Month: December 2014

Categories
Knowledge Support Support exacqVision Server Categories Products

Configuring SSL on an exacqVision Server for Active Directory/LDAP (Linux)

exacqVision 7.2 and higher:

Check the box labeled “Use SSL” on the “ActiveDirectory/LDAP” configuration page, then press “Apply”.

<br>

exacqVision prior to 7.2:

This article contains procedures for configuring SSL on exacqVision servers so that you can make Active Directory operations more secure.

There are many ways to generate, install, and manage certificates in order to use SSL, but this document explains one simple option: exporting the trusted root certificate that already exists in your Active Directory domain and installing it on each exacqVision server.
<br>

Export Trusted Root Certificate for Your Domain

  1. Log in to any Windows workstation that has already been added to your domain. The login account must have at least local admin permissions.
  2. Start the Microsoft Management Console (mmc.exe).
  3. If you haven’t already, add the Certificates snap-in:

    a) On the File menu, click Add/Remove Snap-In.
    b) Select Certificates and click Add.
    c) When prompted, select the option to manage certificates for your user account (instead of the service or computer account).
    d) Click Finish.
    e) Click OK to complete this step.
  4. Expand Certificates – Current User in the left pane.
  5. Expand Trusted Root Certification Authorities.
  6. Select the Certficates folder to display your workstation’s currently installed CA certificates. The Issued To field should contain something similar to mydomain-ROOT-CA, where mydomain is your domain name.
  7. Select that Issued To entry, right-click All Tasks, and select Export.
  8. In the Certificate Export Wizard, select the format choice of Base-64 encoded binary X.509 (.CER). Save it to a local .cer file that you can relocate later. You will then install this same certificate file on every exacqVision Server for which you intend to use SSL.

<br>

Certificate Database Location on exacqVision Server

Whenever exacqVision Server attempts to connect to an Active Directory server, it creates the following files in the installation directory, if necessary:

cert8.db
key3.db
secmod.db
<br>

Import Trusted Root Certificate into Each exacqVision Server

  1. On the exacqVision server, copy your trusted root certificate to the server’s installation directory at /usr/local/exacq/server.
  2. If you have not already verified your exacqVision Server’s LDAP configuration with SSL disabled, do this now. This will create your certificate database files if they do not exist already.
  3. Open a Terminal window and type the following:

    sudo openssl s_client -connect FQDN:636 -ssl3 | sed -ne “/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p” > ad.pem && sudo mv ad.pem /usr/local/exacq/server
    where FQDN is the fully qualified domain name of your Domain Controller.
  4. Press Enter twice to create the .pem file and move it to the Servers directory.
  5. Change to the exacqVision server’s directory with

    cd /usr/local/exacq/server
  6. Run the following two commands:

    sudo certutil -d . -A -t “C,C,C” -i MY_CERT_FILE -n adca

    where MY_CERT_FILE represents your trusted root certificate file; and

    sudo certutil -d . -A -t “u,u,u” -i ad.pem -n ad
  7. In a Terminal window, restart your exacqVision server with the following command:

    sudo service edvrserver restart
  8. On your exacqVision server, run exacqVision Client and open the Active Directory/LDAP tab. Select the SSL checkbox (the port should automatically change to 636), and then click Apply. Your exacqVision Server should then reconnect to your Active Directory domain controller.

<br>

Configuring-SSL-on-an-exacqVision-Server-for-Active-Directory-LDAP-Linux.pdf
Categories
User Guides Documentation exacqVision Client Categories Products

Replacing a Drive on an exacqVision System with an LSI RAID Controller

It is considered best practice to periodically check the health and status of exacqVision storage devices. If a device has failed, this guide explains the steps needed to replace that device using exacqVision Client and LSI MegaRAID Storage Manager.

<br>

Identify and Replace the Failed Drive

  1. In exacqVision Client, navigate to Config (Setup) Page, which is the button with the gears icon, and then open Storage page.
  2. Select the Hardware tab on the right and then select the LSI MegaRAID SAS device.
  3. Select the device that is highlighted in red (for example, Port 19). Note the Port and Serial Number.

    NOTE:     If you do not feel comfortable removing a drive while the server is running, or if you aren’t sure which port is affected, shut the server down through the operating system. Then locate the physical port on the front of the server and remove the drive. Move the button on the right side of the drive to the right and slide the drive out.
  4. To confirm that you removed the correct drive, cross check the serial number on the drive with the serial number shown in exacqVision Client.
  5. Remove the screws holding the failed drive into the drive tray. Set this drive aside.
  6. Attach the new drive into the drive tray and insert it into the port on the front of the server.
  7. Push the drive into the port and lock the tray into place by pushing the arm into place. You will feel some resistance at the back of the port when pushing the drive in. Do NOT force the drive into position. The arm will click when it reaches locking position.
  8. If needed, power the server back on.
  9. If the rebuild does not start automatically, please proceed to Section II. If it does, please proceed to ‘Check Rebuild Progress and Confirm Completion’.

<br>

Add the New Drive to the Array

  1. If the server was shut down, close exacqVision Client, log out of the user account, and log in to the admin account.
  2. Minimize exacqVision Client and open the LSI MegaRAID Storage manager from Start > All Programs > MegaRAID Storage Manager > StartupUI or by double-clicking the MegaRAID Manager icon on the Desktop (if present).
  3. When the Host View page opens, select the Host that appears in the list to display the login window.
  4. Enter the username/password — admin/admin256 (Windows) or root/exacqvisionip (Linux) — and select Login.
  5. Confirm on the Dashboard tab that the controller is in a Needs Attention state, and that the log shows Warning ID 250: VD is now PARTIALLY DEGRADED VD 0.
  6. Select the Physical tab, right-click the LSI MegaRAID controller, and select Silence Alarm.
  7. Locate the new drive, which should appear as (Foreign) Unconfigured Good. Right-click the drive and select Replace Missing Drive.
  8. Confirm Drive Group, RAID Level, and Row index (Slot), and then select OK.
  9. The new drive should appear as Offline. Right-click the drive and select Make Drive Online.
  10. Select the box next to Confirm and then select Yes.
  11. The drive now enters a Rebuild state.

<br>

Check Rebuild Progress and Confirm Completion

  1. To see an estimate of how long the rebuild will take, select the clock icon.
  2. The progress of the rebuild and an estimated time for completion are displayed.
  3. After completion, the log in the LSI Storage Manager should display ID 249: VD is now OPTIMAL VD 0.
  4. Confirm the status of the array in exacqVision Client by navigating to the Storage page and then the Hardware tab. The port that was shown in red previously should now be listed as Healthy.

<br>

Categories
Knowledge Support Support exacqVision Server Products

Archiving Status: Target File Write Stalled (Linux)

Starting in exacqVision 6.6, the Archiving page can report a status of Failed – Target File Write Stalled. This status is displayed after 15 minutes of inactivity during an active archive task. While in this condition, archiving is stalled and hardware monitoring is stopped, but video recording continues normally. This condition affects only Linux-based exacqVision systems.


To recover from this condition, restart the system. Because the stall is related to the Linux kernel, the system restart could also stall, and the system must be power cycled manually by unplugging and plugging in the power cables. (If the server has a capture board with watchdog enabled, the watchdog will be triggered during the system restart.).


After the system is restarted, follow these instructions to disable cifs caching and prevent additional archiving stall conditions.