Troubleshoot Session Recording

The troubleshooting information contains solutions to some issues you might encounter during and after installing the Session Recording components:

  • Components failing to connect to each other
  • Sessions failing to record
  • Problems with the Session Recording Player or Session Recording Policy Console
  • Issues involving your communication protocol

Warning:

Editing the registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Session Recording Agent cannot connect

When the Session Recording Agent cannot connect, the Exception caught while sending poll messages to Session Recording Broker event message is logged, followed by the exception text. The exception text provides reasons why the connection failed. The reasons include:

  • The underlying connection was closed. Could not establish a trust relationship for the SSL/TLS secure channel. This exception means that the Session Recording Server is using a certificate that is signed by a CA that the server on which the Session Recording Agent resides does not trust, or have a CA certificate for. Alternatively, the certificate might have expired or been revoked.

    Resolution: Verify that the correct CA certificate is installed on the server hosting the Session Recording Agent or use a CA that is trusted.

  • The remote server returned an error: (403) forbidden. This is a standard HTTPS error displayed when you attempt to connect using HTTP (nonsecure protocol). The computer hosting the Session Recording Server rejects the connection because it accepts only secure connections.

    Resolution: Use Session Recording Agent Properties to change the Session Recording Broker protocol to HTTPS.

The Session Recording Broker returned an unknown error while evaluating a record policy query. Error code 5 (Access Denied). For more information, see the Event log on the Session Recording Server. This error occurs when sessions are started and a request for a record policy evaluation is made. The error is a result of the Authenticated Users group (this is the default member) being removed from the Policy Query role of the Session Recording Authorization Console.

Resolution: Add the Authenticated Users group back into this role, or add each server hosting each Session Recording Agent to the PolicyQuery role.

The underlying connection was closed. A connection that was expected to be kept alive was closed by the server. This error means that the Session Recording Server is down or unavailable to accept requests. This could be due to IIS being offline or restarted, or the entire server might be offline.

Resolution: Verify that the Session Recording Server is started, IIS is running on the server, and the server is connected to the network.

Installation of Session Recording Server components fails

The installation of the Session Recording Server components fails with error codes 2503 and 2502. Resolution: Check the access control list (ACL) of folder C:\windows\Temp to ensure that the Local Users and Groups have write permission for this folder. If not, manually add write permission.

Session Recording Server cannot connect to the Session Recording Database

When the Session Recording Server cannot connect to the Session Recording Database, you might see a message similar to one of the following:

Event Source:

A network-related or instance-specific error occurred while establishing a connection to SQL Server. This error appears in the applications event log with ID 2047 in the Event Viewer of the computer hosting the Session Recording Server.

Citrix Session Recording Storage Manager Description: Exception caught while establishing database connection. This error appears in the applications event log in the Event Viewer of the computer hosting the Session Recording Server.

Unable to connect to the Session Recording Server. Ensure that the Session Recording Server is running. This error message appears when you launch the Session Recording Policy Console.

Resolution:

  • The Express Edition of Microsoft SQL Server 2008 R2, Microsoft SQL Server 2012, Microsoft SQL Server 2014, or Microsoft SQL Server 2016 is installed on a stand-alone server and does not have the correct services or settings configured for Session Recording. The server must have TCP/IP protocol enabled and SQL Server Browser service running. See the Microsoft documentation for information about enabling these settings.
  • During the Session Recording installation (administration portion), incorrect server and database information was given. Uninstall the Session Recording Database and reinstall it, supplying the correct information.
  • The Session Recording Database Server is down. Verify that the server has connectivity.
  • The computer hosting the Session Recording Server or the computer hosting the Session Recording Database Server cannot resolve the FQDN or NetBIOS name of the other. Use the ping command to verify the names can be resolved.
  • Check the firewall configuration on the Session Recording Database to ensure that the SQL Server connections are allowed. For more information, see the Microsoft article at https://docs.microsoft.com/en-us/sql/sql-server/install/configure-the-windows-firewall-to-allow-sql-server-access.

Logon failed for user ‘NT_AUTHORITY\ANONYMOUS LOGON’. This error message means that the services are logged on incorrectly as .\administrator.

Resolution: Restart the services as local system user and restart the SQL services.

Sessions are not recording

If your application sessions are not recording successfully, start by checking the application event log in the Event Viewer on the VDA for Server OS that runs the Session Recording Agent and Session Recording Server. This might provide valuable diagnostic information.

If sessions are not recording, these issues might be the cause:

  • Component connectivity and certificates. If the Session Recording components cannot communicate with each other, this can cause session recordings to fail. To troubleshoot recording issues, verify that all components are configured correctly to point to the correct computers and that all certificates are valid and correctly installed.
  • Non-Active Directory domain environments. Session Recording is designed to run in a Microsoft Active Directory domain environment. If you are not running in an Active Directory environment, you might experience recording issues. Ensure that all Session Recording components are running on computers that are members of an Active Directory domain.
  • Session sharing conflicts with the active policy. Session Recording matches the active policy with the first published application that a user opens. Subsequent applications opened during the same session continue to follow the policy that is in force for the first application. To prevent session sharing from conflicting with the active policy, publish the conflicting applications on separate VDAs for Server OS.
  • Recording is not enabled. By default, installing the Session Recording Agent on a VDA for Server OS enables the server for recording. Recording will not occur until an active recording policy is configured to allow this.
  • The active recording policy does not permit recording. For a session to be recorded, the active recording policy must permit the sessions for the user, server, or published application to be recorded.
  • Session Recording services are not running. For sessions to be recorded, the Session Recording Agent service must be running on a VDA for Server OS and the Session Recording Storage Manager service must be running on the computer hosting the Session Recording Server.
  • MSMQ is not configured. If MSMQ is not correctly configured on the server running the Session Recording Agent and the computer hosting the Session Recording Server, recording problems might occur.

Unable to view live session playback

If you experience difficulties when viewing recordings using the Session Recording Player, the following error message might appear:

Download of recorded session file failed. Live session playback is not permitted. The server has been configured to disallow this feature. This error indicates that the server is configured to disallow the action.

Resolution: In Session Recording Server Properties, choose the Playback tab and select the Allow live session playback check box.

Recordings are corrupt or incomplete

  • If recordings are corrupted or incomplete when you view them using the Session Recording Player, you might also see warnings in the Event logs on the Session Recording Agent.

    Event Source: Citrix Session Recording Storage Manager

    Description: Data lost while recording file <icl file name>

    This usually happens when Machine Creation Services (MCS) or Provisioning Services (PVS) is used to create VDAs with a master image configured and Microsoft Message Queuing (MSMQ) installed. In this condition, the VDAs have the same QMId for MSMQ.

    As a workaround, create a unique QMId for each VDA. For more information, see Step 8 in the Install the Session Recording Agent section of Install, upgrade, and uninstall Session Recording.

  • Session Recording Player might report an internal error with this message - “The file being played has reported that an internal system error (error code: 9) occurred during its original recording. The file can still be played up to the point that the recording error occurred” when playing back a certain recording file.

    This is usually caused by insufficient Session Recording Agent buffer size when recording graphic intensive sessions.

    As a workaround, change the registry value of HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\SmAudBufferSizeMB to a higher one in the Session Recording Agent, and then restart the machine.

Test connection of the database instance failed when installing the Session Recording Database or Session Recording Server

When you install the Session Recording Database or Session Recording Server, the test connection fails with the error message Database connection test failed. Please correct Database instance name even if the database instance name is correct.

In this case, make sure that the current user has the public SQL Server role permission to correct the permission limitation failure.

Administrator Logging

In Windows Server 2008 R2 SP1, before you install the Administrator Logging feature, install .Net Framework 3.5 Features > WCF Activation > HTTP Activation, and then install .Net Framework 4.5 or a later version. Ensure that you don’t install these two requirements in reverse order. If you fail to comply, Administrator Logging might not work as expected. You might experience operation blocking when trying to change Session Recording configurations with the Server Properties Console or update Session Recording policies with Policy Console with mandatory logging enabled.

To resolve this issue:

  1. Open the Internet Information Services (IIS) Manager and navigate to the Application Pools node.
  2. Right-click SessionRecordingLoggingAppPool and open the Basic Settings dialog box.
  3. Change the .NET Framework version to .NET Framework v4.0.