Session Recording 2407

Last Modified: Aug 6, 2024 @ 12:03 am

Navigation

This article applies to Session Recording 2407, 2203 LTSR CU5, and 1912 LTSR CU9.

💡 = Recently Updated

Change Log

Planning

Citrix links:

Licensing – Citrix Virtual Apps and Desktops Premium Edition licensing is required.

Farms – There is no relation between Session Recording farms and Citrix Virtual Apps and Desktops farms. You can have Agents from multiple Citrix Virtual Apps and Desktops farms recording to a common Session Recording server. Or you can split a Citrix Virtual Apps and Desktops farm so that different Agents point to different Session Recording servers.

  • Load balancing – Session Recording 7.14 and newer can be load balanced. Build two Session Recording servers pointing to the same SQL database. Configure both of them to store recordings on the same UNC path. More details at Configure Session Recording with load balancing at Citrix Docs.
    • Note: Load Balancing was removed from Session Recording 7.15 LTSR. In Session Recording 7.16 and newer, Load Balancing is fully supported.
  • Scaling – To scale Session Recording to 20,000 users, see Hal Lange and Ryan Revord at Scaling and Load Balancing Session Recording at CUGC.

Disk space – The Session Recording server will need a hard drive to store the recordings. Disk access is primarily writes. You can also store recordings on a UNC path (this is required if load balancing).

Offloaded content (e.g. Teams, Browser Content Redirection) is not recorded.

Certificate – Session Recording server needs a certificate. The certificate must be trusted by Agents and Players. Internal Certificate Authority recommended.

  • If load balancing, on the Citrix ADC, install a certificate that matches the load balanced name.
  • On each Session Recording server, install a certificate that matches the Session Recording server name.

SQL:

  • Supported Versions = SQL 2008 R2 Service Pack 3 through SQL 2019. See Citrix Docs for the list.
    • Azure SQL Database is supported as detailed at Citrix Docs.
  • The SQL database is very small.
  • The database name defaults to CitrixSessionRecording and can be changed.
  • A separate database is created for CitrixSessionRecordingLogging.
  • Temporary sysadmin (or dbcreator and securityadmin) permissions are needed to create the database, and sysadmin can be revoked after installation.
  • SQL Browser Service must be running.
  • SQL Server High Availability (AlwaysOn Availability Groups, Clustering, Mirroring) is supported. See Install Session Recording with database high availability at Citrix Docs. And see Citrix Blog Post Session Recording 7.13 – New HA and Database Options

Session Recording Versions

Session Recording is located on the Citrix Virtual Apps and Desktops (CVAD) or XenApp/XenDesktop ISO.

Session Recording security vulnerability fixed in version 2311, version 2203 LTSR CU4, and version 1912 LTSR CU9 and later.

The most recent Current Release version of Session Recording is 2407.

For LTSR versions of Citrix Virtual Apps and Desktops (CVAD), deploy the version of Session Recording that came with your version of CVAD. The installation instructions for Session Recording 2311, Session Recording 2203, Session Recording 1912 and Session Recording 7.15 are essentially the same.

Session Recording Server Upgrade

You can upgrade from Session Recording 7.6 and newer.

  1. If this is a new installation, skip to Install.
  2. Session Recording 2203 and newer do not support Windows Server 2012 R2.
  3. Go to the downloaded Citrix Virtual Apps and Desktops (CVAD) ISO and run AutoSelect.exe.
  4. On the bottom right, click the Session Recording box.
  5. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
  6. In the Summary page, click Upgrade.
  7. Click OK to acknowledge that the upgrade cannot be cancelled.
  8. The machine will probably require a restart.

    1. After the reboot, and after logging in again, you might see a Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window. Don’t click anything yet.
    2. Go to the Citrix_Virtual_Apps_and_Desktops_7_2407_LTSR.iso file and mount it.
    3. Go back to the Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window.
    4. On the left, expand This PC, and click the DVD Drive.
    5. Click Select Folder.
  9. In the Finish page, click Finish.
  10. Also upgrade Broker_PowerShellSnapIn_x64.msi from \x64\Citrix Desktop Delivery Controller on the CVAD ISO.

  11. Upgrade the Session Recording Agents.

Session Recording Server New Installs

Install

  1. Session Recording 2203 and newer no longer support Windows Server 2012.
  2. Go to the downloaded Citrix Virtual Apps and Desktops (CVAD) ISO and run AutoSelect.exe.
  3. On the bottom right, click the Session Recording box.
  4. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
  5. In the Core Components page, uncheck the box next to Session Recording Player. The Player is typically installed on physical workstations, but not on the Session Recording server. Click Next.
  6. In the Features page, on the first Session Recording server, install everything.
  7. In the Database and Server page, fill out the fields. Enter the SQL server name. Azure SQL Database is supported as detailed at Citrix Docs. Enter the database name. Click Test connection. Each load balanced Session Recording server must point to the same database.
  8. Session Recording 2402 and newer automatically assign the local machine’s computer account as db_owner to the new database. In older Session Recording, enter the domain\computer_account$ for the Session Recording server. Click Next.
  9. In the Administrator Logging Configuration page, enter the name of the SQL database, click Test connection, and then click Next.
  10. In the Summary page, click Install.
  11. The installer might require a restart. Let it restart, and login again.

    1. After the reboot, and after logging in again, you might see a Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window. Don’t click anything yet.
    2. Go to the Citrix_Virtual_Apps_and_Desktops_7_2407_LTSR.iso file and mount it.
    3. Go back to the Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window.
    4. On the left, expand This PC, and click the DVD Drive.
    5. Click Select Folder.
  12. In the Finish page, click Finish.

Antivirus Exclusions

See Endpoint Security and Antivirus Best Practices at Citrix Tech Zone

IIS Certificate

  1. Use MMC Certificates snap-in (certlm.msc), or IIS, or similar, to request a machine certificate.
  2. In IIS Manager, right-click the Default Web Site, and click Edit Bindings.
  3. On the right, click Add.
  4. Change the Type to https.
  5. Select the certificate, and click OK.

Session Recording Server Configuration

  1. From Start Menu, run Session Recording Server Properties.
  2. In the Storage tab, specify a path that has disk space to hold the recordings. UNC is supported. If load balancing, UNC is required. Azure Files is an option in Session Recording 2103 and newer.

    1. When using a UNC path, all Session Recording servers (AD computer objects) need modify access.
    2. The share must have a subfolder. The recordings will be saved to the subfolder.
    3. In the Session Recording Server Properties tool, add the UNC path with subdirectory to the Storage tab.
  3. In the Signing page, select (Browse) a certificate to sign the recordings.
  4. In the Playback tab, notice that Session Recording files are encrypted before transmit. Also, it’s possible to view live sessions but live sessions are not encrypted.
  5. In the Notifications tab, you can change the message displayed to users before recording begins. Session Recording 2311 and newer have an option to Allow end user to deny recording of their session.

  6. The CEIP tab lets you enable or disable the Customer Experience Improvement Program.
  7. See https://www.carlstalhood.com/delivery-controller-cr-and-licensing/#ceip for additional places where CEIP is enabled.
  8. The Logging tab lets you configure Logging.
  9. The RBAC tab lets you enable Recording Viewing Policies.
  10. The Email tab is for Email Alert Policies.
  11. Session Recording 2206 adds the Report tab, which lets you schedule weekly reports with statistics on screen recordings: Total size of all recordings; Storage Usage per day; and number of sessions recorded per day. Session Recording 2311 can Send event response reports by email.
  12. The Cloud DB tab lets you store the Recording database in Azure SQL.
  13. Web Player tab lets you hide recordings in Web Player unless the user received a URL in an Email Alert Policy.
  14. When you click OK, you’ll be prompted to restart the service.
  15. Session Recording relies on Message Queuing. In busy environments, it might be necessary to increase the Message Queuing storage limits. See CTX209252 Error: “Data lost while recording file…” on Citrix SmartAuditor.


David Ott Session Recording Cleanup Script: You may notice that the session recording entries/files don’t go away on their own. Here is how to clean them up. Just create a scheduled task to run the code below once per day (as system – elevated). See David’s blog post for details.

C:\Program Files\Citrix\SessionRecording\Server\Bin\icldb.exe remove /RETENTION:7 /DELETEFILES /F /S /L

Session Recording 2303 and newer support the RELOCATE parameter to the IMPORT command and the FILTER parameter to the ARCHIVE and REMOVE commands of the ICLDB utility. See CTX134777 How To Remove Old Session Recording Files From File Server And Database and Citrix Docs Manage Recordings.

Load Balancing

Note: Session Recording load balancing was removed from 7.15 LTSR but added back in 7.16 and newer.

  1. In SQL Server Management Studio, make sure each load balanced Session Recording server (AD computer account) is granted db_owner role in the Session Recording databases.
  2. On each Session Recording server, open regedit.
  3. Navigate to HKLM\Software\Citrix\SmartAuditor\Server.
  4. Create a new DWORD value named EnableLB and set it to 1. Repeat on both Session Recording servers.
  5. Configure Citrix ADC load balancing as detailed at Citrix Docs. Load balance ports 80, 1801, 22334, and 443.
    • The 443 vServer Load Balancing Method should be set to LEASTBANDWIDTH (or LEASTPACKETS).
    • The 22334 vServer needs WebSockets enabled in an HTTP profile.
  6. Create a DNS host record that resolves to the Load Balancing VIP and matches the certificate bound to the vServer.
  7. Go to C:\Windows\System32\msmq\Mapping and edit the file sample_map.xml.
  8. Follow the instructions at Configure Session Recording with load balancing at Citrix Docs. Each Session Recording server has a unique configuration for this file since the <to> element points to the local server name.
  9. When saving the file, you might have to save it to a writable folder, and then move it to C:\Windows\System32\msmq\Mapping.
  10. Then restart the Message Queuing service on each Session Recording server.
  11. C:\Program Files\Citrix\SessionRecording\Scripts\SrServerConfigurationSync.ps1 can export configurations from this Server registry and import the registry to the other Session Recording Server registries. You can also use the SrServerConfigurationSync.ps1 script to add redirection mapping for message queuing. See Citrix Docs for details.

Authorization

Authorization is configured separately on each load balanced Session Recording server.

  1. From the Start Menu, run Session Recording Authorization Console.
  2. Right-click the PolicyAdministrator role, expand Assign Users and Groups, click From Windows and Active Directory and then add your Citrix Admins group.
  3. If you use Director to configure Session Recording, add the Director users to the PolicyAdministrator role.
  4. In the Player role, add users that can view the recordings.
  5. By default, nobody can see the Administration Log. Add auditing users to the LoggingReader role.
  6. Repeat the authorization configuration on additional load balanced Session Recording servers.
  7. In Session Recording 2009 and newer, if you open WebPlayer (https://SRFQDN/WebPlayer), you can see the Administrator Logging. Only members of the LoggingReader role can see the data.

    • In older versions of Session Recording, opens the webpage https://SR01.corp.local/SessionRecordingLoggingWebApplication/. Only members of the LoggingReader role can see the data.

Recording Policies

  1. Recording Policies can be configured to apply only specific Delivery Groups. To enumerate the Delivery Groups, on your Session Recording server, install Broker_PowerShellSnapIn_x64.msi, which is located under \x64\Citrix Desktop Delivery Controller on the CVAD ISO (e.g., CVAD 2402).

    • You’ll need to update this snap-in whenever you update CVAD.

  2. From the Start Menu, run Session Recording Policy Console.
  3. Enter the hostname of the Session Recording server, and click OK.
  4. Under Recording Policies, only one policy can be enabled at a time. By default, no recording occurs. To enable recording, right-click one of the built-in policies and click Activate Policy. Session Recording 2308 and newer have built-in policies to record audio.
  5. Or you can create your own policy by right-clicking Recording Policies and clicking Add New Policy.
  6. After the policy is created, right-click it, and click Add Rule.
  7. Decide if you want notification or not. Decide if you want to record only events. Session Recording 2308 and newer have options to record audio and/or lossy screen recording. Session Recording 2311 and newer let you Hide specific applications during screen recording. Click Next

    1. Event only recording is available in Session Recording 2106 and newer. In the Web Player, it looks something like this:
  8. Session Recording 2109 adds statistics to the Web Player. See View graphical event statistics at Citrix Docs.
  9. Click OK to acknowledge this message.
  10. Choose the rule criteria. You can select more than one. Session Recording has an IP Address or IP Range rule.
  11. Then click the links on the bottom specify the groups, applications, servers, and/or IP range for the rule.

  12. Session Recording 2402 and newer have a Filter option where you can enter SmartAccess tags.
  13. Click Next.
  14. Give the rule a name and click Finish.
  15.  Continue adding rules.
  16. When done creating rules, right-click the policy, and click Activate Policy.
  17. You can also rename the policy you created.

Recording Viewing Policies

Session Recording 1906 and newer support creating policies to limit whose recordings a viewer can see.

  1. On Session Recording servers 1909 and newer, open Session Recording Server Properties, switch to the tab named RBAC, and check the box next to Allow to configure recording viewing policies.

  2. When you re-open the Citrix Session Recording Policy Console, you’ll see a new node named Recording Viewing Policies.
  3. Right-click Recording Viewing Policies and click Add New Policy.
  4. Right-click the new policy and click Add Rule.
  5. In the Rules Wizard, specify a user group that can view recordings, specify user groups whose recordings can be viewed, and then click Next.

    • Make sure the “view recordings” group is also added to the Player role in the Authorization Console.
  6. Click Finish to close the wizard.
  7. You can right-click the Viewing Policy to rename it.
  8. Recording Viewing Policies do not need to be activated.
  9. You can create more than one Recording Viewing Policy.

Event Response Policies

Session Recording 2009 and newer support creating policies to send emails when a user’s session starts. Session Recording 2012 and newer can send email notifications when an event occurs. Session Recording 2109 and newer can trigger session recording after events occur.

  1. On Session Recording servers 2009 and newer, open Session Recording Server Properties, switch to the tab named Email, and complete the fields. Make sure you check the box to Allow sending email notifications.

  2. In Citrix Session Recording Policy Console, right-click Event Response Policies and click Add New Policy.
  3. Right-click the new policy and click Add Rule.
  4. In the Rules Wizard, check the desired boxes.

    • For “event triggers”, click the button labelled Configure Event Triggers and select the events you want a response for. Session Recording 2203 and newer have more options for Event type.
    • On the far right, check boxes if you want Send email, Start screen recording, or both. Session Recording 2206 adds Log off session, Disconnect session, and Lock session.
  5. In Step 1-2, enter Email recipients and Time span for dynamic screen recording. Click Next.
  6. In Step 2, enter criteria for when this rule should trigger, and then click Next.
  7. In Step 4, you can name the rule. Click Finish to close the wizard.
  8. You can right-click the Event Response Policy to rename it.
  9. Then Activate the new policy. Only one policy can be activated.
  10. The email notification looks something like this. Notice that the Playback URL is not a FQDN.

    • To fix it, go to HKLM\Software\Citrix\SmartAuditor\Server and configure the LinkHost value.

Session Recording Agent

Agent Installation

Install the Agent on the VDAs. Platinum Licensing is required.

  1. Session Recording 2203 and newer no longer support Windows Server 2012.
  2. On the Master VDA, go to the downloaded Citrix Virtual Apps and Desktops (CVAD) ISO, and run AutoSelect.exe.
  3. On the bottom right, click the Session Recording box.
  4. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
  5. In the Core Components page, uncheck everything except Session Recording Agent. Click Next.
  6. In the Agent page, enter the FQDN of the Session Recording server (or load balanced FQDN), click Test connection, and click Next.
  7. In the Summary page, click Install.
  8. In the Finish page, click Finish.
  9. Agent Installation can also be automated. See Automating installations at Citrix Docs.
  10. For antivirus exclusions, see Endpoint Security and Antivirus Best Practices at Citrix Tech Zone

Agent Configuration

  1. In the Agent’s Start Menu is Session Recording Agent Properties.
  2. You can enable or disable session recording on this Agent.
  3. For Custom event recording, notice the option for third party applications like Intelligent Session Recording (ISR) Nanobot for regulatory compliance from automai that prevents sensitive fields (e.g., Social Security Numbers and Credit Card numbers) from being captured. (h/t CTP Shane Kleinert)
  4. Compressed recording: Session Recording 2303 and newer let you compress parts of recordings that are not already H.264 compressed.
  5. Session Recording 2308 and newer, on the Player tab, support fast seeking.

    • In Web Player, at Configuration > Preferences, make sure Enable fast seeking is checked.
  6. For MCS and PVS VDAs, see the GenRandomQMID.ps1 script at Install, upgrade, and uninstall Session Recording at Citrix Docs.
  7. Session Recording Agent might cause MCS Image Prep to fail. To work around this, set the Citrix Session Recording Agent service to Automatic (Delayed Start). Source = Todd Dunwoodie at Session Recording causes Image preparation finalization Failed error at Citrix Discussions.

Event Detection Policies

Session Recording can automatically mark events in recordings when certain actions occur inside the session. An example event is when USB client drives are connected. Newer versions of Session Recording can record more events than older versions of Session Recording.

The Citrix Session Recording Policy Console has a node named Event Detection Policies. Just like Recording Policies, you can add an Event Detection Policy, add a rule to the policy, and then activate the policy. Event Detection is disabled by default.

  1. Details at Configure event detection policies at Citrix Docs and Citrix Blog Post Session Recording 1903 available for Citrix Virtual Apps and Desktops.
  2. Session Recording 2407 and newer can Log printing activities. It’s at the bottom of the list.
  3. Session Recording 2203 and newer can Log popup windows events. Notice the scroll bar on the far right. Popup windows in web browsers are not monitored.
  4. Session Recording 2109 and newer can log registry modifications.
  5. Session Recording 2012 and newer can log clipboard activities.
  6. After adding rules to an Event Detection Policy, make sure you Activate Policy.

In older versions of Session Recording, you enable Event recording by modifying the registry of each Session Recording Agent:

  1. Configure the following registry values at HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\SessionEvents on the Session Recording Agent machine:
    • EnableAppLaunchEvents (DWORD) = 1
    • EnableCDMUSBDriveEvents (DWORD) = 1
    • EnableFileOperationMonitorEvents (DWORD) = 1
    • EnableGenericUSBDriveEvents (DWORD) = 1
    • EnableSessionEvents (DWORD) = 1
  2. Session Recording 7.18 and newer can mark recording events when specific processes are launched. This feature is disabled by default. To enable, set EnableAppLaunchEvents at the same key. And put the list of processes in AppMonitorList. More details at Log application starts at Citrix Docs and Citrix Blog Post Session Recording 1808 Product Update – Log application activities and more!.
    • EnableAppLaunchEvents (DWORD) = 1
    • AppMonitorList (REG_MULTISZ) = list of process names
  3. Session Recording 1811 and later can mark recording events when files in a folder are renamed, created, deleted, and moved. Add the path strings of target folders into the FileOperationMonitorList registry value. More details at Citrix Blog Post Session Recording 1811 is here for Citrix Virtual Apps and Desktops.

When you later playback the recording, the events are shown on the bottom left.

  • Or you can perform an Advanced Search for recordings with specific event types.

Session Recording Web Player

Session Recording 1912 and newer include a Web Player.

Web Player has some features that the standard Player does not.

Web Player is enabled by default in Session Recording 2003 and newer. To enable it in Session Recording 1912:

  1. Go to C:\Program Files\Citrix\SessionRecording\Server\Bin, right-click TestPolicyAdmin.exe and click Copy as path.
  2. Open Command Prompt as administrator, paste the path, add “-enablewebplayer” to the end, and press Enter.

Bind a certificate to the Web Player:

  1. After upgrading to Session Recording 2103 or newer, check HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server\WebSocketServerVersion.

    1. If it is set to 1.0, then we can change it to IIS instead of Python by running "C:\Program Files\Citrix\SessionRecording\Server\Bin\SsRecUtils.exe" -enablestreamingservice.
    2. The registry value then changes to 2.0.
  2. In IIS Manager, edit the bindings for the Default Web Site and ensure there’s an https binding.
  3. Go back to C:\Program Files\Citrix\SessionRecording\Server\Bin and edit the file SsRecWebSocketServer.config (2003 and newer) or SsRecWebSocketServer.exe.config (1912 and older).
  4. In line 3, set TLSEnable to 1.
  5. If your Session Recording is 2103 and later and hosts the WebSocket server in IIS (i.e.WebSocketServerVersion = 2.0)
    1. In Administrator Command Prompt, run the following command.
      "C:\Program Files\Citrix\SessionRecording\Server\Bin\SsRecUtils.exe" -stopwebsocketserver
    2. From any machine, launch a browser and point it to https://myrecordingserver.corp.com/WebPlayer or something like that. Internet Explorer is not supported.
    3. Skip the rest of this section.
  6. For Session Recording 2012 and older, or if your WebSocketServer is not integrated with IIS, continue the steps in this section.
  7. You need the Session Recording certificate in PEM format. One option is to use the openssl commands listed at Citrix Docs. Or you can use an ADC appliance’s Import PKCS#12 feature to convert PFX to PEM.
  8. Make sure you don’t encrypt the private key (don’t select Encoding Format).
  9. After conversion (aka import), go to Traffic Management > SSL > SSL Files, switch to the tab named Certificates, and download the .pem file.
  10. Put the unencrypted .pem file somewhere on the Session Recording server.
  11. In the SsRecWebSocketServer.config file, set line 11 and line 13 to the full path to the .pem file.
  12. In Administrator Command Prompt, run the following command:
    "C:\Program Files\Citrix\SessionRecording\Server\Bin\SsRecUtils.exe" -stopwebsocketserver

  13. The Web Player WebSockets listens on port 22334 by default. Open the port on the firewall.

    1. Create an Inbound Rule. You can either create a Program rule, or a Port rule.
    2. The program path is %ProgramFiles%\Citrix\SessionRecording\Server\Bin\SsRecWebSocketServer.exe.
  14. From any machine, launch a browser and point it to https://myrecordingserver.corp.com/WebPlayer or something like that. Internet Explorer is not supported.
  15. Web Player lets you share recordings as links. These links can be Restricted, or in Session Recording 2305 or newer can be Unrestricted. More details at Citrix Docs.

Session Recording Player

Install the Player on any Windows 7 through Windows 10 desktop machine. 32-bit color depth is required. Because of the graphics requirements, don’t run the Player as a published application.

  1. Go to the downloaded Citrix Virtual Apps and Desktops (CVAD) ISO and run AutoSelect.exe.
  2. On the bottom right, click the Session Recording box.
  3. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
  4. In the Core Components page, uncheck everything except Session Recording Player. Click Next.
  5. In the Summary page, click Install.
  6. The installer might require a restart. Let it restart, and login again.

    1. After the reboot, and after logging in again, you might see a Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window. Don’t click anything yet.
    2. Go to the Citrix_Virtual_Apps_and_Desktops_7_2407_LTSR.iso file and mount it.
    3. Go back to the Locate ‘Citrix Virtual Apps and Desktops 7’ installation media window.
    4. On the left, expand This PC, and click the DVD Drive.
    5. Click Select Folder.
  7. In the Finish page, click Finish.
  8. From the Start Menu, run the Session Recording Player.
  9. Open the Tools menu and click Options.
  10. On the Connections tab, click Add.
  11. Enter the FQDN of the Session Recording server (or load balanced FQDN).
  12. On the Cache tab you can adjust the client-side cache size. Click OK.
  13. Use the Search box to find recordings.
  14. Or you can go to Tools > Advanced Search.

  15. Once you find a recording, double-click it to play it.
  16. If you see a message about Citrix Client version incompatibility, see CTX206145 Error: “The Session Recording Player Cannot Play Back This File” to edit the Player’s SsRecPlayer.exe.config file to accept the newer version. Note: Session Recording 2012 no longer complains about this.
  17. To skip spaces where no action occurred, open the Play menu, and click Fast Review Mode.
  18. You can add bookmarks by right-clicking in the viewer pane. Then you can skip to a bookmark by clicking the bookmark in the Events and Bookmarks pane.

Director Integration

  1. On the Director server, run command prompt elevated (as Administrator).
  2. Run C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /configsessionrecording
  3. Enter the Session Recording FQDN (or load balanced FQDN) when prompted.
  4. Enter 1 for HTTPS.
  5. Enter 443 as the port.
  6. In Director, when you view users or machines, you can change the Session Recording policy. These policy changes don’t apply until a new session is launched.
  7. If the Session Recording menu says N/A, then the Director user needs to be authorized in the Session Recording Authorization Console.

  8. If you use Director to enable or disable recording for a user or machine, rules are added to the active policy on the Session Recording server. They only take effect at next logon.

Dynamic Session Recording

Session Recording 7.18, along with Delivery Controller 7.18, and VDA 7.18, allows you to start recording, even in the middle of a session.

Unfortunately, Director has not been enabled to take advantage of this feature. Instead, you use PowerShell to start recording. The command is Start-BrokerSessionRecording, and is detailed at Dynamically start or stop recording by using PowerShell commands in the Citrix Broker SDK at Citrix Docs. For example:

Start-BrokerSessionRecording -User DomainA \ UserA -NotifyUser $false

Use the Stop-BrokerSessionRecording command to stop recording when the reported issue has been triaged or resolved. For example:

Stop-BrokerSessionRecording -User DomainA \ UserA

The commands are logged to Citrix Studio Logging.

88 thoughts on “Session Recording 2407”

  1. Hi Carl,
    i am getting this error during Instakllation of Session Recording Server.

    Error Id: XDMI:EA63CDB6

    Exception:
    Error Source : Citrix Studio

    StackTrace: System.NullReferenceException Object reference not set to an instance of an object.
    at Citrix.MetaInstaller.MsiComponent.Install(InstallationContext context)
    at Citrix.MetaInstaller.InstallationManager.InstallComponent(IInstallableComponent component, InstallationContext installContext)
    i vae hybrid environment (Citrix Cloud and VDIs are local)

  2. Hello Carl !

    Thanks for the sharing of Session Recording installation and tips.

    I am facing an issue on Director. When I click on Sessions with recordings and the I select a record and click on view file the web player open in http rather than https evenif Director is configured with HTTPS for Session Reconrding connection.

    I can see the http://srserver.mydomain.lab in the Monitoring databavse (rather than https://…)

    Do you have an idea about what I miss ?

    I run 2402 CU1 version.

  3. Hi Carl

    great article as always. Just one question. during the installation of the first session recording server, you mention what features to install. You don’t mention what features to install on the second/subsequent servers. I assume everything except the “Session Recording Database”?

    regards

    Ken Z

      1. Carl

        reason i ask is that when i start installing the second session recording server, during the installation of the Session Recording Administration “Core Components” it fails with “the parameter is incorrect”, then “Object reference not set to an instance of an object”. Clicking on View Details, it displays “Error Id: XDMI:EA63CDB6… The exact error shown here – https://support.citrix.com/article/CTX463693/session-recording-server-failed-error-id-xdmiea63cdb6
        This implies that the computer account being added is somehow wrong?
        I’ve logged a call with Citrix about this this afternoon so hopefully i’ll get a response in the next day or two.

        1. Carl
          Citrix got back to me and it turns out that if you try installing via the GUI (i.e run the autoselect.exe on the ISO), then the installation will fail with this error code. The engineer said that due to a security issue they had to change some code that prevents a popup box appearing to authenticate to the SQL Server. You need to run the installation for the 2nd (and subsequent) installations via command line. i.e.

          D:\x64\Session Recording>msiexec.exe /i “D:\x64\Session Recording\SessionRecordingAdministrationx64.msi” /l*v C:\Logs\SessRecInstall.log

          3/4 of the way through the installation, a popup box appears asking for SQL credentials, and this allows the installation to complete successfully.

          Regards

          Ken Z

          1. For Me this is not working. During the Installation I got the error that some stuff is already in the database and it will rollback.
            Somebody the same issue? What about the CU1? Anybody with experince on this?

  4. Hi Carl , Quick Question .
    Is it possible that we can move a session recording server from Domain to another ? keeping all components on same domain

  5. For Citrix Session recording cloud service, do you need to install the session recording server application on the server that you deploy their Session recording cloud agent on?

    The citrix docs are extremely bare when it comes to their session recording cloud service, so far as to not even explicitly call out that you need/don’t need to install the session recording agent on the endpoints (their docs actually don’t even talk about agent installation at all).

      1. I believe this is incorrect, as If I take a fresh Server OS, and set it up strictly via the cloud console (for Session recording service), it will end up with the following applications installed via the cloud:

        – Citrix Session Recording Administration (23.11 – matching the version I picked in the cloud console)
        – Citrix Session Recording Cloud Client Monitor service
        – Citrix Session Recording Cloud Client Service

        Additionally, when I go to install from the ISO, it shows that Recording server is already installed, and I am upgrading it not installing it for the first time.

        Lastly, Citrix support, when speaking with them, was ‘unsure’ of what is actually needed. So while their docs does sort of mention (in an obtuse way) it should be installed, they have other areas in both the same documentation AND their cloud console that points to the cloud console doing this install for you.

        For Example: https://docs.citrix.com/en-us/session-recording/service/get-started/install-session-recording-servers-from-within-the-cloud

        That said, the process was not as clean as their docs state, and you need to manually grant ‘DOMAIN\MachineName$’ to the sysadmin role otherwise the cloud console will give you an error.

        Now onto troubleshooting why my session hosts aren’t being recording even though there are policies in place.

        Shoudlve just stuck with on-premise :/

  6. Every time I play a video file, a message box always appears saying 【To continue, you are required to enter the justification for playing this recording.】How can I modify it so it doesn’t appear anymore?”

  7. Hi,
    I have installed 2022 CU4 session recording using Load Balancing with F5. We have a problem that when we set the Storage location the folder disappears and the recording don’t save.
    Does anyone know the fix fir that?

      1. Yes, Its works when I using local folder on the SR server. But for shared folder its Doesn’t work because the shared folder is missing.

  8. Hi Carl,
    we are facing a big issue that when use citrix session recording player to play the records , it display certifying and take about 30s to open.
    The SSL cert is bind in IIS 443 and the site is trusted in IE or Chrome.
    We also opened a citrix case, but they seam not good idea.
    Could you provide some suggestion to user?
    upgrade to SR 2308 ?

  9. Hi Carl,
    We have 2 MS SQL server and build Basic Always on for Citrix Site DBs.

    There are only 50 users in this site, could we use SQL express for session recording ?
    Or set the DB in one of MS SQL server?
    Or set the Session Recording DB in 2 BAG?

    According your experience,
    COuld you provide the MS SQL suggestions for different user size ?

  10. Hi Carl,
    The search function in the player does not work for me, I get the message “The remote certificate is invalid according to the validation procedure” every time. Then I observed this in the Event Viewer and there I get the following message “Error validating the security certificate of the server [rigem-svcsr01.bs.ch]. Error: [RemoteCertificateChainErrors].”
    I can’t get any further.
    I would appreciate some feedback 🙂

    Translated with http://www.DeepL.com/Translator (free version)

    1. If you point your browser to the Session Recording server’s FQDN, do you see any certificate errors? How did you generate the certificate for the Session Recording server? Is it from a Certificate Authority that your Player machine trusts?

  11. Hi Carl,

    Short question. We are working on network isolation.

    Situation:
    – One server with Citrix Session Recording
    – One other server with the Citrix Session Recording database
    – VDA’s.

    Does the VDA needs network access to the server with the Session Recording database, or is it sufficient to access to the Session Recording server only?

  12. Carl-
    As always, I appreciate your insight and knowledge. I’m of the understanding that Session Recording can’t record published desktop sessions. Is this correct? Further, if RDP is a published app do you know if session recording can record that properly?

    Thank you in advance for any additional insight you can provide!

  13. Greetings Carl, in my current environment we have 1 CVAD site with 2 zones
    Each zone has a different Session recording site and different storage server.
    So currently we have 2 separate SR sites instead of having one database with always on.
    Is it possible to have both SR sites in one DB while still having 2 different storage servers depending on the zone?

  14. Hi Carl,

    I have installed 2203 LTSR and everything is working fine but the web player is not showing the records correctly, instead the only thing I can see is a black screen. The normal player is playing the files perfectly though. Tried different browsers, no luck. Any advice?

  15. I migrated the databases to a new server and Installed a new Session Recording server. I haven’t tried recording sessions because I can’t get the player to work with the old recordings. The search works but when I try to play any of the old recordings I get the following error message: “download of recorded session file failed. Server could not find the requested recorded session file. The file may have been archived or deleted”. Folder permissions should be correct. There is nothing in the event log so I’m a bit stuck. Any ideas?

  16. Hi Carl,

    we are trying to setup SR but the recording files suddenly disappears while the session is being recorded, what could be the reason for this issue?

  17. Hi Carl,

    Greetings !!!

    Once again a nice article.

    In 1912 LTSR SR enabled for VDA’s ( PVS) which is working fine.

    When launching the applications published in Citrix we’d like to have the possibility to record the session or not
    Can be this implemented?

    Thanks in advance.

    Regards
    Aditya

      1. It is working with published apps as well… few users asking to check the possibility to have a pop-up like click yes or no option to record session. Some time they want to select NO if the information is confidential so that that particular time Session Recording will not happen.

      1. Carl, when deleting the files out of the system, the script provided looks to work but also delete it from the database. If we ever needed to go back and restore a day of recordings from backup, should we leave the database alone so we could search for the correct recording? Or is there a way to somehow get the index data (i.e. match user to recording) another way?

  18. Hey Carl, quick question, my session recording server is working just fine but using the player, I did every step you mentioned here and got to the /WebPlayer page, but when I click play I keep getting the following message:

    Server connection failed. Please check the WebSocket Server and refresh the page.

    I’ve search the entire Citrix site and haven’t found anything. I thought to ask you first before opening a ticket.

    Thanks in advance.

  19. Hello Carl, thank you for your article. How can I set the retention time for recorded sessions? I need to keep files on servers for 6 months. Thanks.

      1. Hello, thank you. It looks this is not what I want. I do not want to clean the database, I want the records to stay in the server for a period of 6 months. From the player I can see only the last 30 days.

  20. Session Recording web player is not working – When ever we try to access we can get “Failed to access Session Recording You are not authorized , or your configuration such as ssl certificate is not correct” on webpage.
    Although Normal player is working fine without any issues.

    1. Hi Charan,
      Did you ever get this resolved?
      I’m facing the same issue with a new install.
      Your response will be greatly appreciated.
      Thanks

  21. Hi.

    I have done to follow your method but I do not sure how to configure mistake something which I cannot use search function to find Session Recording file although these file created at some folder , already. it’s display no record to search

  22. A very nice and detailed write up Carl.
    Could you please clarify if there is a way to enforce the setting on Session Recording Agent to have the enable recording option always on by GPO or other methods.

  23. Hi Carl, thank you for your guide, everythings it’s Ok but I suppose there’s an to the SsRecWebSocketServer.exe.config screenshot, when it requires the Key file you put the pem file as the above string. Just a little question at the end.. does session recording is supported on Linux VDA? How can I record Linux Session throught Citrix Virtual app and desktop?

    Thank you

    1. In this case, the pem file contained both the certificate and the key. When ADC converts a PFX to PEM, it puts both in the same file.

  24. Works perfect but cannot find anything in the search results of the Session Recording Player.
    Same notification: Seach is complete. No recorded session files found.

    They are there, and I can open them manually.

    This is on Server 2019, with an external SQL DB.

    1. I have the same exact behavior on a brand new installation of session recording 2012 on server 2019, external sql. Windows 2019 VDA. Were you able to find a resolution for this problem?

      1. We had a similar problem but we found that you needed to grant player access in both locations: the Session Recording Authorization Console and Session Recording Policy Console

  25. When trying to load the Session Recording Policy Console, I get an error “MMC could not create the snap-in”. I’ve installed the PowerShellBroker. There are no errors in the Event Viewer, just the one in the console.

    1. It’s an issue with 1906. Don’t install 1906. I’m using the 7.18 Admin console now and I’m in business.

  26. Every certificate I try to install on step 3 under “Session Recording Server Configuration” throws “Invalid Provider Type specified”. I can’t find the documentation for what kind of provider type it needs. Any thoughts?

      1. Did you ever figure this out? I’m having the same issue while trying to update my certificate. This is using a public generated wildcard certificate

  27. Hi Carl,

    I need your urgent help to implement session recording server. During the change path to D drive configuration of recording session files I am getting error “The operation is blocked session recording administration login failed”. and suddenly created folder in D drive is getting disappeared.

    Please help to troubleshooting the issue.

    Regards,
    Ilyas Ahmed

    1. Please check whether ‘Enable Mandatory Blocking’ is chosen in SR Server Property. If so, you have to add current account to authorized logging writer role list.

    2. I got the same error.
      :
      I installed Session recording 1912 LTSR CU1 on Windows 2012 R2 and IIS binding with SSL Cer.

      After checked with windows event log show error ID 6001

      “An error occurred while receiving the HTTP response to https://localhost/SessionRecordingLogging/SsRecLoggingLog.svc That could be due to the service endpoint binding not using HTTP protocol. This could also be due to and HTTP request context being aborted by the server (possibly due to service shutting down)..”

      1. I got the same error.
        :
        correct from last reply:

        I installed Session recording 1912 LTSR CU1 on Windows 2019 and IIS binding with SSL Cer.

        After checked with windows event log show error ID 6001

        “An error occurred while receiving the HTTP response to https://localhost/SessionRecordingLogging/SsRecLoggingLog.svc That could be due to the service endpoint binding not using HTTP protocol. This could also be due to and HTTP request context being aborted by the server (possibly due to service shutting down)..”

        It look like Sessionrecording service not run on port 443 but port 80 everything fine.

  28. Hi Carls,
    Can we install 7.15 LTSR session recording agent on Desktop OS ( Windows 7 enterprise ) ?

  29. There is some upgrade regarding Session Recording works with Citrix Cloud. Would you kindly elaborate more ?

  30. hello, I jave installed version 7.15 LTSR CU2. it is working when I want to record session from a Windows 2016 VDA but not from a Windows 10 VDA. If I netstat the session recording server I can see that there is a connection established from the Windows 10 VDA but nothing is happening.
    Thanks.

  31. In step 11. of the Player section where does the server connection information get stored? We have published a SR Player and have to add that server each time we launch. I did a registry search for the server after setting it but no results were found.

  32. Hi,

    How about implementing SR in Citrix Cloud?
    From Citrix official document, it is supported.

    But there are no documentation of how its done, since it needs integration with DIrector and in Citrix Cloud, DIrector is locked down

    And how about from licensing perspective?
    SR require Platinum License, quite different with CItrix Cloud licenses

    1. You should be able to get a licensing exception from your local Citrix sales team.

      SR integration with Director is not required. You can use it without Director integration.

      1. We were concerned about load balancing and since that feature doesn’t appear to be available in 7.15, we were curious about what to do in our planning phase if it were ever needed. thanks for the input.

  33. If it is a GSLB server being used to store files, try with a single standalone server. If that helps with generating files then you know the problem !

    1. I have installed 2203LTSr session recording server and configure to use self signed certificate.When I try to activate or create new policy , getting an error “The operation is blocked session recording administration login failed”.Any help would be appreciated.

  34. i have followed the steps and successfully getting the recording prompt on citrix desktops but the recordings are not found or stored on the session recording server.,i have chosen default location for storing recordings but no recording files are getting generated

    what can be missing?

Leave a Reply

Your email address will not be published. Required fields are marked *