Session Recording 1909

Last Modified: Nov 16, 2019 @ 7:51 am

Navigation

This article applies to Session Recording 1909, 1906, 7.15.5000 LTSR CU5, and 7.14. Session Recording 7.13 and older is a different article.

ūüí° = Recently Updated

Change Log

Planning

Citrix links:

Licensing – Citrix Virtual Apps and Desktops Platinum Edition or Premium Edition licensing is required.

Features –¬†CTX224231¬†Session Recording:Features by Version.

Farms – There is no relation between Session Recording farms and Citrix Virtual Apps and Desktops farms. You can have Agents from multiple Citrix Virtual Apps and Desktops farms recording to a common Session Recording server. Or you can split a Citrix Virtual Apps and Desktops farm so that different Agents point to different Session Recording servers.

  • Load balancing – Session Recording 7.14 and newer can be load balanced. Build two Session Recording servers pointing to the same SQL database. Configure both of them to store recordings on the same UNC path. More details at¬†Configure Session Recording with load balancing at Citrix Docs.
    • Note: Load Balancing was removed from Session Recording 7.15 LTSR. In Session Recording 7.16 and newer, Load Balancing is fully supported.
  • Scaling – To scale Session Recording to 20,000 users, see Hal Lange and Ryan Revord at Scaling and Load Balancing Session Recording at CUGC.

Disk space – The Session Recording server will need a hard drive to store the recordings. Disk access is primarily writes. You can also store recordings on a UNC path (this is required if load balancing).

Offloaded content (e.g. HDX Flash, Lync webcam, MMR) is not recorded.

Certificate – Session Recording server needs a certificate. The certificate must be trusted by Agents and Players. Internal Certificate Authority recommended.

  • If load balancing, on the NetScaler, install a certificate that matches the load balanced name.
  • On each Session Recording server, install a certificate that matches the Session Recording server name.

SQL:

  • Supported Versions = SQL 2008 R2 Service Pack 3 through SQL 2016.
  • The SQL database is very small.
  • The database name defaults to¬†CitrixSessionRecording and can be changed.
  • A separate database is created for CitrixSessionRecordingLogging.
  • Temporary sysadmin¬†(or dbcreator and securityadmin) permissions are needed to create the database, and sysadmin can be revoked after installation.
  • SQL Browser Service must be running.
  • SQL Server High Availability (AlwaysOn Availability Groups, Clustering, Mirroring) is supported. See Install Session Recording with database high availability at Citrix Docs. And see Citrix Blog Post Session Recording 7.13 ‚Äď New HA and Database Options

Session Recording Versions

Session Recording is located on the Citrix Virtual Apps and Desktops or XenApp/XenDesktop ISO.

The most recent Current Release version of Session Recording is 1909, which is newer than 1906 and 7.18. Current Release is only supported for 6 months from release date, and you are expected to upgrade it every 3-6 months.

For a longer support term (LTSR), deploy 7.15.5000 LTSR instead.

Session Recording Server Upgrade

You can upgrade from Session Recording 7.6 and newer.

  1. If this is a new installation, skip to Install.
  2. If this server is Windows 2012 or newer, then go to the downloaded Citrix Virtual Apps and Desktops (CVAD) or XenApp/XenDesktop ISO, and run AutoSelect.exe.
  3. If you see the Manage your delivery screen, click either Virtual Apps or Virtual Apps and Desktops. The only difference is the product name shown in the installers.
  4. On the bottom right, click the Session Recording box.
  5. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
  6. In the Summary page, click Upgrade.
  7. Click OK to acknowledge that the upgrade cannot be cancelled.
  8. The installer might require a restart. Let it restart, and login again.

    1. After logging in, if you see a¬†Locate ‚ÄėCitrix Virtual Apps and Desktops 7‚Äô installation media¬†window, don‚Äôt click anything in the window.
    2. Mount the Citrix_Virtual_Apps_and_Desktops_7_1909.iso file.
    3. Go back to the Locate media window. On the left, expand This PC, and click the DVD Drive. Then click Select Folder.
    4. Installation will resume. Repeat these steps if it asks you to reboot again.
  9. In the Finish page, click Finish.
  10. Also upgrade Broker_PowerShellSnapIn_x64.msi from \x64\Citrix Desktop Delivery Controller on the CVAD 1909 ISO.

Session Recording Server Installs

Install

  1. If this server is Windows 2012 or newer, go to the downloaded Citrix Virtual Apps and Desktops or XenApp/XenDesktop ISO, and run AutoSelect.exe.
  2. If you see the Manage your delivery screen, click either Virtual Apps or Virtual Apps and Desktops. The only difference is the product name shown in the installers.
  3. On the bottom right, click the Session Recording box.
  4. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
  5. In the Core Components page, uncheck the box next to Session Recording Player. The Player is typically installed on physical workstations, but not on the Session Recording server. Click Next.
  6. In the Features page, on the first Session Recording server, install everything.

    • On the second Session Recording server (if load balancing), only select¬†Session Recording Server. Click¬†Next.
  7. In the Database and Server page, fill out the fields. Enter the SQL server name. Enter the database name. Enter the domain\computer_account$ for the Session Recording server. Click Test connection. Each load balanced Session Recording server must point to the same database. Click Next.
  8. In the Administrator Logging Configurator page, enter the name of the SQL database, click Test connection, and then click Next.
  9. In the Summary page, click Install.
  10. The machine will probably require a reboot.

    1. After logging in, if you see a¬†Locate ‚ÄėCitrix Virtual Apps and Desktops 7‚Äô installation media¬†window, don‚Äôt click anything in the window.
    2. Mount the Citrix_Virtual_Apps_and_Desktops_7_1909.iso file.
    3. Go back to the Locate media window. On the left, expand This PC, and click the DVD Drive. Then click Select Folder.
    4. Installation will resume. Repeat these steps if it asks you to reboot again.
  11. In the Finish page, click Finish.

Antivirus Exclusions

See Endpoint Security and Antivirus Best Practices at Citrix Tech Zone

IIS Certificate

  1. Use MMC Certificates snap-in (certlm.msc), or IIS, or similar, to request a machine certificate.
  2. In IIS Manager, right-click the Default Web Site, and click Edit Bindings.
  3. On the right, click Add.
  4. Change the Type to https.
  5. Select the certificate, and click OK.

Session Recording Server Configuration

  1. From Start Menu, run Session Recording Server Properties.
  2. In the Storage tab, specify a path that has disk space to hold the recordings. UNC is supported. If load balancing, UNC is required.

    1. When using a UNC path, all Session Recording servers (AD computer objects) need modify access.
    2. The share must have a subfolder. The recordings will be saved to the subfolder.
    3. In the Session Recording Server Properties tool, add the UNC path with subdirectory to the Storage tab.
  3. In the Signing page, select (Browse) a certificate to sign the recordings.
  4. In the Playback tab, notice that Session Recording files are encrypted before transmit. Also, it’s possible to view live sessions but live sessions are not encrypted.
  5. In the Notifications tab, you can change the message displayed to users before recording begins.

  6. The CEIP tab lets you enable or disable the Customer Experience Improvement Program.
  7. See https://www.carlstalhood.com/delivery-controller-cr-and-licensing/#ceip for additional places where CEIP is enabled.
  8. The Logging tab lets you configure Logging.
  9. When you click OK you’ll be prompted to restart the service.
  10. Session Recording relies on Message Queuing. In busy environments, it might be necessary to increase the Message Queuing storage limits. See¬†CTX209252¬†Error: “Data lost while recording file…” on Citrix SmartAuditor.


David Ott¬†Session Recording Cleanup Script: You may notice that the session recording entries/files don‚Äôt go away on their own. Here is how to clean them up.¬†Just create a scheduled task to run the code below once per day (as system ‚Äď elevated). See David’s¬†blog post for details.

C:\Program Files\Citrix\SessionRecording\Server\Bin\icldb.exe remove /RETENTION:7 /DELETEFILES /F /S /L

Also see CTX134777 How to Remove Dormant Files From a SmartAuditor Database.

Load Balancing

Note: Session Recording load balancing was removed from 7.15 LTSR but added back in 7.16 and newer.

  1. In SQL Server Management Studio, make sure each load balanced Session Recording server (AD computer account) is granted db_owner role in the Session Recording databases.
  2. On each Session Recording server, open regedit.
  3. Navigate to HKLM\Software\Citrix\SmartAuditor\Server.
  4. Create a new DWORD value named EnableLB and set it to 1. Repeat on both Session Recording servers.
  5. Configure NetScaler load balancing similar to the following:
    add server SR01 10.2.2.78
    add server SR02 10.2.2.139
    add serviceGroup svcgrp-Recording-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
    add lb vserver lbvip-Recording-SSL SSL 10.2.5.215 443 -persistenceType SOURCEIP -timeout 60 -lbMethod LEASTBANDWIDTH -cltTimeout 180
    bind lb vserver lbvip-Recording-SSL svcgrp-Recording-SSL
    bind serviceGroup svcgrp-Recording-SSL SR01 443
    bind serviceGroup svcgrp-Recording-SSL SR02 443
    bind serviceGroup svcgrp-Recording-SSL -monitorName https
    bind ssl vserver lbvip-Recording-SSL -certkeyName WildcardCorpLocal
  6. The only special part is the Load Balancing Method set to LEASTBANDWIDTH (or LEASTPACKETS).
  7. Create a DNS host record that resolves to the Load Balancing VIP and matches the certificate bound to the vServer.
  8. Go to C:\Windows\System32\msmq\Mapping and edit the file sample_map.xml.
  9. Follow the instructions at Configure Session Recording with load balancing at Citrix Docs. Each Session Recording server has a unique configuration for this file since the <to> element points to the local server name.
  10. When saving the file, you might have to save it to a writable folder, and then move it to C:\Windows\System32\msmq\Mapping.
  11. Then restart the Message Queuing service on each Session Recording server.

Authorization

Authorization is configured separately on each load balanced Session Recording server.

  1. From the Start Menu, run Session Recording Authorization Console.
  2. Right-click the PolicyAdministrator role, expand Assign Users and Groups, click From Windows and Active Directory and then add your Citrix Admins group.
  3. If you use Director to configure Session Recording, add the Director users to the PolicyAdministrator role.
  4. In the Player role, add users that can view the recordings.
  5. By default, nobody can see the Administration Log. Add auditing users to the LoggingReader role.
  6. Repeat the authorization configuration on additional load balanced Session Recording servers.
  7. Session Recording has a Session Recording Administrator Logging feature, which opens a webpage to https://SR01.corp.local/SessionRecordingLoggingWebApplication/. Only members of the LoggingReader role can see the data.

Recording Policies

  1. Recording Policies can be configured to apply only specific Delivery Groups. To enumerate the Delivery Groups, on your Session Recording server, install Broker_PowerShellSnapIn_x64.msi, which is located under \x64\Citrix Desktop Delivery Controller on the CVAD ISO (e.g. CVAD 1909).

    • You’ll need to update this snap-in whenever you update CVAD.

  2. From the Start Menu, run Session Recording Policy Console.
  3. Enter the hostname of the Session Recording server, and click OK.
  4. Only one policy can be enabled at a time. By default, no recording occurs. To enable recording, right-click one of the other two built-in policies and click Activate Policy.
  5. Or you can create your own policy by right-clicking Recording Policies and clicking Add New Policy.
  6. After the policy is created, right-click it, and click Add Rule.
  7. Decide if you want notification or not, and click Next.
  8. Click OK to acknowledge this message.
  9. Choose the rule criteria. You can select more than one. Session Recording has an IP Address or IP Range rule.
  10. Then click the links on the bottom specify the groups, applications, servers, and/or IP range for the rule. Click Next.

  11. Give the rule a name, and click Finish.
  12.  Continue adding rules.
  13. When done creating rules, right-click the policy, and click Activate Policy.
  14. You can also rename the policy you created.

Recording Viewing Policies

Session Recording 1906 and newer support creating policies to limit whose recordings a viewer can see.

  1. On Session Recording servers 1909 and newer, open Session Recording Server Properties, switch to the tab named RBAC, and check the box next to Allow to configure recording viewing policies.

    1. Or, on the Session Recording servers version 1906, open regedit, browse to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server\, add the DWORD value PlayerUserRBACEnabledKey, and set it to 1.
  2. When you re-open the Citrix Session Recording Policy Console, you’ll see a new node named¬†Recording Viewing Policies.
  3. Right-click Recording Viewing Policies and click Add New Policy.
  4. Right-click the new policy and click Add Rule.
  5. In the Rules Wizard, specify a user group that can view recordings, specify user groups whose recordings can be viewed, and then click Next.

    • Make sure the “view recordings” group is also added to the Player role in the Authorization Console.
  6. Click Finish to close the wizard.
  7. You can right-click the Viewing Policy to rename it.
  8. Recording Viewing Policies do not need to be activated.
  9. You can create more than one Recording Viewing Policy.

Session Recording Agent

Agent Installation

Install the Agent on the VDAs. Platinum Licensing is required.

  1. On the Master VDA, go to the downloaded Citrix Virtual Apps and Desktops or XenApp/XenDesktop ISO, and run AutoSelect.exe.
  2. If you see the Manage your delivery screen, click either Virtual Apps or Virtual Apps and Desktops. The only difference is the product name shown in the installers.
  3. On the bottom right, click the Session Recording box.
  4. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
  5. In the Core Components page, uncheck everything except Session Recording Agent. Click Next.
  6. In the Agent page, enter the FQDN of the Session Recording server (or load balanced FQDN), click Test connection, and click Next.
  7. In the Summary page, click Install.
  8. In the Finish page, click Finish.
  9. Agent Installation can also be automated. See Automating installations at Citrix Docs.
  10. For antivirus exclusions, see Endpoint Security and Antivirus Best Practices at Citrix Tech Zone

Agent Configuration

  1. In the Start Menu is Session Recording Agent Properties.
  2. You can enable or disable session recording on this Agent.
  3. For MCS and PVS VDAs, see the GenRandomQMID.ps1 script at Install, upgrade, and uninstall Session Recording at Citrix Docs.
  4. Session Recording Agent might cause MCS Image Prep to fail. To work around this, set the Citrix Session Recording Agent service to Automatic (Delayed Start). Source = Todd Dunwoodie at Session Recording causes Image preparation finalization Failed error at Citrix Discussions.

Event Logging

Session Recording 7.17 and newer can automatically mark events in recordings when certain actions occur inside the session. An example event is when USB client drives are connected. Newer versions of Session Recording can record more events than older versions of Session Recording.

In Session Recording 1811 and newer, the Citrix Session Recording Policy Console has a new node named Event Logging Policies. Just like Recording Policies, you can add an Event Logging Policy, add a rule to the policy, and then activate the policy. Event monitoring settings can be enabled in this console instead of in the registry of each Session Recording Agent. Event Logging is disabled by default.

  1. Session Recording 1903 has more rules than Session Recording 1811. The more rules you configure in the console, the less registry keys are needed on the Session Recording Agents. More details at Event logging policies at Citrix Docs and Citrix Blog Post Session Recording 1903 available for Citrix Virtual Apps and Desktops.
  2. Session Recording 1903 and later have Log browser usage events.

  3. After adding rules to an Event Logging Policy, make sure you Activate Policy.

In older versions of Session Recording, you enable Event recording by modifying the registry of each Session Recording Agent:

  1. Configure the following registry values at HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\SessionEvents on the Session Recording Agent machine:
    • EnableAppLaunchEvents (DWORD) = 1
    • EnableCDMUSBDriveEvents (DWORD) = 1
    • EnableFileOperationMonitorEvents (DWORD) = 1
    • EnableGenericUSBDriveEvents (DWORD) = 1
    • EnableSessionEvents (DWORD) = 1
  2. Session Recording 7.18 and newer can mark recording events when specific processes are launched. This feature is disabled by default. To enable, set¬†EnableAppLaunchEvents at the same key. And put the list of processes in AppMonitorList. More details at Log application starts¬†at Citrix Docs and Citrix Blog Post¬†Session Recording 1808 Product Update ‚Äď Log application activities and more!.
    • EnableAppLaunchEvents (DWORD) = 1
    • AppMonitorList (REG_MULTISZ) = list of process names
  3. Session Recording 1811 and later can mark recording events when files in a folder are renamed, created, deleted, and moved. Add the path strings of target folders into the FileOperationMonitorList registry value. More details at Citrix Blog Post Session Recording 1811 is here for Citrix Virtual Apps and Desktops.

When you later playback the recording, the events are shown on the bottom left.

  • Or you can perform an Advanced Search for recordings with specific event types.

Session Recording Web Player

Session Recording 1909 includes an experimental Web Player.

  1. Go to C:\Program Files\Citrix\SessionRecording\Server\Bin, right-click TestPolicyAdmin.exe and click Copy as path.
  2. Open Command Prompt as administrator, paste the path, add “-enablewebplayer” to the end, and press Enter.
  3. In IIS Manager, edit the bindings for the Default Web Site and ensure there’s an https binding.

    • The certificate’s Subject Alternative Names must include localhost.
  4. Go back to C:\Program Files\Citrix\SessionRecording\Server\Bin and edit the file SsRecWebSocketServer.exe.config.
  5. In line 3, set TLSEnable to 1.
  6. You need the Session Recording certificate in PEM format. One option is to use the openssl commands listed at Citrix Docs. Or you can use an ADC appliance’s¬†Import PKCS#12 feature to convert PFX to PEM.

    1. Make sure you don’t encrypt the private key (don’t select Encoding Format).
    2. After conversion (aka import), go to Traffic Management > SSL > SSL Files, switch to the tab named Certificates, and download the .pem file.
  7. Put the unencrypted .pem file somewhere on the Session Recording server.
  8. In the SsRecWebSocketServer.exe.config file, set line 11 and line 13 to the full path to the .pem file.
  9. In Administrator Command Prompt, run the following command:
    "C:\Program Files\Citrix\SessionRecording\Server\Bin\TestPolicyAdmin.exe" -stopwebsocketserver

  10. The Web Player WebSockets listens on port 22334 by default. Open the port on the firewall.

    1. Create an Inbound Rule. You can either create a Program rule, or a Port rule.
    2. The program path is %ProgramFiles%\Citrix\SessionRecording\Server\Bin\SsRecWebSocketServer.exe.
  11. From any machine, launch Chrome or Firefox and point it to https://myrecordingserver.corp.com/WebPlayer or something like that. Internet Explorer and Edge are not supported.

Session Recording Player

Install the Player on any Windows 7 through Windows 10 desktop machine. 32-bit color depth is required. Because of the graphics requirements, don’t run the Player as a published application.

  1. Go to the downloaded Citrix Virtual Apps and Desktops or XenApp/XenDesktop ISO, and run AutoSelect.exe.
  2. If you see the Manage your delivery screen, click either Virtual Apps or Virtual Apps and Desktops. The only difference is the product name shown in the installers.
  3. On the bottom right, click the Session Recording box.
  4. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
  5. In the Core Components page, uncheck everything except Session Recording Player. Click Next.
  6. In the Summary page, click Install.
  7. The installer might require a restart. Let it restart, and login again.

    1. After logging in, if you see a¬†Locate ‚ÄėCitrix Virtual Apps and Desktops 7‚Äô installation media¬†window, don‚Äôt click anything in the window.
    2. Mount the Citrix_Virtual_Apps_and_Desktops_7_1909.iso file.
    3. Go back to the Locate media window. On the left, expand This PC, and click the DVD Drive. Then click Select Folder.
    4. Installation will resume.
  8. In the Finish page, click Finish.
  9. From the Start Menu, run the Session Recording Player.
  10. Open the Tools menu, and click Options.
  11. On the Connections tab, click Add.
  12. Enter the FQDN of the Session Recording server (or load balanced FQDN).
  13. On the Cache tab you can adjust the client-side cache size. Click OK.
  14. Use the Search box to find recordings.
  15. Or you can go to Tools > Advanced Search.

  16. Once you find a recording, double-click it to play it.
  17. If you see a message about Citrix Client version incompatibility, see¬†CTX206145¬†Error: “The Session Recording Player Cannot Play Back This File”¬†to edit the Player’s SsRecPlayer.exe.config file to accept the newer version.
  18. To skip spaces where no action occurred, open the Play menu, and click Fast Review Mode.
  19. You can add bookmarks by right-clicking in the viewer pane. Then you can skip to a bookmark by clicking the bookmark in the Events and Bookmarks pane.

Director Integration

  1. On the Director server, run command prompt elevated (as Administrator).
  2. Run C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /configsessionrecording
  3. Enter the Session Recording FQDN (or load balanced FQDN) when prompted.
  4. Enter 1 for HTTPS.
  5. Enter 443 as the port.
  6. In Director, when you view users or machines, you can change the Session Recording policy. These policy changes don’t apply until a new session is launched.
  7. If the Session Recording menu says N/A, then the Director user needs to be authorized in the Session Recording Authorization Console.

  8. If you use Director to enable or disable recording for a user or machine, rules are added to the active policy on the Session Recording server. They only take effect at next logon.

Dynamic Session Recording

Session Recording 7.18, along with Delivery Controller 7.18, and VDA 7.18, allows you to start recording, even in the middle of a session.

Unfortunately, Director has not been enabled to take advantage of this feature. Instead, you use PowerShell to start recording. The command is Start-BrokerSessionRecording, and is detailed at Dynamically start or stop recording by using PowerShell commands in the Citrix Broker SDK at Citrix Docs. For example:

Start-BrokerSessionRecording -User DomainA \ UserA -NotifyUser $false

Use the Stop-BrokerSessionRecording command to stop recording when the reported issue has been triaged or resolved. For example:

Stop-BrokerSessionRecording -User DomainA \ UserA

The commands are logged to Citrix Studio Logging.

24 thoughts on “Session Recording 1909”

  1. When trying to load the Session Recording Policy Console, I get an error “MMC could not create the snap-in”. I’ve installed the PowerShellBroker. There are no errors in the Event Viewer, just the one in the console.

  2. Every certificate I try to install on step 3 under “Session Recording Server Configuration” throws “Invalid Provider Type specified”. I can’t find the documentation for what kind of provider type it needs. Any thoughts?

  3. Hi Carl,

    I need your urgent help to implement session recording server. During the change path to D drive configuration of recording session files I am getting error “The operation is blocked session recording administration login failed”. and suddenly created folder in D drive is getting disappeared.

    Please help to troubleshooting the issue.

    Regards,
    Ilyas Ahmed

    1. Please check whether ‘Enable Mandatory Blocking’ is chosen in SR Server Property. If so, you have to add current account to authorized logging writer role list.

  4. hello, I jave installed version 7.15 LTSR CU2. it is working when I want to record session from a Windows 2016 VDA but not from a Windows 10 VDA. If I netstat the session recording server I can see that there is a connection established from the Windows 10 VDA but nothing is happening.
    Thanks.

  5. In step 11. of the Player section where does the server connection information get stored? We have published a SR Player and have to add that server each time we launch. I did a registry search for the server after setting it but no results were found.

  6. Hi,

    How about implementing SR in Citrix Cloud?
    From Citrix official document, it is supported.

    But there are no documentation of how its done, since it needs integration with DIrector and in Citrix Cloud, DIrector is locked down

    And how about from licensing perspective?
    SR require Platinum License, quite different with CItrix Cloud licenses

    1. You should be able to get a licensing exception from your local Citrix sales team.

      SR integration with Director is not required. You can use it without Director integration.

      1. We were concerned about load balancing and since that feature doesn’t appear to be available in 7.15, we were curious about what to do in our planning phase if it were ever needed. thanks for the input.

  7. If it is a GSLB server being used to store files, try with a single standalone server. If that helps with generating files then you know the problem !

  8. i have followed the steps and successfully getting the recording prompt on citrix desktops but the recordings are not found or stored on the session recording server.,i have chosen default location for storing recordings but no recording files are getting generated

    what can be missing?

Leave a Reply to Carl Stalhood Cancel reply