Help Request For Exacq VMS Customer Issue

Mike Dotson

Seneca | IPVMU Certified | 06/11/14 03:17pm

Greetings IPVMers!

I am trying to assist one of our customers with an issue involving our servers and the Exacq VMS. We design and manufacture complete server systems so the hardware and OS comes from us. Many of our customers install Exacq on them but this one is a puzzle.

The system has cameras from many vendors installed and running, but the issue involves just three models from three different vendors. The specific issue being that it will not initiate a stream.

When I look at a Wireshark trace I can see see communication between the cameras and the server where it is collecting parameters but there is a segment right before the end of a sequence that indicates trouble to me...one which I pasted below and more at the end of this post.

WireShark trace:

Svr2cam>> GET /command/system.cgi?NtpServer=LCU - Waukesha HTTP/1.0
Authorization: Basic YWRtaW46YWRtaW4=

Cam2Svr>>HTTP/1.0 400 Bad Request
Content-Type: text/html
Content-Length: 155
Connection: close
Date: Tue, 10 Jun 2014 20:03:21 GMT
Server: gen5th/1.82.01
<HTML><HEAD><TITLE> 400 Bad Request</TITLE></HEAD>
<BODY><H1> 400 Bad Request </H1>
Your client has issued a malformed or illegal request.
</BODY>
</HTML>

This looks like an effort to establish the time between the camera and the server.

The odd parts in all this are many. In my lab I have a duplicate system and a sister camera model and I am unable to see the issue that the customer has. (user cam is CH140 and I have a CH120) Other cam vendors are Toshiba and Basler.

I can use RTSP and IE to get video streams a-ok from our server.

Below are the other camera segments with a similar ending:

SVR>> GET /cgi-bin/param_if.cgi?NumActions=3&Action_0=System.NTP.SetValue&Parameter_0_0=H_1&Action_1=System.TimeZoneDesc.SetValue&Parameter_1_0=UTC-0&Action_2=System.NTPServer.SetValue&Parameter_2_0=LCU - Waukesha HTTP/1.0
Host: 192.168.151.119
User-Agent: ExacqDVR
Authorization: Basic YWRtaW46YWRtaW4=


Cam>>HTTP/1.0 400 Bad Request
Content-Type: text/html
Connection: close
<title>Bad Request</title>Only HTTP 1.x supported

AND.....

GET /cgi-bin/admin/setparam.cgi?system_timezoneindex=0&system_ntp=LCU - Waukesha&system_updateinterval=3600&system_daylight_enable=0&system_time=auto&system_date=auto&di_i0_normalstate=high&do_i0_normalstate=open&di_i1_normalstate=high HTTP/1.0
Authorization: Basic cm9vdDo=

HTTP/1.0 400 Bad Request
Date: Tue, 10 Jun 2014 21:03:44 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=ISO-8859-1

<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD>
<BODY><H1>400 Bad Request</H1>
Your client has issued a malformed or illegal request.
</BODY></HTML>

I could use some suggestions from the Exacq gurus out there.

Mike Dotson

Seneca | IPVMU Certified | 06/17/14 06:20pm

Eventually answered my own question. User assigned a bogus name to the NTP server override and those cameras have NTP controls on them.

John Honovich

IPVM | In reply to Mike Dotson | 06/17/14 07:29pm

So it was a time synchronization issue / problem?

Avatar

Marty Major

FLIR Security | In reply to John Honovich | 06/18/14 12:02am

Nothing is more pathetic and lame than some d-bag who brags 'yeah, I knew that' only after someone else has revealed the solution. We all learned this around what... age 4 or 5?

...and I didn't know. As I read the string I had zero clue. Not one.

However, right before my eyes started to fuzz over from all the technical stuff Mike showed us... I spotted the word 'illegal' in the error message.

Somewhere deep in my tech support lizard brain, that word whispered 'time' to me and I'm wondering if anyone has ever seen that word (illegal) in an error message before... and if so, have you found it used to indicate something else? (Lizard brain whispers should never be spoken out loud; sometimes the lizard lies)

Like most all tech/field support people, we start off by not really knowing anything at all. The really good tech/field support person is generally the one with the longest beard grown in one location. The more you see, the 'smarter' you appear to the next customer (and so on), and it builds you into a seasoned - and confident - problem solver.*

Don't know about you, but that's what I want when I need help from someone.

So.... 'illegal'. Error message. Anyone?

----------

*Unlike sales, technical support funk is not fakable without a mute/hold button and a working internet connection.

Rukmini Wilson

In reply to Marty Major | 06/18/14 12:30am

I believe your lizard may be speaking with forked tongue :), IMHO it looks like the error is related to illegal characters, notably an 'illegal' space or two in the url, caused by a bogus hostname manually entered for a timserver. But the error would be the same on any malformed request from any type of hostname, so only trivially related to time and not at all to time sync.

Avatar

Marty Major

FLIR Security | In reply to Rukmini Wilson | 06/18/14 01:48am

thanks Rukmini... :)

&#!% lizards.

Mike Dotson

Seneca | IPVMU Certified | 06/18/14 12:19pm

It turns out that the customer was giving the Exacq servers a useful human name so it would show nicely in the system listing in the left frame. Indeed the human name had 'spaces' in it.... which in the land of computers is a generally not allowed character (among others).

Exacq has a time override capability in the system setup where one can define a global time server or an intranet NTP server. By default, Exacq uses the local server at a time server unless the override is defined...which was the case here.

For some reason, the user thought he needed to put the name of the local server in the intranet override field.

I had built up a duplicate server in my lab to debug this situation and when I did Wireshark traces from my machine, I saw a very different set of parameters being sent out to the camera. A followup conversation with the customer revealed the practice of overriding the NTP setting.

I was able to replicate the issue on my lab system by doing the same thing and thus was able to inform the customer how to fix his installation.

Now... how many of you have heard the statement...."I have been doing it that way for a long time" when in fact the evidence counters the assertion?

Top Comment Votes - Past 3 Months
  • 1. John Honovich - 1618
  • 2. Chris Dearing - 986
  • 3. Brian Karas - 470
  • 4. Marty Major - 244
  • 5. Ethan Ace - 229
  • 6. Brian Rhodes - 206
  • 7. Michael Miller - 203
  • 8. Frank Lucero - 195
  • 9. Sean Patton - 177
  • 10. Sean Nelson - 139
  • 11. Greg Cortina - 130
  • 12. Daniel Tyrrell - 106
  • 13. Rick Caruthers - 104
  • 14. Andrew Myers - 87
  • 15. Stephen Green - 77
  • 16. Shannon Davis - 76
  • 17. Jason Crist - 75
  • 18. Lynn Harold - 69
  • 19. Jon Dillabaugh - 67
  • 20. John Bazyk - 59
Manufacturers
Tools

AI Tester

BestMatch

Camera Calculator

Camera Finder

F-Stop Calculator

Chat

Integrator Finder

News Spider

Camera Comparison

Quizzes

Pages

About

Contact