DW Cloud System is Unreachable or Offline
-----------------------------------
Affected Roles: All Users
Related Digital Watchdog VMS Apps: DW Spectrum IPVMS
Software Version: Version 5.0 and newer
Last Edit: August 14, 2023
-----------------------------------
DW Cloud Remote Connection
DW Cloud is a major component of DW Spectrum IPVMS and extends the functionality of DW Spectrum Systems over the Internet. DW Cloud allows users to remotely access their DW Spectrum System from an external network without port forwarding. Users can connect with their DW Spectrum Systems using any of the DW Spectrum Client platforms (desktop, mobile, Web Admin, DW Cloud Web Portal).
A DW Cloud-connected System can be accessed using a direct IP address, STUN, or through the DW Cloud mediator. While a system is connected to DW Cloud, the DW Spectrum Client will show the connection status with the Server. However, when the Client shows that the System is “Offline” or “Unreachable” through DW Cloud, there is likely an explainable cause.
**NOTE: To check the DW Cloud service status page, visit https://digital-watchdog.com/cloudstatus/ .
What does it mean when the Client shows that a DW Cloud System is “unreachable” or “offline”?
- Offline – the DW Spectrum System is not able to communicate with the DW Cloud and access to the System is unavailable at the moment. This may be due to the Server program being stopped, Server access becoming completely cut off, or a loss of Internet access.
- Unreachable – the DW Spectrum System is online and in an operating state but is unable to be reached by your Client through DW Cloud.
Common DW Cloud System Connection Issues
Firewall Configuration & Network Restrictions
While DW Cloud does not require extra configuration to work in a general networking environment, sometimes a required service can become blocked by an enterprise/local network firewall.
This is likely to occur when a company is blocking incoming and outgoing connections to any URL that was not granted specific permission, preventing the necessary communication between the DW Cloud Mediator and DW Cloud Relay (see the DW Cloud Overview article for more details), leading to connection loss between the DW Spectrum System and associated DW Spectrum Clients.
Solution:
To guarantee connectivity to DW Cloud-based services, add DW Cloud and DW Spectrum related end-points to your Firewall Pass List. You may need to speak with your network administrator or company’s IT team for this.
Self-signed Certificates
Locations that have strict network policies may limit the incoming and outgoing traffic. In these cases, devices are typically required to remain within the enterprise network and to use a recognized SSL certificate to access the enterprise network.
By default, DW Spectrum IPVMS uses self-signed certificates. Sometimes this may lead to the System becoming unable to be accessed from outside of an enterprise network as a self-signed certificate, while securely encrypted, is not from a paid certified source.
Alternatively, if you have upgraded the System from an older version of DW Spectrum, the self-signed certificate may have expired and might be preventing HTTPS connections from being successfully established.
Solution:
If the issue is due to a self-signed certificate expiring:
- Stop the DW Spectrum Server service.
- Navigate to the directory for the DW Spectrum Server SSL certificate.
WINDOWS
C:\Windows\System32\config\systemprofile\AppData\Local\Digital Watchdog\Digital Watchdog Media Server\ssl
UBUNTU
/opt/digitalwatchdog/mediaserver/var/ssl
- Delete the default.pem certificate to remove the old certificate.
- Restart the DW Spectrum Server. This will allow the system to generate a new self-signed certificate as a replacement with an updated expiration date.
If you need to use your own SSL or enterprise verified SSL, you can replace the self-signed certificate with your own. For more information, read the DW Spectrum IPVMS SSL Certificate Management article.
Root CA Certificates
If you are using a Windows platform (e.g. Windows 10/11/server/IOT, etc.), sometimes you might encounter an issue where the root CA certificate expired or there is a lack of the required certificates. This might be preventing your system from establishing the connection with AWS correctly. This usually does not affect daily Internet browsing, but it could be an issue while trying to access some services that force you to use secure connections (HTTPS) or access that is run on the public cloud.
Some of our cloud services use HTTPS certificates that are provided by Let’s Encrypt’s service and there is a known issue where root CA used by Let’s Encrypt has expired. More details can be found here.
In DW Spectrum 5.0, certificate verification was enabled for any outgoing connection from a DW Spectrum Server to the DW Cloud services. This security enhancement greatly reduced the chances of man in the middle attacks (MITM) on DW Spectrum Servers and improves the overall security level of the software.
If you update your System to DW Spectrum 5.0, and it unexpectedly becomes unreachable via DW Cloud connection, it is likely that the DW Spectrum Server is experiencing a certificate verification issue. The DW Spectrum Server program relies on the OS to provide a list of trusted root certificates. If you’re using an older Windows version without the latest updates, it is likely the OS could be missing a required Root CA certificate or the new root certificate (ISRG Root X1) and requires it to be added to the System.
DST Root CA X3 Expiration (September 2021)
In rare cases, you might encounter some unexpected issues while both the “ISRG Root X1” and “DST Root CA X3” root certificates are present in the system, so you may need to delete the expired “DST Root CA X3” certificate from your OS.
For more information, read the DW Cloud and Server Connection Issues After Upgrading to 5.0 article.
For More Information or Technical Support
DW Technical Support: 866.446.3595 (option 4)
https://www.digital-watchdog.com/contact-tech-support/
______________________________________________________________________________
DW Sales: 866.446.3595 [email protected] www.digital-watchdog.com