Product Documentation

Verify component connections

Sep 23, 2016

During the setup of Session Recording, the components may not connect to other components. All the components communicate with the Session Recording Server (Broker). By default, the Broker (an IIS component) is secured using the IIS default Web site certificate. If one component cannot connect to the Session Recording Server, the other components may also fail when attempting to connect.

The Session Recording Agent and Session Recording Server (Storage Manager and Broker) log connection errors in the applications event log in the Event Viewer of the computer hosting the Session Recording Server, while the Session Recording Policy Console and Session Recording Player display connection error messages on screen when they fail to connect.

Verify Session Recording Agent is connected

  1. Log on to the server where the Session Recording Agent is installed.
  2. From the Start menu, choose Session Recording Agent Properties.
  3. In Session Recording Server Properties, click Connection.
  4. Verify that the value for Session Recording Server is the correct server name of the computer hosting the Session Recording Server.
  5. Verify that the server given as the value for Session Recording Server can be contacted by the Server OS machine.
Note: Check the application event log for errors and warnings.

Verify Session Recording Server is connected

Caution: Using Registry Editor can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
  1. Log on to the computer hosting the Session Recording Server.
  2. Open the Registry Editor.
  3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.
  4. Verify the value of SmAudDatabaseInstance correctly references the Session Recording Database you installed in your SQL Server instance.

Verify Session Recording Database is connected

  1. Using a SQL Management tool, open your SQL instance that contains the Session Recording Database you installed.
  2. Open the Security permissions of the Session Recording Database.
  3. Verify the Session Recording Computer Account has access to the database. For example, if the computer hosting the Session Recording Server is named SsRecSrv in the MIS domain, the computer account in your database should be configured as MIS\SsRecSrv$. This value is configured during the Session Recording Database installation.

Test IIS connectivity

Testing connections to the Session Recording Server IIS site by using a Web browser to access the Session Recording Broker Web page can help you determine whether problems with communication between Session Recording components stem from misconfigured protocol configuration, certification issues, or problems starting Session Recording Broker.

To verify IIS connectivity for the Session Recording Agent

  1. Log on to the server where the Session Recording Agent is installed.
  2. Launch a Web browser and type the following address:
    • For HTTPS: https://servername/SessionRecordingBroker/RecordPolicy.rem?wsdl, where servername is the name of the computer hosting the Session Recording Server
    • For HTTP: http://servername/SessionRecordingBroker/RecordPolicy.rem?wsdl, where servername is the name of the computer hosting the Session Recording Server
  3. If you are prompted for NT LAN Manager (NTLM) authentication, log on with a domain administrator account.
If you see an XML document within your browser, this verifies that the computer running the Session Recording Agent is connected to the computer hosting the Session Recording Server using the configure protocol.

To verify IIS connectivity for the Session Recording Player

  1. Log on to the workstation where the Session Recording Player is installed.
  2. Launch a Web browser and type the following address:
    • For HTTPS: https://servername/SessionRecordingBroker/Player.rem?wsdl, where servername is the name of the computer hosting the Session Recording Server
    • For HTTP: http://servername/SessionRecordingBroker/Player.rem?wsdl, where servername is the name of the computer hosting the Session Recording Server
  3. If you are prompted for NT LAN Manager (NTLM) authentication, log on with a domain administrator account.
If you see an XML document within your browser, this verifies that the computer running the Session Recording Player is connected to the computer hosting the Session Recording Server using the configure protocol.

To verify IIS connectivity for the Session Recording Policy Console

  1. Log on to the server where the Session Recording Policy Console is installed.
  2. Launch a Web browser and type the following address:
    • For HTTPS: https://servername/SessionRecordingBroker/PolicyAdministration.rem?wsdl, where servername is the name of the computer hosting the Session Recording Server
    • For HTTP: http://servername/SessionRecordingBroker/PolicyAdministration.rem?wsdl, where servername is the name of the computer hosting the Session Recording Server 
  3. If you are prompted for NT LAN Manager (NTLM) authentication, log on with a domain administrator account.
If you see an XML document within your browser, this verifies that the computer running the Session Recording Policy Console is connected to the computer hosting the Session Recording Server using the configure protocol.

Troubleshoot certificate issues

If you are using HTTPS as your communication protocol, the computer hosting the Session Recording Server must be configured with a server certificate. All component connections to the Session Recording Server must have root certificate authority (CA). Otherwise, attempted connections between the components fail.

You can test your certificates by accessing the Session Recording Broker Web page as you would when testing IIS connectivity. If you are able to access the XML page for each component, the certificates are configured correctly.

Here are some common ways certificate issues cause connections to fail:

  • Invalid or missing certificates. If the server running the Session Recording Agent does not have a root certificate to trust the server certificate, cannot trust and connect to the Session Recording Server over HTTPS, causing connectivity to fail. Verify that all components trust the server certificate on the Session Recording Server.
  • Inconsistent naming. If the server certificate assigned to the computer hosting the Session Recording Server is created using a fully qualified domain name (FQDN), then all connecting components must use the FQDN when connecting to the Session Recording Server. If a NetBIOS name is used, configure the components with a NetBIOS name for the Session Recording Server.
  • Expired certificates. If a server certificate expired, connectivity to the Session Recording Server through HTTPS fails. Verify the server certificate assigned to the computer hosting the Session Recording Server is valid and has not expired. If the same certificate is used for the digital signing of session recordings, the event log of the computer hosting the Session Recording Server provides error messages that the certificate expired or warning messages when it is about to expire.