Session Recording

Install, upgrade, and uninstall

Note:

To configure server high availability through load balancing, see Configure load balancing in an existing deployment and Deploy and load balance Session Recording in Azure.

To learn more about how to quickly set up and configure Citrix Session Recording and Citrix Session Recording service, see the Citrix Tech Zone article POC Guide: Citrix Session Recording.

This article contains the following sections:

Installation checklist

Install Session Recording by using the Citrix Virtual Apps and Desktops installer

Automate installation

Upgrade Session Recording

Uninstall Session Recording

Integrate with Citrix Analytics for Security

Installation checklist

You can install the Session Recording components by using the Citrix Virtual Apps and Desktops installer.

Before you start the installation, complete this list:

Step
  Select the machines on which you want to install each Session Recording component. Ensure that each computer meets the hardware and software requirements for the component or components to be installed on it.
  Use your Citrix account credentials to access the Citrix Virtual Apps and Desktops download page and download the product ISO file. Unzip the ISO file or burn a DVD of it.
  To use the TLS protocol for communication between the Session Recording components, install the correct certificates in your environment.
  Install any hotfixes required for the Session Recording components. The hotfixes are available from the Citrix Support.
  Configure Director to create and activate the Session Recording policies. For more information, see Configure Director to use the Session Recording Server.

Note:

  • We recommend that you divide the published applications into separate Delivery Groups based on your recording policies. Session sharing for published applications can conflict with the active policy if the applications are in the same Delivery Group. Session Recording matches the active policy with the first published application that a user opens. Starting with the 7.18 release, you can use the dynamic session recording feature to start or stop recording sessions at any time during the sessions. This feature can help to mitigate the conflict issue with the active policy. For more information, see Dynamic session recording.
  • If you are planning to use Machine Creation Services (MCS) or Provisioning Services, prepare a unique QMId. Failure to comply can cause recording data losses.
  • SQL Server requires TCP/IP, running SQL Server Browser service, and enabled Windows Authentication.
  • To use HTTPS, configure server certificates for TLS/HTTPS.
  • Ensure that users under Local Users and Groups > Groups > Users have write permission to the C:\windows\Temp folder.

Install Session Recording by using the Citrix Virtual Apps and Desktops installer

Citrix Session Recording comprises the following components:

  • Session Recording Administration (including the Session Recording database, Session Recording server, and Session Recording policy console)
  • Session Recording agent
  • Session Recording player
  • Session Recording web player

While installing all the components on a single server is acceptable for a proof of concept, we recommend installing them on separate servers as follows:

  • Install the Microsoft SQL Server on Machine A.
  • Install the Session Recording server, Session Recording administrator logging, and Session Recording database on Machine B.

    Note:

    The Session Recording database isn’t an actual database. It is a component that creates and configures the required databases in the Microsoft SQL Server instance during installation.

    Installing the Session Recording server lets you install the Session Recording web player automatically.

  • Install the Session Recording policy console on Machine C.
  • Install the Session Recording player on either Machine C or Machine D.
  • Install the Session Recording agent on the VDA.

Install the Session Recording Administration components

Install the Session Recording agent

Install the Session Recording player

Install the Session Recording Administration components

Note:

Starting with 2110, before installing the Session Recording Administration components on Windows Server 2016 where TLS 1.0 is disabled, complete the following steps:

  1. Install Microsoft OLE DB Driver for SQL Server.
  2. Under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 registry key, add the SchUseStrongCrypto DWORD (32-bit) value and set the value data to 1.

  3. Restart Windows Server 2016.

Step 1: Download the product software and launch the wizard

  1. Use your Citrix account credentials to access the Citrix Virtual Apps and Desktops download page and download the product ISO file. Unzip the ISO file or burn a DVD of it.
  2. Use a local administrator account to log on to the machine where you are installing the Session Recording Administration components. Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.
    The installation wizard launches.

Step 2: Choose which product to install

Choose which product to install

Click Start next to the product to install Citrix Virtual Apps or Citrix Virtual Desktops.

Step 3: Select Session Recording

Select Session Recording

Select the Session Recording entry.

Step 4: Read and accept the license agreement

Installation agreement

On the Software License Agreement page, read the license agreement, accept it, and then click Next.

Step 5: Select the components to install and the installation location

Select components and the installation path

On the Core Components page:

  • Location: By default, components are installed in C:\Program Files\Citrix. The default location works for most deployments. You can specify a custom installation location.
  • Component: By default, all the check boxes next to the components that can be installed are selected. The installer knows whether it is running on a single-session OS or a multi-session OS. It allows the Session Recording Administration components to be installed on a multi-session OS only. It allows the Session Recording agent to be installed only on a machine that has a VDA installed. If you install the Session Recording agent on a machine that has no VDA installed in advance, the Session Recording Agent option is unavailable.

Select Session Recording Administration and click Next.

Session Recording administration being selected

Step 6: Select the features to install

Select features to install

On the Features page:

  • By default, all the check boxes next to the features that can be installed are selected. Installing all these features on a single server is fine for a proof of concept. For a large production environment, install the Session Recording policy console on a separate server and the Session Recording server, administrator logging, and database on another separate server.
  • The Session Recording administrator logging is an optional subfeature of the Session Recording server. Select the Session Recording server before you can select the Session Recording administrator logging.
  • If you select the Session Recording server, the Session Recording web player is installed too.
  • To add features on the same server after you select and install features on it, you can only use the msi package. You cannot run the installer again.

Select the feature or features that you want to install and click Next.

Step 6.1: Install the Session Recording database

Note:

  • The Session Recording database isn’t an actual database. It is a component that creates and configures the required databases in the Microsoft SQL Server instance during installation. Session Recording supports three solutions for database high availability based on the Microsoft SQL Server. For more information, see Database high availability.

  • You can deploy the Session Recording database on Azure SQL Managed Instance, on SQL Server on Azure Virtual Machines (VMs), and on AWS RDS. On Azure SQL Managed Instance and on AWS RDS, you can deploy the Session Recording database only by using the SessionRecordingAdministrationx64.msi package. For more information, see Deploy the Session Recording database on Azure SQL Managed Instance or on AWS RDS. On SQL Server on Azure VMs, you can deploy the Session Recording database both by using the msi package and the Citrix Virtual Apps and Desktops installer. For more information, see Deploy the Session Recording database on SQL Server on Azure VMs.

  1. On the Features page, select Session Recording Database and click Next.

    Select Session Recording database 1

  2. On the Database and Server Configuration page, specify the instance name and database name of the Session Recording database and the computer account of the Session Recording server. Click Next.

    Select Session Recording database 2

    On the Database and Server Configuration page:

    • Instance name: If the database instance isn’t a named instance, you can use only the computer name of the SQL Server. If you have named the instance during the instance setup, use computer-name\instance-name as the database instance name. To determine the server instance name that you are using, run select @@servername on the SQL Server. The return value is the exact database instance name. If your SQL server is configured to be listening on a custom port other than the default port 1433, set the custom listener port by appending a comma to the instance name. For example, type DXSBC-SRD-1,2433 in the Instance name text box, where 2433, following the comma, denotes the custom listener port.
    • Database name: Type a custom database name in the Database name text box or use the default database name preset in the text box. Click Test connection to test the connectivity to the SQL Server instance and the validity of the database name.

      Important:

      A custom database name must contain only A-Z, a-z, 0–9, and underscores, and cannot exceed 123 characters.

    • You must have the securityadmin and dbcreator server role permissions of the database. If you do not have the permissions, you can:
    • Ask the database administrator to assign the permissions for the installation. After the installation completes, the securityadmin and dbcreator server role permissions are no longer necessary and can be safely removed.
    • Or, use the SessionRecordingAdministrationx64.msi package under \x64\Session Recording on the Citrix Virtual Apps and Desktops ISO. During the msi installation, a dialog box prompts for the credentials of a database administrator with the securityadmin and dbcreator server role permissions. Type the correct credentials and then click OK to continue the installation.

      The installation creates the Session Recording database and adds the machine account of the Session Recording server as db_owner.

    • Session Recording Server computer account:
    • Deployments 1 and 2: Type localhost in the Session Recording Server computer account text box.
    • Deployment 3: Type the name of the machine hosting the Session Recording server in the format of domain\computer-name. The Session Recording server computer account is the user account for accessing the Session Recording database.

    Note:

    Attempts to install the Session Recording Administration components can fail with error code 1603 when a domain name is set in the Session Recording Server computer account text box. As a workaround, type localhost or NetBIOS domain name\machine name in the Session Recording Server computer account text box. To get the NetBIOS domain name, go to the Session Recording server and run $env:userdomain in PowerShell or echo %UserDomain% in a command prompt.

  3. Review the prerequisites and confirm the installation.

    Installation summary

    The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.

  4. Complete the installation.

    Finish installation

    The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.

    Click Finish to complete the installation of the Session Recording Database.

Step 6.2: Install the Session Recording server
  1. On the Features page, select Session Recording Server and Session Recording Administrator Logging. Click Next.

    Select Session Recording server and administrator logging

    Note:

    • The Session Recording administrator logging is an optional subfeature of the Session Recording server. Select the Session Recording server before you can select the Session Recording administrator logging.
    • We recommend that you install the Session Recording administrator logging together with the Session Recording server at the same time. If you don’t want the administrator logging feature to be enabled, you can disable it on a later page. However, if you choose not to install this feature at the beginning but want to add it later, you can only manually add it by using SessionRecordingAdministrationx64.msi.
    • Installing the Session Recording server lets you install the Session Recording web player automatically.
  2. On the Database and Server Configuration page, specify the configurations.

    Database and server configuration

    On the Database and Server Configuration page:

    • Instance name: Type the name of your SQL Server in the Instance name text box. If you are using a named instance, type computer-name\instance-name; otherwise, type computer-name only. If your SQL server is configured to be listening on a custom port other than the default port 1433, set the custom listener port by appending a comma to the instance name. For example, type DXSBC-SRD-1,2433 in the Instance name text box, where 2433, following the comma, denotes the custom listener port. Database name: Type a custom database name in the Database name text box or use the default database name CitrixSessionRecording that is preset in the text box.
    • You must have the securityadmin and dbcreator server role permissions of the database. If you do not have the permissions, you can:
      • Ask the database administrator to assign the permissions for the installation. After the installation completes, the securityadmin and dbcreator server role permissions are no longer necessary and can be safely removed.
      • Or, use the SessionRecordingAdministrationx64.msi package to install the Session Recording server. During the msi installation, a dialog box prompts for the credentials of a database administrator with the securityadmin and dbcreator server role permissions. Type the correct credentials and then click OK to continue the installation.
    • After typing the correct instance name and database name, click Test connection to test the connectivity to the Session Recording database.
    • Type the Session Recording server computer account, and then click Next.
  3. On the Administration Logging Configuration page, specify configurations for the administration logging feature.

    Administration logging configuration

    On the Administration Logging Configuration page:

    • The Administration Logging database is installed on the SQL Server instance: This text box is not editable. The SQL Server instance name of the Administration Logging database is automatically grabbed from the instance name that you typed on the Database and Server Configuration page.
    • Administrator Logging database name: To install the Session Recording administrator logging feature, type a custom database name for the administrator logging database in this text box or use the default database name CitrixSessionRecordingLogging that is preset in the text box.

      Note:

      The administrator logging database name must be different from the Session Recording database name that is set in the Database name text box on the previous Database and Server Configuration page.

    • After typing the administrator logging database name, click Test connection to test the connectivity to the administrator logging database.
    • Enable Administration Logging: By default, the administration logging feature is enabled. You can disable it by clearing the check box.
    • Enable mandatory blocking: By default, mandatory blocking is enabled. The normal features might be blocked if logging fails. You can disable mandatory blocking by clearing the check box.

    Click Next to continue the installation.

  4. Review the prerequisites and confirm the installation.

    Administration installation summary

    The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.

  5. Complete the installation.

    Complete Session Recording server installation

    The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.

    Click Finish to complete the installation of the Session Recording server.

    Note:

    The Session Recording server default installation uses HTTPS/TLS to secure communications. If TLS is not configured in the default Internet Information Services (IIS) site of the Session Recording server, use HTTP. To do so, cancel the selection of SSL in the IIS Management Console by navigating to the Session Recording Broker site, opening the SSL settings, and clearing the Require SSL check box.

Step 6.3: Install the Session Recording policy console
  1. On the Features page, select Session Recording Policy Console and click Next.

    Select the policy console to install

  2. Review the prerequisites and confirm the installation.

    Policy console installation summary

    The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.

  3. Complete the installation.

    Complete policy console installation

    The Finish Installation page shows green check marks for all the prerequisites and component that have been installed and initialized successfully.

    Click Finish to complete your installation of the Session Recording policy console.

Step 7: Install Broker_PowerShellSnapIn_x64.msi

Important:

To use the Session Recording policy console, install the Broker PowerShell Snap-in (Broker_PowerShellSnapIn_x64.msi) manually. Locate the snap-in on the Citrix Virtual Apps and Desktops ISO (\x64\Citrix Desktop Delivery Controller) and follow the instructions for installing it. Failure to comply can cause an error.

Install the Session Recording agent

Install the Session Recording agent on the VDA or VDI machine on which you want to record sessions.

Step 1: Download the product software and launch the wizard

Use a local administrator account to log on to the machine where you are installing the Session Recording agent. Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.

The installation wizard launches.

Step 2: Choose which product to install

Choose which product to install

Click Start next to the product to install Citrix Virtual Apps or Citrix Virtual Desktops.

Step 3: Select Session Recording

Select Session Recording agent to install

Select the Session Recording entry.

Step 4: Read and accept the license agreement

Installation agreement

On the Software License Agreement page, read the license agreement, accept it, and then click Next

Step 5: Select the component to install and the installation location

Select agent to install

Select Session Recording Agent and click Next.

Step 6: Specify the agent configuration

Agent configuration

On the Agent Configuration page: Type the computer name of the machine where you installed the Session Recording server and the protocol and port information for connecting to the Session Recording server. If you have not installed Session Recording yet, you can change such information later in Session Recording Agent Properties.

Note:

There is a limitation with the test connection function of the installer. It does not support the “HTTPS requires TLS 1.2” scenario. If you use the installer in this scenario, the test connection fails but you can ignore the failure and click Next to continue the installation. It does not affect normal functioning.

Step 7: Review the prerequisites and confirm the installation

Agent installation summary

The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.

Step 8: Complete the installation

Agent installation complete

The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.

Click Finish to complete the installation of the Session Recording Agent.

Note:

When Machine Creation Services (MCS) or Provisioning Services (PVS) creates multiple VDAs with the configured master image and Microsoft Message Queuing (MSMQ) installed, those VDAs can have the same QMId under certain conditions. This case might cause various issues, for example:

  • Sessions might not be recorded even if the recording agreement is accepted.
  • The Session Recording Server might not be able to receive session logoff signals and therefore, sessions might always be in Live status.

As a workaround, create a unique QMId for each VDA and it differs depending on the deployment methods.

No extra actions are required if single-session OS VDAs with the Session Recording agent installed are created with PVS 7.7 or later and MCS 7.9 or later in the static desktop mode that is, for example, configured to make all changes persistent with a separate Personal vDisk or the local disk of your VDA.

For multi-session OS VDAs created with MCS or PVS and single-session OS VDAs that are configured to discard all changes when a user logs off, use the GenRandomQMID.ps1 script to change the QMId on system startup. Change the power management strategy to ensure that enough VDAs are running before user logon attempts.

To use the GenRandomQMID.ps1 script, do the following:

  1. Ensure that the execution policy is set to RemoteSigned or Unrestricted in PowerShell.

    Set-ExecutionPolicy RemoteSigned

  2. Create a scheduled task, set the trigger as on system startup, and run with the SYSTEM account on the PVS or MCS master image machine.

  3. Add the command as a startup task.

    powershell .exe -file C:\GenRandomQMID.ps1

Summary of the GenRandomQMID.ps1 script:

  1. Remove the current QMId from the registry.
  2. Add SysPrep = 1 to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters.
  3. Stop related services, including CitrixSmAudAgent and MSMQ.
  4. To generate a random QMId, start the services that stopped previously.
    Example GENRANDOMQMID.PS1:
# Remove old QMId from registry and set SysPrep flag for MSMQ

Remove-Itemproperty -Path HKLM:Software\Microsoft\MSMQ\Parameters\MachineCache -Name QMId -Force

Set-ItemProperty -Path HKLM:Software\Microsoft\MSMQ\Parameters -Name "SysPrep" -Type DWord -Value 1

# Get dependent services

$depServices = Get-Service -name MSMQ -dependentservices | Select -Property Name

# Restart MSMQ to get a new QMId

Restart-Service -force MSMQ

# Start dependent services

if ($depServices -ne $null) {

    foreach ($depService in $depServices) {

        $startMode = Get-WmiObject win32_service -filter "NAME = '$($depService.Name)'" | Select -Property StartMode

        if ($startMode.StartMode -eq "Auto") {

            Start-Service $depService.Name
        }
}

}
<!--NeedCopy-->

Install the Session Recording player

Tip:

Installing the Session Recording server lets you install the Session Recording web player automatically. This section describes how to install the Session Recording player.

Install the Session Recording player on the Session Recording server or on workstations in the domain.

Step 1: Download the product software and launch the wizard

Use a local administrator account to log on to the machine where you are installing the Session Recording player component. Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.

The installation wizard launches.

Step 2: Choose which product to install

Choose which product to install

Click Start next to the product to install Citrix Virtual Apps or Citrix Virtual Desktops.

Step 3: Select Session Recording

Select Session Recording

Select the Session Recording entry.

Step 4: Read and accept the license agreement

Installation agreement

On the Software License Agreement page, read the license agreement, accept it, and then click Next.

Step 5: Select the component to install and the installation location

Select the player to install

Select Session Recording Player and click Next.

Step 6: Review the prerequisites and confirm the installation

Player installation summary

The Summary page shows your installation choices. You can click Back to return to the earlier wizard pages and make changes, or click Install to start the installation.

Step 7: Complete the installation

Player installation complete

The Finish Installation page shows green check marks for all the prerequisites and components that have been installed and initialized successfully.

Click Finish to complete the installation of the Session Recording player.

Automate installation

Session Recording supports silent installation with options. Write a script that uses silent installation and run the relevant commands.

Automate installation of the Session Recording Administration components

Install the complete set of the Session Recording Administration components by using a single command

For example, either of the following commands installs the complete set of the Session Recording Administration components and creates a log file to capture the installation information.

msiexec /i "c:\SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="WNBIO-SRD-1" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" DATABASEUSER="localhost" /q /l*vx "yourinstallationlog"
<!--NeedCopy-->
msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="CloudSQL" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" AZURESQLSERVICESUPPORT="1" AZUREUSERNAME="CloudSQLAdminName" AZUREPASSWORD="CloudSQLAdminPassword" /q /l*vx "c:\WithLogging.log"
<!--NeedCopy-->

Note:

The SessionRecordingAdministrationx64.msi file is located on the Citrix Virtual Apps and Desktops ISO under \x64\Session Recording.

Where:

  • ADDLOCAL provides the features for you to select. You can select more than one option. SsRecServer is the Session Recording server. PolicyConsole is the Session Recording policy console. SsRecLogging is the Administrator Logging feature. StorageDatabase is the Session Recording database. Session Recording Administrator Logging is an optional subfeature of the Session Recording server. Select the Session Recording server before you can select Session Recording administrator logging.
  • DATABASEINSTANCE is the instance name of the Session Recording database. For example,.\SQLEXPRESS,computer-name\SQLEXPRESS,computer-name or tcp:srt-sql-support.public.ca7b16b60789.database.windows.net,3342 if you are using Azure SQL Managed Instance.
  • DATABASENAME is the database name of the Session Recording database.
  • LOGGINGDATABASENAME is the name of the administrator logging database.
  • AZURESQLSERVICESUPPORT determines whether cloud SQL is supported. To use cloud SQL, set it to 1.
  • DATABASEUSER is the computer account of the Session Recording server.
  • AZUREUSERNAME is the cloud SQL admin name.
  • AZUREPASSWORD is the cloud SQL admin password.
  • /q specifies quiet mode.
  • /l*v specifies verbose logging.
  • yourinstallationlog is the location of your installation log file.

Create a master image for deploying the Session Recording server

You might already have the Session Recording database and the administration logging database in place from an existing deployment. For such scenarios, you can now forego database checks when you are installing the Session Recording Administration components using SessionRecordingAdministrationx64.msi. You can create a master image for deploying the Session Recording server easily on many other machines. After deploying the Session Recording server on target machines using the master image, run a command on each machine to connect to the existing Session Recording database and administration logging database. This master image support facilitates deployment and minimizes the potential impact of human error. It applies only to fresh installations and consists of the following steps:

  1. Start a command prompt and run a command similar to the following:

    msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="sqlnotexists" DATABASENAME="CitrixSessionRecording2" LOGGINGDATABASENAME="CitrixSessionRecordingLogging2" DATABASEUSER="localhost" /q /l*vx "c:\WithLogging.log" IGNOREDBCHECK="True"
    <!--NeedCopy-->
    

    This command installs the Session Recording Administration components without configuring and testing connectivity to the Session Recording database and the administration logging database.

    Set the IGNOREDBCHECK parameter to True and use random values for DATABASEINSTANCE, DATABASENAME, and LOGGINGDATABASENAME.

  2. Create a master image on the machine that you are operating.

  3. Deploy the master image to other machines for deploying the Session Recording server.

  4. On each of the machines, run commands similar to the following:

    .\SsRecUtils.exe -modifydbconnectionpara DATABASEINSTANCE DATABASENAME LOGGINGDATABASENAME
    
    iisreset /noforce
    <!--NeedCopy-->
    

    The commands connect the Session Recording server installed earlier to an existing Session Recording database and administration logging database.

    You can find the SsRecUtils.exe file at \Citrix\SessionRecording\Server\bin\. Set the DATABASEINSTANCE, DATABASENAME, and LOGGINGDATABASENAME parameters as needed.

Retain databases when uninstalling the Session Recording Administration components

With KEEPDB set to True, the following command retains the Session Recording database and the administration logging database when uninstalling the Session Recording Administration components:

msiexec /x "SessionRecordingAdministrationx64.msi" KEEPDB="True"
<!--NeedCopy-->

Automate installation of the Session Recording player and web player

For example, the following commands install the Session Recording player and web player, respectively.

msiexec /i "c:\SessionRecordingPlayer.msi" /q /l*\vx "yourinstallationlog"
<!--NeedCopy-->
msiexec /i "c:\SessionRecordingWebPlayer.msi" /q /l*vx "yourinstallationlog"
<!--NeedCopy-->

Note:

You can find SessionRecordingPlayer.msi on the Citrix Virtual Apps and Desktops ISO under \x86\Session Recording.

You can find SessionRecordingWebPlayer.msi on the Citrix Virtual Apps and Desktops ISO under \x64\Session Recording.

Where:

  • /q specifies quiet mode.
  • /l*v specifies verbose logging.
  • yourinstallationlog is the location of your installation log file.

Automate installation of the Session Recording agent

For example, the following command installs the Session Recording Agent and creates a log file to capture the installation information.

msiexec /i SessionRecordingAgentx64.msi /q /l*vx yourinstallationlog SESSIONRECORDINGSERVERNAME=yourservername
SESSIONRECORDINGBROKERPROTOCOL=yourbrokerprotocol SESSIONRECORDINGBROKERPORT=yourbrokerport
<!--NeedCopy-->

Note:

You can find SessionRecordingAgentx64.msi on the Citrix Virtual Apps and Desktops ISO under \x64\Session Recording.

Where:

  • yourservername is the NetBIOS name or FQDN of the machine hosting the Session Recording server. If not specified, this value defaults to localhost.
  • yourbrokerprotocol is HTTP or HTTPS that the Session Recording agent uses to communicate with the Session Recording Broker. If not specified, this value defaults to HTTPS.
  • yourbrokerport is the port number that the Session Recording agent uses to communicate with the Session Recording Broker. If not specified, this value defaults to zero, which directs the Session Recording Agent to use the default port number for your selected protocol: 80 for HTTP or 443 for HTTPS.
  • /q specifies quiet mode.
  • /l*v specifies verbose logging.
  • yourinstallationlog is the location of your installation log file.

Upgrade Session Recording

You can upgrade certain deployments to later versions without having to first set up new machines or sites. You can upgrade from the version of Session Recording included in the latest CU of XenApp and XenDesktop 7.6 LTSR, and from any later version, to the latest release of Session Recording.

Note:

When you upgrade Session Recording Administration from 7.6 to 7.13 or later and choose Modify in Session Recording Administration to add the administrator logging service, the SQL Server instance name does not appear on the Administrator Logging Configuration page. The following error message appears when you click Next: Database connection test failed. Please enter correct Database instance name. As a workaround, add the read permission for localhost users to the following SmartAuditor Server registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.

You cannot upgrade from a Technical Preview version.

Requirements, preparation, and limitations

  • Use the Session Recording installer’s graphical or command line interface to upgrade the Session Recording components on the machine where you installed the components.
  • Before any upgrade activity, back up the database named CitrixSessionRecording in the SQL Server instance. In this way, you can restore it if any issues are discovered after the database upgrade.
  • In addition to being a domain user, you must be a local administrator on the machines where you are upgrading the Session Recording components.
  • If the Session Recording server and Session Recording database are not installed on the same server, you must have the database role permission to upgrade the Session Recording database. Otherwise, you can:
    • Ask the database administrator to assign the securityadmin and dbcreator server role permissions for the upgrade. After the upgrade completes, the securityadmin and dbcreator server role permissions are no longer necessary and can be safely removed.
    • Or, use the SessionRecordingAdministrationx64.msi package to upgrade. During the msi upgrade, a dialog box prompts for the credentials of a database administrator who has the securityadmin and dbcreator server role permissions. Type the correct credentials and then click OK to continue the upgrade.
  • You can choose not to upgrade all Session Recording agents at the same time. Session Recording agent 7.6.0 (and later) is compatible with the latest (current) release of the Session Recording server. However, some new features and bug fixes might not take effect.
  • Any sessions started during the upgrade of the Session Recording server are not recorded.
  • The Graphics Adjustment option in Session Recording agent Properties is enabled by default after a fresh installation or upgrade to keep compatible with the Desktop Composition Redirection mode. You can disable this option manually after a fresh installation or upgrade.
  • The administrator logging feature is not installed after you upgrade Session Recording from a previous release where the feature is unavailable. To add the feature, modify the installation after the upgrade.
  • If there are live recording sessions when the upgrade process starts, there is little chance that the recording can be complete.
  • Review the following upgrade sequence, so that you can plan and mitigate potential outages.

Upgrade sequence

To upgrade an existing installation, go to each machine where a Session Recording component is installed and then run the Citrix Virtual Apps and Desktops ISO.

Tip:

Go to the Citrix Virtual Apps and Desktops download page to download the appropriate version of Citrix Virtual Apps and Desktops.

Upgrading an existing installation generally follows the following sequence:

  1. Upgrade the Session Recording server component.

    If there are more than one Session Recording server, first upgrade the one where the Session Recording database component is installed. After that, upgrade the rest Session Recording servers.

    To do so, complete the following steps:

    1. Stop the Session Recording Storage Manager service manually on the Session Recording server.
    2. Through the Internet Information Services (IIS) Manager, ensure that the Session Recording Broker is running.
    3. Run the Citrix Virtual Apps and Desktops ISO and select the Session Recording entry to upgrade.
  2. The Session Recording service is back online automatically when the upgrade of the Session Recording server is completed.
  3. Upgrade the Session Recording agent (on the master image).
  4. Upgrade the Session Recording policy console with or after the Session Recording server.
  5. Upgrade the Session Recording player.

Deploy the Session Recording database on cloud SQL database services

This section describes how to deploy the Session Recording database on Azure SQL Managed Instance, on AWS RDS, and on SQL Server on Azure VMs.

Deploy the Session Recording database on Azure SQL Managed Instance or on AWS RDS

Tip:

You can also run a single command similar to the following to deploy the Session Recording database on Azure SQL Managed Instance or on AWS RDS. For more information, see the preceding Automate installation section in this article.

msiexec /i "SessionRecordingAdministrationx64.msi" ADDLOCAL="SsRecServer,PolicyConsole,SsRecLogging,StorageDatabase" DATABASEINSTANCE="CloudSQL" DATABASENAME="CitrixSessionRecording" LOGGINGDATABASENAME="CitrixSessionRecordingLogging" AZURESQLSERVICESUPPORT="1" AZUREUSERNAME="CloudSQLAdminName" AZUREPASSWORD="CloudSQLAdminPassword" /q /l*vx "c:\WithLogging.log"
<!--NeedCopy-->
  1. Create an Azure SQL Managed instance or create a SQL Server instance through the Amazon RDS console.

  2. (For Azure SQL only) Keep a record of the Server strings that appear in the properties panel. The strings are the instance name of the Session Recording database. For an example, see the following screen capture.

    Example Server strings

  3. (For AWS RDS only) Keep a record of the Endpoint and Port information. We use it as the instance name of your database, in the format of <Endpoint, Port>.

    AWS RDS instance composition

  4. Run SessionRecordingAdministrationx64.msi to install the Session Recording database.

    Select the Enable cloud SQL check box and fill in the cloud SQL admin name and password. Make other required configurations.

    Fill in the cloud SQL admin credentials

    Note:

    If you change the cloud SQL admin password, you must update the password in Session Recording Server Properties. When you open Session Recording Server Properties, an error message appears. Click OK to proceed, select the Cloud DB tab, and type the new cloud SQL admin password. Restart the Citrix Session Recording Analytics service, the Citrix Session Recording Storage Manager service, and the IIS service.

    Azure AD authentication is not supported.

    Update the cloud SQL admin password

Migrate an on-premises database to cloud SQL Managed Instance

  1. Migrate your on-premises database according to https://docs.microsoft.com/en-us/data-migration/ or https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/migrate-an-on-premises-microsoft-sql-server-database-to-amazon-rds-for-sql-server.html.

  2. To make Session Recording work properly after the migration, run SsRecUtils.exe on the Session Recording server.

    C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -modifyazuredbconnectionpara {Database Instance} {Session Recording Database Name} {Session Recording Logging Database Name} {AzureAdminName}{AzureAdminPassword} iisreset /noforce

  3. On the Session Recording server, restart the Citrix Session Recording Analytics service, the Citrix Session Recording Storage Manager service, and the IIS service.

Migrate a production database from Azure SQL Managed Instance to an on-premises database

  1. Migrate the database according to https://docs.microsoft.com/en-us/data-migration/.

  2. To make Session Recording work properly after the migration, run SsRecUtils.exe on the Session Recording server.

    C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -modifydbconnectionpara {Database Instance} {Session Recording Database Name} {Session Recording Logging Database Name} iisreset /noforce

  3. On the Session Recording server, restart the Citrix Session Recording Analytics service, the Citrix Session Recording Storage Manager service, and the IIS service.

Deploy the Session Recording database on SQL Server on Azure VMs

On SQL Server on Azure VMs, you can deploy the Session Recording database both by using the msi package and the Citrix Virtual Apps and Desktops installer.

  1. Check out an Azure SQL VM.
  2. Configure the VM and add it to the domain where you install the Session Recording components.
  3. Use the VM’s FQDN as the instance name during the installation of the Session Recording database. Note: If you are using SessionRecordingAdministrationx64.msi for the installation, clear the Enable cloud SQL check box.
  4. Follow the installation user interface to complete installing the Session Recording database.

Uninstall Session Recording

To remove the Session Recording components from a server or workstation, use the uninstall or remove programs option available from the Windows Control Panel. To remove the Session Recording database, you must have the same securityadmin and dbcreator SQL Server role permissions as when you installed it.

For security reasons, the administrator logging database is not removed after the components are uninstalled.

Integrate with Citrix Analytics for Security

You can configure Session Recording servers to send user events to Citrix Analytics for Security, which processes the user events to provide actionable insights into user behaviors.

Prerequisites

Before you begin, ensure the following:

  • The Session Recording server must be able to connect to the following addresses:

  • The Session Recording deployment must have port 443 open for outbound internet connections. Any proxy servers on the network must allow this communication with Citrix Analytics for Security.

  • If you are using Citrix Virtual Apps and Desktops 7 1912 LTSR, the supported Session Recording version is 2103 or later.

Connect your Session Recording server to Citrix Analytics for Security

  1. Sign in to Citrix Cloud.

  2. Find Citrix Analytics for Security and click Manage.

  3. From the top bar, click Settings > Data Sources.

  4. On the Virtual Apps and Desktops- Session Recording site card, click Connect Session Recording server.

    Session recording connection

  5. On the Connect Session Recording Server page, review the checklist, and select all the mandatory requirements. If you do not select a mandatory requirement, the Download File option is disabled.

    Session Recording checklist

  6. If you have proxy servers in your network, enter the proxy address in the SsRecStorageManager.exe.config file in your Session Recording server.

    The configuration file is located at <Session Recording server installation path>\bin\SsRecStorageManager.exe.config

    For example: C:\Program Files\Citrix\SessionRecording\Server\Bin\SsRecStorageManager.exe.config

    Config file path

  7. Click Download File to download the SessionRecordingConfigurationFile.json file.

    Note:

    The file contains sensitive information. Keep the file in a safe and secure location.

  8. Copy the file to the Session Recording server that you want to connect to Citrix Analytics for Security.

  9. If you have multiple Session Recording servers in your deployment, you must copy the file in each server that you want to connect and follow the steps to configure each server.

  10. On the Session Recording server, run the following command to import the settings:

    <Session Recording server installation path>\bin\SsRecUtils.exe -Import_SRCasConfigurations <configuration file path>
    <!--NeedCopy-->
    

    For example:

    C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -Import_SRCasConfigurations C:\Users\administrator\Downloads\SessionRecordingConfigurationFile.json
    <!--NeedCopy-->
    
  11. Restart the following services:

    • Citrix Session Recording Analytics Service

    • Citrix Session Recording Storage Manager

  12. After configuration is successful, go to Citrix Analytics for Security to view the connected Session Recording server. Click Turn On Data Processing to allow Citrix Analytics for Security to process the data.

    Note:

    If you are using Session Recording server version 2103 or 2104, you must first launch a Virtual Apps and Desktops session to view the connected Session Recording server on Citrix Analytics for Security. Otherwise the connected Session Recording server fails to get displayed. This requirement is not applicable for Session Recording server version 2106 and later.

View the connected deployments

The server deployments appear on the Session Recording site card only if the configuration is successful. The site card shows the number of configured servers that have established connections with Citrix Analytics for Security.

If you don’t see your Session Recording servers even after the configuration was successful, refer to the troubleshooting section at Configured Session Recording server fails to connect.

Session Recording deployment

On the site card, click the number of deployments to view the connected server groups with Citrix Analytics for Security. For example, click 1 Session Recording Deployment to view the connected server or server groups. Each Session Recording server is represented by a base URL and a ServerGroupID.

SR deployment details

View received events

The site card displays the connected Session Recording deployments and the events received from these deployments for the last one hour, which is the default time selection. You can also select 1 week (1 W) and view the data. Click the number of received events to view the events on the self-service search page.

After you have enabled data processing, the site card might display the No data received status. This status appears for two reasons:

  1. If you have turned on data processing for the first time, the events take some time to reach the event hub in Citrix Analytics. When Citrix Analytics receives the events, the status changes to Data processing on. If the status does not change after some time, refresh the Data Sources page.

  2. Citrix Analytics has not received any events from the data source in the last one hour.

Add Session Recording servers

To add a Session Recording server, do one of the following:

  • On the Connected Session Recording Deployments page, click Connect to Session recording server.

    Connect deployment

  • On the Virtual Apps and Desktops- Session Recording site card, click the vertical ellipsis (⋮) and then select Connect Session Recording server.

    Session recording connection

Follow the steps to download the configuration file and configure a Session Recording server.

Remove Session Recording servers

To remove a Session Recording server:

  1. On Citrix Analytics for Security, go to the Connected Session Recording Deployments page and select the server deployment that you want to remove.

  2. Click the vertical ellipses (⋮) and select Remove Session Recording server from Analytics.

    Remove session recording server

  3. On the Session Recording server that you have removed from Citrix Analytics, run the following command:

    <Session Recording server installation path>\bin\SsRecUtils.exe -Remove_SRCasConfigurations
    <!--NeedCopy-->
    

    For example:

    C:\Program Files\Citrix\SessionRecording\Server\bin\SsRecUtils.exe -Remove_SRCasConfigurations
    <!--NeedCopy-->
    

Turn on or off data processing on the data source

You can stop the data processing at any time for a particular data source- Director and Workspace app. On the data source site card, click the vertical ellipsis (⋮) and then select Turn off data processing. Citrix Analytics stops processing data for that data source. You can also stop the data processing from the Virtual Apps and Desktops site card. This option applies to both data sources- Director and Workspace app. To enable data processing again, click Turn On Data Processing.

Configured Session Recording server fails to connect

Your Session Recording server fails to connect to Citrix Analytics after configuration. Therefore, you don’t see the configured server on the Session Recording site card.

To troubleshoot this issue, do the following:

  1. On your configured Session Recording server, run the following PowerShell command to check the Client Machine Identification (CMID):

    Get-WmiObject -class SoftwareLicensingService | select Clientmachineid
    <!--NeedCopy-->
    
  2. If CMID is empty, add the following registry files in the specified paths:

    Registry name Registry path Key type Value
    AuditorUniqueID Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server\ String Enter your UUID.
    EnableCASUseAuditorUniqueID Computer/HKEY_LOCAL_MACHINE/SOFTWARE/Citrix/SmartAuditor/Server/ REG_DWORD 1
  3. Restart the following services:

    • Citrix Session Recording Analytics Service

    • Citrix Session Recording Storage Manager

Install, upgrade, and uninstall