Product Documentation

Verifying Component Connections

May 05, 2015

During the setup of SmartAuditor, the components may not connect to other components. All the components communicate with the SmartAuditor Server (Broker). By default, the Broker (an IIS component) is secured using the IIS default Web site certificate. If one component cannot connect to the SmartAuditor Server, the other components may also fail when attempting to connect.

The SmartAuditor Agent and SmartAuditor Server (Storage Manager and Broker) log connection errors in the applications event log in the Event Viewer of the computer hosting the SmartAuditor Server, while the SmartAuditor Policy Console and SmartAuditor Player display connection error messages on screen when they fail to connect.

To verify SmartAuditor Agent is connected

  1. Log on to the server where the SmartAuditor Agent is installed.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Agent Properties.
  3. In SmartAuditor Server Properties, click Connection.
  4. Verify that the value for SmartAuditor Server is the correct server name of the computer hosting the SmartAuditor Server.
  5. Verify that the server given as the value for SmartAuditor Server can be contacted by the XenApp server.
Note: Check the application event log for errors and warnings.

To verify SmartAuditor Server is connected

Caution: Using Registry Editor can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
  1. Log on to the computer hosting the SmartAuditor Server.
  2. Open the Registry Editor.
  3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.
  4. Verify the value of SmAudDatabaseInstance correctly references the SmartAuditor Database you installed in your SQL Server instance.

To verify SmartAuditor Database is connected

  1. Using a SQL Management tool, open your SQL instance that contains the SmartAuditor Database you installed.
  2. Open the Security permissions of the SmartAuditor Database.
  3. Verify the SmartAuditor Computer Account has access to the database. For example, if the computer hosting the SmartAuditor Server is named SmartAudSrv in the MIS domain, the computer account in your database should be configured as MIS\SmartAudSrv$. This value is configured during the SmartAuditor Database install.

Testing IIS Connectivity

Testing connections to the SmartAuditor Server IIS site by using a Web browser to access the SmartAuditor Broker Web page can help you determine whether problems with communication between SmartAuditor components stem from misconfigured protocol configuration, certification issues, or problems starting SmartAuditor Broker.

To verify IIS connectivity for the SmartAuditor Agent

  1. Log on to the server where the SmartAuditor Agent is installed.
  2. Launch a Web browser and type the following address:
    • For HTTPS: https://servername/SmartAuditorBroker/RecordPolicy.rem?wsdl, where servername is the name of the computer hosting the SmartAuditor Server
    • For HTTP: http://servername/SmartAuditorBroker/RecordPolicy.rem?wsdl, where servername is the name of the computer hosting the SmartAuditor Server
  3. If you are prompted for NT LAN Manager (NTLM) authentication, log on with a domain administrator account.
If you see an XML document within your browser, this verifies that the computer running the SmartAuditor Agent is connected to the computer hosting the SmartAuditor Server using the configure protocol.

To verify IIS connectivity for the SmartAuditor Player

  1. Log on to the workstation where the SmartAuditor Player is installed.
  2. Launch a Web browser and type the following address:
    • For HTTPS: https://servername/SmartAuditorBroker/Player.rem?wsdl, where servername is the name of the computer hosting the SmartAuditor Server
    • For HTTP: http://servername/SmartAuditorBroker/Player.rem?wsdl, where servername is the name of the computer hosting the SmartAuditor Server
  3. If you are prompted for NT LAN Manager (NTLM) authentication, log on with a domain administrator account.
If you see an XML document within your browser, this verifies that the computer running the SmartAuditor Player is connected to the computer hosting the SmartAuditor Server using the configure protocol.

To verify IIS connectivity for the SmartAuditor Policy Console

  1. Log on to the server where the SmartAuditor Policy Console is installed.
  2. Launch a Web browser and type the following address:
    • For HTTPS: https://servername/SmartAuditorBroker/PolicyAdminstration.rem?wsdl, where servername is the name of the computer hosting the SmartAuditor Server
    • For HTTP: http://servername/SmartAuditorBroker/PolicyAdminstration.rem?wsdl, where servername is the name of the computer hosting the SmartAuditor Server
  3. If you are prompted for NT LAN Manager (NTLM) authentication, log on with a domain administrator account.
If you see an XML document within your browser, this verifies that the computer running the SmartAuditor Policy Console is connected to the computer hosting the SmartAuditor Server using the configure protocol.

Troubleshooting Certificate Issues

If you are using HTTPS as your communication protocol, the computer hosting the SmartAuditor Server must be configured with a server certificate. All component connections to the SmartAuditor Server must have root certificate authority (CA). Otherwise, attempted connections between the components fail.

You can test your certificates by accessing the SmartAuditor Broker Web page as you would when testing IIS connectivity. If you are able to access the XML page for each component, the certificates are configured correctly.

Here are some common ways certificate issues cause connections to fail:

  • Invalid or missing certificates. If the server running the SmartAuditor Agent does not have a root certificate to trust the server certificate, cannot trust and connect to the SmartAuditor Server over HTTPS, causing connectivity to fail. Verify that all components trust the server certificate on the SmartAuditor Server.
  • Inconsistent naming. If the server certificate assigned to the computer hosting the SmartAuditor Server is created using a fully qualified domain name (FQDN), then all connecting components must use the FQDN when connecting to the SmartAuditor Server. If a NetBIOS name is used, configure the components with a NetBIOS name for the SmartAuditor Server.
  • Expired certificates. If a server certificate expired, connectivity to the SmartAuditor Server through HTTPS fails. Verify the server certificate assigned to the computer hosting the SmartAuditor Server is valid and has not expired. If the same certificate is used for the digital signing of session recordings, the event log of the computer hosting the SmartAuditor Server provides error messages that the certificate expired or warning messages when it is about to expire.