Navigation
This article applies to Session Recording 2407, 2203 LTSR CU5, and 1912 LTSR CU9.
- Change Log
- Planning
- Session Recording Versions
- Upgrade
- Server Installs:
- Session Recording Server Configuration
- Session Recording Agent
- Session Recording Web Player
- Session Recording Player
- Director Integration
- Dynamic Session Recording
💡 = Recently Updated
Change Log
- 2024 Aug 4 – updated entire article for version 2407 – new Printing Event detection
- 2024 June 4 – updated Versions for version 2203 LTSR CU5
- 2023 Jan 26 – Security Vulnerability
- Agent Configuration – fast seek
- Recording Policies – record audio and/or enable lossy recording
- 2022 July 9 – updated Versions section with 7.15.9000
- 2021 Sep 28 – Policies renamed in 2109 – Event Detection Policies, Event Response Policies
- 2021 Jan 29 – Load Balancing – added link to Configure load balancing in an existing deployment
- 2020 Dec 15 – updated entire article for version 2012
- Event Logging – clipboard logging
- Email Alert Policies – notifications of session events
- 2020 Sep 30 – new Email Alert Policies section.
Planning
Citrix links:
- Citrix Docs – Session Recording
- Citrix CTX200868 – Configuring Security Features of Session Recording
- Citrix CTX200869 – Building a Highly Scalable Session Recording System
Licensing – Citrix Virtual Apps and Desktops Premium Edition licensing is required.
Farms – There is no relation between Session Recording farms and Citrix Virtual Apps and Desktops farms. You can have Agents from multiple Citrix Virtual Apps and Desktops farms recording to a common Session Recording server. Or you can split a Citrix Virtual Apps and Desktops farm so that different Agents point to different Session Recording servers.
- Load balancing – Session Recording 7.14 and newer can be load balanced. Build two Session Recording servers pointing to the same SQL database. Configure both of them to store recordings on the same UNC path. More details at Configure Session Recording with load balancing at Citrix Docs.
- Note: Load Balancing was removed from Session Recording 7.15 LTSR. In Session Recording 7.16 and newer, Load Balancing is fully supported.
- Scaling – To scale Session Recording to 20,000 users, see Hal Lange and Ryan Revord at Scaling and Load Balancing Session Recording at CUGC.
Disk space – The Session Recording server will need a hard drive to store the recordings. Disk access is primarily writes. You can also store recordings on a UNC path (this is required if load balancing).
Offloaded content (e.g. Teams, Browser Content Redirection) is not recorded.
Certificate – Session Recording server needs a certificate. The certificate must be trusted by Agents and Players. Internal Certificate Authority recommended.
- If load balancing, on the Citrix ADC, install a certificate that matches the load balanced name.
- On each Session Recording server, install a certificate that matches the Session Recording server name.
SQL:
- Supported Versions = SQL 2008 R2 Service Pack 3 through SQL 2019. See Citrix Docs for the list.
- Azure SQL Database is supported as detailed at Citrix Docs.
- The SQL database is very small.
- The database name defaults to CitrixSessionRecording and can be changed.
- A separate database is created for CitrixSessionRecordingLogging.
- Temporary sysadmin (or dbcreator and securityadmin) permissions are needed to create the database, and sysadmin can be revoked after installation.
- SQL Browser Service must be running.
- SQL Server High Availability (AlwaysOn Availability Groups, Clustering, Mirroring) is supported. See Install Session Recording with database high availability at Citrix Docs. And see Citrix Blog Post Session Recording 7.13 – New HA and Database Options
Session Recording Versions
Session Recording is located on the Citrix Virtual Apps and Desktops (CVAD) or XenApp/XenDesktop ISO.
Session Recording security vulnerability fixed in version 2311, version 2203 LTSR CU4, and version 1912 LTSR CU9 and later.
The most recent Current Release version of Session Recording is 2407.
For LTSR versions of Citrix Virtual Apps and Desktops (CVAD), deploy the version of Session Recording that came with your version of CVAD. The installation instructions for Session Recording 2311, Session Recording 2203, Session Recording 1912 and Session Recording 7.15 are essentially the same.
- For Citrix Virtual Apps and Desktops (CVAD) 2402 LTSR, deploy Session Recording 2402 LTSR from the CVAD 2402 LTSR ISO.
- For Citrix Virtual Apps and Desktops (CVAD) 2203 LTSR, deploy Session Recording 2203 LTSR CU5 from the CVAD 2203 LTSR CU5 ISO.
- For Citrix Virtual Apps and Desktops (CVAD) 1912 LTSR, deploy Session Recording 1912 LTSR CU9 from the CVAD 1912 CU9 ISO.
Session Recording Server Upgrade
You can upgrade from Session Recording 7.6 and newer.
- If this is a new installation, skip to Install.
- Session Recording 2203 and newer do not support Windows Server 2012 R2.
- Go to the downloaded Citrix Virtual Apps and Desktops (CVAD) ISO and run AutoSelect.exe.
- On the bottom right, click the Session Recording box.
- In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
- In the Summary page, click Upgrade.
- Click OK to acknowledge that the upgrade cannot be cancelled.
- The machine will probably require a restart.
- After the reboot, and after logging in again, you might see a Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window. Don’t click anything yet.
- Go to the Citrix_Virtual_Apps_and_Desktops_7_2407_LTSR.iso file and mount it.
- Go back to the Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window.
- On the left, expand This PC, and click the DVD Drive.
- Click Select Folder.
- After the reboot, and after logging in again, you might see a Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window. Don’t click anything yet.
- In the Finish page, click Finish.
- Also upgrade Broker_PowerShellSnapIn_x64.msi from \x64\Citrix Desktop Delivery Controller on the CVAD ISO.
- Upgrade the Session Recording Agents.
Session Recording Server New Installs
Install
- Session Recording 2203 and newer no longer support Windows Server 2012.
- Go to the downloaded Citrix Virtual Apps and Desktops (CVAD) ISO and run AutoSelect.exe.
- On the bottom right, click the Session Recording box.
- In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
- In the Core Components page, uncheck the box next to Session Recording Player. The Player is typically installed on physical workstations, but not on the Session Recording server. Click Next.
- In the Features page, on the first Session Recording server, install everything.
- In the Database and Server page, fill out the fields. Enter the SQL server name. Azure SQL Database is supported as detailed at Citrix Docs. Enter the database name. Click Test connection. Each load balanced Session Recording server must point to the same database.
- Session Recording 2402 and newer automatically assign the local machine’s computer account as db_owner to the new database. In older Session Recording, enter the domain\computer_account$ for the Session Recording server. Click Next.
- In the Administrator Logging Configuration page, enter the name of the SQL database, click Test connection, and then click Next.
- In the Summary page, click Install.
- The installer might require a restart. Let it restart, and login again.
- After the reboot, and after logging in again, you might see a Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window. Don’t click anything yet.
- Go to the Citrix_Virtual_Apps_and_Desktops_7_2407_LTSR.iso file and mount it.
- Go back to the Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window.
- On the left, expand This PC, and click the DVD Drive.
- Click Select Folder.
- After the reboot, and after logging in again, you might see a Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window. Don’t click anything yet.
- In the Finish page, click Finish.
Antivirus Exclusions
See Endpoint Security and Antivirus Best Practices at Citrix Tech Zone
IIS Certificate
- Use MMC Certificates snap-in (certlm.msc), or IIS, or similar, to request a machine certificate.
- In IIS Manager, right-click the Default Web Site, and click Edit Bindings.
- On the right, click Add.
- Change the Type to https.
- Select the certificate, and click OK.
Session Recording Server Configuration
- From Start Menu, run Session Recording Server Properties.
- In the Storage tab, specify a path that has disk space to hold the recordings. UNC is supported. If load balancing, UNC is required. Azure Files is an option in Session Recording 2103 and newer.
- When using a UNC path, all Session Recording servers (AD computer objects) need modify access.
- The share must have a subfolder. The recordings will be saved to the subfolder.
- In the Session Recording Server Properties tool, add the UNC path with subdirectory to the Storage tab.
- When using a UNC path, all Session Recording servers (AD computer objects) need modify access.
- In the Signing page, select (Browse) a certificate to sign the recordings.
- In the Playback tab, notice that Session Recording files are encrypted before transmit. Also, it’s possible to view live sessions but live sessions are not encrypted.
- In the Notifications tab, you can change the message displayed to users before recording begins. Session Recording 2311 and newer have an option to Allow end user to deny recording of their session.
- The CEIP tab lets you enable or disable the Customer Experience Improvement Program.
- See https://www.carlstalhood.com/delivery-controller-cr-and-licensing/#ceip for additional places where CEIP is enabled.
- The Logging tab lets you configure Logging.
- The RBAC tab lets you enable Recording Viewing Policies.
- The Email tab is for Email Alert Policies.
- Session Recording 2206 adds the Report tab, which lets you schedule weekly reports with statistics on screen recordings: Total size of all recordings; Storage Usage per day; and number of sessions recorded per day. Session Recording 2311 can Send event response reports by email.
- The Cloud DB tab lets you store the Recording database in Azure SQL.
- Web Player tab lets you hide recordings in Web Player unless the user received a URL in an Email Alert Policy.
- When you click OK, you’ll be prompted to restart the service.
- Session Recording relies on Message Queuing. In busy environments, it might be necessary to increase the Message Queuing storage limits. See CTX209252 Error: “Data lost while recording file…” on Citrix SmartAuditor.
David Ott Session Recording Cleanup Script: You may notice that the session recording entries/files don’t go away on their own. Here is how to clean them up. Just create a scheduled task to run the code below once per day (as system – elevated). See David’s blog post for details.
C:\Program Files\Citrix\SessionRecording\Server\Bin\icldb.exe remove /RETENTION:7 /DELETEFILES /F /S /L
Session Recording 2303 and newer support the RELOCATE parameter to the IMPORT command and the FILTER parameter to the ARCHIVE and REMOVE commands of the ICLDB utility. See CTX134777 How To Remove Old Session Recording Files From File Server And Database and Citrix Docs Manage Recordings.
Load Balancing
Note: Session Recording load balancing was removed from 7.15 LTSR but added back in 7.16 and newer.
- In SQL Server Management Studio, make sure each load balanced Session Recording server (AD computer account) is granted db_owner role in the Session Recording databases.
- On each Session Recording server, open regedit.
- Navigate to HKLM\Software\Citrix\SmartAuditor\Server.
- Create a new DWORD value named EnableLB and set it to 1. Repeat on both Session Recording servers.
- Configure Citrix ADC load balancing as detailed at Citrix Docs. Load balance ports 80, 1801, 22334, and 443.
- The 443 vServer Load Balancing Method should be set to LEASTBANDWIDTH (or LEASTPACKETS).
- The 22334 vServer needs WebSockets enabled in an HTTP profile.
- The 443 vServer Load Balancing Method should be set to LEASTBANDWIDTH (or LEASTPACKETS).
- Create a DNS host record that resolves to the Load Balancing VIP and matches the certificate bound to the vServer.
- Go to C:\Windows\System32\msmq\Mapping and edit the file sample_map.xml.
- Follow the instructions at Configure Session Recording with load balancing at Citrix Docs. Each Session Recording server has a unique configuration for this file since the <to> element points to the local server name.
- When saving the file, you might have to save it to a writable folder, and then move it to C:\Windows\System32\msmq\Mapping.
- Then restart the Message Queuing service on each Session Recording server.
- C:\Program Files\Citrix\SessionRecording\Scripts\SrServerConfigurationSync.ps1 can export configurations from this Server registry and import the registry to the other Session Recording Server registries. You can also use the SrServerConfigurationSync.ps1 script to add redirection mapping for message queuing. See Citrix Docs for details.
Authorization
Authorization is configured separately on each load balanced Session Recording server.
- From the Start Menu, run Session Recording Authorization Console.
- Right-click the PolicyAdministrator role, expand Assign Users and Groups, click From Windows and Active Directory and then add your Citrix Admins group.
- If you use Director to configure Session Recording, add the Director users to the PolicyAdministrator role.
- In the Player role, add users that can view the recordings.
- By default, nobody can see the Administration Log. Add auditing users to the LoggingReader role.
- Repeat the authorization configuration on additional load balanced Session Recording servers.
- In Session Recording 2009 and newer, if you open WebPlayer (https://SRFQDN/WebPlayer), you can see the Administrator Logging. Only members of the LoggingReader role can see the data.
- In older versions of Session Recording, opens the webpage https://SR01.corp.local/SessionRecordingLoggingWebApplication/. Only members of the LoggingReader role can see the data.
- In older versions of Session Recording, opens the webpage https://SR01.corp.local/SessionRecordingLoggingWebApplication/. Only members of the LoggingReader role can see the data.
Recording Policies
- Recording Policies can be configured to apply only specific Delivery Groups. To enumerate the Delivery Groups, on your Session Recording server, install Broker_PowerShellSnapIn_x64.msi, which is located under \x64\Citrix Desktop Delivery Controller on the CVAD ISO (e.g., CVAD 2402).
- You’ll need to update this snap-in whenever you update CVAD.
- You’ll need to update this snap-in whenever you update CVAD.
- From the Start Menu, run Session Recording Policy Console.
- Enter the hostname of the Session Recording server, and click OK.
- Under Recording Policies, only one policy can be enabled at a time. By default, no recording occurs. To enable recording, right-click one of the built-in policies and click Activate Policy. Session Recording 2308 and newer have built-in policies to record audio.
- Or you can create your own policy by right-clicking Recording Policies and clicking Add New Policy.
- After the policy is created, right-click it, and click Add Rule.
- Decide if you want notification or not. Decide if you want to record only events. Session Recording 2308 and newer have options to record audio and/or lossy screen recording. Session Recording 2311 and newer let you Hide specific applications during screen recording. Click Next.
- Event only recording is available in Session Recording 2106 and newer. In the Web Player, it looks something like this:
- Session Recording 2109 adds statistics to the Web Player. See View graphical event statistics at Citrix Docs.
- Click OK to acknowledge this message.
- Choose the rule criteria. You can select more than one. Session Recording has an IP Address or IP Range rule.
- Then click the links on the bottom specify the groups, applications, servers, and/or IP range for the rule.
- Session Recording 2402 and newer have a Filter option where you can enter SmartAccess tags.
- Click Next.
- Give the rule a name and click Finish.
- Continue adding rules.
- When done creating rules, right-click the policy, and click Activate Policy.
- You can also rename the policy you created.
Recording Viewing Policies
Session Recording 1906 and newer support creating policies to limit whose recordings a viewer can see.
- On Session Recording servers 1909 and newer, open Session Recording Server Properties, switch to the tab named RBAC, and check the box next to Allow to configure recording viewing policies.
- When you re-open the Citrix Session Recording Policy Console, you’ll see a new node named Recording Viewing Policies.
- Right-click Recording Viewing Policies and click Add New Policy.
- Right-click the new policy and click Add Rule.
- In the Rules Wizard, specify a user group that can view recordings, specify user groups whose recordings can be viewed, and then click Next.
- Make sure the “view recordings” group is also added to the Player role in the Authorization Console.
- Make sure the “view recordings” group is also added to the Player role in the Authorization Console.
- Click Finish to close the wizard.
- You can right-click the Viewing Policy to rename it.
- Recording Viewing Policies do not need to be activated.
- You can create more than one Recording Viewing Policy.
Event Response Policies
Session Recording 2009 and newer support creating policies to send emails when a user’s session starts. Session Recording 2012 and newer can send email notifications when an event occurs. Session Recording 2109 and newer can trigger session recording after events occur.
- On Session Recording servers 2009 and newer, open Session Recording Server Properties, switch to the tab named Email, and complete the fields. Make sure you check the box to Allow sending email notifications.
- In Citrix Session Recording Policy Console, right-click Event Response Policies and click Add New Policy.
- Right-click the new policy and click Add Rule.
- In the Rules Wizard, check the desired boxes.
- For “event triggers”, click the button labelled Configure Event Triggers and select the events you want a response for. Session Recording 2203 and newer have more options for Event type.
- On the far right, check boxes if you want Send email, Start screen recording, or both. Session Recording 2206 adds Log off session, Disconnect session, and Lock session.
- For “event triggers”, click the button labelled Configure Event Triggers and select the events you want a response for. Session Recording 2203 and newer have more options for Event type.
- In Step 1-2, enter Email recipients and Time span for dynamic screen recording. Click Next.
- In Step 2, enter criteria for when this rule should trigger, and then click Next.
- In Step 4, you can name the rule. Click Finish to close the wizard.
- You can right-click the Event Response Policy to rename it.
- Then Activate the new policy. Only one policy can be activated.
- The email notification looks something like this. Notice that the Playback URL is not a FQDN.
- To fix it, go to HKLM\Software\Citrix\SmartAuditor\Server and configure the LinkHost value.
- To fix it, go to HKLM\Software\Citrix\SmartAuditor\Server and configure the LinkHost value.
Session Recording Agent
Agent Installation
Install the Agent on the VDAs. Platinum Licensing is required.
- Session Recording 2203 and newer no longer support Windows Server 2012.
- On the Master VDA, go to the downloaded Citrix Virtual Apps and Desktops (CVAD) ISO, and run AutoSelect.exe.
- On the bottom right, click the Session Recording box.
- In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
- In the Core Components page, uncheck everything except Session Recording Agent. Click Next.
- In the Agent page, enter the FQDN of the Session Recording server (or load balanced FQDN), click Test connection, and click Next.
- In the Summary page, click Install.
- In the Finish page, click Finish.
- Agent Installation can also be automated. See Automating installations at Citrix Docs.
- For antivirus exclusions, see Endpoint Security and Antivirus Best Practices at Citrix Tech Zone
Agent Configuration
- In the Agent’s Start Menu is Session Recording Agent Properties.
- You can enable or disable session recording on this Agent.
- For Custom event recording, notice the option for third party applications like Intelligent Session Recording (ISR) Nanobot for regulatory compliance from automai that prevents sensitive fields (e.g., Social Security Numbers and Credit Card numbers) from being captured. (h/t CTP Shane Kleinert)
- Compressed recording: Session Recording 2303 and newer let you compress parts of recordings that are not already H.264 compressed.
- Session Recording 2308 and newer, on the Player tab, support fast seeking.
- In Web Player, at Configuration > Preferences, make sure Enable fast seeking is checked.
- In Web Player, at Configuration > Preferences, make sure Enable fast seeking is checked.
- For MCS and PVS VDAs, see the GenRandomQMID.ps1 script at Install, upgrade, and uninstall Session Recording at Citrix Docs.
- Session Recording Agent might cause MCS Image Prep to fail. To work around this, set the Citrix Session Recording Agent service to Automatic (Delayed Start). Source = Todd Dunwoodie at Session Recording causes Image preparation finalization Failed error at Citrix Discussions.
Event Detection Policies
Session Recording can automatically mark events in recordings when certain actions occur inside the session. An example event is when USB client drives are connected. Newer versions of Session Recording can record more events than older versions of Session Recording.
The Citrix Session Recording Policy Console has a node named Event Detection Policies. Just like Recording Policies, you can add an Event Detection Policy, add a rule to the policy, and then activate the policy. Event Detection is disabled by default.
- Details at Configure event detection policies at Citrix Docs and Citrix Blog Post Session Recording 1903 available for Citrix Virtual Apps and Desktops.
- Session Recording 2407 and newer can Log printing activities. It’s at the bottom of the list.
- Session Recording 2203 and newer can Log popup windows events. Notice the scroll bar on the far right. Popup windows in web browsers are not monitored.
- Session Recording 2109 and newer can log registry modifications.
- Session Recording 2012 and newer can log clipboard activities.
- After adding rules to an Event Detection Policy, make sure you Activate Policy.
In older versions of Session Recording, you enable Event recording by modifying the registry of each Session Recording Agent:
- Configure the following registry values at HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\SessionEvents on the Session Recording Agent machine:
- EnableAppLaunchEvents (DWORD) = 1
- EnableCDMUSBDriveEvents (DWORD) = 1
- EnableFileOperationMonitorEvents (DWORD) = 1
- EnableGenericUSBDriveEvents (DWORD) = 1
- EnableSessionEvents (DWORD) = 1
- Session Recording 7.18 and newer can mark recording events when specific processes are launched. This feature is disabled by default. To enable, set EnableAppLaunchEvents at the same key. And put the list of processes in AppMonitorList. More details at Log application starts at Citrix Docs and Citrix Blog Post Session Recording 1808 Product Update – Log application activities and more!.
- EnableAppLaunchEvents (DWORD) = 1
- AppMonitorList (REG_MULTISZ) = list of process names
- Session Recording 1811 and later can mark recording events when files in a folder are renamed, created, deleted, and moved. Add the path strings of target folders into the FileOperationMonitorList registry value. More details at Citrix Blog Post Session Recording 1811 is here for Citrix Virtual Apps and Desktops.
When you later playback the recording, the events are shown on the bottom left.
- Or you can perform an Advanced Search for recordings with specific event types.
Session Recording Web Player
Session Recording 1912 and newer include a Web Player.
Web Player has some features that the standard Player does not.
- Web Player 2003 can record idle events and highlight idle periods.
- You can leave comments and set the comment severities
- You can share URLs of recordings
Web Player is enabled by default in Session Recording 2003 and newer. To enable it in Session Recording 1912:
- Go to C:\Program Files\Citrix\SessionRecording\Server\Bin, right-click TestPolicyAdmin.exe and click Copy as path.
- Open Command Prompt as administrator, paste the path, add “-enablewebplayer” to the end, and press Enter.
Bind a certificate to the Web Player:
- After upgrading to Session Recording 2103 or newer, check HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server\WebSocketServerVersion.
- If it is set to 1.0, then we can change it to IIS instead of Python by running
"C:\Program Files\Citrix\SessionRecording\Server\Bin\SsRecUtils.exe" -enablestreamingservice
.
- The registry value then changes to 2.0.
- If it is set to 1.0, then we can change it to IIS instead of Python by running
- In IIS Manager, edit the bindings for the Default Web Site and ensure there’s an https binding.
- Go back to C:\Program Files\Citrix\SessionRecording\Server\Bin and edit the file SsRecWebSocketServer.config (2003 and newer) or SsRecWebSocketServer.exe.config (1912 and older).
- In line 3, set TLSEnable to 1.
- If your Session Recording is 2103 and later and hosts the WebSocket server in IIS (i.e.WebSocketServerVersion = 2.0)
- In Administrator Command Prompt, run the following command.
"C:\Program Files\Citrix\SessionRecording\Server\Bin\SsRecUtils.exe" -stopwebsocketserver
- From any machine, launch a browser and point it to https://myrecordingserver.corp.com/WebPlayer or something like that. Internet Explorer is not supported.
- Skip the rest of this section.
- In Administrator Command Prompt, run the following command.
- For Session Recording 2012 and older, or if your WebSocketServer is not integrated with IIS, continue the steps in this section.
- You need the Session Recording certificate in PEM format. One option is to use the openssl commands listed at Citrix Docs. Or you can use an ADC appliance’s Import PKCS#12 feature to convert PFX to PEM.
- Make sure you don’t encrypt the private key (don’t select Encoding Format).
- After conversion (aka import), go to Traffic Management > SSL > SSL Files, switch to the tab named Certificates, and download the .pem file.
- Put the unencrypted .pem file somewhere on the Session Recording server.
- In the SsRecWebSocketServer.config file, set line 11 and line 13 to the full path to the .pem file.
- In Administrator Command Prompt, run the following command:
"C:\Program Files\Citrix\SessionRecording\Server\Bin\SsRecUtils.exe" -stopwebsocketserver
- The Web Player WebSockets listens on port 22334 by default. Open the port on the firewall.
- Create an Inbound Rule. You can either create a Program rule, or a Port rule.
- The program path is %ProgramFiles%\Citrix\SessionRecording\Server\Bin\SsRecWebSocketServer.exe.
- Create an Inbound Rule. You can either create a Program rule, or a Port rule.
- From any machine, launch a browser and point it to https://myrecordingserver.corp.com/WebPlayer or something like that. Internet Explorer is not supported.
- Web Player lets you share recordings as links. These links can be Restricted, or in Session Recording 2305 or newer can be Unrestricted. More details at Citrix Docs.
Session Recording Player
Install the Player on any Windows 7 through Windows 10 desktop machine. 32-bit color depth is required. Because of the graphics requirements, don’t run the Player as a published application.
- Go to the downloaded Citrix Virtual Apps and Desktops (CVAD) ISO and run AutoSelect.exe.
- On the bottom right, click the Session Recording box.
- In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
- In the Core Components page, uncheck everything except Session Recording Player. Click Next.
- In the Summary page, click Install.
- The installer might require a restart. Let it restart, and login again.
- After the reboot, and after logging in again, you might see a Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window. Don’t click anything yet.
- Go to the Citrix_Virtual_Apps_and_Desktops_7_2407_LTSR.iso file and mount it.
- Go back to the Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window.
- On the left, expand This PC, and click the DVD Drive.
- Click Select Folder.
- After the reboot, and after logging in again, you might see a Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window. Don’t click anything yet.
- In the Finish page, click Finish.
- From the Start Menu, run the Session Recording Player.
- Open the Tools menu and click Options.
- On the Connections tab, click Add.
- Enter the FQDN of the Session Recording server (or load balanced FQDN).
- On the Cache tab you can adjust the client-side cache size. Click OK.
- Use the Search box to find recordings.
- Or you can go to Tools > Advanced Search.
- Once you find a recording, double-click it to play it.
- If you see a message about Citrix Client version incompatibility, see CTX206145 Error: “The Session Recording Player Cannot Play Back This File” to edit the Player’s SsRecPlayer.exe.config file to accept the newer version. Note: Session Recording 2012 no longer complains about this.
- To skip spaces where no action occurred, open the Play menu, and click Fast Review Mode.
- You can add bookmarks by right-clicking in the viewer pane. Then you can skip to a bookmark by clicking the bookmark in the Events and Bookmarks pane.
Director Integration
- On the Director server, run command prompt elevated (as Administrator).
- Run
C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /configsessionrecording
- Enter the Session Recording FQDN (or load balanced FQDN) when prompted.
- Enter 1 for HTTPS.
- Enter 443 as the port.
- In Director, when you view users or machines, you can change the Session Recording policy. These policy changes don’t apply until a new session is launched.
- If the Session Recording menu says N/A, then the Director user needs to be authorized in the Session Recording Authorization Console.
- If you use Director to enable or disable recording for a user or machine, rules are added to the active policy on the Session Recording server. They only take effect at next logon.
Dynamic Session Recording
Session Recording 7.18, along with Delivery Controller 7.18, and VDA 7.18, allows you to start recording, even in the middle of a session.
Unfortunately, Director has not been enabled to take advantage of this feature. Instead, you use PowerShell to start recording. The command is Start-BrokerSessionRecording, and is detailed at Dynamically start or stop recording by using PowerShell commands in the Citrix Broker SDK at Citrix Docs. For example:
Start-BrokerSessionRecording -User DomainA \ UserA -NotifyUser $false
Use the Stop-BrokerSessionRecording command to stop recording when the reported issue has been triaged or resolved. For example:
Stop-BrokerSessionRecording -User DomainA \ UserA
The commands are logged to Citrix Studio Logging.
Hi Carl,
i am getting this error during Instakllation of Session Recording Server.
Error Id: XDMI:EA63CDB6
Exception:
Error Source : Citrix Studio
StackTrace: System.NullReferenceException Object reference not set to an instance of an object.
at Citrix.MetaInstaller.MsiComponent.Install(InstallationContext context)
at Citrix.MetaInstaller.InstallationManager.InstallComponent(IInstallableComponent component, InstallationContext installContext)
i vae hybrid environment (Citrix Cloud and VDIs are local)
Hello Carl !
Thanks for the sharing of Session Recording installation and tips.
I am facing an issue on Director. When I click on Sessions with recordings and the I select a record and click on view file the web player open in http rather than https evenif Director is configured with HTTPS for Session Reconrding connection.
I can see the http://srserver.mydomain.lab in the Monitoring databavse (rather than https://…)
Do you have an idea about what I miss ?
I run 2402 CU1 version.
Hi Carl
great article as always. Just one question. during the installation of the first session recording server, you mention what features to install. You don’t mention what features to install on the second/subsequent servers. I assume everything except the “Session Recording Database”?
regards
Ken Z
They changed it in 2402.
“When the Session Recording server is selected for installation, the Session Recording database is now also selected automatically and cannot be unselected. This enhancement helps avoid installation or upgrade issues in load balancing scenarios.” https://docs.citrix.com/en-us/session-recording/2402-ltsr/whats-new
Carl
reason i ask is that when i start installing the second session recording server, during the installation of the Session Recording Administration “Core Components” it fails with “the parameter is incorrect”, then “Object reference not set to an instance of an object”. Clicking on View Details, it displays “Error Id: XDMI:EA63CDB6… The exact error shown here – https://support.citrix.com/article/CTX463693/session-recording-server-failed-error-id-xdmiea63cdb6
This implies that the computer account being added is somehow wrong?
I’ve logged a call with Citrix about this this afternoon so hopefully i’ll get a response in the next day or two.
Carl
Citrix got back to me and it turns out that if you try installing via the GUI (i.e run the autoselect.exe on the ISO), then the installation will fail with this error code. The engineer said that due to a security issue they had to change some code that prevents a popup box appearing to authenticate to the SQL Server. You need to run the installation for the 2nd (and subsequent) installations via command line. i.e.
D:\x64\Session Recording>msiexec.exe /i “D:\x64\Session Recording\SessionRecordingAdministrationx64.msi” /l*v C:\Logs\SessRecInstall.log
3/4 of the way through the installation, a popup box appears asking for SQL credentials, and this allows the installation to complete successfully.
Regards
Ken Z
For Me this is not working. During the Installation I got the error that some stuff is already in the database and it will rollback.
Somebody the same issue? What about the CU1? Anybody with experince on this?
Hi Ken,
I have encountered the same problem. I would like to ask if your problem has been solved? How did you solve it?
Hi Carl , Quick Question .
Is it possible that we can move a session recording server from Domain to another ? keeping all components on same domain
For Citrix Session recording cloud service, do you need to install the session recording server application on the server that you deploy their Session recording cloud agent on?
The citrix docs are extremely bare when it comes to their session recording cloud service, so far as to not even explicitly call out that you need/don’t need to install the session recording agent on the endpoints (their docs actually don’t even talk about agent installation at all).
Yes – https://docs.citrix.com/en-us/session-recording/service/get-started/connect-existing-session-recording-servers-to-the-cloud
I believe this is incorrect, as If I take a fresh Server OS, and set it up strictly via the cloud console (for Session recording service), it will end up with the following applications installed via the cloud:
– Citrix Session Recording Administration (23.11 – matching the version I picked in the cloud console)
– Citrix Session Recording Cloud Client Monitor service
– Citrix Session Recording Cloud Client Service
Additionally, when I go to install from the ISO, it shows that Recording server is already installed, and I am upgrading it not installing it for the first time.
Lastly, Citrix support, when speaking with them, was ‘unsure’ of what is actually needed. So while their docs does sort of mention (in an obtuse way) it should be installed, they have other areas in both the same documentation AND their cloud console that points to the cloud console doing this install for you.
For Example: https://docs.citrix.com/en-us/session-recording/service/get-started/install-session-recording-servers-from-within-the-cloud
That said, the process was not as clean as their docs state, and you need to manually grant ‘DOMAIN\MachineName$’ to the sysadmin role otherwise the cloud console will give you an error.
Now onto troubleshooting why my session hosts aren’t being recording even though there are policies in place.
Shoudlve just stuck with on-premise :/
Every time I play a video file, a message box always appears saying 【To continue, you are required to enter the justification for playing this recording.】How can I modify it so it doesn’t appear anymore?”
See Recording Playback Justification at https://www.citrix.com/blogs/2023/01/11/citrix-session-recording-lossy-video-codec-playback-justification-logging/
Hi,
I have installed 2022 CU4 session recording using Load Balancing with F5. We have a problem that when we set the Storage location the folder disappears and the recording don’t save.
Does anyone know the fix fir that?
Are certificates installed on the Session Recording servers and bound to IIS Default Web Site?
Yes, Its works when I using local folder on the SR server. But for shared folder its Doesn’t work because the shared folder is missing.
Hi Carl,
we are facing a big issue that when use citrix session recording player to play the records , it display certifying and take about 30s to open.
The SSL cert is bind in IIS 443 and the site is trusted in IE or Chrome.
We also opened a citrix case, but they seam not good idea.
Could you provide some suggestion to user?
upgrade to SR 2308 ?
nice
Hi Carl,
We have 2 MS SQL server and build Basic Always on for Citrix Site DBs.
There are only 50 users in this site, could we use SQL express for session recording ?
Or set the DB in one of MS SQL server?
Or set the Session Recording DB in 2 BAG?
According your experience,
COuld you provide the MS SQL suggestions for different user size ?
Hi Carl,
The search function in the player does not work for me, I get the message “The remote certificate is invalid according to the validation procedure” every time. Then I observed this in the Event Viewer and there I get the following message “Error validating the security certificate of the server [rigem-svcsr01.bs.ch]. Error: [RemoteCertificateChainErrors].”
I can’t get any further.
I would appreciate some feedback 🙂
Translated with http://www.DeepL.com/Translator (free version)
If you point your browser to the Session Recording server’s FQDN, do you see any certificate errors? How did you generate the certificate for the Session Recording server? Is it from a Certificate Authority that your Player machine trusts?
Hi Carl,
Short question. We are working on network isolation.
Situation:
– One server with Citrix Session Recording
– One other server with the Citrix Session Recording database
– VDA’s.
Does the VDA needs network access to the server with the Session Recording database, or is it sufficient to access to the Session Recording server only?
Just to the server. https://docs.citrix.com/en-us/tech-zone/build/tech-papers/citrix-communication-ports.html#session-recording
Carl-
As always, I appreciate your insight and knowledge. I’m of the understanding that Session Recording can’t record published desktop sessions. Is this correct? Further, if RDP is a published app do you know if session recording can record that properly?
Thank you in advance for any additional insight you can provide!
“Session Recording provides flexible policies to trigger recordings of application and desktop sessions automatically.” https://docs.citrix.com/en-us/session-recording/current-release.html
Does this answer your question?
It does and now I feel silly for working with clearly outdated information. Thank you for setting me right.
Greetings Carl, in my current environment we have 1 CVAD site with 2 zones
Each zone has a different Session recording site and different storage server.
So currently we have 2 separate SR sites instead of having one database with always on.
Is it possible to have both SR sites in one DB while still having 2 different storage servers depending on the zone?
Hi Carl,
I have installed 2203 LTSR and everything is working fine but the web player is not showing the records correctly, instead the only thing I can see is a black screen. The normal player is playing the files perfectly though. Tried different browsers, no luck. Any advice?
Do you ever solved this issue? Run today in the same problem.
Disable the RBAC Feature on the server session properties.
I migrated the databases to a new server and Installed a new Session Recording server. I haven’t tried recording sessions because I can’t get the player to work with the old recordings. The search works but when I try to play any of the old recordings I get the following error message: “download of recorded session file failed. Server could not find the requested recorded session file. The file may have been archived or deleted”. Folder permissions should be correct. There is nothing in the event log so I’m a bit stuck. Any ideas?
Server 2016, 1912 cu4
Hi Carl,
we are trying to setup SR but the recording files suddenly disappears while the session is being recorded, what could be the reason for this issue?
Is antivirus deleting them?
I found if we cannot save SR Server properties with any reason the target folder will be deleted.
Hi Carl,
Greetings !!!
Once again a nice article.
In 1912 LTSR SR enabled for VDA’s ( PVS) which is working fine.
When launching the applications published in Citrix we’d like to have the possibility to record the session or not
Can be this implemented?
Thanks in advance.
Regards
Aditya
It works with published apps. Are you saying it’s not working for you?
It is working with published apps as well… few users asking to check the possibility to have a pop-up like click yes or no option to record session. Some time they want to select NO if the information is confidential so that that particular time Session Recording will not happen.
Is there a way to prevent the disk from filling up?
How I can set the recordings to be overwritten?
Maybe this – http://www.citrixirc.com/?p=609
Carl, when deleting the files out of the system, the script provided looks to work but also delete it from the database. If we ever needed to go back and restore a day of recordings from backup, should we leave the database alone so we could search for the correct recording? Or is there a way to somehow get the index data (i.e. match user to recording) another way?
Hey Carl, quick question, my session recording server is working just fine but using the player, I did every step you mentioned here and got to the /WebPlayer page, but when I click play I keep getting the following message:
Server connection failed. Please check the WebSocket Server and refresh the page.
I’ve search the entire Citrix site and haven’t found anything. I thought to ask you first before opening a ticket.
Thanks in advance.
Hi, I have the same problem.
Please Carl, help us.
Thanks.
Hello Carl, thank you for your article. How can I set the retention time for recorded sessions? I need to keep files on servers for 6 months. Thanks.
See http://www.citrixirc.com/?p=609
Hello, thank you. It looks this is not what I want. I do not want to clean the database, I want the records to stay in the server for a period of 6 months. From the player I can see only the last 30 days.
Session Recording web player is not working – When ever we try to access we can get “Failed to access Session Recording You are not authorized , or your configuration such as ssl certificate is not correct” on webpage.
Although Normal player is working fine without any issues.
Hi Charan.
I have the same problem.
if you solved the error, please share the solution.
Thanks.
Hi Sakhi,
Did you resolve this issue? I am facing the same problem.
Thank you in advance!
Hi Charan,
Did you ever get this resolved?
I’m facing the same issue with a new install.
Your response will be greatly appreciated.
Thanks
Hi.
I have done to follow your method but I do not sure how to configure mistake something which I cannot use search function to find Session Recording file although these file created at some folder , already. it’s display no record to search
A very nice and detailed write up Carl.
Could you please clarify if there is a way to enforce the setting on Session Recording Agent to have the enable recording option always on by GPO or other methods.
Hi Carl, thank you for your guide, everythings it’s Ok but I suppose there’s an to the SsRecWebSocketServer.exe.config screenshot, when it requires the Key file you put the pem file as the above string. Just a little question at the end.. does session recording is supported on Linux VDA? How can I record Linux Session throught Citrix Virtual app and desktop?
Thank you
In this case, the pem file contained both the certificate and the key. When ADC converts a PFX to PEM, it puts both in the same file.
Works perfect but cannot find anything in the search results of the Session Recording Player.
Same notification: Seach is complete. No recorded session files found.
They are there, and I can open them manually.
This is on Server 2019, with an external SQL DB.
I have the same exact behavior on a brand new installation of session recording 2012 on server 2019, external sql. Windows 2019 VDA. Were you able to find a resolution for this problem?
We had a similar problem but we found that you needed to grant player access in both locations: the Session Recording Authorization Console and Session Recording Policy Console
Anybody use Citrix session recording? Curious if you every seen when it records windows 10 1607 sessions, the playback is just a black recording?
When trying to load the Session Recording Policy Console, I get an error “MMC could not create the snap-in”. I’ve installed the PowerShellBroker. There are no errors in the Event Viewer, just the one in the console.
It’s an issue with 1906. Don’t install 1906. I’m using the 7.18 Admin console now and I’m in business.
Every certificate I try to install on step 3 under “Session Recording Server Configuration” throws “Invalid Provider Type specified”. I can’t find the documentation for what kind of provider type it needs. Any thoughts?
Maybe something in this thread? https://stackoverflow.com/questions/22581811/invalid-provider-type-specified-cryptographicexception-when-trying-to-load-pri
How are you generating the certificate and private key? Are you doing export/import of the private key?
Did you ever figure this out? I’m having the same issue while trying to update my certificate. This is using a public generated wildcard certificate
I found my issue was that I didn’t have SsRecWebSocketServer.exe.config configured correctly. I followed the instructions in the Citrix documentation from the start and that cleared that message for me
https://docs.citrix.com/en-us/session-recording/1912-ltsr/session-recording-1912-ltsr.pdf
Hi Carl,
I need your urgent help to implement session recording server. During the change path to D drive configuration of recording session files I am getting error “The operation is blocked session recording administration login failed”. and suddenly created folder in D drive is getting disappeared.
Please help to troubleshooting the issue.
Regards,
Ilyas Ahmed
Please check whether ‘Enable Mandatory Blocking’ is chosen in SR Server Property. If so, you have to add current account to authorized logging writer role list.
I got the same error. After check windows event log. Probably casued by invalid config for the IIS service.
“Running Session Recording Server Property configuration logging: There was no endpoint listening at https://localhost/SessionRecordingLogging/SsRecLoggingLog.svc that could accept the message”
I got the same error.
:
I installed Session recording 1912 LTSR CU1 on Windows 2012 R2 and IIS binding with SSL Cer.
After checked with windows event log show error ID 6001
“An error occurred while receiving the HTTP response to https://localhost/SessionRecordingLogging/SsRecLoggingLog.svc That could be due to the service endpoint binding not using HTTP protocol. This could also be due to and HTTP request context being aborted by the server (possibly due to service shutting down)..”
I got the same error.
:
correct from last reply:
I installed Session recording 1912 LTSR CU1 on Windows 2019 and IIS binding with SSL Cer.
After checked with windows event log show error ID 6001
“An error occurred while receiving the HTTP response to https://localhost/SessionRecordingLogging/SsRecLoggingLog.svc That could be due to the service endpoint binding not using HTTP protocol. This could also be due to and HTTP request context being aborted by the server (possibly due to service shutting down)..”
It look like Sessionrecording service not run on port 443 but port 80 everything fine.
Hi Carls,
Can we install 7.15 LTSR session recording agent on Desktop OS ( Windows 7 enterprise ) ?
There is some upgrade regarding Session Recording works with Citrix Cloud. Would you kindly elaborate more ?
There’s some info at https://docs.citrix.com/en-us/session-recording/current-release/configure/policies.html
How to specify input parameters when you automate the agent installation to change the msmq port
hello, I jave installed version 7.15 LTSR CU2. it is working when I want to record session from a Windows 2016 VDA but not from a Windows 10 VDA. If I netstat the session recording server I can see that there is a connection established from the Windows 10 VDA but nothing is happening.
Thanks.
In order to support Win10 recording, you could use 1811 version session recording on 7.15 CU2 VDA.
In step 11. of the Player section where does the server connection information get stored? We have published a SR Player and have to add that server each time we launch. I did a registry search for the server after setting it but no results were found.
Hi,
How about implementing SR in Citrix Cloud?
From Citrix official document, it is supported.
But there are no documentation of how its done, since it needs integration with DIrector and in Citrix Cloud, DIrector is locked down
And how about from licensing perspective?
SR require Platinum License, quite different with CItrix Cloud licenses
You should be able to get a licensing exception from your local Citrix sales team.
SR integration with Director is not required. You can use it without Director integration.
Hi Jacques. Just curious, but were you able to eventually get Session Recording working with Citrix Cloud?
We are using XenDesktop/XenApp 7.15 CU2, can Session Recording 7.17 be used along with this version?
Not sure. But there is an LTSR version of Session Recording. Why not that one?
We were concerned about load balancing and since that feature doesn’t appear to be available in 7.15, we were curious about what to do in our planning phase if it were ever needed. thanks for the input.
https://docs.citrix.com/en-us/session-recording/current-release/system-requirements.html#par_anchortitle_bcaf_cop says it is supported. Not sure what that does for LTSR support.
If it’s in LB deployment and also the default TCP protocol for Session Recording Storage Manager message queue is chosen, it’s worth checking that NetScaler VIP address should be used in SR agent property console other than load balanced FQDN.
See reference: https://docs.citrix.com/en-us/session-recording/current-release/configure/load-balancing.html
Me too. Users are prompted with the notification, but no sessions are being stored for playback.
If it is a GSLB server being used to store files, try with a single standalone server. If that helps with generating files then you know the problem !
I have installed 2203LTSr session recording server and configure to use self signed certificate.When I try to activate or create new policy , getting an error “The operation is blocked session recording administration login failed”.Any help would be appreciated.
i have followed the steps and successfully getting the recording prompt on citrix desktops but the recordings are not found or stored on the session recording server.,i have chosen default location for storing recordings but no recording files are getting generated
what can be missing?