The exacqVision Client fails to connect to the exacqVision Server with the status message “Address found but not an ExacqVision Server. Reconnecting.” This is typically caused by either an incorrect system IP address or the exacqVision Server service is not running on the NVR.
Products
exacqVision Client
exacqVision Server
Windows OS
Steps to Reproduce
From the exacqVision Client access the Add Systems page (Config (Setup) Page > Add Systems)
View an existing or add a new System
Check the Status of the system in the System List
Expected Results
Status = Connected.
Actual Results
Status = Address found but not an exacqVision Server. Reconnecting.
Solution
If the IP address entered for the system is correct then this is an indicator the exacqVision Server Service is not running on the NVR.
Troubleshooting
exacqVision Client Machine
Confirm the IP address of the exacqVision Server matches what was entered in the exacqVision Client
exacqVision Server Service
On the NVR, check the exacqVision Server Service
Open Services by clicking the Windows (Start) button and typing Services.
Locate the exacqVision Server Service
Check the status and Startup Type
Normally the status should be running, and the Startup Type is Automatic
If the service is not started then highlight the service and either click Start the service on the left or right-click and choose Start from the popup window
If the service is started or starts then the exacqVision Client should be able to connect
In the event the service does not start an error message will be displayed
Windows Time Service
The Windows Time service is a dependency and must be running when the exacqVision Server service starts. Otherwise, the error message “Error 1068: The dependency service or group failed to start,” will be displayed.
Locate the Windows Time Service
Check the status and Startup Type
Normally the status should be running, and the Startup Type is Automatic
If necessary start the service and modify the services properties and set the startup type to Automatic
An “Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it,” is probably indicating that the service has been disabled and you will need to modify its properties and set the startup type to Automatic.
Once successfully started, attempt starting the exacqVision Server Service.
Description If any user is a part of the “root” group in Enterprise Manager this grants that specific user special admin privileges regardless of what type of user OR user role that they are in.
In example..
If a user is tied to a user role where they cant seen specific cameras on a server but also belong to the root group, they will still be able to see those cameras.
Product ExacqVision Enterprise Manager Any Exacq brand NVR
When the Exacq NVR you are configuring to archive to an Exacq S-Series and the recording NVR is joined to a domain, there is a local Group Policy that must be configured to prevent receiving a ‘Disconnected’ status.
Product
An Exacq NVR with Windows OS
Exacq S-series storage server
Steps to Reproduce
Create a volume for Archiving on the S-Series system.
Try to connect to that archiving target from NVR.
Apply the settings.
Expected Result
Arching target is ‘Connected’
Actual Result
Archiving target is ‘Disconnected’
Work Around
None
Solution
The local group policy Network Security: LAN Manager authentication level must be set to “send NTLMv2 response only. Refuse LM and NTLM”
The Exacq Mobile 3 application does not show the OSD of cameras while the device is in a different time zone.
Product
Exacq Mobile 3 application for both iPhone and Android.
Expected Results
We should be able to account for when the Device is in a different time zone than the recorder while using the Exacq Mobile 3 application to reflect the camera times, in case searching video is required.
Actual Results
The Exacq Mobile 3 application will show the cameras OSD timestamps as the time of the recorder.
Solution
If the need to search the time of an event is needed on the Exacq Mobile 3 application please keep in mind the difference between time zones.
When importing a License from File or Exacq.com and “Server Rejected License Upgrade. Please Fix and Try Again.” error box appears.
Products
exacqVision Server
exacqVision Client
exacqVision Web Server
Steps to Reproduce
Open exacqVision Client
Go to Server drop down and select select Configure System
On System Tab click import button:
Select From File if downloaded License File Key exists
Select From exacq.com to pull registered License Key information automatically
Results
License Error: Server Rejected License Upgrade. Please Fix and Try Again
Causes
Upon Server start, we scan for all enabled NIC’s and get their MAC addresses. If no MAC is found that matches the current license, we go into unlicensed mode. The same check occurs when trying to import a new license.
At times a user may disable a NIC they aren’t using for communication, but when this takes place it also removes it from our license check.
Also sometimes the MAC address may not match when they requested the license.
Troubleshooting Steps
Check to make sure Internet Access is Available
Make sure MAC Address matches the MAC Address registered to License
If you are not sure of MAC Address, to confirm:
On Windows OS open Command Prompt:
Type: ipconfig /all
On Linux OS open Terminal:
Type: ip a
After your query, confirm MAC Address is correct.
3. Make sure NIC has not been Disabled by checking Network Connections
Go to Control Panel
Click Network and Internet
Click on Network Sharing Center
Click on Change Adapter Settings
Right Click on NIC in use
If Disabled:
Go to Services
Right Click on exacqVision Server and Restart
Go back to NIC and Re-Enable
Logs
License Logs after Disabling/Enabling NIC and restarting exacqVision Server ServiceStatus updates to Bad/Invalid License – Check Server Network Adapter
Authorized dealers and integrators with Support Portal credentials have the ability to access the Log Reference tool, which provides additional information on sometimes cryptic server log entries.
If the DigiCert Trusted Root G4 Certificate is missing, exacqVision Software updates downloaded from exacq.com or initiated within exacqVision Client, will report a signature error.
For Instructions on exacqVision Enterprise Manager version 22.03 or older see Knowledge Base Article #12724
The following document details how to enable HTTPS connections to exacqVision Enterprise System Manager from update 22.06 and later.
For a trusted certificate, it is recommended that you purchase a third-party intermediate certificate from one of many online providers. If you are using a third-party certificate you may skip ahead to the section titled, “Obtaining a Third-Party Certificate”.
These steps will detail how to create a self-signed certificate, but be aware that web browsers will warn users that the certificate is untrusted if you are using a self-signed certificate or one from a private/internal certificate authority.
CREATING A SELF-SIGNED SSL CERTIFICATE
Windows
1) Click on the Windows Start button and type ‘CMD’. Right-click on the CMD icon and choose ‘Run as Administrator’.
2) Set the environmental variable that will be used by OpenSSL later by typing:
set OPENSSL_CONF=C:\Program Files\exacqVision\EnterpriseManager\apache\conf\openssl.cnf
Press Enter.
3) Change your working directory by typing:
cd "C:\Program Files\exacqVision\EnterpriseManager\apache\bin\"
You will be prompted to enter a PEM pass phrase. Enter anything you like but you will need to re-enter this in the following steps.
PEM pass phrase:
5) You will be prompted with several questions for the certificate, answer these according to your needs. COMMON NAME should be the IP address or FQDN that users will access to reach the ESM web site (ex. www.domain.com or esmserver.domain.com).
You will be prompted with a series of questions. – Use data specific to your site. – Items can be left blank with the exception of Common Name – Common Name (e.g. server FQDN or YOUR name) should be the IP address of EM Server
Verify the md5 hashes match, if they DO NOT then see the troubleshooting section below before proceeding.
Step 3 Edit Apache Configuration
cd /usr/local/exacq/esm/apache/conf/extra
sudo gedit httpd-ssl.conf
Make the following changes, save the file and then close gedit.
Step 4 Restart the enterprise-webservice
sudo service enterprise-webservice stop
sudo service enterprise-webservice start
<br>
OBTAINING A THIRD-PARTY CERTIFICATE
If you are planning to acquire a third-party certificate from a trusted provider, you may need to provide them with a Certificate Signing Request (CSR) file.
Enter all the fields click on the ‘Submit’ button to download the ZIP file. Inside this ZIP file is the CSR file and RSA key to give to your certificate provider.
If you purchased a chained certificate, be sure to download the appropriate intermediate bundle.
Once you have downloaded the files from your provider:
Rename the .crt file to ‘server.crt’.
Rename the .key file to ‘server.key’.
If you have a chained certificate, rename the chain file to ‘server-ca.crt’.
Place the renamed files from your Certificate Authority (CA) into the following directory:
When purchasing an SSL certificate, many providers offer an Intermediate Bundle, or additional certificates that must be present to link your certificate to a root certification authority. Usually the provider will have documentation on how to accomplish this with Apache, but it is a good idea to ask them before or during the purchasing process. Exacq is not responsible for making your certificates capable of working with Apache.
It is possible to combine all the intermediate certificates that a provider may give you into one file. Consult your provider for more information.
<br>
ENABLING SSL FOR HTTPS CONNECTIONS
Be sure that you have followed the steps above to place the certificate files necessary for either a third-party certificate or a self-signed certificate into the correct directory before continuing with the following steps.
Windows
1) Click on the Windows Start menu and find the Windows Notepad program. Right-click on this and choose to ‘Run as Administrator’. If you do not run Notepad as an administrator you will be unable to save your changes.
2) With Notepad open, click on the ‘File’ menu and choose ‘Open’ or press CTRL-O on the keyboard.
In the Open browser, change the drop-down menu for File Type from ‘Text Documents (*.txt)’ to ‘All Files (*.*)’.
Use the Open browser to open the C:\Program Files\exacqVision\EnterpriseManager\apache\conf directory and highlight the file titled ‘httpd.conf’ then click ‘Open’.
3) Find the following line:
LoadModule ssl_module modules/mod_ssl.so
Remove any pound (#) sign in front of this line if there is one.
Now, find the following line:
Include conf/extra/httpd-ssl.conf
Remove any pound (#) sign in front of this line if there is one.
Save the file.
4) Still using Notepad, open the file titled ‘httpd-ssl.conf’ located in C:\Program Files\exacqVision\EnterpriseManager\apache\conf\extra
Find the following line:
ServerName www.example.com:443
Change the ‘www.example.com’ portion of this line to ‘localhost’.
Save the file and close the window.
5) Restart the solrApache or exacqVision Enterprise Manager Apache in Windows services (services.msc).
Linux
1) Open a Terminal prompt.
2) Change your working directory by typing:
cd /usr/local/exacq/esm/apache/conf
Press Enter.
3) You may use any editor you feel comfortable with, such as vi or nano, but if your are more inclined to using a graphical interface you may use a program called ‘gedit’ to make the following changes.
In the Terminal, type:
sudo gedit httpd.conf
Press Enter.
4) Find the following line:
LoadModule ssl_module modules/mod_ssl.so
Remove any pound (#) sign in front of the line if there is one.
Now, find the following line:
Include conf/extra/httpd-ssl.conf
Remove any pound (#) sign in front of the line if there is one.
Save the file and close the ‘gedit’ editor window to return to the Terminal prompt.
5) In the Terminal, type:
sudo gedit extra/httpd-ssl.conf
Press Enter.
Find the following line:
ServerName www.example.com:443
Change the ‘www.example.com’ portion of this line to ‘localhost’.
Save the file and close the window to return to the Terminal prompt.
6) Restart the service in the Terminal by typing:
sudo service ESMWebservice restart
<br>
FORCED REDIRECT FROM HTTP TO HTTPS
If you want to force users who try to access the site on port 80, using HTTP, to use the secure HTTPS connection you will need to enable a redirection.
Windows
1) Click on the Windows Start menu and find the Windows Notepad program. Right-click on this and choose to ‘Run as Administrator’. If you do not run Notepad as an administrator you will be unable to save your changes.
2) With Notepad open, click on the ‘File’ menu and choose ‘Open’ or press CTRL-O on the keyboard.
In the Open browser, change the drop-down menu for File Type from ‘Text Documents (*.txt)’ to ‘All Files (*.*)’.
Use the Open browser to open the C:\Program Files\exacqVision\EnterpriseManager\apache\conf directory and highlight the file titled ‘httpd.conf’ then click ‘Open’.
Remove the pound (#) signs in front of these two lines.
Save the file.
4) Restart the solrApache or exacqVision Enterprise Manager Apache service in Windows services (services.msc).
Linux
1) You may use any editor you feel comfortable with, such as vi or nano, but if your are more inclined to using a graphical interface you may use a program called ‘gedit’ to make the following changes.
Remove the pound (#) signs in front of these two lines.
Save the file and close the ‘gedit’ window to return to the Terminal prompt.
3) Restart the service in Terminal by typing:
sudo service ESMWebservice restart or sudo service enterprise-webservice restart
<br>
TROUBLESHOOTING
1) Some versions of Internet Explorer do not easily work with services running locally or may display pages incorrectly. If this happens, try clearing the browser’s cache by pressing CTRL-F5 on the keyboard. If the problem is persistent try installing another web browser, such as Chrome.
2) If the solrApache service fails to start after configuring it for SSL:
[Wed Mar 04 09:08:54.512004 2017] [ssl:emerg] [pid 19116] AH02565: Certificate and private key www.example.com:443:0 from server.crt and server.key do not match AH00016: Configuration Failed
c) If you see this log entry, complete the following steps:
1) Change your working directory to the location of openssl.exe
Windows (CMD) – cd C:\Program Files\exacqVision\EnterpriseManager\apache\bin
3) Compare the resulting values output after running each of the preceding commands. Each resulting string should be identical. If the values do not match, confer with the certificate authority that issued the certificate.
