Jump to content

Administrators Console


Guest PLC_Guy

Recommended Posts

Posted

Guys

 

So why is it that 8 out of 10 times I log into my 994i, either thru the standalone admin console, or thru Firefox or Explorer, all my device status's show up blank, like I'm only half on-line. I have disabled firewall which does not seem to make any difference. It's getting quite annoying having to log in over and over to get a properly functioning interface.

 

Cheers

Posted

This is indicative of a Firewall/AV blocking problem tho I would expect it to be 100% of the time not 80%. If you wait does the status column eventually fill in ? Does the status in the lower left corner of the admin console say System Busy ? What OS, AV and Firewall are you using ?

 

-Xathros

Posted

I have always had the same problem. I agree that it is a firewall issue. Here are my experiences:

 

My Configuration: I use a separate hardware based firewall between the home automation network and my general purpose network. I keep it pretty restrictive. On the machine I use for the console, I have Java caching turned off. Java version is V6 Update 33 and my ISY firmware is 3.1.17. Windows XP, SP3. All wired ethernet (no wireless).

 

My Symptoms: This issue has occurred since I've had the ISY (almost two years). I do not have the problem when I load the console from a machine on the same IP subnet as the ISY. Interestingly, I never have an issue when I log into the ISY web services (HTML files stored on the ISY) or use any REST commands from any machine regardless of firewall type or whether it is inside or outside the ISY subnet, indicating the base IP communications and TCP ports are sound. Both the java ISY admin interface and the web services are configured for the same TCP port which is open in the firewall. The java ISY Admin console authentication is always successful indicating reliable communications with the ISY through the firewall. When the console loads, it always shows all my devices. However, when it fails (about 80% of the time), it loads the devices but will not show current status of the devices (i.e., on, off, %). Additionally, when it fails, it will not show the notification in the top right that there is a newer version available. Nothing changes if I query devices or let the console sit for 30 minutes. When it loads successfully, it will show device status and the notification for the later version.

 

My Attempted Solutions: At first, I thought maybe the ISY admin console (using something in the Java implementation) was trying to get an ICMP response (ping, traceroute, etc.) or something similar from the originating address which I may be blocking. Maybe the ISY tries to originate a separate connection to the console machine, which I block. I've tried lots of firewall changes (one at a time) such as opening up ICMP, not NATing, creating a reverse proxy rule, and skipping forward proxying. I also tried pinging the ISY through the firewall before I start the console (always successful since I pass pings) so the ISY would already have ARPed the correct MAC address for the return conversation. Nothing has proven to be predictably effective. The only thing that works is to try a few more times. The next thing I'll do (and I haven't yet cause I'm lazy) is to look at some wireshark traces. I had hoped I would stumble on the solution by randomly guessing like I described above.

 

So if anyone has any more ideas about what we could do to correct this, I'll give them a try.

 

r-

 

Tom C.

Posted

Hello Tom C. and PLC_guy,

 

Perhaps a little explanation of how ISY works can help you (and us) figure out the best way to solve this issue.

 

This is the flow:

1. When you login, ISY authenticates your userid/password

2. If successful, then the Admin Console sends a subscription request to ISY letting it know that it wants to listen to events ON THE SAME SOCKET (we had to do this since most firewalls do NOT allow a server service to be running)

3. ISY then a) sends a confirmation back and B) sends the status of all devices on the same socket

 

Some firewall software basically do NOT like conversational sockets and therefore they will block (3b) and thus the reason you do not see any status.

 

And, in most cases, the same firewall software do not mind conversational sockets in the case of HTTPS (they assume that session reuse is going to be used). So, my first suggestion is to try with HTTPS:

 

1. Go to http://www.universal-devices.com/99i/admin.jnlp ... This should install an icon on your desktop

2. When Admin Console comes up, minimize it

3. Click on the Add button

4. Use the IP address for your ISY in https://your.isy.ip.address … or you could try https://isy (this only works on Windows)

 

If this works, then my hypothesis above is correct. If this does not work, then I would appreciate all the help/pointers/wireshark/etc. you can share with us so that we can find a resolution.

 

With kind regards,

Michel

Posted

Hi Gents (Again)

 

Forgot all the gory details....XP SP3 with Kaspersky FW/AV. Even though Kasp. has been shut down when experiencing this, I still wonder if it is still somehow related. It is a wireless connection thru my firewall utilizing port 91. When this occurs admin console indicates "ready" in bootom left corner.

 

Anyways it seems quite reliable (accessed 6 or so times) with acces thru httpS://ip both with admin console, Explorer and Firefox. I'll keep an eye on this for a while

 

Thanks to ALL for your comments and suggestions

 

PLC_Guy

Posted

Michel,

 

I did some traces on a successful and a failed Admin Console session, where failed means everything in the console comes up except for the device status and the latest version notification. I see the behavior you mentioned above, though it looks like the Console PC closes the session intended for reuse. I've sent a summary of what I saw to the support email below.

 

r-

 

Tom C.

Posted

I use Kaspersky too. Go into the settings and then the Web antivirus part. Click the settings under security level and then go to the trusted URLs tab add the URL/IP for the ISY and you should be okay.

  • 3 weeks later...
Posted

Hi folks,

 

I've just started playing around with a new 994i and ran into similar frustrations, the admin console prompting me to log in every 15 seconds (I timed it!) and several features not working properly, including linking and getting status updates. Searched this forum to see if there was an answer to my problem and bingo, found this thread!

 

So ... I can confirm that accessing my ISY by prefixing the IP with https:// does indeed work, though chrome complains a bit because it doesn't find a trusted certificate or something. I also run Kaspersky AV so I found that adding the ISY's IP to the trusted URL list is a better permanent solution.

 

 

Thanks!

 

Ken.

  • 2 weeks later...
Posted

I was having many glitches. Some setting pop up windows not capable of being closed some would pop up then disappear but apparently not closing because the rest of the program would be unresponsive, sometimes data would not update. I tried with windows 7 and on Kubuntu each had there own set of problems very consistent though. Using Https seems to have solved them all. And the admin.jnlp file works great on Kubuntu. Thanks

Guest
This topic is now closed to further replies.

  • Recently Browsing

    • No registered users viewing this page.
  • Forum Statistics

    • Total Topics
      37.1k
    • Total Posts
      371.6k
×
×
  • Create New...