Month: May 2023

Categories
Knowledge Support Documentation Support exacqVision Client exacqVision Server Products

ExacqVision Server and Client support LDAP authentication with Azure Active Directory

Azure Active Directory supports the LDAP interface when properly configured, and therefor LDAP can be used to sync the ExacqVision software stack with the Azure AD instance.

Background Information: Lightweight Directory Access Protocol (LDAP) is an application protocol for working with various directory services. Directory services, such as Active Directory, store user and account information, and security information like passwords. The service then allows the information to be shared with other devices on the network. Enterprise applications such as email, customer relationship managers (CRMs), Video Management Software (VMS – ExacqVision), and Human Resources (HR) software can use LDAP to authenticate, access, and find information.

Azure Active Directory ( sometimes referred to as Azure AD) supports this pattern via Azure AD Domain Services (sometimes referred to as AD DS). It allows organizations that are adopting a cloud-first strategy to modernize their environment by moving off their on-premises LDAP resources to the cloud. ExacqVision has supported the use of LDAP authentication since early versions, and now has been enhanced to support the use of LDAP authentication when being integrated with Azure Active Directory as a modern solution to cloud based computing.

When a network hosting ExacqVision Server on-premise has been properly configured for communication with an Azure Active Directory instance by verifying no port restrictions or other environmental variables inhibit communication – ExacqVision Server & Client have the ability to support the use of LDAP authentication with Azure Active Directory as of December 15th, 2022 – and subsequent releases thereafter.  

Products 

  • ExacqVision Server Software version 22.12.5.0 and up
  • ExacqVision Client version 22.12.2.0 and up

Minimum Requirements for ExacqVision Server and Client software: 

  • Server and Client versions must be 22.12 or later
  • Your ExacqVision Server must have an Enterprise license to interact with Azure AD.
  • Your network configuration must be properly configured to communicate with your Azure AD instance
  • To configure Azure Active Directory integrations on an ExacqVision Server, you must have Azure Active Directory credentials with access to the following Active Directory parameters as supplied by your Local IT Department or Network Administrator: objectClass (specifically “group” & “user”), userPrincipalName,  sAMAccountName,  inetOrgPerson, krbPrincipalName

Configuration steps for ExacqVision Server and Client software: 

  • Properly configure the network to communicate with Azure Active Directory instance without restriction.
  • Verify you possess the minimum credential requirements needed to complete the integration as listed above (supplied by your Local IT Department or Network Administrator) and then log into the Client with administrative privileges
  • Navigate to Enterprise > ActiveDirectory/LDAP. Enable Directory Service and add the Azure AD Instance address in the Server Address field with the proper Port number, proper setting for USE SSL, Base DN and Bind account information in the corresponding fields – as supplied by your Local IT Department or Network Administrator NOTE: It is recommended to enable “Permission to Create SPN” when using Azure Active Directory LDAP authentication.
  • Apply the Changes.

Expected Results 

The above steps when executed properly will sync with the Azure AD Instance, allowing LDAP authentication in ExacqVision Client & Server.

For more information on how to configure ExacqVision for use with LDAP authentication please see the ExacqVision Client User Manual.

Categories
Configuration Knowledge Support Documentation Support exacqVision Enterprise exacqVision Client exacqVision Server Products Uncategorized exacqVision Integrations

Enterprise Manager supports LDAP authentication with Azure Active Directory 

Azure Active Directory supports the LDAP interface when properly configured, and therefor LDAP can be used to sync the ExacqVision Enterprise Manager software with the Azure AD instance.

Background Information: Lightweight Directory Access Protocol (LDAP) is an application protocol for working with various directory services. Directory services, such as Active Directory, store user and account information, and security information like passwords. The service then allows the information to be shared with other devices on the network. Enterprise applications such as email, customer relationship managers (CRMs), Video Management Software (VMS – ExacqVision), and Human Resources (HR) software can use LDAP to authenticate, access, and find information.

Azure Active Directory ( sometimes referred to as Azure AD) supports this pattern via Azure AD Domain Services (sometimes referred to as AD DS). This allows organizations that are adopting a cloud-first strategy to modernize their environment by moving off their on-premises LDAP resources to the cloud. ExacqVision has supported the use of LDAP authentication since early versions, and now has been enhanced to support the use of LDAP authentication when integrated with Azure Active Directory as a modern solution to cloud based computing.

When a network hosting Enterprise Manager on-premise has been properly configured for communication with an Azure Active Directory instance by verifying no port restrictions or other environmental variables inhibit communication – ExacqVision Enterprise Manager has the ability to support the use of LDAP authentication with Azure Active Directory as of December 15th, 2022 – and subsequent releases thereafter.  

Products 

  • ExacqVision Enterprise Manager version 22.12.0.0 and up

Minimum Requirements for ExacqVision Enterprise Manager Software: 

  • Enterprise Manager version must be 22.12.0.0 or later
  • Your network configuration must be properly configured to communicate with your Azure AD instance
  • you must have Azure Active Directory credentials with access to the following Active Directory parameters – as supplied by your Local IT Department or Network Administrator: objectClass (specifically “group” & “user”), userPrincipalName , sAMAccountName , inetOrgPerson , krbPrincipalName

Configuration Steps for Enterprise Manager: 

  • Properly configure the network to communicate with Azure Active Directory instance without restriction.
  • Verify you possess the minimum credential requirements needed to complete the integration as listed above (supplied by your Local IT Department or Network Administrator) and login to Enterprise Manager user interface with administrative privileges
  • Navigate to the Domain settings page
  • Under “Add Domain” enter the address of the Azure Active Directory instance in the “Hostname or IP” field and enter the above mentioned credential criteria with the proper port number, security protocol, Search Criteria information, and Attribute names information in their corresponding fields – as supplied by your Local IT Department or Network Administrator
  • Apply the changes.

Expected Results 

The above steps when executed properly will sync with the Azure AD Instance, allowing LDAP authentication in ExacqVision Enterprise Manager.

For more information on how to configure ExacqVision Enterprise Manager for use with LDAP authentication please see the ExacqVision Enterprise Manager user manual.

Categories
Knowledge Support exacqVision Server Products Uncategorized

False Drive Offline status on some Q-series models

Description 

Some drives may show an “offline” status on the hardware tab in ExacqVision Client when Server Version 23.03.1.0 is installed on Q-series models, though data can be read from and written to the drive.

Note: This issue manifests itself cosmetically by appearing as if the drive is offline but has no bearing on functionality for video searching.

Product 

ExacqVision Server Version 23.03.1.0

Steps to Reproduce 

Update to Server Version 23.03.1.0 from a previous server software version.

Expected Results

Drives should populate hardware tab with a healthy status.

Actual Results 

One or more drives may appear as “Offline” on the hardware tab.

Solution

Update to ExacqVision Server 23.03.2.0 if SSA is current and up to date, or alternatively rollback to ExacqVision Server 20.12.8.0 as a workaround.

AES-457


Categories
Knowledge Support Support exacqVision Server Categories Products

CD/DVD Recorders and Disc Types

Many users have moved to transporting files via portable USB devices or cloud services. CD/DVDs are still often desired by those working with legal evidence or those in insurance and law enforcement due to their low cost and ability to be mailed or stored in flat file folders. Users with systems that do not have on-board DVD drives, or users with third-party hardware, can still utilize external DVD drives to record exported video files if needed. Article 2678 explains this. The following article provides additional information regarding drive types and media use.

When examining optical disc drives as well as the CD or DVD media used in them you will note the presence, or lack of, + and – symbols as well as various acronyms used.

Disc Formats and Capacities

The initial two or three letters inform you about the disc format.

  • CD (Compact Disc) is the older of the formats and has a capacity of around 700 MB. Originally created for music, but can be used to store data or video files if used with a compatible reader.
  • DVD (Digital Video Disc) created to provide increased capacity for video, these discs typically hold around 4.7 GB.
  • BD (Blu-Ray) created to provide even more capacity for high-definition video that requires more space, these typically store up to 25 GB.

A caveat to the capacities listed above, are DL discs, these are mentioned below with the additional acronyms.

Disc Standards (+/-)

There are two standards used for recordable DVDs, indicated by + and – symbols. DVD-R is and older format that was improved upon by DVD+R. The two formats hold similar amounts of data but the DVD+R standard provides some error checking during recording resulting in fewer opportunities for write errors.

You will only see the ± symbol on drives, not on discs, and this tells you that the drive can burn to both + and – discs. This was more important in the past, as many drives today are ±, though this should be noted if you are experiencing issues burning discs since older DVD+R and DVD+RW drives were unable to record to DVD-R and DVD-RW media and vice versa.

Disc Capabilities

The acronyms following the + or – inform you what the disc is capable of, as follows:

  • ROM (Read-Only Memory), as the name implies these are read-only and come from a production facility with the data already on them. Many users simply drop the ROM altogether and refer to these as simply, CDs, DVDs, or Blu-rays.
  • R (Recordable) indicates that the disc is recordable a single time. Once written to, it cannot be recorded to again.
  • RW (Rewritable). In a compatible drive, these discs can be written to more than once.
  • RE (Recordable Erasable), this is essentially the same as RW but used for rewritable Blu-ray discs.
  • DL (Dual Layer), usually appearing last, you may note some discs that display DL, which stands for Dual Layer. These discs will hold twice as much data, DVDs 8.5 GB and BDs 50 GB. Note, however that dual layer DVDs are NOT the same as double-sided DVDs that are flipped over to record on both sides of the disc.

Disc and Drive Compatibilities

The chart below aligns the drive type along the left-hand side with the optical media type listed across the top.

Drive Type Disc Type
CD-R CD-RW DVD-R DVD-RW DVD+R DVD+RW DVD+R DL BD-R BD-RE BD-R DL
CD-ROM Read Read
CD-R Read/Write Read
CD-RW Read/Write Read/Write
DVD-ROM Read Read Read Read Read Read Read
DVD-R Read/Write Read/Write Read/Write Read Read Read Read
DVD-RW Read/Write Read/Write Read/Write Read/Write Read Read Read
DVD+R Read/Write Read/Write Read Read Read/Write Read Read
DVD+RW Read/Write Read/Write Read Read Read/Write Read/Write Read
DVD+R DL Read/Write Read/Write Read Read Read/Write Read/Write Read/Write
BD-ROM Read Read Read Read Read Read Read Read Read Read
BD-R Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read Read
BD-RE Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read
BD-R DL Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write

<br>

Troubleshooting

If experiencing problems burning discs, as mentioned above, be sure that the optical media being used is compatible with the drive being used.

Check that any external and/or third-party drives are recognized by the system and have any necessary drivers installed.

Article 2619 discusses the quality of the media.

<br>

Categories
Video Library Configuration Illustra Youtube Video Library Categories

Illustra Tools Mobile App

Illustra Tools Mobile App
Using the Illustra Tools Mobile App to discover, connect to, and configure cameras
Categories
Knowledge Support Support Categories Products exacqVision Integrations

The ‘autoreconnect’ Utility

In 2017, a custom utility was written specifically for Inditex which was designed to discover cameras on the network that have changed their IP address. Then it would use evAPI calls to compare the MAC addresses listed in the current configuration to what currently shows in the ARP table, then update the IP plugin’s configuration to connect to the new IP address.

The purpose of this KB is to document what was discovered recently as the existence of this utility was not known to Support and not well known to the current Engineering team.

Inditex ONLY!

This utility was written at Inditex’s insistence as a workaround for an unstable network environment where their cameras would show up with unstable IP addresses.

This is not intended or advertised to be distributed to any other customers. Support should recommend to customers that they stabilize their network environment either by setting static IP addresses, or DHCP reservations.

Build

At the time of this KB, the utility is available in Artifactory HERE.

Only Linux .deb files are provided either for 32 or 64-bit environments.

Installation

The .deb file will need to be transferred to the machine and can be installed with:

sudo dpkg -i <packagename>.deb

This results in a new directory: /usr/local/exacq/autoreconnect/ and a service named autoreconnect is started and set to run at boot.

A configuration file is created here:

/usr/local/exacq/autoreconnect/config/config.json

This config file looks like the following by default:

{
"server_address": "127.0.0.1",
"server_port": 22609,
"server_user": "admin",
"server_password": "admin256",
"detect_interval": 300,
"instance_name": "evStayConnected (Integration)",
"log_level": 0
}

The ‘server_port’, ‘server_user’ and ‘server_password’ sections may need to be modified for the connection to work.

Logs

Daily log files are created and rotated in the following directory:

/usr/local/exacq/autoreconnect/logs

When the service starts (and every 5 minutes thereafter) and successfully connects to the Server, it pulls information for each of the connected IP devices. These will show

INFO CONNECTED_EX callback for device

Then it checks if any current devices are in a disconnected state and logs:

INFO Disconnected devices detected (Count: 1). Starting IP Camera Scan

It will then log discovered cameras. If the current IP/MAC of the camera matches what’s in our config, it gets ignored:

INFO Ignoring ONVIF Camera at IP 10.160.5.131
INFO Discovered Illustra3 device 00-50-F9-XX-XX-XX at IP 192.168.1.131
INFO Ignoring ONVIF Camera at IP 10.160.5.130
INFO Discovered Illustra3 device 00-50-F9-YY-YY-YY at IP 192.168.1.130

If it finds devices that need to be changed, you’ll see:

INFO 1 device(s) found with different IP
INFO Queuing IP change request for disconnected device 4592640 with MAC 00-50-F9-ZZ-ZZ-ZZ. 192.168.1.45 --> 192.168.1.136

Troubleshooting

The logs are pretty verbose and can be utilized to see what action autoreconnect has taken, if any.

For instance, one of Inditex’s sites was failing to connect the cameras after they had changed IP’s and the logs showed:

evAPI connect status code -2 EVAPI_Select error

This was due to the fact that the exacqVision Server service was listening at port 5000 rather than the default port of 22609. After changing that, the initial connection worked, but then we got several more EVAPI_Select errors. The reason was due to the authentication. After fixing their username and password in the config.json file, the utility functioned as expected.

Categories
Knowledge Support Support exacqVision Server Categories Uncategorized

Moving Eventpi.DB file to New Drive

*** INTERNAL USE ***

Description 

We have found that event links based on triggers from AI Object Classification events flood the eventPI database resulting in the OS drive being filled in a short amount of time. Periodic unexpected crashes, system reboots and increased memory usage have resulted. This happens when the amount of AI metadata captured in the eventPI database exceeds the available free space on the drive.

Product 

  • exacqVision Server [All versions]

Prerequisites

  1. Follow Best Practice recommendations as outlined in Analytic Metadata Best Practices
  2. If your license allows, update the exacqVision Server and Client instances to 23.09 or higher to take advantage of the Maximum Days to Keep Bounding Box Metadata control. Try this solution prior to moving the eventpi.db.
    Maximum Days to Keep Bounding Box Metadata Explained
  3. Moving the eventpi.db should be considered an extreme final effort reserved for those that insist on long term retention of large amounts of metadata.
  4. When moving eventpi.db, you should only do so onto a newly installed NVMe or SSD drive designed for frequent writes. We strongly advise selecting drives with specs of 2500 TBW (Terabytes Written) or higher. Systems without available NVMe slots, such as the 4U A-Series, will need to rely on Internal NAND SSD.
    • Recommended WD Red options:
      • NVMe – WDS200T1R0C
      • NVMe – WDS400T1R0C
      • SATA SSD – WDS400T1R0A

WARNING: We DO NOT recommend by any means, moving the database onto a video recording drive.

Solution

NOTE: If your license allows, update the exacqVision Server and Client instances to 23.09 or higher to take advantage of the Maximum Days to Keep Bounding Box Metadata control. Try this solution prior to moving the eventpi.db.
Maximum Days to Keep Bounding Box Metadata Explained

Move the eventpi.db database according to the following procedure:

  1. Stop Server Service
  2. Go to C: > Program Files > exacqVision > Server > eventpi (there is a Database File and XML Document named “eventpi”; you want Database File)
  3. Copy eventpi.db to new Volume location
  4. Modify eventpi.xml ‘DatabaseName’ attribute to new db path (If no “DatabaseName” attribute inside the <Events…> node then add it to the Events node
  5. Restart Server Service
  6. Conduct a search to make sure its working,
  7. Monitor/View new eventpi.db size and make sure it is growing
  8. The eventpi.db in the original location can now be removed

eventpi.db File

eventpi.xml (Modify Database Name)

Related Articles

AESW-5987

Categories
Knowledge Support Support exacqVision Client exacqVision Server Categories Products

Downgrading Exacq software or camera firmware must be escalated

Downgrading Exacq software or camera firmware must be escalated

Exacq Software Version

If for any reason a customer must downgrade an exacq software version to resolve an issue, you must gather all applicable data (Support diagnostics, Wireshark capture) and escalate to L3 even if the issue has been resolved by downgrading. Downgrading the s/w version is just a workaround and must be escalated. 
NOTE: exacqVision software is forward compatible. It is the expectation that camera f/w versions tested with older version of exacq software should still work with newer versions of exacq software.

Camera Firmware

If a customer is running a version of camera firmware that has not been tested by exacq and you believe is causing their reported issue

  • If you are able to downgrade the f/w and resolve their problem, please do but you must escalate to L3. 
    • Reminder: Illustra cameras and some other manufacturers cannot downgrade firmware as an option
    • Please gather support diagnostics and camera logs before escalating
    • Please obtain a Wireshark capture before escalating
  • If you cannot downgrade their f/w version to a tested version, please escalate to L3
  • If no issue but customer is asking for the f/w version to be tested, please escalate so an enhancement ticket can be created

Expectations on non-tested f/w (enhancements)

  • If the f/w version has not been tested, it is technically not supported
  • Please set expectations with the customer on enhancements
    • Enhancements are prioritized by Product Management and weighed against all Enhancements submitted
    • As soon as PM makes a decision, L3 Support will notify the customer and close the ticket
  • If not a JCI product, we will still escalate to exacq Engineering
    • Ask the customer to also create a ticket with the product manufacturer to handle from both ends
      • This will speed up the process and insure all teams are communicating
  • As a workaround only
    • If the camera is not working at all, you can suggest using onvif or the RTSP plugin
Categories
Knowledge Support Support exacqVision Server Categories Products

Artificial Intelligence Object Classification Event Triggers Filling OS Drive

Description 

We have found that event links based on triggers from AI Object Classification events flood the eventPI database resulting in the OS drive being filled in a short amount of time. Periodic unexpected crashes, system reboots and increased memory usage have resulted. This happens when the amount of AI metadata captured in the eventPI database in a single day exceeds the available free space on the drive.

The following exacqVision Server log entries confirm when this issue is occurring.

Product 

  • AXIS Object Analytics
  • Hanwha AI-based object detection
  • Illustra AI Object Classification
  • exacqVision Server [All versions]

Solution

Update the exacqVision Server and Client to version 23.09 or higher.

Once updated, utilize the ‘Maximum Days to Keep Bounding Box Metadata’ control. Details on this feature may be found in Maximum Days to Keep Bounding Box Metadata Explained

Related Articles

AES-392