Jump to content

Trouble connecting to admin console


djones1415

Recommended Posts

Posted

I am getting an error message when trying to connect to the admin console over the internet.

 

"Socket Open Failed javax.net.ssi.SSLHandleShakeException: Remote host closed connection during handshake"

 

I am able to log in to the ISY - enter name, password, handle devices, scenes, etc.

 

And I am able to get to the admin console just fine using same browser (IE) when I come in from my local network (port forwarding all set properly).

 

But can't get to the admin console when coming in from the outside.

 

Any ideas?

 

Thanks

Posted

Thanks, Michel. That did it.

 

Two questions:

 

1)Mozilla tells me that "this plugin has security vulnerabilities." Should I just ignore this and use anyway?

 

Internet Explorer doesn't warn me.

 

Both load the admin console. Does it matter which browser I use to access the ISY?

 

2) The ISY tells me using the default certificate is a security risk. I clicked to request one, but after reading the pdf pretty quickly realized I was way out of my depth on understanding what I was doing from a network perspective. If it really matters, I'll wade through the instructions, but if it doesn't, I'll just ignore. What do you think?

Posted

Hello djones1415,

 

 

1)Mozilla tells me that "this plugin has security vulnerabilities." Should I just ignore this and use anyway?

If you are on 1.7.11 (you can verify by going to Java Properties in Control Panel), then you are OK

 

Internet Explorer doesn't warn me.

Sometimes, you might have to reboot computer for some of these settings to take effect

 

Both load the admin console. Does it matter which browser I use to access the ISY?

No. This said, I recommend not using a browser at all:

viewtopic.php?f=44&t=10409&p=79281#p79281

 

2) The ISY tells me using the default certificate is a security risk. I clicked to request one, but after reading the pdf pretty quickly realized I was way out of my depth on understanding what I was doing from a network perspective. If it really matters, I'll wade through the instructions, but if it doesn't, I'll just ignore. What do you think?

Although the risk is very low, here's the high level view: all ISYs come out of factory with the same security certificate. So:

1. IF you are accessing your ISY remotely AND

2. IF you have the default certificate AND

3. IF someone manages to crack ISY's default certificate AND

4. IF they know your IP address/port

--> Then they can sniff/decrypt the traffic between you and your ISY and figure out your password.

 

The best thing to do would be to install a Self-Signed Certificate. The instructions are pretty simple and, in case you have any problems, please contact us and we'll help you.

 

With kind regards,

Michel

Posted

Thanks.

 

This all worked fine. Was able to come in over the internet. And used the shortcut created by the procedure above (instead of using a browser).

 

Everything worked fine for a few days. Now I again can't come in over the internet. Slightly different message:

"XML Parse Error https://.....

as well as another error message:

"Socket Open Failed java.net.ConnectException: Connection refused: no further information"

 

I can come in fine inside the network, just not over the internet.

 

I made no changes to the router or modem. It just stopped allowing me in for some reason.

 

Any ideas?

 

Thanks

Posted

Michel

 

I checked, and the port forwarding rules are still there.

 

As far as I know, nothing changed in the router. I've looked through all of the pages and see nothing unusual.

 

I also verified that the external IP address hasn't changed. This was working fine: I was able to get in to the ISY from external address for many days. Then I couldn't.

 

I am now getting a different error message: "XML Parse Error https://.... and "Socket Open Failed java.net.Socket TimeoutException"

 

Wondering if maybe something had happened to the Java cache, I cleared the cache, and reinstalled the admin console shortcut (using the admin.jnlp file). It installed fine. When I fire up the admin console, I get the ISY Finder screen that lists both the local IP address and the external IP address, both addresses appended by "/desc" ... all as it should be. I can click on the local address and get into the ISY. Clicking on the external address gives me the above error messages after a pause.

 

Thanks for any suggestions.

  • 1 month later...
Posted
Thanks.

 

This all worked fine. Was able to come in over the internet. And used the shortcut created by the procedure above (instead of using a browser).

 

Everything worked fine for a few days. Now I again can't come in over the internet. Slightly different message:

"XML Parse Error https://.....

as well as another error message:

"Socket Open Failed java.net.ConnectException: Connection refused: no further information"

 

I can come in fine inside the network, just not over the internet.

 

I made no changes to the router or modem. It just stopped allowing me in for some reason.

 

Any ideas?

 

Thanks

 

Once again...same problem. The above problem resolved itself after I rebooted the ISY. Have been able to access over the internet for weeks. Then it stopped again. Came home, able to come in over the local network - just not from external. Rebooted ISY. Worked fine again for weeks. Now it has happened again. I'll reboot tonight. It's just very frustrating that something in the ISY stops allowing access from the internet. Rebooting fixes. By the way, when this happens (can't access from a browser) I also can't get the ISY's attention with MobiLinc. Just times out.

 

Any ideas, Michel?

Tks

Posted

djones1415-

 

The fact that it continues to work over the LAN leads me to suspect your router. Does Mobilinc also work when on the LAN during one of these episodes?

 

How is the ISY's IP configured? Static? Based on MAC reservation in the router or configured in the ISY Admin console? What is the router? Does it do UPnP and if so, is that enabled in the router?

 

-Xathros

Posted
djones1415-

 

The fact that it continues to work over the LAN leads me to suspect your router. Does Mobilinc also work when on the LAN during one of these episodes?

 

How is the ISY's IP configured? Static? Based on MAC reservation in the router or configured in the ISY Admin console? What is the router? Does it do UPnP and if so, is that enabled in the router?

 

-Xathros

 

It works over the internet as well. It just stops until a reboot of the ISY - with no change to the router. That doesn't sound like a router issue.

 

1) Static IP.

2) Not MAC reserved

3) Linksys

4) Yes

 

But, like I said, it works fine until it doesn't...then an ISY reboot fixes for a while, then another ISY reboot required.

Posted

I understand but, the fact that the ISY continues to accept local connections, the static ip hasn't changed and ISY is otherwise functioning normally once you take the NAT router out of the way, tells me that the failure is upstream somewhere. Rebooting the ISY may just be correcting a failure in the router when the ISY reconnects at startup

 

If you are not using the UPnP function in the router for anything else, try disabling that and see if the problem goes away.

 

What model Linksys? Latest formware for that router?

 

You could also try rebooting just the router instead next time and see if that fixes it as well.

 

-Xathros

Posted
I understand but, the fact that the ISY continues to accept local connections, the static ip hasn't changed and ISY is otherwise functioning normally once you take the NAT router out of the way, tells me that the failure is upstream somewhere. Rebooting the ISY may just be correcting a failure in the router when the ISY reconnects at startup

 

If you are not using the UPnP function in the router for anything else, try disabling that and see if the problem goes away.

 

What model Linksys? Latest formware for that router?

 

You could also try rebooting just the router instead next time and see if that fixes it as well.

 

-Xathros

 

Thanks...I'll try it.

Posted
I understand but, the fact that the ISY continues to accept local connections, the static ip hasn't changed and ISY is otherwise functioning normally once you take the NAT router out of the way, tells me that the failure is upstream somewhere. Rebooting the ISY may just be correcting a failure in the router when the ISY reconnects at startup

 

If you are not using the UPnP function in the router for anything else, try disabling that and see if the problem goes away.

 

What model Linksys? Latest formware for that router?

 

You could also try rebooting just the router instead next time and see if that fixes it as well.

 

-Xathros

 

1) Tried rebooting the router first. Couldn't get to the ISY through the Internet.

2) Rebooted the ISY. Can now get to the ISY through the Internet.

 

-----

Router is Linksys WRT54G

I don't see the UPnP function anywhere in the router or any settings for UPnP, and I don't know what that is.

 

--------

Is working now...and I predict will work for a while, then will stop until I reboot the ISY again.

 

Do you still think it's a router issue?

Posted

1) Tried rebooting the router first. Couldn't get to the ISY through the Internet.

2) Rebooted the ISY. Can now get to the ISY through the Internet.

 

-----

Router is Linksys WRT54G

I don't see the UPnP function anywhere in the router or any settings for UPnP, and I don't know what that is.

 

--------

Is working now...and I predict will work for a while, then will stop until I reboot the ISY again.

 

Do you still think it's a router issue?

 

Not as fully convinced now but we have not ruled it out yet either. Next time this occurs, Connect to the ISY via the LAN and check Help / About for the internet access line and see what that says when it's not working.

 

-Xathros

  • 2 weeks later...
Posted
Thank you.

 

This means that ISY configures your router using UPnP. It also means that if the router is by any chance rebooted, then the port forwarding rules are wiped out. And, that's why rebooting ISY fixes the issue because upon reboot, ISY reconfigures your router.

 

What you need to do instead is to:

http://wiki.universal-devices.com/index ... PnP_Router

 

With kind regards,

Michel

 

I have read through the instructions. I'm not crazy about opening up the router to "anonymous Internet requests" as the instructions say.

 

If I understand correctly, however, I should be able to access remotely as long as I make sure to reboot the ISY any time the router reboots. Right?

 

(By the way, I've had no trouble accessing remotely for a few weeks now. The router hasn't rebooted.)

Posted

Hello djones1415,

 

Using File | Enable Internet Access does precisely what you are not crazy about. The only difference between the two methods is whether or not you want ISY to automatically do it (which is not stable) or you want to do it yourself (which lasts router reboots).

 

Alternatively, you can use MobiLinc Connect service which relieves you from having to open any ports as ISY will make an outbound connection.

 

With kind regards,

Michel

Guest
This topic is now closed to further replies.

  • Recently Browsing

    • No registered users viewing this page.
  • Who's Online (See full list)

  • Forum Statistics

    • Total Topics
      37k
    • Total Posts
      371.5k
×
×
  • Create New...