amazon RDS console.

  2. (For Azure SQL only) Keep a record of the Server strings that appear in the properties panel. The strings are the instance name of the Session Recording database. For an example, see the following screen capture.

    Example Server strings

  3. (For AWS RDS only) Keep a record of the Endpoint and Port information. We use it as the instance name of your database, in the format of <Endpoint, Port>.

    AWS RDS instance composition

  4. Run SessionRecordingAdministrationx64.msi to install the Session Recording database.

    Select the Enable SQL Server authentication check box and fill in the SQL Server administrator name and password. Make other required configurations.

    Fill in the SQL Server administrator credentials

    Note:

    • If you change the SQL Server administrator password, you must update the password in Session Recording Server Properties. When you open Session Recording Server Properties, an error message appears. Click OK to proceed, select the Cloud DB tab, and type the new SQL Server administrator password. Restart the Citrix Session Recording Analytics service, the Citrix Session Recording Storage Manager service, and the IIS service. Update the SQL Server administrator password

    • In addition to SQL Server authentication, Session Recording supports Entra ID (formerly Azure Active Directory) authentication for cloud-based SQL databases, including Azure SQL Database and Azure SQL Managed Instance. To use Microsoft Entra ID authentication, install the database through the command line and follow the instructions described earlier in this article.

    • Azure AD authentication is not supported.

Migrate an on-premises database to cloud SQL Managed Instance

  1. Migrate your on-premises database according to https://docs.microsoft.com/en-us/data-migration/ or https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/migrate-an-on-premises-microsoft-sql-server-database-to-amazon-rds-for-sql-server.html.

  2. To make Session Recording work properly after the migration, run SsRecUtils.exe on the Session Recording server.

    C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -modifyazuredbconnectionpara {Database Instance} {Session Recording Database Name} {Session Recording Logging Database Name} {AzureAdminName}{AzureAdminPassword} iisreset /noforce

  3. On the Session Recording server, restart the Citrix Session Recording Analytics service, the Citrix Session Recording Storage Manager service, and the IIS service.

Migrate a production database from Azure SQL Managed Instance to an on-premises database

  1. Migrate the database according to https://docs.microsoft.com/en-us/data-migration/.

  2. To make Session Recording work properly after the migration, run SsRecUtils.exe on the Session Recording server.

    C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -modifydbconnectionpara {Database Instance} {Session Recording Database Name} {Session Recording Logging Database Name} iisreset /noforce

  3. On the Session Recording server, restart the Citrix Session Recording Analytics service, the Citrix Session Recording Storage Manager service, and the IIS service.

Install the Session Recording database on SQL Server on Azure VMs

On SQL Server on Azure VMs, you can install the Session Recording database by double-clicking and running the SessionRecordingAdministrationx64.msi package or by using the Citrix Virtual Apps and Desktops installer.

  1. Check out an Azure SQL VM.
  2. Configure the VM and add it to the domain where you install the Session Recording components.
  3. Use the VM’s FQDN as the instance name during the installation of the Session Recording database. Note: If you are using SessionRecordingAdministrationx64.msi for the installation, clear the Enable SQL Server authentication check box.
  4. Follow the installation user interface to complete installing the Session Recording database.

Install the Session Recording database on Google Cloud SQL Server

Tip:

On Google Cloud SQL Server, installation of the Session Recording database can be done by running a command similar to the following or by double-clicking and running the SessionRecordingAdministrationx64.msi package. For a description of the command parameters, see the preceding Automate installation section in this article.

msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="CloudSQL" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" AZURESQLSERVICESUPPORT="1" AZUREUSERNAME="CloudSQLAdminName" AZUREPASSWORD="CloudSQLAdminPassword" /q /l*vx "c:\WithLogging.log"
<!--NeedCopy-->

This section details the installation method by using SessionRecordingAdministrationx64.msi that you can find on the Citrix Virtual Apps and Desktops ISO under \x64\Session Recording.

  1. Create a SQL Server instance in Google Cloud.

    1. Go to the Google Cloud console and open the SQL instances page.
    2. Click CREATE INSTANCE. For example:

      Create an instance in the Google Cloud

    3. Choose SQL Server as your database engine.

      Choose SQL Server as your database engine

    4. Fill in the Instance ID field and enter a password for the user. Keep a record of the password. Select a SQL Server version for your instance. Do other configurations as needed. For example:

      Configure instance ID and others

    5. Assign the instance a public IP address and set an authorized network that can connect to the instance. In the Network field, enter the IP address of the machine where the Session Recording server is installed. For example:

      Assign a public IP address and network

    6. Click CREATE INSTANCE and wait for a few minutes.

      Instance summary

    7. On the page of the newly created instance, find the public IP address and keep a record of it.

      Keep a record of the public IP address

    8. Run SessionRecordingAdministrationx64.msi to install the Session Recording database.

      On the following page during the installation, make the following configurations:

      • Select the Enable SQL Server authentication check box.
      • In the Instance name field, enter the public IP address of the SQL Server instance that you created earlier.
      • Fill in the SQL Server administrator name and password.

      Fill in the SQL Server administrator credentials

Uninstall Session Recording

To remove the Session Recording components from a server or workstation, use the uninstall or remove programs option available from the Windows Control Panel. To remove the Session Recording database, you must have the same securityadmin and dbcreator SQL Server role permissions as when you installed it.

For security reasons, the administrator logging database is not removed after the components are uninstalled.

Integrate with Citrix Analytics for Security

You can configure Session Recording servers to send user events to Citrix Analytics for Security, which processes the user events to provide actionable insights into user behaviors.

Prerequisites

Before you begin, ensure the following:

  • The Session Recording server must be able to connect to the following addresses:

  • The Session Recording deployment must have port 443 open for outbound internet connections. Any proxy servers on the network must allow this communication with Citrix Analytics for Security.

  • If you are using Citrix Virtual Apps and Desktops 7 1912 LTSR, the supported Session Recording version is 2103 or later.

Connect your Session Recording server to Citrix Analytics for Security

  1. Sign in to Citrix Cloud.

  2. Find Citrix Analytics for Security and click Manage.

  3. From the top bar, click Settings > Data Sources.

  4. On the Virtual Apps and Desktops- Session Recording site card, click Connect Session Recording server.

    Session recording connection

  5. On the Connect Session Recording Server page, review the checklist, and select all the mandatory requirements. If you do not select a mandatory requirement, the Download File option is disabled.

    Session Recording checklist

  6. If you have proxy servers in your network, enter the proxy address in the SsRecStorageManager.exe.config file in your Session Recording server.

    You can find the configuration file at <Session Recording server installation path>\bin\SsRecStorageManager.exe.config

    For example: C:\Program Files\Citrix\SessionRecording\Server\Bin\SsRecStorageManager.exe.config

    Config file path

  7. Click Download File to download the SessionRecordingConfigurationFile.json file.

    Note:

    The file contains sensitive information. Keep the file in a safe and secure location.

  8. Copy the file to the Session Recording server that you want to connect to Citrix Analytics for Security.

  9. If you have multiple Session Recording servers in your deployment, you must copy the file in each server that you want to connect and follow the steps to configure each server.

  10. On the Session Recording server, run the following command to import the settings:

    <Session Recording server installation path>\bin\SsRecUtils.exe -Import_SRCasConfigurations <configuration file path>
    <!--NeedCopy-->
    

    For example:

    C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -Import_SRCasConfigurations C:\Users\administrator\Downloads\SessionRecordingConfigurationFile.json
    <!--NeedCopy-->
    
  11. Restart the following services:

    • Citrix Session Recording Analytics Service

    • Citrix Session Recording Storage Manager

  12. After configuration is successful, go to Citrix Analytics for Security to view the connected Session Recording server. Click Turn On Data Processing to allow Citrix Analytics for Security to process the data.

    Note:

    If you are using Session Recording server version 2103 or 2104, you must first launch a Virtual Apps and Desktops session to view the connected Session Recording server on Citrix Analytics for Security. Otherwise the connected Session Recording server fails to get displayed. This requirement is not applicable for Session Recording server version 2106 and later.

View the connected deployments

The server deployments appear on the Session Recording site card only if the configuration is successful. The site card shows the number of configured servers that have established connections with Citrix Analytics for Security.

If you don’t see your Session Recording servers even after the configuration was successful, refer to the troubleshooting section at Configured Session Recording server fails to connect.

Session Recording deployment

On the site card, click the number of deployments to view the connected server groups with Citrix Analytics for Security. For example, click 1 Session Recording Deployment to view the connected server or server groups. Each Session Recording server is represented by a base URL and a ServerGroupID.

SR deployment details

View received events

The site card displays the connected Session Recording deployments and the events received from these deployments for the last one hour, which is the default time selection. You can also select 1 week (1 W) and view the data. Click the number of received events to view the events on the self-service search page.

After you have enabled data processing, the site card might display the No data received status. This status appears for two reasons:

  1. If you have turned on data processing for the first time, the events take some time to reach the event hub in Citrix Analytics. When Citrix Analytics receives the events, the status changes to Data processing on. If the status does not change after some time, refresh the Data Sources page.

  2. Citrix Analytics has not received any events from the data source in the last one hour.

Add Session Recording servers

To add a Session Recording server, do one of the following:

  • On the Connected Session Recording Deployments page, click Connect to Session recording server.

    Connect deployment

  • On the Virtual Apps and Desktops- Session Recording site card, click the vertical ellipsis (⋮) and then select Connect Session Recording server.

    Session recording connection

Follow the steps to download the configuration file and configure a Session Recording server.

Remove Session Recording servers

To remove a Session Recording server:

  1. On Citrix Analytics for Security, go to the Connected Session Recording Deployments page and select the server deployment that you want to remove.

  2. Click the vertical ellipses (⋮) and select Remove Session Recording server from Analytics.

    Remove session recording server

  3. On the Session Recording server that you have removed from Citrix Analytics, run the following command:

    <Session Recording server installation path>\bin\SsRecUtils.exe -Remove_SRCasConfigurations
    <!--NeedCopy-->
    

    For example:

    C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -Remove_SRCasConfigurations
    <!--NeedCopy-->
    

Turn on or off data processing on the data source

You can stop the data processing at any time for a particular data source- Director and Workspace app. On the data source site card, click the vertical ellipsis (⋮) and then select Turn off data processing. Citrix Analytics stops processing data for that data source. You can also stop the data processing from the Virtual Apps and Desktops site card. This option applies to both data sources- Director and Workspace app. To enable data processing again, click Turn On Data Processing.

Configured Session Recording server fails to connect

Your Session Recording server fails to connect to Citrix Analytics after configuration. Therefore, you don’t see the configured server on the Session Recording site card.

To troubleshoot this issue, do the following:

  1. On your configured Session Recording server, run the following PowerShell command to check the Client Machine Identification (CMID):

    Get-WmiObject -class SoftwareLicensingService | select Clientmachineid
    <!--NeedCopy-->
    
  2. If CMID is empty, add the following registry files in the specified paths:

    Registry name Registry path Key type Value
    AuditorUniqueID Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server\ String Enter your UUID.
    EnableCASUseAuditorUniqueID Computer/HKEY_LOCAL_MACHINE/SOFTWARE/Citrix/SmartAuditor/Server/ REG_DWORD 1
  3. Restart the following services:

    • Citrix Session Recording Analytics Service

    • Citrix Session Recording Storage Manager

Install, upgrade, and uninstall

In this article