The session recording files are written by a process running as the root user on the appliance. But the web service that gets the recording files for viewing from the UI runs as a non-root user. The NFS server did not allow that user to read the files. Root on the appliance has a umask of 0022 and new files should be created with 0644 permissions so that any user can read the files. PAM relies on this and does not explicitly set permissions after file creation. If the NFS server imposes other default permissions, e.g. by having files inherit the permissions of the parent directory, that do not include read access for all, this problem will be observed.