Troubleshooting Security Center Federation™ - Security Center 5.9

series
Security Center 5.9
revised_modified
2020-09-15

Troubleshooting Security Center Federation™

If you are experiencing problems with Security Center Federation™, learn about the symptoms, potential causes, and solutions to help you troubleshoot the issue.

Symptoms

Here are the common symptoms you might experience when you have an issue with Security Center Federation™. To help you solve the issue, click the symptom that you are experiencing.

Security Center Federation™ role is offline

If the Security Center Federation™ role is offline (icon is red), it is likely a connection issue. To troubleshoot the issue, learn about the possible causes and their respective solutions.

Cause Description Solution
Server is offline If the Security Center Federation™ role is hosted on an expansion server, the server might be offline. To check the status of the server, open Config Tool, and then click System > Roles > [Your role] > Resources. In Windows Services, ensure that the Genetec™ Server service is running on that server. If the service is running, make sure that the expansion server has connected successfully to the Directory. If the server fails to start, troubleshoot the server issue.
Connection failed to federated system If the Security Center Federation™ role shows a Connection failed error message, there is a communication issue between the Federation™ host and the federated system. The ports for Security Center Federation™ might be closed or in use by other applications. Do the following:
  1. Ping the IP address of the remote server. Open a Windows Command Prompt and enter the following command: ping <IP address>.

    If you cannot communicate with the remote server, it might be offline. Troubleshoot the remote server.

  2. Use Telnet Client to confirm that communication between the servers is open using port 5500. On both servers, open a Windows Command Prompt and enter the following command: telnet <IP address> 5500 (<IP address> is the public address of the other server).

    If necessary, open port 5500 on the public address of both servers and make sure that the port is redirected for firewall and NAT purposes.

  3. On the server hosting the Security Center Federation™ role, try connecting to the Directory of the federated system from Security Desk using the Federation™ user.

    If you cannot connect to the Directory of the federated system, it is likely a network issue. Talk to your network administrator or see Configuring Security Center Federation™ across different networks.

Invalid credentials for Federation™ user If the Security Center Federation™ role shows an Invalid credentials error message, the wrong password was entered for the user that connects to the federated system. In Security Desk, try to connect to the Directory of the federated system using the Federation™ user account.

If you cannot connect, verify with the administrator of the federated system that you have the correct password for the user specified on the Properties tab of the Security Center Federation™ role. Try entering the password in Config Tool again.

Duplicate federated entities If you are federating more than one system and the same entity exists on both remote systems, you receive an error message in the Event Viewer logs due to a duplicate federated entity.
Example: Cardholder Ray exists on System A and System B. System C is already federating System A. If you start federating System B on System C, the Security Center Federation™ role goes offline when trying to synchronize cardholder Ray.
  1. In the Event Viewer logs, identify the duplicate entity.
  2. On one of the federated systems, add the duplicate entity to a partition that the Federation™ user is not a member of. To change partition settings, see Granting access rights for partitions.

    The duplicate entity can no longer be viewed by the Federation™ user, so the entity is not federated.

No live video from federated entities

If you are unable to view live video from federated entities, there is an issue with the network connection between the two systems.

Solution

  1. On both systems, make sure the following ports are open on the public address of the server and are redirected for firewall and NAT purposes:
    • Connection to remote Security Center Directory: TCP 5500a
    • Communication with Media Router: TCP 554
    • Live and playback video stream requests: TCP 560 and TCP 960b

    a Use TCP 4502 for systems upgraded from Security Center 5.3 or earlier.

    b Use TCP 5004 for systems upgraded from Security Center 5.6 or 5.7.

  2. Based on where the Security Desk workstation you are logging on from is located, make sure your network is set up correctly:

Federated entities are missing

If entities from a federated system do not show up on the Federation™ host system, there is an issue with the configuration of Security Center Federation™. To troubleshoot the issue, learn about the possible causes and their respective solutions.

Cause Description Solution
Incorrect Federation™ user The wrong user was used to connect to the federated system from the Security Center Federation™ role. In Security Desk, connect to the federated system using the correct Federation™ user account.
Incorrect partitions or privileges for Federation™ user The user that was used to connect to the federated system lacks the correct privileges or is not a member of the correct partitions on the federated system to view the entities you are looking for. Verify the following:
Incorrect events selected for Federation™ The wrong event types were selected when the Security Center Federation™ role was configured. From the Properties tab of the Security Center Federation™ role, verify which event types are selected in the Federated events section. If necessary, select additional event types and click Apply.
Different secure communication settings The Secure communication option for the Media Router role to authenticate video requests is configured differently on the two systems. Secure communication cannot be turned on for the federated system if it is turned off for the Federation™ host. In the Properties tab of the Media Router role in Config Tool, make sure the Secure communication option does not have this configuration:
  • Federation™ host: OFF
  • Federated system: ON