This troubleshooting information contains solutions to some issues you might encounter during and after installing Session Recording components:
When Session Recording Agent cannot connect, the Exception caught while sending poll messages to Session Recording Broker event message is logged, followed by the exception text. The exception text provides the reason why the connection failed. These reasons include:
The underlying connection was closed. Could not establish a trust relationship for the SSL/TLS secure channel. This exception means that the Session Recording Server is using a certificate that is signed by a CA that the server on which the Session Recording Agent resides does not trust, or have a CA certificate for. Alternatively, the certificate may have expired or been revoked.
Resolution: Verify that the correct CA certificate is installed on the server hosting the Session Recording Agent or use a CA that is trusted.
The remote server returned an error: (403) forbidden. This is a standard HTTPS error displayed when you attempt to connect using HTTP (nonsecure protocol). The computer hosting the Session Recording Server rejects the connection because it accepts only secure connections.
Resolution: Use Session Recording Agent Properties to change the Session Recording Broker protocol to HTTPS.
The Session Recording Broker returned an unknown error while evaluating a record policy query. Error code 5 (Access Denied). See the Event log on the Session Recording Server for more details. This error occurs when sessions are started and a request for a record policy evaluation is made. The error is a result of the Authenticated Users group (this is the default member) being removed from the Policy Query role of the Session Recording Authorization Console.
Resolution: Add the Authenticated Users group back into this role, or add each server hosting each Session Recording Agent to the PolicyQuery role.
The underlying connection was closed. A connection that was expected to be kept alive was closed by the server. This error means that the Session Recording Server is down or unavailable to accept requests. This could be due to IIS being offline or restarted, or the entire server may be offline.
Resolution: Verify that the Session Recording Server is started, IIS is running on the server, and the server is connected to the network.
The installation of the Session Recording Server components fails with error codes 2503 and 2502.
Check the access control list (ACL) of folder C:\windows\Temp to ensure the Local Users and Groups have write permission for this folder. If not, manually add write permission.
If your application sessions are not recording successfully, start by checking the application event log in the Event Viewer on the Server OS machine running the Session Recording Agent and Session Recording Server. This may provide valuable diagnostic information.
If sessions are not recording, these issues might be the cause:
- Component connectivity and certificates. If the Session Recording components cannot communicate with each other, this can cause session recordings to fail. To troubleshoot recording issues, verify that all components are configured correctly to point to the correct computers and that all certificates are valid and correctly installed.
- Non-Active Directory domain environments. Session Recording is designed to run in a Microsoft Active Directory domain environment. If you are not running in an Active Directory environment, you may experience recording issues. Ensure that all Session Recording components are running on computers that are members of an Active Directory domain.
- Session sharing conflicts with the active policy. Session Recording matches the active policy with the first published application that a user opens. Subsequent applications opened during the same session continue to follow the policy that is in force for the first application. To prevent session sharing from conflicting with the active policy, publish the conflicting applications on separate Server OS machines.
- Recording is not enabled. By default, installing the Session Recording Agent on a Server OS machine enables the server for recording. Recording will not occur until an active recording policy is configured to allow this.
- The active recording policy does not permit recording. For a session to be recorded, the active recording policy must permit the sessions for the user, server, or published application to be recorded.
- Session Recording services are not running. For sessions to be recorded, the Session Recording Agent service must be running on the Server OS machine and the Session Recording Storage Manager service must be running on the computer hosting the Session Recording Server.
- MSMQ is not configured. If MSMQ is not correctly configured on the server running the Session Recording Agent and the computer hosting the Session Recording Server, recording problems may occur.
If you experience difficulties when viewing recordings using the Session Recording Player, the following error message may appear on the screen:
Download of recorded session file failed. Live session playback is not permitted. The server has been configured to disallow this feature. This error indicates that the server is configured to disallow the action.
Resolution: In the Session Recording Server Properties dialog box, choose the Playback tab and select the Allow live session playback check box.
- When recordings are becoming corrupted or incomplete when viewing them using the Session Recording Player, you might also see warnings in the Event logs on the Session Recording Agent.
Event Source: Citrix Session Recording Storage Manager
Description: Data lost while recording file <icl file name>
This usually happens when Machine Creation Services (MCS) or Provisioning Services is used to create VDAs with a configured master image and Microsoft Message Queuing (MSMQ) installed. In this condition the VDAs have the same QMIds for MSMQ.
Resolution: Create the unique QMId for each VDA. A workaround is introduced in Known Issues.
- Session Recording Player might report an internal error with this message - "The file being played has reported that an internal system error (error code: 9) occurred during its original recording. The file can still be played up to the point that the recording error occurred" when playing back a certain recording file.
This is usually caused by insufficient Session Recording Agent buffer size when recording graphic insensitive sessions.
Resolution: Change registry value of HKLM\SOFTWARE\Citrix\SmartAuditor\SmAudBufferSizeMB to a higher one in the Session Recording Agent, and then restart the machine.
When you install Session Recording Database or Session Recording Server, the test connection fails with the error message Database connection test failed. Please correct Database instance name even if the database instance name is correct.
Resolution: Make sure the current user has the public SQL Server role permission to correct the permission limitation failure.
In Windows Server 2008 R2 SP1, before you install the Administrator Logging feature, first install .Net Framework 3.5 Features > WCF Activation > HTTP Activation, and then install .Net Framework 4.5 or a later version. Ensure you don't install these two requirements in reverse order. If you do, Administrator Logging might not work as expected. You might experience operation blocking when trying to change Session Recording configurations with the Server Properties Console or update Session Recording policies with Policy Console with mandatory logging enabled.
To resolve this:
- Open the Internet Information Services (IIS) Manager and navigate to the Application Pools node.
- Right click SessionRecordingLoggingAppPool and open the Basic Settings dialog.
- Change the .NET Framework version to .NET Framework v4.0.