Guest Posted July 20, 2012 Posted July 20, 2012 Guys So why is it that 8 out of 10 times I log into my 994i, either thru the standalone admin console, or thru Firefox or Explorer, all my device status's show up blank, like I'm only half on-line. I have disabled firewall which does not seem to make any difference. It's getting quite annoying having to log in over and over to get a properly functioning interface. Cheers
Xathros Posted July 20, 2012 Posted July 20, 2012 This is indicative of a Firewall/AV blocking problem tho I would expect it to be 100% of the time not 80%. If you wait does the status column eventually fill in ? Does the status in the lower left corner of the admin console say System Busy ? What OS, AV and Firewall are you using ? -Xathros
ih574 Posted July 20, 2012 Posted July 20, 2012 I have always had the same problem. I agree that it is a firewall issue. Here are my experiences: My Configuration: I use a separate hardware based firewall between the home automation network and my general purpose network. I keep it pretty restrictive. On the machine I use for the console, I have Java caching turned off. Java version is V6 Update 33 and my ISY firmware is 3.1.17. Windows XP, SP3. All wired ethernet (no wireless). My Symptoms: This issue has occurred since I've had the ISY (almost two years). I do not have the problem when I load the console from a machine on the same IP subnet as the ISY. Interestingly, I never have an issue when I log into the ISY web services (HTML files stored on the ISY) or use any REST commands from any machine regardless of firewall type or whether it is inside or outside the ISY subnet, indicating the base IP communications and TCP ports are sound. Both the java ISY admin interface and the web services are configured for the same TCP port which is open in the firewall. The java ISY Admin console authentication is always successful indicating reliable communications with the ISY through the firewall. When the console loads, it always shows all my devices. However, when it fails (about 80% of the time), it loads the devices but will not show current status of the devices (i.e., on, off, %). Additionally, when it fails, it will not show the notification in the top right that there is a newer version available. Nothing changes if I query devices or let the console sit for 30 minutes. When it loads successfully, it will show device status and the notification for the later version. My Attempted Solutions: At first, I thought maybe the ISY admin console (using something in the Java implementation) was trying to get an ICMP response (ping, traceroute, etc.) or something similar from the originating address which I may be blocking. Maybe the ISY tries to originate a separate connection to the console machine, which I block. I've tried lots of firewall changes (one at a time) such as opening up ICMP, not NATing, creating a reverse proxy rule, and skipping forward proxying. I also tried pinging the ISY through the firewall before I start the console (always successful since I pass pings) so the ISY would already have ARPed the correct MAC address for the return conversation. Nothing has proven to be predictably effective. The only thing that works is to try a few more times. The next thing I'll do (and I haven't yet cause I'm lazy) is to look at some wireshark traces. I had hoped I would stumble on the solution by randomly guessing like I described above. So if anyone has any more ideas about what we could do to correct this, I'll give them a try. r- Tom C.
Michel Kohanim Posted July 20, 2012 Posted July 20, 2012 Hello Tom C. and PLC_guy, Perhaps a little explanation of how ISY works can help you (and us) figure out the best way to solve this issue. This is the flow: 1. When you login, ISY authenticates your userid/password 2. If successful, then the Admin Console sends a subscription request to ISY letting it know that it wants to listen to events ON THE SAME SOCKET (we had to do this since most firewalls do NOT allow a server service to be running) 3. ISY then a) sends a confirmation back and sends the status of all devices on the same socket Some firewall software basically do NOT like conversational sockets and therefore they will block (3b) and thus the reason you do not see any status. And, in most cases, the same firewall software do not mind conversational sockets in the case of HTTPS (they assume that session reuse is going to be used). So, my first suggestion is to try with HTTPS: 1. Go to http://www.universal-devices.com/99i/admin.jnlp ... This should install an icon on your desktop 2. When Admin Console comes up, minimize it 3. Click on the Add button 4. Use the IP address for your ISY in https://your.isy.ip.address … or you could try https://isy (this only works on Windows) If this works, then my hypothesis above is correct. If this does not work, then I would appreciate all the help/pointers/wireshark/etc. you can share with us so that we can find a resolution. With kind regards, Michel
Guest Posted July 20, 2012 Posted July 20, 2012 Hi Gents (Again) Forgot all the gory details....XP SP3 with Kaspersky FW/AV. Even though Kasp. has been shut down when experiencing this, I still wonder if it is still somehow related. It is a wireless connection thru my firewall utilizing port 91. When this occurs admin console indicates "ready" in bootom left corner. Anyways it seems quite reliable (accessed 6 or so times) with acces thru httpS://ip both with admin console, Explorer and Firefox. I'll keep an eye on this for a while Thanks to ALL for your comments and suggestions PLC_Guy
ih574 Posted July 21, 2012 Posted July 21, 2012 Michel, I did some traces on a successful and a failed Admin Console session, where failed means everything in the console comes up except for the device status and the latest version notification. I see the behavior you mentioned above, though it looks like the Console PC closes the session intended for reuse. I've sent a summary of what I saw to the support email below. r- Tom C.
inline Posted July 21, 2012 Posted July 21, 2012 I use Kaspersky too. Go into the settings and then the Web antivirus part. Click the settings under security level and then go to the trusted URLs tab add the URL/IP for the ISY and you should be okay.
Michel Kohanim Posted July 22, 2012 Posted July 22, 2012 Hi Tom C., thanks so very much for the details. Have you used HTTPS? Hi inline, thank you! With kind regards, Michel
KenN Posted August 9, 2012 Posted August 9, 2012 Hi folks, I've just started playing around with a new 994i and ran into similar frustrations, the admin console prompting me to log in every 15 seconds (I timed it!) and several features not working properly, including linking and getting status updates. Searched this forum to see if there was an answer to my problem and bingo, found this thread! So ... I can confirm that accessing my ISY by prefixing the IP with https:// does indeed work, though chrome complains a bit because it doesn't find a trusted certificate or something. I also run Kaspersky AV so I found that adding the ISY's IP to the trusted URL list is a better permanent solution. Thanks! Ken.
Michel Kohanim Posted August 9, 2012 Posted August 9, 2012 Hi KenN, Thanks so very much. To bypass Chrome warning, you can: 1. Go to http://www.universal-devices.com/99i/admin.jnlp .... this will install an icon on your desktop which you can use later on without the need for a browser 2 Click on the Add button on the Finder and then enter https://your.isy.ip.address With kind regards, Michel
jesselockwood Posted August 21, 2012 Posted August 21, 2012 I was having many glitches. Some setting pop up windows not capable of being closed some would pop up then disappear but apparently not closing because the rest of the program would be unresponsive, sometimes data would not update. I tried with windows 7 and on Kubuntu each had there own set of problems very consistent though. Using Https seems to have solved them all. And the admin.jnlp file works great on Kubuntu. Thanks
Michel Kohanim Posted August 21, 2012 Posted August 21, 2012 Hello jesselockwood, I am so very sorry to hear about all the problems you have had and thanks so very much for the update. With kind regards, Michel
Recommended Posts