When watching search back in the Exacq WebService Thin Client at high speeds for longer duration’s the search will skip to the end of the search results. This results in a black screen after being able to view the searched contents and scrubbing the video at 16x’s speed and higher.
Product
exacqVision Web Service 22.12.2.0 through 23.09.7.0.
Steps to Reproduce
Search a time range of 2 hours using the web client.
Video will play back from the search results.
Scrub the video at 16x speed to 32x speed and the search marker will skip to the end of the search content.
Expected Results
Users should be able to scrub the entirety of the the searched content with no skipping.
Actual Results
The playback scrubber/cursor skips to the end time of the search content, displaying a black box.
Solution
A fix was introduced in branch build exacqVision Web Service 23.09.107.0 (x64). Please contact technical support for assistance on installing this build. A Permanent fix will be in our March 2024 Release. Version 24.03.
The method used for connecting to an exacqVision system from outside the LAN it resides on will depend on your network configuration and use case. Examples are provided below based on each method.
Remote Connections
Remote Connections are supported by exacqVision Server/Client 24.09 and above to facilitate connections from the exacqVision Mobile app. When considering the network configurations Remote Connections eliminate the need to open ports or enable port forwarding rules on your router by using Exacq’s Remote Connectivity service. Users of the mobile app enter an access code generated by the system admin and the Remote Connectivity agent handles the connecting of the mobile app user and the Server.
NOTE: Remote Connectivity does not accept connections for the Desktop Client software or the earlier Exacq Mobile 3 app. Only exacqVision Mobile 24.09 and higher are supported.
<br>
Traditional
In a traditional setup, the site’s router is configured to port forward incoming external connections on each port. The ports configured for forwarding incoming traffic vary depending on whether users will connect via exacqVision Desktop Client software, the web browser client, or a mobile app.
<br>
Web Relay Service
Sites using exacqVision Web Service 19.06 and higher may wish to take advantage of the web service Relay, which provides a web-based proxy to connect to, avoiding the need to configure the router for port forwarding. When enabled, the exacqVision Web Service Status page will display the Relay Service IP. Remote users will then be able to connect their Exacq Mobile 3 app or web browser client directly to this proxy IP address.
NOTE: The Relay Service does not accept connections for the Desktop Client software, only web browser and Exacq Mobile 3 connections.
Yes, All of the NVR’s we provide allow the use of the Web Services to run on that local machine. There are exceptions to this with the different hardware we provide. There are scenarios that might impede the performance on any Operating System, given the work load or use case for said machine.
One example of this is if we are using high resolutions, high FPS, and quality for the cameras being viewed. This can cause a direct performance decrease when viewing from thin client or Exacq Mobile 3 application.
Performance of both the local client and the Web Server could be noticeably slower due to CPU capability. A system with an Intel Atom processor, for example, will experience a performance tradeoff for the low power consumption and reduced cost of this processor.
The exacqVision Web Service is used to transcode streams. As a result, higher Frames Per Second and Resolutions of cameras have increased over the past few years allowing for the potential load on the web service to be greater in proportion to that of the Web Browser Clients. This could be seen as well on LC units, and even on the A series units with Core 3 processor depending on the load that is on the web service.
Another example might be on exacqVision G and Q systems, the Intel Celeron processor can run exacqVision Client and Web Server simultaneously. The exacqVision Client performance is still dependent on the processor.
For example: For Professional requirements see the Client Workstation Hardware Requirements found in the link below.
Under the System Requirements is a list of recommended hardware.
In certain scenarios overloading the CPU can result in lower display frame rates and black screens. To help Mitigate these issues, adjust the cameras settings to meet the demand of the CPU. Lowering the resolution, frames per second and quality of the cameras setting can help reduce this behavior. If available, another way is to mitigate this behavior would be to create a custom view with secondary streams for the camera. This allows the ability to see a lower stream quality at the Web Browser Clients, or Exacq Mobile 3 application while maintaining the recording of the higher quality stream at the recorder.
At times is may be necessary to change the exacqVision Web Server Logging Level. By far the most common usage is changing from the default Error logging level to Debug and then back again.
Product
exacqVision Web Server
Solution
In order to assist with troubleshooting exacqVision Web Server issues it is sometimes useful to increase the verbosity of the log files by changing the log level. Once the necessary information has been gathered it is good practice to change the log level back to the default, Error Logging Level.
Change to Debug Logging Level
From Web Service Configuration
Navigate to Configuration, then Logging
Click the dropdown and change the Logging Level to Debug
Apply the change and restart Web Service
Return to the Landing Page
Force or wait for the issue to recur.
Change to normal (Error Logging Level)
From Web Service Configuration
Navigate to Configuration, then Logging
Click the dropdown and change the Logging level to Error
An authenticated exacqVision Web Service user could access a web page that does not properly preserve the web page structure.
Impact
The software does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed as output that is used as a web page that is served to other users.
Affected Versions
All versions of exacqVision Web Service up to and including 21.03.
Mitigation
Upgrade all previous versions of exacqVision Web Service to the latest version of 21.06+.
Retrieving event monitoring information from the web service is broken in 8.4. Currently, requests to eventmonitoring.web will return an empty profile list, independent of any configured event monitoring profiles.
Note: This directly affects the registration and receiving of push notifications in mobile.
<br>
Version Introduced
exacqVision Web Service 8.3.14
<br>
Platform
Web Service / All
<br>
Steps to reproduce
Make a request to eventmonitoring.web.
<br>
Expected result
Call succeeds and the profiles key of the returned JSON is a populated array.
<br>
Actual result
Call succeeds but the profiles key of the returned JSON is an empty array.
When logging into the web service with a user queried against LDAP, either through the client or the mobile app, the user is logged in but the exacqVision admin access permissions set for the user are incorrectly disabled. In this situation, even if the user has permissions to configure the server, the options to do so are not displayed.
<br>
Workaround
Downgrade to prior version of the web service or evAPI
The following steps are intended for manually setting the certificate and key path for exacqVision Web Service versions 8.4 and higher.
NOTE: Wildcard certificates cannot be uploaded through the exacqVision Web Service administration interface. However, they may be used when manually configured.
<br>
Products
exacqVision Web Service version 8.4 and above
<br>
Steps
Find the web service configuration file:
Windows: C:\ProgramData\Webservice\conf\wfe.json
Linux: /etc/webservice/wfe.json<br><br>
Open this JSON configuration file with the text editor of your choice.
Windows: Open the text editor choosing, ‘Run as Administrator’
Linux: Run with sudo privileges when needed.<br><br>
Within this file, locate the top-level key ‘webserver’.<br><br>
One level underneath the ‘webserver’ key, locate the ‘tls’ key.
Note: The ‘tls’ key is optional. If it does not exist, create it as such: "webserver": { "listen": 80, "tls": { }<br><br>
Inside the ‘tls’ key, modify the values for the following fields (creating keys for them if they are not already present)
“type”: The literal string “external” (including the quotes)
“listen”: The port on which you want the web service to conduct HTTPS traffic. The default HTTPS port is 443. Provide this value as a literal number without quotes.
“cert”: The absolute path to your HTTPS certificate (surrounded in double-quote markers, e.g. “/home/admin/certificates/webservice.cert”)
“key”: The absolute path to your HTTPS private key (surrounded in double-quote markers as well)
If you have followed these steps correctly, the contents of webserver key section of the wfe.json should now look something like the following: "webserver": { "listen": 80, "tls": { "listen": 443, "cert": "path/to/your/cert", "key": "path/to/your/key", "type": "none" }<br><br>
Edge cameras cannot run the exacqVision Web Service. If you want to connect to an Edge camera using the Web Client or the Exacq Mobile 3 app you will need to install the exacqVision Web Service on another machine.
The web service can be run on other machines but you will need to enter the Web Service Configuration to change the default server address from the loop back of 127.0.0.1 to the address of your Edge device(s).
Unlike an NVR installation of the exacqVision Server, the Edge Server application does not permit changing the default listening port for incoming client connections. Therefore, if you need to use the web service with Edge cameras you will need to configure the proper port forwarding for these connections. The addresses and port forwarding used depend on where you are placing the web service, and whether you are using multiple Edge devices behind the same router.
<br>
Web Service Inside LAN
If the web service is inside the same Local Area Network as the Edge cameras, you may use the Server Connections page in the Web Service Configuration to connect the web service to each Edge camera. This requires minimal port forwarding in the router.
<br>
Web Service Across WAN
If the web service is placed outside of the Local Area Network the Edge cameras are on, you will need to configure port forwarding as well as port translation. Port translation is used because the listening port of the Edge servers cannot be changed from their default port numbers.
NOTE: Some home or small business routers may not be capable of port translation.
Follow the instructions in Article 1002 to configure HTTPS support in the Web Service.
<br>
Version 8.2 and Lower
SSL, a security system combining authentication and encryption, is used to protect communication between a web server and client. Enabling SSL on a web server allow all clients connecting to that server two key protections:
The client is able to identify the server. There is no way for a fake server to misrepresent itself to a client.
The communication between the client and server is encrypted, preventing a third-party from seeing what data is sent. This ensures the safety of private communication such as usernames and passwords, video data, and more.
NOTES:
This article assumes that exacqVision Web Service version 3.10 or later has been installed with default settings. If you are running version 3.0 to 3.8, see the attached legacy PDF.
A self-signed certificate allows you to use a web browser, but it does not work with mobile devices. Only trusted third-party certificates work with mobile devices.
To use SSL with exacqVision Web Server in Linux, complete the following steps:
Stop exacqVision Web Server by typing sudo /usr/local/exacq/webservice/service.sh stop in a Terminal window.
Open the Web Server Apache Configuration file by typing sudo gedit /etc/evapache/httpd.conf in a Terminal window. Find the following lines:
Delete the pound signs (#) at the beginning of each line.
Save and close the file.
It is recommended, but not required, that you disable the access log for SSL, as this file can grow very large. To do this, open the Apache SSL Configuration file by typing sudo gedit /etc/evapache/extra/httpd-ssl.conf in a Terminal window. Find the line with the following text:
TransferLog “${SRVROOT}/logs/access.log” Change it to:#TransferLog “${SRVROOT}/logs/access.log”When finished, save and close the file.
Open the Web Service configuration file by typing sudo gedit /etc/webservice.conf Add the following lines to the end of the document:
If you were issued certificates, rename them to server.crt and server.key and save them to the /etc/evapache directory and then skip to Step 10. Otherwise, continue with the following steps.
Run cd /etc/evapache in a Terminal window.
To create a self-signed certificate, type sudo openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/evapache/server.crt -keyout /etc/evapache/server.key and answer the questions. NOTE: COMMON NAME should be the IP address or FQDN that you use for access to your exacqVision Web Service.
Re-start exacqVision Web Server by typing sudo /usr/local/exacq/webservice/service.sh restart.
NOTE: To connect to exacqVision Web Server using SSL, you must use HTTPS instead of HTTP.
Troubleshooting
If exacqVision Web Service does not start after configuring it for SSL, complete the following steps:
Open the Apache error logs, found by default at /user/local/exacq/webservice/evapache/logs/error_log.
Look for an entry similar to the following:
[Wed Mar 04 09:08:54.512004 2015] [ssl:emerg] [pid 19116] AH02565: Certificate and private key www.example.com:443:0 from CERTIFCATE_FILE_NAME.crt and KEYFILE_NAME.key do not match AH00016: Configuration Failed
If you see this entry, complete the following steps:
a.) Run the following commands, replacing the values in all caps with your values:
b.) Compare the result values from all of the calls. Each resulting string should be identical. If the values do not match, confer with the certificate authority that issued the certificate.
NOTE: Web Sockets communication will not work using SSL encryption for Web Service versions 7.2.0 – 7.2.6.
Workaround
Disable web sockets in the client configuration page of the browser Client.
Resolution
Update to exacqVision Web Service version 8.4 or later.
