Product Documentation

Troubleshooting SmartAuditor

May 01, 2015

This troubleshooting information contains solutions to some issues you may encounter during and after installing SmartAuditor components:

  • Components failing to connect to each other
  • Sessions failing to record
  • Problems with viewing sessions or finding recordings

SmartAuditor Agent Cannot Connect

Updated: 2015-05-05

When SmartAuditor Agent cannot connect, the Exception caught while sending poll messages to SmartAuditor Broker event message is logged, followed by the exception text. The exception text provides the reason why the connection failed. These reasons include:

  • The underlying connection was closed. Could not establish a trust relationship for the SSL/TLS secure channel. This exception means that the SmartAuditor Server is using a certificate that is signed by a CA that the server on which the SmartAuditor Agent resides does not trust, or have a CA certificate for. Alternatively, the certificate may have expired or been revoked.

    Resolution: Verify that the correct CA certificate is installed on the server hosting the SmartAuditor Agent or use a CA that is trusted.

  • The remote server returned an error: (403) forbidden. This is a standard HTTPS error displayed when you attempt to connect using HTTP (nonsecure protocol). The computer hosting the SmartAuditor Server rejects the connection because it accepts only secure connections.

    Resolution: Use SmartAuditor Agent Properties to change the SmartAuditor Broker protocol to HTTPS.

The SmartAuditor Broker returned an unknown error while evaluating a record policy query. Error code 5 (Access Denied). See the Event log on the SmartAuditor Server for more details. This error occurs when sessions are started and a request for a record policy evaluation is made. The error is a result of the Authenticated Users group (this is the default member) being removed from the Policy Query role of the SmartAuditor Authorization Console.

Resolution: Add the Authenticated Users group back into this role, or add each server hosting each SmartAuditor Agent to the PolicyQuery role.

The underlying connection was closed. A connection that was expected to be kept alive was closed by the server. This error means that the SmartAuditor Server is down or unavailable to accept requests. This could be due to IIS being offline or restarted, or the entire server may be offline.

Resolution: Verify that the SmartAuditor Server is started, IIS is running on the server, and the server is connected to the network.

SmartAuditor Server Cannot Connect to the SmartAuditor Database

When the SmartAuditor Server cannot connect to the SmartAuditor Database, you may see a message similar to one of the following:

Event Source: Citrix SmartAuditor Storage Manager Description: Exception caught while establishing database connection. This error appears in the applications event log in the Event Viewer of the computer hosting the SmartAuditor Server.

Unable to connect to the SmartAuditor Server. Ensure that the SmartAuditor Server is running. This error message appears when you launch the SmartAuditor Policy Console.

Resolution:
  • The Express Edition of Mircosoft SQL Server 2005 or Microsoft SQL Server 2008 is installed on a stand-alone server and does not have the correct services or settings configured for SmartAuditor. The server must have TCP/IP protocol enabled and SQL Server Browser service running. See the Microsoft documentation for information about enabling these settings.
  • During the SmartAuditor installation (administration portion), incorrect server and database information was given. Uninstall the SmartAuditor Database and reinstall it, supplying the correct information.
  • The SmartAuditor Database Server is down. Verify that the server has connectivity.
  • The computer hosting the SmartAuditor Server or the computer hosting the SmartAuditor Database Server cannot resolve the FQDN or NetBIOS name of the other. Use the ping command to verify the names can be resolved.

Logon failed for user ‘NT_AUTHORITY\ANONYMOUS LOGON’. This error message means that the services are logged on incorrectly as .\administrator.

Resolution: Restart the services as local system user and restart the SQL services.

Sessions are not Recording

If your XenApp sessions are not recording successfully, start by checking the application event log in the Event Viewer on the XenApp server running the SmartAuditor Agent and SmartAuditor Server. This may provide valuable diagnostic information.

If sessions are not recording, these issues might be the cause:

  • Component connectivity and certificates. If the SmartAuditor components cannot communicate with each other, this can cause session recordings to fail. To troubleshoot recording issues, verify that all components are configured correctly to point to the correct computers and that all certificates are valid and correctly installed.
  • Non-Active Directory domain environments. SmartAuditor is designed to run in a Microsoft Active Directory domain environment. If you are not running in an Active Directory environment, you may experience recording issues. Ensure that all SmartAuditor components are running on computers that are members of an Active Directory domain.
  • Session sharing conflicts with the active policy. SmartAuditor matches the active policy with the first published application that a user opens. Subsequent applications opened during the same session continue to follow the policy that is in force for the first application. To prevent session sharing from conflicting with the active policy, publish the conflicting applications on separate XenApp servers or disable session sharing. For instructions about how to disable session sharing, refer to the Citrix Knowledge Center. When disabling session sharing, consider that this can also affect the total number of sessions on a server, clipboard mapping, and session logon time.
  • Recording is not enabled. By default, installing the SmartAuditor Agent on a XenApp server enables the server for recording. Recording will not occur until an active recording policy is configured to allow this.
  • The active recording policy permit recording. For a session to be recorded, the active recording policy must permit the sessions for the user, server, or published application to be recorded.
  • SmartAuditor services are not running. For sessions to be recorded, the SmartAuditor Agent service must be running on the XenApp server and the SmartAuditor Storage Manager service must be running on the computer hosting the SmartAuditor Server.
  • MSMQ is not configured. If MSMQ is not correctly configured on the server running the SmartAuditor Agent and the computer hosting the SmartAuditor Server, recording problems may occur.

Unable to View Live Session Playback

If you experience difficulties when viewing recordings using the SmartAuditor Player, the following error message may appear on the screen:

Download of recorded session file failed. Live session playback is not permitted. The server has been configured to disallow this feature. This error indicates that the server is configured to disallow the action.

Resolution: In the SmartAuditor Server Properties dialog box, choose the Playback tab and select the Allow live session playback check box.

Searching for Recordings in the Player Fails

If you experience difficulties when searching for recordings using the SmartAuditor Player, the following error messages may appear on the screen:

  • Search for recorded session files failed. The remote server name could not be resolved: servername. where servername is the name of the server to which the SmartAuditor Player is attempting to connect. The SmartAuditor Player cannot contact the SmartAuditor Server. Two possible reasons for this are an incorrectly typed server name or the DNS cannot resolve the server name.

    Resolution: From the Player menu bar, choose Tools > Options > Connections and verify that the server name in the SmartAuditor Servers list is correct. If it is correct, from a command prompt, run the ping command to see if the name can be resolved. When the SmartAuditor Server is down or offline, the search for recorded session files failed error message is Unable to contact the remote server.

  • Unable to contact the remote server. This error occurs when the SmartAuditor Server is down or offline.

    Resolution: Verify that the SmartAuditor Server is connected.

  • Access denied error. An access denied error can occur if the user was not given permission to search for and download recorded session files.

    Resolution: Assign the user to the Player role using the SmartAuditor Authorization Console.

  • Search for recorded session files failed. The underlying connection was closed. Could not establish a trust relationship for the SSL/TLS secure channel. This exception is caused by the SmartAuditor Server using a certificate that is signed by a CA that the client device does not trust or have a CA certificate for.

    Resolution: Install the correct or trusted CA certificate workstation where the SmartAuditor Player is installed.

  • The remote server returned an error: (403) forbidden. This error is a standard HTTPS error that occurs when you attempt to connect using HTTP (nonsecure protocol). The server rejects the connection because, by default, it is configured to accept only secure connections.

    Resolution: From the SmartAuditor Player menu bar, choose Tools > Options > Connections. Select the server from the SmartAuditors Servers list, then click Modify. Change the protocol from HTTP to HTTPS.

Troubleshooting MSMQ

If your users see the notification message but the viewer cannot find the recordings after performing a search in the SmartAuditor Player, there could be a problem with MSMQ. Verify that the queue is connected to the SmartAuditor Server (Storage Manager) and use a Web browser to test for connection errors (if you are using HTTP or HTTPS as your MSMQ communication protocol).

To verify that the queue is connected:

  1. Log on to the server hosting the SmartAuditor Agent.
  2. View the outgoing queues.
  3. Verify that the queue to the computer hosting the SmartAuditor Server has a connected state.
    • If the state is “waiting to connect,” there are a number of messages in the queue, and the protocol is HTTP or HTTPS (corresponding to the protocol selected in the Connections tab in the SmartAuditor Agent Properties dialog box), perform Step 4.
    • If state is “connected” and there are no messages in the queue, there may be a problem with the server hosting the SmartAuditor Server. Skip Step 4 and perform Step 5.
  4. If there are a number of messages in the queue, launch a Web browser and type the following address:
    • For HTTPS: https://servername/msmq/private$/CitrixSmAudData, where servername is the name of the computer hosting the SmartAuditor Server
    • For HTTP: http://servername/msmq/private$/CitrixSmAudData, where servername is the name of the computer hosting the SmartAuditor Server

      If the page returns an error such as The server only accepts secure connections, change the MSMQ protocol listed in the SmartAuditor Agent Properties dialog box to HTTPS. Otherwise, if the page reports a problem with the Web site’s security certificate, there may be a problem with a trust relationship for the SSL/TLS secure channel. In that case, install the correct CA certificate or use a CA that is trusted.

  5. If there are no messages in the queue, log on to the computer hosting the SmartAuditor Server and view private queues. Select citrixsmauddata. If there are a number of messages in the queue (Number of Messages Column), verify that the SmartAuditor StorageManager service is started. If it is not, restart the service.