The VMware Horizon Desktop Recording feature has a web console where administrators can access recordings and configure desktop recording settings.

Desktop Recording Web Console

The Desktop Recording web console displays the following:
  • Dashboard: displays a list of recent recordings, the server, database, and folder where recordings are stored, as well as recording information such as start time, duration, size, and state. You can lock, unlock, and delete recordings.
  • Recordings: displays a list of all recordings with information such as name, launched resource, location, start and end dates, start time, duration, size, and state. You can lock, unlock, and delete recordings.

Desktop Recording Settings

In Administrator > Audit Trail, you can track all the user actions in the UI.

In Administrator > Service Settings, you can change the authentication, client, and server settings for the recording application, as well as recording criteria.

The following credentials are stored in the database and by default, the administrator has full control of the service settings, while the viewer can simply find and watch and download recordings.

Username/Password: administrator/Recording123

Username/Password: viewer/Recording456

You can select a user and change these passwords in Authentication Settings:
Authentication Settings Description
LDAP Integration Disable or enable LDAP integration. If enabled, enter the following information:
  • LDAP URL
  • Bind User DN
  • Bind User Password
  • Search Base
  • Administrative Group DN
  • Viewer User Group DN
  • User Search Filter
  • Group Search Filter
Local Users Select a user and click Change Password to change the password for that user.
The following settings affect the behavior of the Desktop Recording Agent:
Client Settings Description
Notification Message Message displayed to the user when their session is being recorded.
Chunk size The buffer size on the Desktop Recording Agent for each recording screen. When this buffer is filled, the data is submitted to the Desktop Recording Server.
Upload Interval The length of time an active recording chunk will be uploaded to the server if the buffer has not yet filled. For example, if the interval is set to 5 minutes and the buffer has yet to fill, when this timespan has elapsed, the current recording screen data is uploaded to the server and a new chunk is created. This setting ensures a smaller window for missed recordings if the Desktop Recording Agent encounters a failure.
The following settings dictate the session types that are recorded:
Recording Criteria Description
Record Local Sessions Instructs the Desktop Recording Agent to record all sessions that are brokered from internal connection servers on the LAN
Record Remote Sessions Instructs Desktop Recording Agent to record all sessions that are brokered via a Unified Access Gateway or Security server
Groups to record Lists specific groups of users to be recorded using the session type recording criteria. If you do not add a group, all users will be evaluated for recording.
The following settings affect the local server that you are currently connected to the database. To change local server settings, use the Edit Deployment wizard.
Local Server Settings Description
Database Connection Type This local server setting is read from the servicesettings.json file on the local server. Supported database types:
  • SQLite (local file)
  • MSSQL (Microsoft SQL)
  • PostgreSQL
Database Connection String Identifies the server instance and database connection. Example: Data Source=Local.db
The following settings affect all the servers connected to the database. To change cluster storage location, use the Edit Deployment wizard.
Cluster Settings Description
Recording Storage Folder File path of the folder in which the Desktop Recording Server stores active recording data or finished recordings. Location of this folder depends on the deployment type: NTFS Share or Local. This folder must be secured manually.
Conversion Chunk Size Buffer size used to convert active recordings to finished recordings. The default value is 10.
Conversion Wait Time Amount of time a pending recording conversion has to wait before attempting to convert the files from active to finished. The default value is 10 minutes.
Raw Files This setting affects both the Desktop Recording Agent and the Desktop Recording Server.
  • Desktop Recording Agent: instructs the agent to delete the recording when it has uploaded the data to the server successfully.
  • Desktop Recording Server: instructs the server to retain the raw files post conversion to mp4.
This setting is enabled by default. Disabling this setting compromises the security of the files.
Retention Settings Number of days a recording is retained on the server after which the web service deletes the recordings. Locked recordings are excluded from the retention rules and remain on the server.
The SSL certificate used by the Desktop Recording Server is retrieved from the local machines certificate store. It has a friendly name and a private key. If the SSL certificate does not exist, it is created on service startup. To install a custom certificate, rename the existing certificate to HorizonDesktopRecordingServer and install the certificate to the machine store. Restart the Desktop Recording Server service for the changes to take effect.
Note: The SSL certificate must be trusted by the Desktop Recording Agent, otherwise the trusted thumbprints you added during installation will not contain the new certificate's thumbprint.
You can configure additional settings, such as the JWT token timeout and the SSL / TLS port, in the servicesettings.json file in the installation directory. You must stop the service before modifying this file and these settings will only affect the server you modify. These settings must match on all recording servers participating in the cluster.
{
"HTTPSPort": 9443,
"DBConnectionString": "GlmrgliM0TpWt5nbC1RQyjoG]
"JWTTokenLifeSpan": 60,
"DBType": 1,
"ConnectionStringIsEncrypted": true
}

Edit Deployment Wizard

You can modify Desktop Recording Server settings with the Edit Deployment wizard.

Modifying Desktop Recording Server settings affect both the local server settings, such as the database connection, as well as the clusters storage location. After the wizard completes, the local web service will be restarted to update the database. Any changes to the storage location will affect all servers in the cluster immediately.
Note: Data is never migrated when modifying the deployment. Only the service configuration and user authentication details are migrated. Make sure to back up all recordings in the database by downloading the recordings, then deleting the sessions in advance to avoid having unwanted data.

You can modify the local server’s database connection if there are no active sessions in progress in a standalone mode.

Select the database type and connection string. These settings are encrypted and stored in the servicesettings.json file in the server installation directory. If the user specified in the connection string has permissions to create the database, the web service will create a database. Otherwise, pre-create an empty database with the desired name and verify that the account provided has the ability to create the required tables.

The account must have the ability to make database layout changes for future upgrades where the database schema may change, and the web service will automatically perform the migrations.

The web service will be restarted after the database has been instantiated and the local users and settings have been migrated.

Modifying the clusters storage location immediately affects all servers in the cluster. Do not modify the storage location when there are active recordings occurring. Data is not migrated when modifying the storage location.

Logging

By default, the Desktop Recording Server and Desktop Recording Agent logs are in C:\programdata\VMware\Horizon Desktop Recording.

To troubleshoot any issues, you can extend the logging by modifying the NLog.config file. Changing the minlevel to Debug or Trace increases the size of the log files.
<rules>
/logger name="*" minlevel="Trace" writeTo="WebServiceLogging" />
</rules>