Session Recording 7.14

Navigation

This article applies to Session Recording 7.14 and newer. Session Recording 7.13 and older is a different article.

• Planning
• Upgrade
• Server Installs:
  • Install
  • IIS Certificate
• Session Recording Server Configuration
  • Load Balancing
  • Authorization
  • Policies
• Session Recording Agent
• Session Recording Player
• Director Integration

= Recently Updated

Planning

Citrix links:

• Citrix Docs – Session Recording
• Citrix CTX200868 – Configuring Security Features of Session Recording
• Citrix CTX200869 – Building a Highly Scalable Session Recording System

Licensing – XenApp/XenDesktop Platinum Edition licensing is required.

Features – CTX224231 Session Recording:Features by Version. 

Farms – There is no relation between Session Recording farms and XenApp/XenDesktop farms. You can have Agents from multiple XenApp/XenDesktop farms recording to a common Session Recording server. Or you can split a XenApp/XenDesktop farm so that different Agents point to different Session Recording servers.

• Load balancing – Session Recording 7.14 and newer can be load balanced. Build two Session Recording servers pointing to the same SQL database. Configure both of them to store recordings on the same UNC path. More details at Configure Session Recording with load balancing at Citrix Docs.

Disk space – The Session Recording server will need a hard drive to store the recordings. Disk access is primarily writes. You can also store recordings on a UNC path (this is required if load balancing).

Offloaded content (e.g. HDX Flash, Lync webcam, MMR) is not recorded.

Certificate – Session Recording server needs a certificate. The certificate must be trusted by Agents and Players. Internal Certificate Authority recommended.

• If load balancing, on the NetScaler, install a certificate that matches the load balanced name.
• On each Session Recording server, install a certificate that matches the Session Recording server name.

SQL:

• Supported Versions = SQL 2008 R2 Service Pack 3 through SQL 2016.
• The SQL database is very small.
• The database name defaults to CitrixSessionRecording and can be changed.
• A separate database is created for CitrixSessionRecordingLogging.
• Temporary sysadmin (or dbcreator and securityadmin) permissions are needed to create the database, and sysadmin can be revoked after installation.
• SQL Browser Service must be running.
• SQL Server High Availability (AlwaysOn Availability Groups, Clustering, Mirroring) is supported. See Install Session Recording with database high availability at Citrix Docs. And see Citrix Blog Post Session Recording 7.13 – New HA and Database Options

Installation media – Session Recording 7.14 is installed from the XenApp 7.14 / XenDesktop 7.14 ISO:

Session Recording Server Upgrade

You can upgrade from Session Recording 7.6 and newer.

1. If this is a new installation, skip to Install.
2. If this server is Windows 2012 or newer, then go to the downloaded XenApp/XenDesktop 7.14 ISO, and run AutoSelect.exe.
   
3. If you see the Manage your delivery screen, click either XenApp or XenDesktop. The only difference is the product name shown in the installers.
   
4. On the bottom right, click the Session Recording box.
   
5. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
   
6. In the Core Components page, uncheck the box next to Session Recording Player. The Player is typically installed on physical workstations, but not on the Session Recording server. Click Next.
   
7. In the Summary page, click Install.
   
8. Click Close when prompted to restart.
   
9. After reboot and login, if installation doesn’t continue automatically, then mount the XenApp/XenDesktop ISO, run AutoSelect.exe, and click the Session Recording box again. Installation should then continue.
   
10. In the Finish page, click Finish.
    

Session Recording Server Installs

Install

1. If this server is Windows 2012 or newer, go to the downloaded XenApp/XenDesktop 7.14 ISO, and run AutoSelect.exe.
   
2. If you see the Manage your delivery screen, click either XenApp or XenDesktop. The only difference is the product name shown in the installers.
   
3. On the bottom right, click the Session Recording box.
   
4. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
   
5. In the Core Components page, uncheck the box next to Session Recording Player. This feature is typically installed on physical workstations, but not on the Session Recording server. Click Next.
   
6. In the Features page, on the first Session Recording server, install everything.
7. On the second Session Recording server (if load balancing), only select Session Recording Server. Click Next.
   
   
8. In the Database and Server page, fill out the fields. Enter the SQL server name. Enter the database name. Enter the computer account for the Session Recording server. Click Test connection. Each load balanced Session Recording server must point to the same database. Click Next.
   
9. In the Administrator Logging Configurator page, enter the name of the SQL database, click Test connection, and then click Next.
   
10. In the Summary page, click Install.
    
    
11. In the Finish page, click Finish.
    

IIS Certificate

1. Use MMC Certificates snap-in (certlm.msc), or IIS, or similar, to request a machine certificate.
   
2. In IIS Manager, right-click the Default Web Site, and click Edit Bindings.
   
3. On the right, click Add.
   
4. Change the Type to https.
5. Select the certificate, and click OK.
   

Session Recording Server Configuration

1. From Start Menu, run Session Recording Server Properties.
   
2. In the Storage tab, specify a path that has disk space to hold the recordings. UNC is supported. If load balancing, UNC is required.
   
   1. When using a UNC path, make the share allows both Session Recording servers (AD computer objects) to modify files in the path.
      
   2. The share must have a subfolder. The recordings will be saved to the subfolder.
      
   3. In the Session Recording Server Properties tool, add the UNC path with subdirectory to the Storage tab.
      
3. In the Signing page, select (Browse) a certificate to sign the recordings.
   
4. In the Playback tab, notice that Session Recording files are encrypted before transmit. Also, it’s possible to view live sessions but live sessions are not encrypted.
   
5. In the Notifications tab, you can change the message displayed to users before recording begins.
   
   
6. The CEIP tab lets you enable or disable the Customer Experience Improvement Program.
7. See http://www.carlstalhood.com/delivery-controller-7-14-and-licensing/#ceip for additional places where CEIP is enabled.
   
8. The Logging tab lets you configure Logging.
   
9. When you click OK you’ll be prompted to restart the service.
   
10. Session Recording relies on Message Queuing. In busy environments, it might be necessary to increase the Message Queuing storage limits. See CTX209252 Error: “Data lost while recording file…” on Citrix SmartAuditor.
    
    
    

David Ott Session Recording Cleanup Script: You may notice that the session recording entries/files don’t go away on their own. Here is how to clean them up. Just create a scheduled task to run the code below once per day (as system – elevated). See David’s blog post for details.

C:\Program Files\Citrix\SessionRecording\Server\Bin\icldb.exe remove /RETENTION:7 /DELETEFILES /F /S /L

Also see CTX134777 How to Remove Dormant Files From a SmartAuditor Database.

Load Balancing

1. In SQL Server Management Studio, make sure each load balanced Session Recording server (AD computer account) is granted db_owner role in the Session Recording databases.
   
2. On each Session Recording server, open regedit.
3. Navigate to HKLM\Software\Citrix\SmartAuditor\Server.
4. Create a new DWORD value named EnableLB and set it to 1. Repeat on both Session Recording servers.
   
5. Configure NetScaler load balancing similar to the following:

   add server SR01 10.2.2.78
   add server SR02 10.2.2.139
   add serviceGroup svcgrp-Recording-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
   add lb vserver lbvip-Recording-SSL SSL 10.2.5.215 443 -persistenceType SOURCEIP -timeout 60 -lbMethod LEASTBANDWIDTH -cltTimeout 180
   bind lb vserver lbvip-Recording-SSL svcgrp-Recording-SSL
   bind serviceGroup svcgrp-Recording-SSL SR01 443
   bind serviceGroup svcgrp-Recording-SSL SR02 443
   bind serviceGroup svcgrp-Recording-SSL -monitorName https
   bind ssl vserver lbvip-Recording-SSL -certkeyName WildcardCorpLocal

6. The only special part is the Load Balancing Method set to LEASTBANDWIDTH (or LEASTPACKETS).
   
7. Create a DNS host record that resolves to the Load Balancing VIP and matches the certificate bound to the vServer.
   
8. Go to C:\Windows\System32\msmq\Mapping and edit the file sample_map.xml.
   
9. Follow the instructions at Configure Session Recording with load balancing at Citrix Docs. Each Session Recording server has a unique configuration for this file since the <to> element points to the local server name.
   
10. When saving the file, you might have to save it to a writable folder, and then move it to C:\Windows\System32\msmq\Mapping.
11. Then restart the Message Queuing service on each Session Recording server.
    

Authorization

1. Note: authorization is configured separately on each load balanced Session Recording server.
2. From the Start Menu, run Session Recording Authorization Console.
   
3. In the PolicyAdministrator role, add your Citrix Admins group.
4. If you use Director to configure Session Recording, add the Director users to the PolicyAdministrator role.
   
5. In the Player role, add users that can view the recordings.
   
6. By default, nobody can see the Administration Log. Add auditing users to the LoggingReader role.
   
7. Repeat the authorization configuration on additional load balanced Session Recording servers.
8. Session Recording has a Session Recording Administrator Logging feature, which opens a webpage to https://SR01.corp.local/SessionRecordingLoggingWebApplication/. Only members of the LoggingReader role can see the data.
   
   

Policies

1. From the Start Menu, run Session Recording Policy Console.
   
2. Enter the hostname of the Session Recording server, and click OK.
   
3. Only one policy can be enabled at a time. By default, no recording occurs. To enable recording, right-click one of the other two built-in policies, and click Activate Policy.
   
4. Or you can create your own policy by right-clicking Recording Policies, and clicking Add New Policy.
   
5. After the policy is created, right-click it, and click Add Rule.
   
6. Decide if you want notification or not, and click Next.
   
7. Click OK to acknowledge this message.
   
8. Choose the rule criteria. You can select more than one. Session Recording has an IP Address or IP Range rule.
9. Then click the links on the bottom specify the groups, applications, servers, and/or IP range for the rule. Click Next.
   
   
10. Give the rule a name, and click Finish.
    
11.  Continue adding rules.
12. When done creating rules, right-click the policy, and click Activate Policy.
    
13. You can also rename the policy you created.
    

Session Recording Agent

Install the Agent on the VDAs. Platinum Licensing is required.

1. On the Master VDA, go to the downloaded XenApp/XenDesktop 7.14 ISO, and run AutoSelect.exe.
   
2. If you see the Manage your delivery screen, click either XenApp or XenDesktop. The only difference is the product name shown in the installers.
   
3. On the bottom right, click the Session Recording box.
   
4. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
   
5. In the Core Components page, uncheck everything except Session Recording Agent. Click Next.
   
6. In the Agent page, enter the FQDN of the Session Recording server (or load balanced FQDN), click Test connection, and click Next.
   
7. In the Summary page, click Install.
   
8. In the Finish page, click Finish.
   
9. Agent Installation can also be automated. See Automating installations at Citrix Docs.
10. In the Start Menu is Session Recording Agent Properties.
    
11. You can enable or disable session recording on this Agent.
    
12. For MCS and PVS VDAs, see the GenRandomQMID.ps1 script at Install, upgrade, and uninstall Session Recording at Citrix Docs.
13. Session Recording Agent might cause MCS Image Prep to fail. To work around this, set the Citrix Session Recording Agent service to Automatic (Delayed Start). Source = Todd Dunwoodie at Session Recording causes Image preparation finalization Failed error at Citrix Discussions.
    

Session Recording Player

Install the Player on any Windows 7 through Windows 10 desktop machine. 32-bit color depth is required. Because of the graphics requirements, don’t run the Player as a published application.

1. Go to the downloaded XenApp/XenDesktop 7.14 ISO, and run AutoSelect.exe.
   
2. If you see the Manage your delivery screen, click either XenApp or XenDesktop. The only difference is the product name shown in the installers.
   
3. On the bottom right, click the Session Recording box.
   
4. In the Licensing Agreement page, change the selection to I have read, understand, and accept the terms, and click Next.
   
5. In the Core Components page, uncheck everything except Session Recording Player. Click Next.
   
6. In the Summary page, click Install.
   
7. In the Finish page, click Finish.
   
8. From the Start Menu, run the Session Recording Player.
   
9. Open the Tools menu, and click Options.
   
10. On the Connections tab, click Add.
    
11. Enter the FQDN of the Session Recording server (or load balanced FQDN).
    
12. On the Cache tab you can adjust the client-side cache size. Click OK.
    
13. Use the Search box to find recordings.
    
14. Or you can go to Tools > Advanced Search.
    
    
15. Once you find a recording, double-click it to play it.
    
16. If you see a message about Citrix Client version incompatibility, see CTX206145 Error: “The Session Recording Player Cannot Play Back This File” to edit the Player’s SsRecPlayer.exe.config file to accept the newer version. 
    
17. To skip spaces where no action occurred, open the Play menu, and click Fast Review Mode.
    
18. You can add bookmarks by right-clicking in the viewer pane. Then you can skip to a bookmark by clicking the bookmark in the Events and Bookmarks pane.
    

Director Integration

1. On the Director server, run command prompt elevated (as Administrator).
   
2. Run C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /configsessionrecording
3. Enter the Session Recording FQDN (or load balanced FQDN) when prompted.
4. Enter 1 for HTTPS.
5. Enter 443 as the port.
   
6. In Director, when you view users or machines, you can change the Session Recording policy. These policy changes don’t apply until a new session is launched.
   
7. If the Session Recording menu says N/A, then the Director user needs to be authorized in the Session Recording Authorization Console.
   
   
8. If you use Director to enable or disable recording for a user or machine, rules are added to the active policy on the Session Recording server. They only take effect at next logon.