Troubleshooting Security Center Federation™
If you are experiencing problems with Security Center Federation™, learn about the symptoms, potential causes, and solutions to help you troubleshoot the issue.
Here are the common symptoms you might experience when you have an issue with Security Center Federation™. To help you solve the issue, click the symptom that you are experiencing.
Things to consider
- Is the Security Center Federation™ role configured correctly?
- Are you federating many systems? You might need to assign role groups to Security Center Federation™ roles.
- Is your issue related to a current known issue in Security Center?
- Is your issue related to a known system limitation in Security Center?
Security Center Federation™ role is offline
If the Security Center Federation™ role is offline (icon is red), it is likely a connection issue. To troubleshoot the issue, learn about the possible causes and their respective solutions.
|Server is offline||If the Security Center Federation™ role is hosted on an expansion server, the server might be offline. To check the status of the server, open Config Tool, and then click .||In Windows Services, ensure that the Genetec Server service is running on that server. If the service is running, make sure that the expansion server has connected successfully to the Directory. If the server fails to start, troubleshoot the server issue.|
|Connection failed to federated system||If the Security Center Federation™ role shows a Connection failed error message, there is a communication issue between the Federation™ host and the federated system. The ports for Security Center Federation™ might be closed or in use by other applications.||Do the following:
|Invalid credentials for Federation™ user||If the Security Center Federation™ role shows an Invalid credentials error message, the wrong password was entered for the user that connects to the federated system.||In Security Desk, try to connect to the Directory of the federated system using
the Federation™ user account.
If you cannot connect, verify with the administrator of the federated system that you have the correct password for the user specified on the Properties tab of the Security Center Federation™ role. Try entering the password in Config Tool again.
|Duplicate federated entities||If you are federating more than one system and the same entity exists on both
remote systems, you receive an error message in the Event Viewer logs due to a
duplicate federated entity.
Example: Cardholder Ray exists on System A and System B. System C is already federating System A. If you start federating System B on System C, the Security Center Federation™ role goes offline when trying to synchronize cardholder Ray.
No live video from federated entities
If you are unable to view live video from federated entities, there is an issue with the network connection between the two systems.
- On both systems, make sure the following ports are open on the public address of the
server and are redirected for firewall and NAT purposes:
- Connection to remote Security Center Directory: TCP 5500a
- Communication with Media Router: TCP 554
- Live and playback video stream requests: TCP 560 and TCP 960b
a Use TCP 4502 for systems upgraded from Security Center 5.3 or earlier.
b TCP port 960 applies to new installations of Security Center 5.8 and later. In Security Center 5.6 and 5.7, TCP port 5004 was used instead of TCP port 960. Therefore, any system upgraded to 5.9 through 5.6 or 5.7 continues to use TCP port 5004, unless manually changed in the redirector's properties inConfig Tool.
- Based on where the Security Desk workstation you are logging on from is located, make
sure your network is set up correctly. For more information see the following topics in
the All About Security Center Federation™
- Scenario 1: Security Desk on Federation™ host network with access to federated system
- Scenario 2: Security Desk on Federation™ host network without access to federated system
- Scenario 3: Security Desk on Federation™ host network and systems using public IP addresses and NAT
- Scenario 4: Security Desk on network of federated system
- Scenario 5: Security Desk outside the corporate network
Federated entities are missing
If there is an issue with your Security Center Federation™ configuration, entities from a federated system might not display on the Federation host system. To troubleshoot the issue, learn about the possible causes and their respective solutions.
|Incorrect Federation user||The wrong user was used to connect to the federated system from the Security Center Federation role.||In Security Desk, connect to the federated system using the correct Federation user account.|
|Incorrect privileges for the Federation user||The user that connects to the federated system lacks the correct privileges to view certain entities.||Verify the privileges of the user that connects to the federated system. If required, change the user's privileges.|
|Incorrect partitions for the Federation user||The user that connects to the federated system is not a member of the correct partitions on the federated system. As a result, they are unable to view certain entities.||Verify which partitions the user is a member of on the federated system. If required, change settings of the partition or add the user as a member of the correct partitions.|
|Incorrect entities selected for Federation||The wrong entity types were selected when the Security Center Federation role was configured.||From the Properties tab of the Security Center Federation role, verify which entity types are selected in the Federated entities section. If necessary, change the selection of entity types and click Apply.|
|Incorrect events selected for Federation||The wrong event types were selected when the Security Center Federation™ role was configured.||From the Properties tab of the Security Center Federation™ role, verify which event types are selected in the Federated events section. If necessary, change the selection of event types and click Apply.|
|Different secure communication settings||The Secure communication option for the Media Router role to authenticate video requests is configured differently on the two systems. Secure communication cannot be turned on for the federated system if it is turned off for the Federation host.||In the Properties tab of the Media Router role in Config
Tool, make sure the Secure communication option does not
have this configuration:
|Incorrect entity types reclaimed from a local Security Center system||When you delete a Federation™ role, you can release ownership of federated entities to your local Security Center system. Ownership of these entities can be reclaimed when a new Federation role is created. However, if certain entity types are set to be excluded when reclaiming ownership, entities will be missing from the Federation role.||Navigate to
and verify the values associated with the
FederationReclaimReleaseEntityTypesInclusion setting match
the entity types that you want to reclaim ownership of. |
Supported values are:
NOTE: If the setting is not present, ownership of all supported entity types is reclaimed.