Session Recording - After upgrading to Session Recording 2402 CU2, session recording does not record user sessions

book

Article ID: CTX694936

calendar_today

Updated On:

Description

The VDA machines where the Session Recording Agent is installed records the following warning event in the Event log:

Event ID: 3031
Source: Citrix Session Recording Agent

Message: Exception caught while running record policy query. IIS setting for Session Recording doesn't allow HTTP connections from Session Recording Agent.

--- Exception Details ---
Type: System.Net.WebException
Message: The remote server returned an error: (403) Forbidden.
Stack trace:
Server stack trace:
at System.Runtime.Remoting.Channels.Http.HttpClientTransportSink.ProcessResponseException(WebException webException, HttpWebResponse& response)
at System.Runtime.Remoting.Channels.Http.HttpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at SmAudBroker.RecordPolicy.RunRecordPolicyQuery(RecordPolicyQuery query, RecordPolicyQueryResult& result)
at SmAudAgent.MetaDataQuerier.RunRecordPolicyQuery(QueryArgs query)
at SmAudAgent.MetaDataQuerier.QueryNextSessionDue()

Apart from this event, we may also see error logged in the event logs (either with HTTP 403 (Forbidden) or HTTP 401 Unauthorized.

Event ID : 3027
Source: Session Recording Agent
Message: Exception caught while sending poll message to Session Recording Broker.

--- Exception Details ---
Type: System.Net.WebException
Message: The remote server returned an error: (403) Forbidden.

Environment

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Cause

Access to the Session Recording broker server was too restrictive.

Resolution

Adding Everyone group to the "Access this computer from the network" policy on the Session Recording Broker Server resolved the issue.

Note: This policy might be configured at the Domain level. If so, you will have to edit the policy from a Domain Controller and then run gpupdate /force on the Session Recording Broker server and validate that the Everyone group is listed as part of this policy.

Issue/Introduction

Users may notice that when launching their ICA sessions, they no longer see the Session Recording Notification message and the administrators do not see the Sessions being recorded.

Additional Information

As per Microsoft documentation, the default values are:

Everyone
Administrators
Users
Backup Operators

You can have more accounts listed here, but these are the minimum accounts required.

Refer to https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/access-this-computer-from-the-network for more information.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"