Issue
Emails for a “No Recording” event do not contain the source name, but instead say “Unknown”.
<br>
Workaround
None
<br>
Version Affected
exacqVision Server 9.2.0 – 19.06
<br>
Version Fixed
exacqVision Server 19.09
<br>
Tag: Server Software
Symptom
In the exacqVision Client software on the ‘System Configuration’ page, under the ‘Date/Time’ tab, the Time Zone drop down menu has only one option, UTC-0.
<br>
Problem
The user cannot set the proper server time zone.
Affecting only Windows systems, the script that obtains the time zones from the operating system has failed. The ‘timeconfig.ps1’ script will fail if the system is running PowerShell 2.0.
To check the version of PowerShell installed, open a PowerShell command prompt and enter: Get-Host | Select-Object Version
<br>
Solution
Steps to correct:
- Update the installed version of PowerShell to 3.0 or higher.
- When the update has completed, restart the system.
- Run the exacqVision Server installer over the top of the existing install.
- Open the exacqVision Client software and set the proper time zone.
<br>
Note: Only H.264 streams are currently allowed for Cloud Drive. All other streams will be hidden on the Archiving Schedule page.
Note: Audio is not currently supported for Cloud Drive.
<br>
As of 9.8, Cloud Drive technically runs as a side integration that is installed by default. This results in log files that are separate from the Server’s regular logs. Cloud Drive activity can be confirmed only by accessing the logs in the following location on the Server:
- Windows: C:\Program Files\exacqVision\Server\cloud-drive\logs\YYYYMMDD.txt
- Linux: /usr/local/exacq/server/cloud-drive/logs/YYYYMMDD.txt
<br>
To confirm that Cloud Drive is functioning appropriately, look for: INFO successfuly uploaded clip for uuid /tmp/4719360_1550870199563.mp4:
<br>
If a 30 second clip fails to upload to Cloud Drive within the allowed time-frame, the following log will appear and the video is discarded: ERROR failed to upload clip for uuid /tmp/4719360_1550847735563.mp4 (7): curl_easy_perform() failed: Timeout was reached
<br>
Cloud Drive will attempt to create .mp4 files in the System’s Temp directory:
- Windows: C:\Windows\Temp\
- Linux: /tmp/
The file pattern looks like: 4719360_1550847735563.mp4
The first set of numbers (4719360) is the Camera ID, which can be verified by right-clicking on any video stream in the exacqVision Client and selecting Properties.
The second set after the underscore will be the Unix Epoch time when the file was created.
<br>
A maximum of 3 files will be created and held in Temp per capable device. If this queue is already maxxed, Cloud Drive will discard any future video until at least one of the current uploads completes and clears one of the files from the queue. The following log will occur:
request failed for /tmp/4719360_1550847985563.mp4: too many clips in cloud upload queue (max X)
<br>
Troubleshooting-Cloud-Drive.pdfThe instructions below differ based on the firmware versions on your Axis cameras. Please check your camera’s firmware version prior to continuing.
<br>
Edge Storage recording is currently supported for recording based on motion events. Setting the camera(s) to continuous recording may produce unpredictable results.
<br>
Adding the camera to exacqVision:
- When adding your camera(s) to exacqVision on the ‘Add IP Cameras’ page you must use HTTP. HTTPS connections are currently not supported for use with Axis cameras for the Edge Storage feature.
- On the ‘Add IP Cameras’ page, add the following string after the Hostname/IP Address entered for the camera: #transport=udp (i.e. – 192.168.0.5#transport=udp) Note: Some camera firmware versions do not require this override. If the camera is not showing “Edge Storage Status: Supported”remove this string and disable/enable the camera.
<br>
Axis firmware 7.x and above
- Login to the camera’s web interface.
- Enter the Settings menu.
- Go to the System tab.
- Open the Events page.
- Under the Action Rule List, click ‘Add…’
- Enter a name for the event such as ‘NetLossRecording’.
- Under the Trigger drop-down menu, what you choose depends on the type of motion detection you are using.
For VMD1, which is traditional motion detection, select ‘Detectors’. In the menu below this, select ‘Motion Detection’ or ‘Motion Alarm’.
In the final drop-down menu, select the Motion Window to use.
For VMD4, select ‘Applications’. In the drop-down menu below this, select ‘VMD 4.
If you have multiple profiles configured you need to choose the same one being used by exacqVision. - Leave the Schedule set to ‘Always’.
- The stream profile must be set to the same stream that the exacqVision Server is recording.
- Check the duration boxes but leave them at their default settings.
- Change the Storage option to your SD card.
- Click ‘OK’.
- You may examine the SD card to confirm the camera populates recordings locally.
In firmware 7.x and above, this is performed by minimizing the Settings menu to make the Storage icon appear at the bottom of the Live View. - To confirm or test the Edge Storage function you will need to simulate a network disconnection that does not cause the camera itself to lose power. When the camera connection is re-established the server will indicate entries in server logs, and will begin to copy video files from the camera.
<br>
Axis firmware 6.x
- Login to the camera’s web interface.
- Enter the Setup page.
- Open Events > Action Rules.
- Click on ‘Add’.
- Enter a name for the event, such as ‘NetLossRecording’.
- Under the Trigger drop-down menu, what you choose depends on the type of motion detection you are using.
In the final drop-down menu, select the Motion Window to use.
For VMD4, select ‘Applications’. In the drop-down below this, select ‘VMD 4’.
If you have multiple profiles configured you need to choose the same one being used by exacqVision. - Leave Schedule set to ‘Always’.
- Under Actions, set the Type to ‘Record Video’.
- The stream profile must be set to the same stream that the exacqVision Server is recording.
- Check the duration boxes but leave them at their default settings.
- Change the Storage option to your SD card.
- Click ‘OK’.
- You may examine the SD card to confirm that the camera populates recordings locally.
- To confirm or test the Edge Storage function you will need to simulate a network disconnection that does not cause the camera itself to lose power. When the camera connection is re-established the server will indicate entries in server logs, and will begin to copy video files from the camera.
<br>
How-to-Enable-Edge-Storage-on-Axis-Cameras.pdfFile systems supported by ExacqVision are as follows:
<br>
Windows:
- NTFS
Ubuntu/Linux:
- ext4 (recommended)
- ext3 (only used for older 8.04 systems)
<br>
Using file systems other than those listed may result in data loss, inability to recognize storage volumes, incompatibility when updating to future software versions.
<br>
Description
Increasing customer reports of storage alarms with “poll error” on Linux systems. This is a legitimate indication that core’s memory usage is high enough to prevent us from executing storage monitoring utilities, and user should somehow reduce memory usage.
<br>
However, server 9.9.8 introduces a redesign of SysmgmtPI that eliminates the occurrence of poll errors, by moving utility execution into the exacqd process, which remains at low memory usage. In turn, storage alarms will be more meaningful to users, and this will also reduce the frequency of all-encompassing storage alarms that are essentially false positives.
<br>
Platforms
Linux 16.04 x64 (any Linux is vulnerable, but Windows is safe)
<br>
Steps to reproduce
Keep adding streams to increase core’s memory usage. Can probably exacerbate with free run recording, higher resolution/quality, etc.
<br>
Expected result
Drives remain healthy, and various storage hardware operations like self-test or driveprep should remain functional.
<br>
Actual result
All drives become alarmed with “poll error”.
<br>
Work around
Reduce memory usage (less streams, lower resolution, restrict recording) to keep core’s usage at below 50% of physical memory.
<br>
Resolution
exacqServer 9.9.8 or later
<br>
How-to-eliminate-storage-alarms-with-poll-error.pdfAxis is making the transition on the camera motion detection engine from VMD1 to VMD4. VMD1 is the motion detection engine that Axis plugin has been supporting. Starting with camera Firmware 6.50, motion detection application VMD4 is pre-installed on the camera. Compatible Cameras with earlier firmware versions could also load VMD4 application and get the same functionalities. For now, both VMD1 and VMD4 are supported from the firmware, except configuration GUI for VMD1 has been deprecated from the camera web page with firmware 6.50 and only CGI is supported. Axis also plans to eliminate VMD1 support in a future firmware release and will moved to using only VMD4.
Here is what we expect with Axis support starting with server version 9.0
*From a server upgrade with existing Axis cameras already using VMD1
— Axis plugin will continue to support VMD1 configuration and handle VMD1 events as motion.
*new Axis cameras connecting to the server.
— For cameras with VMD4 support (without VMD1 or VMD4 configured), the plugin will default to using VMD4 for motion detection. VMD4 configuration will be supported from exacqvision client (after server 9.0).
— Cameras with older firmware without VMD4 loaded will be supported with VMD1.
— Cameras with VMD4 but have existing VMD1 motion region configured on the camera will be defaulted to using VMD1.
Any cameras with both VMD1 and VMD4 support can be defaulted to using either one by clearing all VMD1 motion regions to use VMD4. Or removing the VMD4 application will also default it back to using VMD1.
Another way to restore back to using VMD1 without removing VMD4 app is first disable VMD4 from the camera web page. Create a dummy default VMD1 motion window from the “Plain Config” and “Motion” group section in the advance setting of the camera web page. Add camera to ExacqVision.
VMD4 motion configuration will not be supported in exacqvision client only when connected in HTTPS mode. The work around is to configure motion on the camera if the user wants to connect with HTTPS. The plugin would handle VMD4 motion events as normal.
Axis-cameras-may-stop-detecting-motion-on-firmware-update.pdfIf a USB I/O module was previously used and later disconnected from the server, the software will retain the configuration and the module will remain listed in the left-side navigation panel.
If you wish to permanently remove this device from appearing in the software, you will need to log in to the server’s operating system as an Administrator and perform the following steps.
Windows
- Log in to the operating system’s admin account.<br><br>
- Click Start, type services.msc, and press Enter.<br><br>
- Right-click on the ExacqVision Server service and select Stop. Keep the Services window open.<br><br>
- Browse to C:\Program Files\exacqVision\Server and rename the usbdiopi.xml file to usbdiopi.bak.<br><br>
- Back in Services, select ExacqVision Server and click Start.<br><br>
Linux
- Log in to the operating system’s admin account.<br><br>
- Open a Terminal window, by pressing CTRL+ALT+T, and type the following to stop the ExacqVision Server service:
sudo service edvrserver stop- When prompted for the password, enter the operating system’s admin password and click Enter. You will not see the password as you type it.<br><br>
- Type the following single-line command in Terminal to rename usbdiopi.xml to usbdiopi.bak:
sudo mv /usr/local/exacq/server/usbdiopi.xml /usr/local/exacq/server/usbdiopi.bak<br><br> - Type the following in Terminal to start the exacqVision Server service:
sudo service edvrserver start
<br>
Exacq upgraded they software signing certificate, which means Windows 7 systems will require Windows update KB3033929 for Hardware Monitoring and motherboard watchdog functionality to work.
<br>
Link to download the KB: https://www.microsoft.com/en-us/download/details.aspx?id=46148
<br>
Windows-update-KB3033929-required-for-8.6-release.pdfexacqVision’s default method for archiving recorded data uses the SMB protocol. Using an exacqVision S-Series storage system makes configuring archiving simple. Users may also archive to SMB shares configured on their own third-party systems, but installing and configuring Samba or SMB Shares on non-Exacq built systems is outside the scope of Exacq Support.
There have been several iterations of SMB since the protocol was first introduced. Devices wishing to communicate via SMB must first perform a negotiation to determine which version they will use. The version and dialect of SMB chosen will determine what features are used.
<br><br>
Versions
Discussing versions quickly becomes a tangled web, which we will try to unravel here.
When capturing the network traffic between two devices, using applications such as Wireshark, the protocol will be listed as SMB2, which supports many dialects including 2.1, 3.0, 3.1, which can cause some confusion as many people will refer dialects as versions. We will be using the term dialect for these here.
Introduced in 2015, dialect 3.1.1 is the latest release of SMB at the moment. While SMB is the protocol used, SMB is implemented on Linux systems using an application named Samba. Samba provides support for SMB as well as other protocols, thus it has it’s own version numbering separate from SMB. Samba has supported SMB dialect 3.1.1 since Samba 4.3.
How to check the version of Samba installed on your S-series or other Linux system:
- Open a Terminal window, by pressing CTRL+ALT+T
- Type
samba --version, and press Enter.
<br><br>
Server Signing
Server signing is a security method used by SMB. When signing is enabled, every SMB message includes a signature key and a hash of the entire message is included in the message header.
How does signing help protect data? In addition to verifying the identities of the sending and receiving devices, the nature of hashing means that if an attacker changes the message between the NVR and the archive share, the hash will no longer match.
<br><br>
Encryption
SMB version 2.0 provides encryption, but used HMAC-SHA256 encryption. SMB 3.0 updated the encryption used to AES-CMAC and AES-CCM. SMB 3.1.1 then updated to support AES-128-GCM and AES-128-CCM as well as other security enhancements.
| SMB Dialect | Encryption Method |
|---|---|
| 2.0 | HMAC-SHA256 |
| 3.0 | AES-CMAC and AES-CCM |
| 3.1.1 | AES-128-GCM and AES-128-CCM |
<br><br>
Manual Enforcement
As mentioned above, when two devices attempt to communicate using SMB they first negotiate the connection to determine the version and dialect they will use.
The client first advertises to the server which versions and dialects it supports. The server replies with the highest version and dialect it supports so they can agree. In the case of exacqVision’s Archiving, the client is the recording NVR system and the server is the S-Series system.
IMPORTANT: Because the protocol automatically selects the highest version both devices support, and because SMB signing and encryption are mature technologies, there is usually no need to manually configure settings. It is recommended only in situations where specific network requirements must be enforced to function properly.
<br>
To manually configure SMB:
- On the S-Series server, open a Terminal window by pressing CTRL+ALT+T
- Use
sudopermissions to edit/etc/samba/smb.conf - Locate the
[global]settings section. - Beneath the
[global]tag, add the following lines:server signing = mandatory
server min protocol = SMB3_11
server max protocol = SMB3_11 - Save your changes, then exit the file.
- Restart Samba by entering
sudo /etc/init.d/samba restart
The entries given for Step 4 above enforce server signing as well as SMB dialect 3.1.1. Attempts to connect with anything else would fail. A list of possible options for these three entries is given below.
server signing = [default, auto, mandatory, disabled]
server min protocol = [SMB2, SMB2_02, SMB2_10, SMB3, SMB3_00, SMB3_02, SMB3_11]
server max protocol = [SMB2, SMB2_02, SMB2_10, SMB3, SMB3_00, SMB3_02, SMB3_11]
Note: ‘server min protocol’ should be the same or lower than ‘server max protocol’. If these are different values the client and server must support a dialect in between these values. If these are the same value, they must support that specific dialect.
IMPORTANT: Without editing the configuration at all, the default behavior when these fields are excluded from the smb.conf file are the same as entering the following:server signing = auto
server min protocol = SMB2_02
server max protocol = SMB3
<br>