Device Expert

• Installation, Uninstallation, Startup & Shutdown
• Web Interface
• Miscellaneous

Server-startup fails

Cause: During the previous run, if you had terminated the server abruptly or there was an unclean shutdown, some of the server processes would not have been terminated and the MySQL server instance would continue to run in the system.

Solution: Forcefully terminate the MySQL Server instance (mysqld-nt.exe in Windows, mysqld in Linux).

When I uninstall the product in windows, some folders are not getting deleted.  

Cause: This usually happens when you try to uninstall the product immediately after shutting down the DeviceExpert server.

Solution: Ensure that you uninstall the product only after the MySQL Server instance (mysqld-nt.exe process in Windows Task Manager) has been terminated completely after the server shutdown.

While trying to connect web-client, I see a blank page with five small square boxes on top. Why ?

Cause & Solution: In Internet Explorer, if you have tried to connect client using http://<host>:6060, this issue will arise. Since the DeviceExpert server and the Web Interface communicate through https, make sure that you connect to https://<host>:6060 (secure http).

I am unable to access DeviceExpert Web Interface (while starting the server thyrough tray-icon/commandline mode). Why?

Cause 1 & Solution: Incomplete server start-up

Ensure that the server has successfully started. This can be verified by the presence of the message "Server started in :: [xyz ms]" in the console. Connect to the web client after seeing this message.

Cause 2 & Solution: Wrong URL

DeviceExpert server and the Web Interface communicate through http. So ensure the URL contains HTTPS.
https://<hostname>:port/
For e.g. https://localhost:6060

Cause 3 & Solution: Do you see any "FAILED" message in the Server Console?

Check the log files available under <DeviceExpert_Home>/logs directory. If you find any exceptions, please send the log files to support@deviceexpert.com

While trying to connect web interface, I get the message "Problem in starting TFTP Server. Free the port "69".

Cause: TFTP port required by DeviceExpert is not free.

Solution: Free the port and then start DeviceExpert. In case, you are running ManageEngine OpManager or ManageEngine WiFiManager in the same machine as that of DeviceExpert, carryout the following changes to free the TFTP port.

Check if the TFTP service is running when OpManager/WiFiManager is running. If yes, comment out the following lines in NmsProcessesBE.conf located in <OpManager_Home>/conf or <WiFiManager_Home>/conf directory as shown below:

# java com.adventnet.nms.tftp.NmsTftpServer [TFTP_ROOT_DIRECTORY dir] [PORT portNo]
#PROCESS com.adventnet.nms.tftp.NmsTftpServer
#ARGS TFTP_ROOT_DIRECTORY /

Save the file and restart OpManager/WiFiManager. Then start DeviceExpert.

While invoking deviceexpert.bat portcheck or sh deviceexpert.sh portcheck, I get a message like the one below:

-----------------------------
Port Availability Module
-----------------------------
6060 No Client
43306 No mysql
69 No TFTP
514 No Syslog
####################################################
Server is already running
Connect to https://localhost:6060 to view the client
####################################################
Press any key to continue . . .

Cause & Solution: Since all the ports required by DeviceExpert are not free, it indicates that DeviceExpert
server is already running. Try connecting to https://localhost:6060 to view the web interface

My Web Interface looks crippled

Cause 1 & Solution: Incompatible Browser

Refer to the DeviceExpert System Requirements, and check whether your browser is supported.

Cause 2 & Solution: JavaScript not enabled

JavaScript has to be enabled in your browser to work with the Web Interface.

Cause: This could be a problem with browser cache

Solution: Close all browser instances, clear cache and cookies and connect a new instance. If the problem still persists, contact the support team at support@deviceexpert.com

Configuration Backup Fails (or) Credentials Test option fails

Cause & Solution:

(1) Check if the device is up and accessible to the DeviceExpert server

(2) The device is unable to transfer the configuration file to the TFTP server run by DeviceExpert. The reasons for this could be:

(a) A firewall present between the device and DeviceExpert might be blocking the access. Check if it is so.

(b) The device might be present outside the private network (i.e. the private IP of DeviceExpert is not resolved by the device). If you have NAT in your environment, this could occur. To resolve this, provide DeviceExpert's public IP (NAT'ed IP of DeviceExpert) as TFTP server's public IP in the Additional Credentials section.

(3) Telnet to the device and try executing configuration backup command. While doing so, give the DeviceExpert server address as the TFTP address (because DeviceExpert starts TFTP server along with it). If the backup operation is successful, (that is, if you see backedup configuration stored as a file under <DeviceExpert_Home>/tftp_files directory), backup should also work with DeviceExpert. If the backup fails from Telnet prompt itself, check if DeviceExpert server and device are separated by a firewall which might block the configuration file transfer to the TFTP server. If you still face issues, contact support@deviceexpert.com

When I use Telnet-Tftp option, configuration backup fails repeatedly. Why?

Cause: You would face this scenario if the device credentials are incorrect

Solution: Make sure that credentials are correct. Test the same using "Testing" option available in that screen. The test result will show which credentials are wrong. Change them accordingly. In case, you are not able to get it working even after ensuring this, send your log files to support@deviceexpert.com for further assistance.

After DeviceExpert server startup, I am prompted to accept a security certificate. Why?

Cause & Solution: After DeviceExpert server startup, a browser is launched for connecting web interface. Since DeviceExpert uses secure http, the security certificate is prompted. You need to accept the security certificate for connecting to the client.

Mail sent from product does not reach the intended recipient

Cause: Mail settings might be incorrect

Solution: Verify Mail Server settings and test the same using "Test" option. Also, check if the default from address is properly configured in Mail Settings page. Some mail servers will reject the mail if the from address is invalid or does not exist at all.

'Upload' button present in the 'View Draft Details' / 'View Config File Details' pages are shown as 'disabled'

Cause & Solution:

The 'Upload' button will be shown as disabled in the following two scenarios:

(1) When the viewing configuration is a current configuration
(2) When the viewing configuration type Upload is not supported by the device

So, check if you have disabled it in the above scenarios.

I encounter problems in reinitializing DeviceExpert

Cause: Reinitialize script/batch file is to be invoked only when the server is not running. At times, a lock file named .lock gets created under <DeviceExpert_Home>/bin directory. This creates problems when reinitializing the server even when it is not running.

Solution: Make sure you are not attempting to reinitialize while the server is running. Navigate to <DeviceExpert_Home>/bin directory and check if ".lock" file had been created. If so, remove it.

The "Changed By" column in the 'Device Details' shows "Not Available" instead of capturing the name of the user who changed it. Why?

Any configuration changes done by a user from DeviceExpert GUI, will be automatically logged and the 'Changed By' column will contain the username.

To capture 'Changed By' information for all other configuration changes done to the devices directly (that is, from outside DeviceExpert):

• Syslog-based real-time change detection should have been enabled in DeviceExpert
• A login name/username should have been enabled in the device i.e. a username should be required for logging into the device

Only if the above conditions are satisfied, DeviceExpert captures the username in the 'Changed By' column. Otherwise, it is displayed as "Not Available".

Can we install our own SSL certificate? How?

Yes, you can install your own SSL certificates in DeviceExpert. Please follow the steps below to do that:

If you are using keytool utilities for certificate generation

The DeviceExpert runs as a HTTPS service. It requires a valid CA-signed SSL certificate with the principal name as the name of the host on which it runs. By default, on first time startup, it creates a self signed certificate. This self signed certificate will not be trusted by the user browsers. Thus, while connecting to DeviceExpert, you need to manually verify the certificate information and the hostname of DeviceExpert server carefully and should force the browser to accept the certificate.

To make the DeviceExpert server identify itself correctly to the web browser and the user:

• you need to obtain a new signed certificate from a CA for the DeviceExpert host or
• you can configure an existing certificate obtained from a CA with wild-card principal support for the DeviceExpert host

Step 1: The first step is to create the public-private key pair that will be used for the SSL handshake

• Go to <DeviceExpert_Home>/jre/bin folder
• Execute the command "./keytool -genkey -alias DeviceExpert -keyalg RSA -keypass <privatekey_password> -storepass <keystore_password> -validity <no_of days> -keystore <keystore_filename>"
• The command will prompt you to enter details about you and your organization
  • For the 'first and the last name' enter the FQDN of the server running DeviceExpert
  • For other fields enter the relevant information
  • <keystore_password> is the password to access the keystore, <privatekey_password> is the password to protect your private key and <no_of_days> is the validity of the key pair in number of days, from the day it was created
• This will create a keystore file named <keystore_filename> in the same folder, with the generated key pair

Step 2: Create a Certificate Signing Request (CSR) for submission to a certificate authority to create a signed certificate with the public key generated in the previous step.

• Go to <DeviceExpert_Home>/jre/bin folder
• Execute the command "keytool -certreq -keyalg RSA -alias DeviceExpert -keypass <privatekey_password> -storepass <keystore_password> -file <csr_filename> -keystore <keystore_filename>"
  • Note that the <csr_filename> that you choose should have .csr extension. The <privatekey_password>, <keystore_password> and <keystore_filename> are the ones used in the last step
• This will create a CSR file named <csr_filename> in the same folder

Step 3 : Submit the CSR to a Certificate Authority (CA) to obtain a CA signed certificate

• Some of the prominent CAs are Verisign (http://verisign.com), Thawte (http://www.thawte.com), RapidSSL (http://www.rapidssl.com). Check their documentation / website for details on submitting CSRs and this will involve a cost to be paid to the CA
• This process usually takes a few days time and you will be returned your signed SSL certificate and the CA's certificate as .cer files
  
• Save them both in the <DeviceExpert_Home>/jre/bin folder
  

• Import your SSL certificate into your keystore
• Go to <DeviceExpert_Home>/jre/bin folder
• Execute the command "keytool -import -alias DeviceExpert -keypass <privatekey_password> -storepass <keystore_password> -keystore <keystore_filename> -trustcacerts -file <your_ssl_certificate>"
• <your_ssl_certificate> is the certificate you obtained from the CA, a .cer file saved in the previous step. The <privatekey_password>, <keystore_password> and <keystore_filename> are the ones used in the previous steps
• Now copy the <keystore_filename> to the <DeviceExpert_Home>/conf folder

Step 5: Finally, configure the DeviceExpert server to use the keystore with your SSL certificate

• Go to <DeviceExpert_Home>/conf folder
• Open the file server.xml
• Search for the entry 'keystoreFile', which will have the default value set to "conf/server.keystore". Change the value to "conf/<keystore_filename>" where <keystore_filename> is the one used in the previous steps
• Also search for the entry 'keystorePass' (which will infact be next to keystoreFile), which will have the default value set to "RGV2aWNlRXhwZXJ0". Change the value to "<keystore_password>" where <keystore_password> is the one used in the previous steps
• Restart the DeviceExpert server and connect through the web browser. If you are able to view the DeviceExpert login console without any warning from the browser, you have successfully installed your SSL certificate in DeviceExpert!

Note 1: Tomcat by default accepts only the JKS (Java Key Store) and PKCS #12 format keystores. In case, the keystore is of PKCS #12 format, include the following option in the server.xml file along with the keystore name,

keystoreType=”PKCS12″

This tells tomcat that the format is PKCS12. Restart the server after this change.

To configure existing wild card supported SSL certificate,

• Go to <DeviceExpert_Home>/conf folder
• Open the file server.xml
• Search for the entry 'keystoreFile', which will have the default value set to "conf/server.keystore". Change the value to "conf/<keystore_filename>" where <keystore_filename> is the one belong to the existing wild-card certificate.
  
• Also search for the entry 'keystorePass' (which will in fact be next to keystoreFile), which will have the default value set to "RGV2aWNlRXhwZXJ0". Change the value to "<keystore_password>" where <keystore_password> is the one used to protected the existing wild-card certificate keystore.
• Restart the DeviceExpert server and connect through the web browserconsole. If you are able to view the DeviceExpert login console without any warning from the browser, you have successfully installed your SSL certificate in DeviceExpert!

Note 2: Please refer your CA's documentation for more details and troubleshooting

If you are using OpenSSL / Microsoft Utilities

• Generate the certificate signing request and generate the certificate using MS CA, as you did before (or use the cert generated before). DO NOT use the one generate using keytool
• Have tested here with the Base64 encoded certs, so use the same
• Download OpenSSL from here http://www.slproweb.com/download/Win32OpenSSL_Light-0_9_8e.exe and install it in your system
• After install, go to the OpenSSL\bin folder
• Copy the private key (generated with your CSR), your certificate and the root certificate into this bin folder
• Run this command on the command prompt : openssl pkcs12 -export -in <cert_file>.cer -inkey <private_key>.key -out <keystore_file>.p12 -name DeviceExpert -CAfile <root_cert_file>.cer -caname DeviceExpert -chain
  • where
    • cert_file is the certificate with the .cer extention
    • private_key is the private key file with a .key extension
    • keystore_file is the keystore that will be generated with a .p12 or .pfx extension
    • root_cert_file is the root certificate with a .cer extension
    • provide extension to all the file entries on the command line
  • When prompted for password, enter 'RGV2aWNlRXhwZXJ0'
• This will generate the keystore file <keystore_file>.p12 on the same folder
• Copy this file to <DeviceExpert_Install_Folder>\conf folder
• Move to <DeviceExpert_Install_Folder>\conf folder
• Open the file server.xml and do the following changes
• Search for the entry 'keystoreFile', which will have the default value set to "conf/server.keystore". Change the value to "conf/<keystore_file>.p12"
• Make sure the entry  for 'keystorePass' is set to "RGV2aWNlRXhwZXJ0"
• Add a new entry keystoreType=”PKCS12″ next to the keystorePass entry
• Save the server.xml file
• Restart the DeviceExpert server and connect through the web browser. If you are able to view the DeviceExpert login console without any warning from the browser, you have successfully installed your SSL certificate in DeviceExpert!