Beginning with Enterprise Manager version 24.03.0.0 (or 23.09.124), downgrading will fail due the update of an underlying resource. We now utilize Django v3.2.23, which necessitated a change to the database schema. This will cause downgrade database migrations to fail.
Prior to upgrading from 23.09 or lower, it is recommended to complete a Backup. Instructions for scheduling a backup can be found in the exacqVision Enterprise Manager User Manual HERE.
NOTE: If you are using Postgres DB, you will only need the backup file. If using MS SQL, you will also need to create a DB backup utilizing Microsoft utilities. More information can be found HERE.
By default VFBA uses port 28774 and TCP to communicate with EM and the Server from the Spare NVR. Rules need to be configured for outbound and inbound firewall rules on the SPARE server for failback to work as expected.
To check the settings Open up Windows Defender Firewall with Advanced Security and click on Inbound Rules on the SPARE server.
Look for a rule allowing communication on port 28774, if you do not see this in the list, then click on New Rule in the upper right hand corner in the Actions section.
Select Port and click on Next.
Select Port 28774.
Click on Next and Select Allow the connection.
Make sure all three boxes are checked.
Click on Next. In the Name box type a name for this rule. I.E.- VFBA or evFailover, and click Finish.
Repeat this action for Outbound Rules on port 28774. It is neccessary to have both INBOUND and OUTBOUND rules configured on port 28774 on the SPARE server.
After configuring the inbound and outbound rules you can check the status by doing the following:
Open up task manager and click on the Performance Tab>Open Resource Monitor
Look at the Network Tab and under Listening Ports, verify it says Allowed and Not restricted.
Once any changes were made it is recommended that we restart the SPARE server and EM services and then check EM failover to see if the process can succeed. In some cases it may be necessary to whitelist vfba.exe and ExacqVision program components (core.exe, edvrclient.exe, including .ps and .psi file types & ExacqVision Enterprise System Manager components) when Antivirus software is in use within the configuration of your Antivirus program.
Support has identified an issue affecting Customer User Roles in some Enterprise Manager public release versions.
This issue prevents camera permissions such as video inputs and edits from being saved, and these permission checkboxes may “uncheck” themselves after a period of short time. This issue has been resolved in later versions.
Enterprise Manager (EM), formerly known as Enterprise System Manager (ESM), includes a feature called Camera Inspection which allows EM users to notate cameras which need attention for a later date.
This handy feature means you can easily create a punch list of cameras which need attention for integrator/installer work orders to do things such as:
Clean camera domes/lenses
Maintain camera focus on subjects
Trim foliage or remove debris blocking camera views
Re-orient camera field of view if a camera has been tampered with or nudged
Beneath the Cameras header on the navigation menu, click on Inspection.<br><br>
A paginated view of available cameras is displayed. Each camera listed will display the Server Group name / Server name / Camera name at the top of its box.
Orange border = Has not been checked
Green border = Marked Good
Red border = Marked Bad
To work effectively a reference image would have been set when the camera was added/installed. This image appears on the left and can be set using the Use current image as camera image link on the camera details page.<br><br>
Use the Camera Inspection page by comparing the current snapshot on the right with the one on the left. <br><br>
Mark Good if you are pleased that the current snapshot indicates no action is needed.
Mark Bad if further action is needed.
Clicking the View Details link allows the user to enter additional comments, such as “Camera is out of focus”, or, “Camera dome needs cleaned”. Comments could also include notes about the person or date/time an issue was resolved. The bottom corner allows navigating through all cameras one by one while in the details/comments view.
After marking each camera, you may export a report to provide your integrator/installer. <br><br>
After issues have been fixed, use the Camera Inspection tool to Mark Fixed.<br><br>
Downgrading ExacqVision Enterprise Manager from 23.06.0.0 to any version lower will prevent users from accessing the ExacqVision Client software due to the migration to AES-128 from ARC4 Encryption methods used on earlier ExacqVision Enterprise Manager versions.
Downgrading or “Rolling Back” Enterprise Manager software from versions 23.06.0.0 and up to a lower version is not recommended due to this encryption migration.
Note: It is advised to take an Enterprise Manager backup of your system prior to attempting any upgrades/downgrades. Best Practices would include taking a database back up of PostgreSQL or Microsoft SQL.
Product
ExacqVision Enterprise Manager versions 23.06.0.0 and higher subsequently released versions.
Steps to Reproduce
Downgrade ExacqVision Enterprise Manager software to any prior version from 23.06.0.0
Expected Results
This downgrade should complete reflecting the new version, and all functionality should remain intact.
Actual Results
ExacqVision Client users will receive the error: “Invalid Username/Password account locked or disabled” upon trying to log in after the downgrade has been performed.
Solution
Do not downgrade from ExacqVision Enterprise Manager versions 23.06.0.0 to a lower version. If you find this needs to happen for an unforeseen reason it is recommended to uninstall the current version of Enterprise Manager 23.06.0.0 or higher, followed by installing the desired legacy version which will require rebuilding the configuration.
EM does not allow for the Root Group to select the option of Synchronization Conflict Resolution for Automatically Resolve Conflicts and remove Unauthorized Users as seen below.
Note: That even on a New Group- that the Group Name Needs to be provided and the Synchronization Conflict Resolution is able to be Applied.
Product
EM All Versions.
Solution
If this is seen on a Group with a Users in that Group of ROOT- then in order to select the Synchronization Conflict Resolution with Auto Resolve conflicts and remove unauthorized Users- you must create a New Group other than ROOT.
IMPORTANT For Instructions on current versions of exacqVision Enterprise Manager versions 22.06 or higher see Knowledge Base Article #12804
This document details how to enable HTTPS connections to exacqVision Enterprise System Manager on versions 22.03 or lower.
For a trusted certificate, it is recommended that you purchase a third-party intermediate certificate from one of many online providers. If you are using a third-party certificate you may skip ahead to the section titled, “Obtaining a Third-Party Certificate”.
These steps will detail how to create a self-signed certificate, but be aware that web browsers will warn users that the certificate is untrusted if you are using a self-signed certificate or one from a private/internal certificate authority.
CREATING A SELF-SIGNED SSL CERTIFICATE
Windows
1) Click on the Windows Start button and type ‘CMD’. Right-click on the CMD icon and choose ‘Run as Administrator’.
2) Set the environmental variable that will be used by OpenSSL later by typing:
set OPENSSL_CONF=C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\conf\openssl.cnf
Press Enter.
3) Change your working directory by typing:
cd "C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\bin"
You will be prompted to enter a PEM pass phrase. Enter anything you like but you will need to re-enter this in the following steps.
PEM pass phrase:
5) You will be prompted with several questions for the certificate, answer these according to your needs. COMMON NAME should be the IP address or FQDN that users will access to reach the ESM web site (ex. www.domain.com or esmserver.domain.com).
You will be prompted with a series of questions. – Use data specific to your site. – Items can be left blank with the exception of Common Name – Common Name (e.g. server FQDN or YOUR name) should be the IP address of EM Server
Verify the md5 hashes match, if they DO NOT then see the troubleshooting section below before proceeding.
Step 3 Edit Apache Configuration
cd /usr/local/exacq/esm/apache_solr/apache2/conf/extra
sudo gedit httpd-ssl.conf
Make the following changes, save the file and then close gedit.
Step 4 Restart the enterprise-webservice
sudo service enterprise-webservice stop
sudo service enterprise-webservice start
<br>
OBTAINING A THIRD-PARTY CERTIFICATE
If you are planning to acquire a third-party certificate from a trusted provider, you may need to provide them with a Certificate Signing Request (CSR) file.
Enter all the fields click on the ‘Submit’ button to download the ZIP file. Inside this ZIP file is the CSR file and RSA key to give to your certificate provider.
If you purchased a chained certificate, be sure to download the appropriate intermediate bundle.
Once you have downloaded the files from your provider:
Rename the .crt file to ‘server.crt’.
Rename the .key file to ‘server.key’.
If you have a chained certificate, rename the chain file to ‘server-ca.crt’.
Place the renamed files from your Certificate Authority (CA) into the following directory:
When purchasing an SSL certificate, many providers offer an Intermediate Bundle, or additional certificates that must be present to link your certificate to a root certification authority. Usually the provider will have documentation on how to accomplish this with Apache, but it is a good idea to ask them before or during the purchasing process. Exacq is not responsible for making your certificates capable of working with Apache.
It is possible to combine all the intermediate certificates that a provider may give you into one file. Consult your provider for more information.
<br>
ENABLING SSL FOR HTTPS CONNECTIONS
Be sure that you have followed the steps above to place the certificate files necessary for either a third-party certificate or a self-signed certificate into the correct directory before continuing with the following steps.
Windows
1) Click on the Windows Start menu and find the Windows Notepad program. Right-click on this and choose to ‘Run as Administrator’. If you do not run Notepad as an administrator you will be unable to save your changes.
2) With Notepad open, click on the ‘File’ menu and choose ‘Open’ or press CTRL-O on the keyboard.
In the Open browser, change the drop-down menu for File Type from ‘Text Documents (*.txt)’ to ‘All Files (*.*)’.
Use the Open browser to open the C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\conf directory and highlight the file titled ‘httpd.conf’ then click ‘Open’.
3) Find the following line:
LoadModule ssl_module modules/mod_ssl.so
Remove any pound (#) sign in front of this line if there is one.
Now, find the following line:
Include conf/extra/httpd-ssl.conf
Remove any pound (#) sign in front of this line if there is one.
Save the file.
4) Still using Notepad, open the file titled ‘httpd-ssl.conf’ located in C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\conf\extra
Find the following line:
ServerName www.example.com:443
Change the ‘www.example.com’ portion of this line to ‘localhost’.
Save the file and close the window.
5) Restart the solrApache service in Windows services (services.msc).
Linux
1) Open a Terminal prompt.
2) Change your working directory by typing:
cd /usr/local/exacq/esm/apache_solr/apache2/conf
Press Enter.
3) You may use any editor you feel comfortable with, such as vi or nano, but if your are more inclined to using a graphical interface you may use a program called ‘gedit’ to make the following changes.
In the Terminal, type:
sudo gedit httpd.conf
Press Enter.
4) Find the following line:
LoadModule ssl_module modules/mod_ssl.so
Remove any pound (#) sign in front of the line if there is one.
Now, find the following line:
Include conf/extra/httpd-ssl.conf
Remove any pound (#) sign in front of the line if there is one.
Save the file and close the ‘gedit’ editor window to return to the Terminal prompt.
5) In the Terminal, type:
sudo gedit extra/httpd-ssl.conf
Press Enter.
Find the following line:
ServerName www.example.com:443
Change the ‘www.example.com’ portion of this line to ‘localhost’.
Save the file and close the window to return to the Terminal prompt.
6) Restart the service in the Terminal by typing:
sudo service ESMWebservice restart
<br>
FORCED REDIRECT FROM HTTP TO HTTPS
If you want to force users who try to access the site on port 80, using HTTP, to use the secure HTTPS connection you will need to enable a redirection.
Windows
1) Click on the Windows Start menu and find the Windows Notepad program. Right-click on this and choose to ‘Run as Administrator’. If you do not run Notepad as an administrator you will be unable to save your changes.
2) With Notepad open, click on the ‘File’ menu and choose ‘Open’ or press CTRL-O on the keyboard.
In the Open browser, change the drop-down menu for File Type from ‘Text Documents (*.txt)’ to ‘All Files (*.*)’.
Use the Open browser to open the C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\conf directory and highlight the file titled ‘httpd.conf’ then click ‘Open’.
Remove the pound (#) signs in front of these two lines.
Save the file.
4) Restart the solrApache service in Windows services (services.msc).
Linux
1) You may use any editor you feel comfortable with, such as vi or nano, but if your are more inclined to using a graphical interface you may use a program called ‘gedit’ to make the following changes.
Remove the pound (#) signs in front of these two lines.
Save the file and close the ‘gedit’ window to return to the Terminal prompt.
3) Restart the service in Terminal by typing:
sudo service ESMWebservice restart or sudo service enterprise-webservice restart
<br>
TROUBLESHOOTING
1) Some versions of Internet Explorer do not easily work with services running locally or may display pages incorrectly. If this happens, try clearing the browser’s cache by pressing CTRL-F5 on the keyboard. If the problem is persistent try installing another web browser, such as Chrome.
2) If the solrApache service fails to start after configuring it for SSL:
[Wed Mar 04 09:08:54.512004 2017] [ssl:emerg] [pid 19116] AH02565: Certificate and private key www.example.com:443:0 from server.crt and server.key do not match AH00016: Configuration Failed
c) If you see this log entry, complete the following steps:
1) Change your working directory to the location of openssl.exe
Windows (CMD) – cd C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\bin
3) Compare the resulting values output after running each of the preceding commands. Each resulting string should be identical. If the values do not match, confer with the certificate authority that issued the certificate.
When using exacqVision Enterprise Manager version 22.03. Some of the information of servers is not shown even if the user has the correct rights. This may also affect creating users.
Product
Enterprise Manager 22.03
Steps to Reproduce
Add Server to EM
Go to Cameras
Expected Results
All cameras are displayed with all information.
Actual Results
Camera name and address are missing.
Solution
This a sync issue with EM and the server please upgrade to 22.06 to resolve this issue.
If Exacq Enterprise Manager services on Windows are not starting and giving this message
Usually, it’s going to be a user privileges issue, and the user that is used for running the service is not able to start it
Solution
Sometimes in the domain environment, the service users will be restricted and will not have the permission to run the services and will need to change the login user to an admin user from the login tab for each service in order to make it works
When attempting to automatically import systems from a URL on startup the import fails.
Product
exacqVision Server
Steps to Reproduce
From the exacqVision Client navigate to the Add Systems page (Configuration > Add Systems)
Select the Import/Export Tab Enable Automatic Import
Select either URL on Startup or Synchronize with exacqVision Enterprise Manager
Expected Results
The system list is imported on startup
Actual Results
The list is not imported and an error similar to the following which includes “Reason: Could not open local temporary file” displays.
Solution
The currently logged in user does not have permissions to write to %userprofile%/AppData/Local/Temp. The system administrator will need to modify the users permissions to allow Read, Write and Delete privileges.
<br><br>
