Hope someone can HELP!

[aLf]

Hi all. I have a really strange problem which just started. UDI Tech has been working on it and none of us can come up with an answer. Please help if you can...

 

A bit of background; ISY99, 2.7.14 firmware (problem started on 2.7.12), (upgraded as part of the troubleshooting). Never had the problem previous of back through 2.7.6. As far as I know, nothing on (My Network) has changed, in saying that I wonder about the ISP. We have tried many different scenarios both my computers and UDI's. The problem still stays. In short, I can't log into ISY remotely via https or http. I can however get in via my iPhone and also if I VPN tunnel form a remote location into the (ISY home router). I never have a problem getting in locally either using the 192 address or the web URL (the same URL that will not work externally). The router is a DrayTek 2930 and not only have I gone through the firewall of the router so has UDI, its firmware has not changed. We even set ISY in the DMZ with no luck. The only other items on (My Network) are several Panasonic webcams, which we disabled in the router as well as unplugged from the router with no change.

 

THe good news is that I can acces via iPhone, but sure would like to get to the bottom of it.

 

Thanks ahead of time.

 

Regards,

 

aLf

[upstatemike]

No idea about your problem but I can tell you I use Panasonic webcams and they do not cause me any issues with remote access.

[JacquesB]

Hello aLf,

 

If the IP settings look correct (default gateway, netmask, etc.), try to send an e-mail from your ISY straight to an Internet e-mail server on Internet (your ISP should offers one). If your ISY is unable to send an e-mail straight on the Internet, your ISY is probably unable to communicate with the Internet at all and the problem is at layer 2 (Ethernet) or 3 (IP).

 

If your ISY is able to send e-mails to Internet, your problem is at layer 4 (TCP) or higher (application).

 

Give us the results of this simple test and we will be capable of doing more.

 

Good luck,

 

Jacques_B

[aLf]

JB:

 

I've done all those tests and more. Yes ISY can email. The problem lies in the Administrative Console. It is totally accessable via VPN and then logging on to it via the local address. If you try to get in https remotely using the /admin it fails. I know that this sounds strange, and it is. ISY works 100% in ALL other functions aside from the /admin log-ins.

 

aLf

[JacquesB]

Hello aLf,

 

strange it is, but we should be capable of figuring it out

 

Here is another thing to test :

 

From a remote location, try to connect to the ISY with a telnet client (or OpenSSL). If your are not used to it, all you have to do is :

telnet your.ip.addr.ess 80
GET /admin HTTP/1.0

 

Be careful about upper and lower case. Also, take note that backspace and delete will not work : you must have it typo-free or redo it completely. You have to press "Enter" twice after the HTTP/1.0.

 

You should receive something like :

HTTP/1.1 200 OK

Content-Lenght: 1097

WWW-Authenticate: Basic realm="/"

Cache-Control: no-cache

 

and more...

 

For opening an SSL connection, you will need an SSL client like OpenSSL :

 

openssl s_client -connect your.ip.addr.ess:443 -state -debug

 

(the debug of the clear text telnet will be easier...)

 

What kind of answer do you receive from the ISY's HTTP server ?

Is it different if you do the telnet from your local network ?

 

Jacques_B

[aLf]

JB:

 

Get a "lost" callback. Then Close.

 

I'm not local so can't try that.

 

aLf

[JacquesB]

Hi,

 

I'm not sure what you mean by "lost callback", but it sounds like the TCP socket has been handshacked properly, but you received a TCP reset right after that.

 

That could be from your ISP who would have started filtering port 80 / 443. Most ISPs do it.

 

Can you try to move your HTTP listening port 7423 ? Be sure to change it on both the ISY and in your router for port forwarding.

 

If it does not work, can you explain me more about the "lost callback" message ?

 

At least, with this error message, we are now in progress.

 

Jacques

[aLf]

JB:

 

The port for testing has been 9443.

 

aLf

[garybixler]

aLf

 

Was just wondering if you might have been able to temporarily try another router to eliminate either the router or the ISP as the problem?

 

Gary

[aLf]

Gary:

 

I have wrung out this router extensively. No I have not tried another router. My next step is to do some things with backups and ISY itself. That will have to wait a few days however. What does not make sense is tha we are able to get in without the Ad. Console. If it were a router or ISP I suspect that the entire unit would be blocked. As well, you can access via the local 192 address through wireless (AND) I can get in via VPN which also leads me to believe that the router is not the culprit. We placed ISY in the DMZ and had no luck either. Yes, could be the ISP, but why can I get in without the Ad. Console? UDI has some things to try, but agian it will be a few days before I can accomplish them.

 

aLf

[garybixler]

aLf

 

I was thinking of a weird router firmware bug that would affect routing directly to the ISY via /admin. Locally the router would not be involved and a VPN connection would be routing VPN traffic with ISY and other traffic embedded.

Just some thoughts hoping you can get past this problem.

Gary

[aLf]

JB & Gary:

 

Another strange update!

 

On the road. Tried to log into the AC remotely and it works, without using the VPN. had several other people in other states try to log in. All others have the same System Busy-Authenication Error. Then only thing that is different is that I had the option in the hotel to tell the ISP (in hotel) that I'm a VPN user. I selected that option. They tell me the only difference is that I'm provided a Static IP to my room. I then tried to VPN to my office and second home, then in turn tried to log in via the web to the AC. It fails. I then exit everything and again try to log into ISY from the hotel and I get in every time! What do you make of that?

 

I'll be restoring ISY backup and also have a new ISY 99 awaiting my return and will try each and or both as another troubleshooting option. Any other ideas, I'm all ears.

 

aLf

[JacquesB]

Hello aLf,

 

Happy to learn that you made some progress.

 

Also, I agree that more you tell about that problem, the less sense it makes! Static IP or not at an hotel should not change anything because you are going through NAT before going out any way.

 

Or did you ? In the hotel, did you check what your IP address was ? (ipconfig on a DOS prompt and compare it with the value returned by a site like www.myipaddress.com).

 

In all cases, remote access from hotel is one of the worst to diagnose because every one invade the communication in a different way. Are you previous failure all from hotels ?

 

Jacques