DW Cloud and Server Connection Issue After Upgrading to 5.0
-----------------------------------
Affected Roles: Administrator, Owner
Related Digital Watchdog VMS Apps: DW Spectrum IPVMS
Complexity: Medium
Software Version: DW Spectrum IPVMS 5.0
Last Edit: September 13, 2024
-----------------------------------
Issue Outline
Some DW Spectrum IPVMS Servers may experience connection issues with the DW Cloud remote network after upgrading Servers to software version 5.0. This is likely due to expired security certificates on the host machine interfering with DW Cloud connections.
Some symptoms may include:
- No remote access with DW Cloud from the DW Spectrum Client (desktop), DW Spectrum Mobile (app), or Web Admin (browser).
- The DW Spectrum Server appears as “offline” or “unreachable” when trying to connect.
- In some cases, the Server may be incorrectly reporting that it is using DW Spectrum v4.2.
- Local Cloud connectivity works when connecting through the DW Spectrum Client (desktop), but when connecting with the Web Admin (browser) there is no information provided.
Related Articles
Possible Cause of the Issue
After updating to DW Spectrum v5.0, with “verbose” logging configured, many of the server logs for the DW Spectrum Server will report issues with certifying “DST Root CA X3” and “ISRG Root x1”.
“DST Root CA X3” is an older format that was previously used and has since been replaced by “ISRG Root X1”. If you are experiencing the issues and circumstances outlined above, the DST Root CA X3 (older/outdated) may be overriding the authentication of the ISRG Root X1 certificate (newer).
A possible fix for this issue is to disable the outdated security certificate DST Root CA X3.
Troubleshooting
To resolve the issue:
- Directly at the DW Spectrum Server, run the “mmc” command. You can launch this with either the Command Prompt application or through the START W menu.
- The Microsoft Management Console (MMC) will display.
Click on “File” and select “Add/Remove Snap-in”.
- Select “Certificates” from the Available snap-in list, then click the Add> button.
- Select “Computer Account” then click the Next button.
- Select “Local Computer” then click the Finish button.
- Click the OK button.
- The MMC window will display again.
From the left-pane, select “Certificates (Local Computer)”, select “Trusted Root Certification Authorities”, then open “Certificates”.
Locate “DST Root CA X3” and “ISRG Root X1”. The Expiration Date will display beside the certificate.
**NOTE: If you do not have ISRG Root X1, see the section “Download ISRG Root X1” below.
- To disable the DST Root X3 certificate, right-click on “DST Root CA X3” and select “Properties”.
In the DST Root CA X3 Properties, change the Certificate purposes setting to “Disable all purposes for this certificate” then click the Apply button.
Click the OK button to close the properties window.
- Close the MMC and save the changes.
After disabling DST Root CA X3, restart the Server computer to allow the changes to take effect.
Download ISRG Root X1, Starfield Root Certification Authority - G2, and Amazon Root CA1
If you do not have ISRG Root X1, Starfield Root Certification Authority - G2, and Amazon Root CA1 installed:
- Download the missing certificates at the bottom of this article.
- Open the file and click on “Install Certificate”.
- Select “Local Machine” and click on “Next”.
- Select “Place all certificates in the following store” and click the Browse button.
Select the “Trusted Root Certification Authorities” folder and click “OK”.
Click “Next” to proceed.
- The Certificate Import Wizard will display a summary before importing the security certificate. Click the Finish button to apply.
6. Repeat steps 1 through 5 for all other certificates necessary.
7. Once completed, restart the system to allow Windows to take the necessary changes.