AVBlock Error with Session Recording

Connection Manager utilizes a third-party library for video encoding known as AVBlocks. This library performs a license check through the URL lms.primosoftware.com.

This is a third-party check for licensing.

The license is checked infrequently and cached in the username\local\temp\primosoftware.lm.cache folder on Windows. If the license check fails, Connection Manager will be unable to record a session and provide an error message, although all other functionalities will continue to operate normally.

Connection Manager's AVBlock license was recently extended.

Thycotic.Video.AVBlocks.Common.AvBlocksException

To facilitate this process, we recommend open network access via port 80 (HTTP) and 443 (HTTPS). If it is not possible to keep the ports open continuously, please use allow port 80 and 443 access to primosoftware.com and its subdomains through DNS filtering or other appropriate mechanism depending on your company policies for client machines.

In some cases, Connection Manager may cache and invalid license on the client machine. In this case, we recommend deleting the contents of the cache folder for all affected users.

In Connection Manager when attempting to launch a Secret Server Secret that has session recording enabled, the session may fail to launch and return an exception error in the logs.

Examples of these error exceptions:

  • ERROR Delinea.ConnectionManager.Core.ViewModels.ExplorerViewModel: Unhandled exception in Connect: Autofac.Core.DependencyResolutionException: An exception was thrown while activating Delinea.ConnectionManager.SecretServer.SecretServerSessionBackgroundWork.

  • ERROR Delinea.ConnectionManager.Core.Managers.ErrorProcessingManager: Show error to user: An exception was thrown while activating Delinea.ConnectionManager.SecretServer.SecretServerSessionBackgroundWork.

Problem

This is caused when a component that Connection Manager uses for session recording starts caching an invalid license for that component on the client machine. The invalid license causes an rdpwin.exe error for the recorded session when it launches, resulting in the error messages as shown in the examples above.

AVBlocks can call home to a licensing server, here https://lms.primosoftware.com/, from the client endpoint where the Protocol Handler is installed and it creates a local cache of the licence in %temp%\primosoftware.lm.cache.

If the access to the license server is then blocked, the cached license will eventually expire and cause a PH recording error:

Copy 
Failed to open transcoder: Error=Unlicensed feature Facility=AVBlocks, Code=9, Hint=vp8-enc;

This can be seen in 6.0.0.13 and newer logs with verbose logging enabled in C:\Program Files\Thycotic Software Ltd\Secret Server Protocol Handler\log4net-rdp.xml.

Workaround

  1. Re-enable access to https://lms.primosoftware.com/.
  2. Delete the contents of %temp%\primosoftware.lm.cache for all affected users.