onguard web applications setup & troubleshooting guide

WEB APPLICATIONS: wAAM wVV IDVM Setup & Troubleshooting Guide

- 1 -

Table of Contents Installing wAAM, wVV, and IDVM ........................................................................................................................................................................................................ - 4 -

Install IIS ...................................................................................................................................................................... - 4 -

Create an admin account for the LS Application Server ............................................................................................. - 4 -

Perform a custom install of OnGuard ......................................................................................................................... - 5 -

Add the SQL Login for the new user ........................................................................................................................... - 5 -

Start the Application Server using a specific user account ......................................................................................... - 5 -

Configure IIS permissions ............................................................................................................................................ - 5 -

Allow ASP.NET ............................................................................................................................................................. - 6 -

Configure Internet Explorer permission ..................................................................................................................... - 6 -

Important Files ............................................................................................................................................................ - 7 -

Run Forms Translator .................................................................................................................................................. - 7 -

Restart IIS .................................................................................................................................................................... - 7 -

Restart the LS Application Service .............................................................................................................................. - 7 -

Adding ability to run reports from wAAM .................................................................................................................. - 8 -

Setting up single sign-on for wAAM and wVV ............................................................................................................ - 8 -

Using SSL for the OnGuard web services .................................................................................................................... - 8 -

IDVM (Web Based Visitor Management) ........................................................................................................................................................................................... - 10 -

System Requirements ............................................................................................................................................... - 10 -

Create a Directory ..................................................................................................................................................... - 10 -

Setup Single Sign On ................................................................................................................................................. - 10 -

Test to make sure Single Sign On is working properly .............................................................................................. - 10 -

Link a Directory to a Cardholder ............................................................................................................................... - 10 -

An explanation of Single Sign-On and its use in IDVM .............................................................................................. - 11 -

Important Files .......................................................................................................................................................... - 11 -

Configure IIS permissions .......................................................................................................................................... - 12 -

Restart IIS .................................................................................................................................................................. - 13 -

Restart the LS Application Service ............................................................................................................................ - 13 -

IDVM HOST .................................................................................................................................................................... - 14 -

Installation ................................................................................................................................................................ - 14 -

Getting to and using the IDVM Host ......................................................................................................................... - 14 -

Permissions needed for Users logging into the IDVM Host ...................................................................................... - 14 -

IDVM ADMIN TOOL ....................................................................................................................................................... - 15 -

Installation ................................................................................................................................................................ - 15 -

- 2 -

Getting to and using the IDVM Admin Tool .............................................................................................................. - 15 -

Permissions need for Users who will be using the IDVM Admin Tool ...................................................................... - 15 -

Specific Permissions needed in Internet Explorer .................................................................................................... - 15 -

IDVM FRONT DESK ........................................................................................................................................................ - 16 -

Installation ................................................................................................................................................................ - 16 -

Installing the Snapshell IDR ....................................................................................................................................... - 16 -

Using IDVM Front Desk ............................................................................................................................................. - 16 -

Using the Snapshell IDR ............................................................................................................................................ - 16 -

Permissions needed for Front Desk Attendant ......................................................................................................... - 17 -

IDVM KIOSK ................................................................................................................................................................... - 18 -

Install TouchIt Keyboard ........................................................................................................................................... - 18 -

Install the Kiosk software .......................................................................................................................................... - 18 -

Open the Kiosk application ....................................................................................................................................... - 18 -

Add Visit Key to System ............................................................................................................................................ - 18 -

Add Visitor Email Fields ............................................................................................................................................. - 19 -

Confirm that the Email Field for Visitors was added: ............................................................................................... - 19 -

Visitor email notification when they are scheduled for a visit: ................................................................................ - 19 -

Permissions needed for Users logging into the Kiosk application: ........................................................................... - 19 -

Troubleshooting ................................................................................................................................................................................................................................. - 20 -

IIS Troubleshooting ....................................................................................................................................................... - 20 -

How to test if IIS is installed and working ................................................................................................................. - 20 -

If you receive a SOAP error ....................................................................................................................................... - 20 -

INTERNAL ONLY: Run the web server on a domain controller ........................................ Error! Bookmark not defined.

Installing OnGuard with Web Apps ............................................................................................................................... - 20 -

LS Application Server starts then stops..................................................................................................................... - 20 -

Page cannot be found ............................................................................................................................................... - 21 -

If IIS is installed to a non-standard location, make the following changes:.............................................................. - 21 -

Is there an Auto Log Off option in our web applications? ........................................................................................ - 21 -

Opening wAAM or wVV ................................................................................................................................................ - 21 -

If you receive the following message about error communicating with the web service ........................................ - 21 -

If you do not see the directory listed in the sign on dropdown ............................................................................... - 21 -

Unable to view video – Recorder in a different domain/workgroup........................................................................ - 21 -

Single Sign-On Issues ..................................................................................................................................................... - 22 -

If you see the error, “Error: ‘firstChild’ is null or not an object”, or the error, “Error: ‘True’ is undefined” ............ - 22 -

- 3 -

If the sign in box opens up immediately ................................................................................................................... - 22 -

wAAM Report Issues ..................................................................................................................................................... - 22 -

If the report button does not show .......................................................................................................................... - 22 -

If a window does not pop open when you press the Run Reports… button ............................................................ - 22 -

Receive a message stating that the Crystal.NET engine cannot be found when you attempt to run a report ........ - 22 -

If a message shows about being unable to load report template ............................................................................ - 22 -

IDVM General Troubleshooting .................................................................................................................................... - 22 -

Unable to link cardholders to directory accounts ..................................................................................................... - 22 -

Visit types do not show in IDVM ............................................................................................................................... - 23 -

“Could not sign out visit event. The badge status for sign out must be configured.” .............................................. - 23 -

IDVM Host Troubleshooting ......................................................................................................................................... - 23 -

If you get an error about Javascript needing to be enabled for this page to display ............................................... - 23 -

Get the following error, known as the NTLM error .................................................................................................. - 23 -

If you are unable to add the visit key to the system ................................................................................................. - 23 -

IDVM Admin Troubleshooting ...................................................................................................................................... - 24 -

If the page will not load ............................................................................................................................................ - 24 -

IDVM Front Desk Troubleshooting ............................................................................................................................... - 24 -

The following error appears when trying to start the Front Desk application: ........................................................ - 24 -

Need to change default printer in IDVM Front Desk ................................................................................................ - 24 -

IDVM Kiosk Troubleshooting......................................................................................................................................... - 25 -

The following error about endpoints appears when trying to start the Kiosk application: ..................................... - 25 -

The wrong printer shows up as the default printer: ................................................................................................. - 25 -

Badge prints look different in IDVM than in the stand alone Visitor Management ................................................. - 25 -

Certain fields cannot be viewed, or can be viewed, in Kiosk under cardholder information. ................................. - 25 -

Things that cannot be changed in the kiosk display include: ................................................................................... - 25 -

Things that can be customized on the kiosk: ............................................................................................................ - 25 -

- 4 -

Installing wAAM, wVV, and IDVM

Install IIS

1. Windows Server 2008: http://technet.microsoft.com/en-us/library/cc730716(WS.10).aspx

2. Windows Server 2003: http://technet.microsoft.com/en-us/library/aa998483(EXCHG.65).aspx

3. Windows Vista: http://technet.microsoft.com/en-us/library/cc754752(WS.10).aspx

4. Windows XP: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-

us/iiiisin2.mspx?mfr=true

Create an admin account for the LS Application Server

1. If the system is not on a domain then create a local User with a strong password

a. Right click on My Computer > Select Manage > Expand out Local Users and Groups

i. Right click on Users > select New User...

1. User name: LSApplication

2. Password: Application!2345

3. Confirm password: Application!2345

4. Deselect 'User must change the password at next logon'

5. Place a checkmark on 'Password never expires'

6. Click [Create]

b. Left mouse click on Groups (under Local Users and Groups) > Right click on the Administrators Name >

select properties.

i. Click [Add...]

ii. Click [Locations...] > select the local machine as the location.

iii. Click [Advanced...]

iv. Click [Find Now]

1. Select LSApplication from the list

2. Click [OK]

v. The 'Enter the object name to select' field should be populated now with

localMachineName\LSApplication > Click [OK]

c. This should add the LSApplication User to the list of Members for Administrators > Click [OK]

2. If the system is on a domain then us a domain user who is also a Local Admin

a. Right click on My Computer > Select Manage > Expand out Local Users and Groups

b. Left mouse click on Groups (under Local Users and Groups) > Right click on the Administrators Name >

select properties.

i. Click [Add...]

ii. Click [Locations...] > select the domain as the location.

iii. Click [Advanced...]

iv. Click [Find Now]

1. Select the domain user from the list

2. Click [OK]

v. The 'Enter the object name to select' field should be populated now with domain\domain user >

Click [OK].

c. This should add the domain user to the list of Members for Administrators > Click [OK].

http://technet.microsoft.com/en-us/library/cc730716(WS.10).aspx

http://technet.microsoft.com/en-us/library/aa998483(EXCHG.65).aspx

http://technet.microsoft.com/en-us/library/cc754752(WS.10).aspx

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/iiiisin2.mspx?mfr=true

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/iiiisin2.mspx?mfr=true

- 5 -

Perform a custom install of OnGuard

1. You will want to include the Application Server as part of the custom installation.

Add the SQL Login for the new user

1. Open SQL Management Studio Express > login with Windows Authentication or as SA if using SQL

Authentication.

2. Expand out Security in the Object Explorer

3. Right click on Logins > New Login...

a. Click [Search...] located next the text field for Login name:

i. Click [Locations...] > select the local machine or domain as the location.

ii. Click [Advanced...]

iii. Click [Find Now]

iv. Select LSApplication or domain user from the list

v. Click [OK]

b. Select the Windows Authentication Radio Button

c. Navigate to the User Mapping Page

i. Place a check mark next to the AccessControl Database.

ii. At the "Database role membership for: AccessControl" section, place a check mark next to

db_datareader and db_datawriter

d. Click [OK]

4. Close out of SQL Management Studio

Start the Application Server using a specific user account

1. Go to Start > Run > type services.msc

2. Right click on LS Application Server service > select properties

a. Select the Log On tab > the radio button for 'This account:'

b. Click [Browse...]

i. Click [Locations...] > select the local machine or domain as the location.

ii. Click [Advanced...]

iii. Click [Find Now].

iv. Select LSApplication or domain user from the list.

v. Click [OK].

c. The 'Enter the object name to select' field should be populated now with

localMachineName\LSApplication or domain\domain user.

i. Click [OK].

d. Type the password for the LSApplication user 2 times (Password and Confirm Password fields).

i. Click [OK].

e. Restart the LS Application Server service.

Configure IIS permissions

1. Right click on My Computer > Select Manage

2. Expand out Services and Applications > Expand out Internet Information Services > Expand out Web Sites >

Expand out Default Web Site.

3. Right click on Lnl.OG.Web > Select Properties

a. Go to the Directory Security tab > Click *Edit…+ under Authentication and access control

i. Uncheck Anonymous access.

- 6 -

ii. Check Integrated Windows authentication.

iii. Click [OK].

b. Go to the ASP.NET tab

i. If running 5.12.012, make sure that you are using ASP.NET 1.14. Otherwise, make sure that

ASP.NET version is 2.0.50727.

1. If this is not the case, then you will need to upgrade the version of ASP.NET.

c. Click [OK]

4. Right click on Lnl.OG.WebService

a. Go to the Directory Security tab > Click *Edit…+ under Authentication and access control

i. Uncheck Anonymous access.


iii. Click [OK].


i. If running 5.12.012, make sure that you are using ASP.NET 1.14. Otherwise, make sure that

ASP.NET version is 2.0.50727.


c. Click [OK].

Allow ASP.NET

1. This step is only needed if running Windows Server 2003


3. Expand out Services and Applications > Expand out Internet Information Services

4. Click on Web Service Extensions.

a. Make sure that the proper version of ASP.NET is Allowed.

i. If this is not allowed, then click [Allow].

Configure Internet Explorer permission

1. Go to Internet Explorer > Tools menu > Internet Options

2. Go to the Security tab

a. Click the Trusted Sites > Click [Sites]

i. Unless using SSL, add http://<servername> in the text box. If you are using SSL, the address will

need to be https://<servername>

1. Replace <servername> with the actual server name for where IIS is running.

ii. If entering the address without https, make sure ‘Require server verification (https:) for all sites

in this zone is UNCHECKED.

iii. Click [Add]

iv. Click [Close].

b. Click *Custom level…]

i. Go to the ActiveX controls and plug-ins section.

1. Select Enable for ‘Automatic prompting for ActiveX controls’.

ii. Go to the Downloads section.

1. Select Enable for ‘ File Download’.

iii. Go to the Miscellaneous section.

1. Select Enable for ‘Access data sources across domains’.

iv. Go to the User Authentication section

- 7 -

1. Select Automatic logon with current user name and password for ‘Logon’

v. Click [OK].

c. Click [OK].

Important Files

1. preferences.js

a. Located at C:\Inetpub\wwwroot\Lnl.OG.Web > preferences.js

b. Open in Notepad.exe for editing.

i. Locate the line: var g_lnl_pfx_webservice_serverAddress = "http://<servername>";

1. <servername> should be replaced with the actual server name that is running IIS.

2. Make sure that http:// is being used and not https://, unless using SSL

3. Save and exit file.

2. web.config

a. Located at C:\Inetpub\wwwroot\Lnl.OG.WebService

b. If installing to a non-standard location, this file must be modified as outlined below

i. For a non-standard installation, find the line:

<add key="baseConfigFilePath"

value="c:\inetpub\wwwroot\lnl.og.webservice\pfxwebservice\web.config"/>

ii. Update the path with the correct location

Run Forms Translator

1. Open My Computer

2. Browse to C:\Program Files\OnGuard

3. Look for an executable called Lnl.Tools.FormTranslator.exe

a. Double click to run the .exe

b. Type in the User Name and Password:

i. The User Name needs to be SA

ii. Type in the password for the OnGuard SA account

1. ***NOTE*** The SA password can NOT be blank/null. Make sure the directory says

<Internal>

c. Click [OK]

d. Click [OK] when Forms Translator finishes successfully.

Restart IIS

1. Right Click on My Computer > Click Manage

2. Expand out Services and Applications

3. Right click on Internet Information Services > All Tasks > Restart IIS...

a. Select "Restart Internet Services on <IIS SERVER NAME>" from the dropdown list.

b. Click [OK]

Restart the LS Application Service

1. Go to START > Run > type services.msc > click [OK]

2. Right click on the LS Application Server service > All Tasks > Restart

- 8 -

Adding ability to run reports from wAAM

1. Open the preferences.js file for editing

2. Add the following lines to the end of the file:

var g_lnl_og_aam_showReportsTask = true;

3. You then need to enter in the reporting details into the web.config file in the Lnl.OG.WebService folder

a. <add key="reportDSN" value="Lenel"></add>

i. The value within the quotes is the name of the DSN for OnGuard

b. <add key="reportDatabase" value="AccessControl"></add>

i. The value within the quotes is the database name

c. <add key="reportDatabaseUsername" value="lenel"/>

d. <add key="reportDatabasePassword" value="MULTIMEDIA"/>

i. The value within the quotes is the password for the lenel user

4. A folder also needs to be created in the following path: C:\Temp\LnlWebServiceReports, this is used for

temporary report storage.

5. Be sure that the Crystal.NET components have been installed from the prerequisites on the supplemental disc

Setting up single sign-on for wAAM and wVV

1. Go to C:\Inetpub\wwwroot\Lnl.OG.Web.

2. Open the preferences.js file for editing

3. Find the following line:

var g_lnl_useSingleSignOn = false;

4. Change the false to a true. The value is case sensitive, be sure to make true all lower case. The line should then

look like this:

var g_lnl_useSingleSignOn = true;

5. Restart IIS.

6. Restart the LS Application Server service.

Using SSL for the OnGuard web services

1. To add SSL ensure the Certificate Authority (CA) is installed by opening up the Certificates console snap-in a. If there is not a CA it needs to be created which is the responsibility of the customer. Steps for creating a

self-signed certificate can be found at http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html. This URL also details how to create the certificate needed in step g. If there isn’t a CA, follow the instructions in the URL and then skip to step i.

2. After verifying the CA is installed open the IIS Management Utility from Start>Settings>Control Panel>Administrator Tools

3. Expand out until “Default Web Site” is displayed. 4. Right click on the “Default Web Site” and choose “Properties”. 5. Go to the Directory Security Tab and click [Server Certificate] in the “Secure communications” section 6. Choose “Assign an existing certificate” option and click *Next] 7. There should only be one certificate in the box, choose that and click [Next] 8. Keep the SSL port at 443 and then click [Next] and then choose [Finish] 9. Click the [Edit…] button in the “Secure communications” section and check the “Require secure channel (SSL)”

check box and click [OK] 10. Go to C:\Inetpub\wwwroot\lnl.og.web\Extensions and open the preferences.js file for editing

a. Locate the “var g_lnl_pfx_webservice_serverAddress” line

b. Change http to https before the server name

http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html

- 9 -

At this point, you should be able to run Web Based Video Viewer and Web Based Area Access Manager.

Web Based Area Access Manager: http://<SEVERNAME>/lnl.og.web/lnl_og_aam.aspx

Web Based Video Viewer: http://<SERVERNAME>/lnl.og.web/lnl_og_videoviewer.aspx

There is more configuration below for IDVM.

- 10 -

IDVM (Web Based Visitor Management)

System Requirements

1. The system MUST be on a Domain. IDVM will not work with a local Workgroup. 2. You MUST use the Fully Qualified Domain Names (FQDN) when connecting to IDVM. For example,

http://server.windows.com/idvmhost.

Create a Directory

1. Go to System Administration > Administration > Directories… 2. Click [Add]. 3. Select the type of directory that you want to add.

a. Typically, most people use Microsoft Active Directory. b. Most corporations use Microsoft Active Directory.

4. Click [OK]. 5. Type the name of the Domain in the Domain: text box

a. This will automatically fill out the Name text box with the same name. b. An example may look like: windows.yourCompany.com

6. Go to the Authentication tab. 7. Click the Current Windows account radio button. 8. Click [OK].

Setup Single Sign On

1. Go to System Administration > Administration > Users... 2. Find the User that you want to use Single Sign On.

a. This User will also be the person that you want to be able to sign into IDVM. 3. Click [Modify]. 4. Go to the Directory Accounts tab. 5. Click [Link]. 6. Select the Directory that you created in Step 2 from the dropdown list. 7. Click [Search].

a. This will return all Active Directory entries. 8. Select the Active Directory user that will be linked to the OnGuard User.

a. In order to eliminate any confusion, when a person logs into a Windows machine with an Active Directory account, then this user will be linked to an OnGuard User. Therefore, as soon as you try to open an OnGuard Application, in this case IDVM, you will automatically authenticate.

9. Click [OK]. 10. Click [OK] at the bottom of the Users page to save all modifications.

Test to make sure Single Sign On is working properly

1. Log into Windows using the Active Directory account that you just added. 2. Attempt to log into System Administration.

a. You should log directly in without being asked for credentials. 3. If this is not working, then go back to Step 2 of the IDVM section.

Link a Directory to a Cardholder

1. Go to System Administration > Administration > Cardholders… 2. Search for the cardholder that will be creating the Visit Events.

a. Click [Search]. b. Type in the Last Name and First Name for the cardholder that you want to find. c. Click [OK].

3. Select the Directory Accounts tab.

http://server.windows.lenel.com/idvmhost

- 11 -

a. You may have to scroll through the tabs with the right arrow in order to find the Directory Accounts tab. 4. Click [Link]. 5. Select the Directory that you created in Step 2 from the dropdown list. 6. Click [Search].

a. This will return all Active Directory entries. 7. Select the Active Directory user that will be linked to the OnGuard User. 8. Click [OK]. 9. Click [OK] to save all modifications.

An explanation of Single Sign-On and its use in IDVM

1. First, you linked an Active Directory Account to an OnGuard User. a. This is how you will be logged into IDVM

2. Then, you linked an Active Directory Account to a Cardholder. a. The Cardholder will be the Host for a Visit.

3. An example that may explain this better: a. Let’s say that there is a President and an Assistant to the President.

i. The President relies on the Assistant to create Visits and to add Visitors. ii. The President wants it to appear that s/he has created the Visit and wants to be the Host for the

event. b. In this situation, the Assistant will be the person logging into IDVM in order to add the Visitor and create

the Visit for the President. i. Therefore, the Assistant’s Active Directory Account would be linked to the Assistant’s OnGuard

User Account. ii. The President could have his/her Active Directory Account linked to his/her OnGuard User (just

in case the president ever wanted to log in to IDVM) c. Now we must figure out who to link to the Cardholder.

i. The Assistant’s Active Directory Account would be linked to the President’s Cardholder. 1. The Cardholder will show as the Host. 2. However, this allows the Assistant to configure Visits for the President.

ii. The President’s Active Directory Account can also be linked to his/her Cardholder (In a rare case where the President needs to add his/her own Visit event).

4. In most common situations, the OnGuard User will be linked to his/her own OnGuard Cardholder. a. This will enable the person logging into IDVM to be the Host for Visit events that they create.

Important Files

1. FlexApplicationConfiguration.xml a. Located at C:\Inetpub\wwwroot\Lnl.OG.Services\WebHost > FlexApplicationConfiguration.xml b. Open in Notepad.exe for editing.

i. Locate the line: <wsdlurl>http://<FQDN>/Lnl.OG.Services/IdvmService.svc?wsdl</wsdlurl>

1. <FQDN> should be replaced with the actual Fully Qualified Domain Name for the server

that is running IIS. Make sure that http:// is being used and not https://, unless using SSL


2. SilverlightApplicationConfiguration.xml

a. Located at C:\Inetpub\wwwroot\AdminApp > SilverlightApplicationConfiguration.xml

b. Open in Notepad.exe for editing.

i. Locate the line: <serviceurl>http://<FQDN>/Lnl.OG.Services/IdvmService.svc</serviceurl>

1. <FQDN> should be replaced with the actual Fully Qualified Domain Name for the server

that is running IIS. Make sure that http:// is being used and not https://, unless using SSL


- 12 -

Configure IIS permissions


2. Expand out Services and Applications > Expand out Internet Information Services > Expand out Web Sites >

Expand out Default Web Site.

3. Right click on Lnl.OG.Services > Select Properties

a. Go to the Directory Security tab > Click *Edit…+

i. Check Anonymous access.


iii. Click [OK].


i. Make sure that ASP.NET version is 2.0.50727.


c. Click [OK]

4. Right click on IdvmHost > Select Properties


b. Check Anonymous access.

i. Check Integrated Windows authentication.

ii. Click [OK].

c. Go to the ASP.NET tab



d. Click [OK].

5. Right click on AdminApp > Select Properties




iii. Click [OK].




c. Click [OK].

6. Right click on FrontDeskClickOnce > Select Properties




iii. Click [OK].




c. Click [OK].

7. Right click on KioskClickOnce > Select Properties




iii. Click [OK].

- 13 -




c. Click [OK].

Restart IIS

1. Right Click on My Computer > Click Manage

2. Expand out Services and Applications

3. Right click on Internet Information Services > All Tasks > Restart IIS...

a. Select "Restart Internet Services on <IIS SERVER NAME>" from the dropdown list.

b. Click [OK]

Restart the LS Application Service

1. Go to START > Run > type services.msc > click [OK]

2. Right click on the LS Application Server service > All Tasks > Restart

- 14 -

IDVM HOST This will be used by anybody that is scheduling Visit events. This is the base IDVM application.

Installation

1. This is the standard Application for IDVM. 2. There are no additional installation steps needed to get into the IDVM Host.

Getting to and using the IDVM Host

1. You can get to the IDVM Host by going to http://<FQDN>/idvmhost a. ***NOTE*** You will need to change the <FQDN> with your actual FQDN.

2. Log into the IDVM Host. a. If Single Sign On is configured for web applications, then you should be logged in automatically. b. If Single Sign On is not configured, then you will need to log in.

3. Once you are logged in, you can create Visit Events, Add/Modify Visitors, View Upcoming Events, etc… 4. See the IDVM User Guide for more on how to use the application.

Permissions needed for Users logging into the IDVM Host

1. Go to System Administration > Administration > Users… 2. Locate the OnGuard User that will be logging into IDVM Host application and make sure they have the following

permissions: a. ***NOTE*** After any changes are made to User Permissions, the IIS Server must be restarted.

- 15 -

IDVM ADMIN TOOL This tool is used to configure the different Front Desk and Kiosk locations.

Installation

1. Install SilverLight from http://www.microsoft.com/silverlight/ a. This needs to be installed on any machine that will be logging into the IDVM Admin Tool.

Getting to and using the IDVM Admin Tool

1. You can get to the Admin Tool website by going to the following URL http://<FQDM>/adminapp a. ***NOTE*** You will need to change <FQDM> with your actual FQDM.

2. Log into the Admin Tool. 3. Once in the Admin Tool, you can configure the information about the different Front Desks that you have. 4. You can also configure the settings and appearance for the Kiosks with this tool. 5. Use the Visitor Administration User Guide for more information.

Permissions need for Users who will be using the IDVM Admin Tool

6. Go to System Administration > Administration > Users… 7. Locate the OnGuard User that will be logging into the IDVM Admin Tool application and make sure they have the

following permissions: a. ***NOTE*** After any changes are made to User Permissions, the IIS Server must be restarted.

Specific Permissions needed in Internet Explorer

1. In Internet Explorer, add the Visitor Administration URL to the list of Trusted Sites on the Security tab of the Internet Options.

a. Set the security level for this zone to medium-low. 2. JavaScript should be enabled for the browser. 3. The following options must be configured in the custom security settings:

http://www.microsoft.com/silverlight/

- 16 -

IDVM FRONT DESK This is typically used at a receptionist desk. The person at the desk will be able to view, add, and sign in/out Visits and

Visitors.

Installation

1. Install from disk: a. Browse to C:\Inetpub\wwwroot\FrontDeskClickOnce b. Double Click on the file called Lnl.OG.VM.FrontDesk.View.application c. Click [Install]

2. Install from web server: a. Open Internet Explorer and go to http://servername/frontdeskclickonce, or if using SSL use https b. Click [Install]

3. Install from network location: a. Copy the FrontDeskClickOnce folder to an available network location b. Install using the Install from disk instructions replacing the folder location with the network location

Installing the Snapshell IDR

***Do not plug the camera in before running the install***

1. Open Snapshell driver SDK

2. Double click on sdk_setup.exe

3. Click [Next]

4. Click [Next]

5. Change destination if necessary, then click [Next]

6. Uncheck Driver License, ID & Passports and check Business Card

7. Click[ Next]

8. Uncheck ScanShell 800\R (Vista Compliant)

9. Click [Next]

10. Click [Next]

11. Click [Finish]

12. Plug in scanner

13. Do not connect to the internet

14. Install Automatically

15. Click [Continue Anyway] on the driver warning

16. Click [Finish]

Using IDVM Front Desk

1. Go to START > Programs > Lenel Systems International > OnGuard Front Desk

Using the Snapshell IDR

1. Open the Front Desk application and log in.

2. Place a business card facedown on the scanner.

3. Press the purple button on front of scanner.

4. This will scan the business card. It will also search for existing Visitor records that match the business card. If

the system finds a match, then you will have the option to edit that Visitor’s information or you will have an

option add a new Visitor with the [New Visitor] button. If the system does not find an match then there will just

be the option to select [New Visitor].

5. Additional Notes:

http://servername/frontdeskclickonce

- 17 -

a. You are able to scan a business card at any time and from any screen within Front Desk.

b. Only business cards can be scanned with this device. We do not support scanning licenses at this time

with this device.

c. Occasionally, you may see the following error message. Unfortunately, the only way to close this

message is to completely log out of Front Desk and then log back in. This error occurs only if you press

the scan button without a business card placed on the scanning surface. However, this error will not be

produced every time.

Permissions needed for Front Desk Attendant

1. Go to System Administration > Administration > Users… 2. Locate the OnGuard User that will be logging into the Front Desk application and make sure they have the


- 18 -

IDVM KIOSK This allows a visitor to sign themselves into their visit. Therefore, no additional resources/people are needed.

Install TouchIt Keyboard

1. Browse to Supplemental CD Revision 8\Support Center\TouchIt Keyboard 2. Install TouchIt.exe.

a. Double-click on it to start the installation. Click [Next]. b. Choose the destination location. Click [Next]. c. Choose the data directory. Click [Next]. d. Select Full installation from the drop-down. Click [Next]. e. You may choose to have shortcut icons. Click [Next]. f. When the installation is complete, click [Finish].

3. Install keyboard templates. a. Double-click on LogOnKeyboard.exe to start the installation. Click [Install]. b. The template will be installed. When it is complete, click [Close]. c. Repeat this step for MixedKeyboard.exe and NumericKeyboard.exe.

4. Locate the file, TouchIt.ini,and move it to the TouchIt directory on the computer. If you used the default location, it should be C:\Program Files\Chessware\TouchIt

Install the Kiosk software

1. Install from disk: a. Browse to C:\Inetpub\wwwroot\KioskClickOnce b. Double click on the file called Lnl.OG.VM.Kiosk.View.application. c. Click [Install].

2. Install from web server: a. Open Internet Explorer and go to http://servername/kioskclickonce, or if using SSL use https b. Click Install

3. Install from network location: a. Copy the KioskClickOnce folder to an available network location b. Install using the Install from disk instructions replacing the folder location with the network location

Open the Kiosk application

1. Go to START > Programs > Lenel Systems International > OnGuard Kiosk

Add Visit Key to System

A visit key is a unique identifier assigned to a scheduled visit. It is used to sign visitors in or out and must be configured for the Kiosk.

1. Go to START > Programs > OnGuard > Forms Designer 2. Log in. 3. Make sure that you have a valid and up to date backup of your database. Select the radio button stating that this

is true. 4. Select Visit from the list and click [OK]. 5. From the Insert menu, select View Only Control. (The visit key cannot be edited.) 6. Select Visit Key from the list and click [OK]. 7. Click [OK] to accept the default settings for the control. 8. The new field will be inserted on the form. You may move the field to the desired location on the form and add a

label for it. For more information, refer to the FormsDesigner User Guide. 9. Save the form and exit FormsDesigner. 10. Be sure to run the Forms Translator to update the forms in the web applications.

http://servername/kioskclickonce

- 19 -

Add Visitor Email Fields

By default, there is no e-mail field for a visitor; you must add one if you wish to send e-mail notifications to visitors about visits.

2. Go to START > Programs > OnGuard > Forms Designer 3. Log in. 4. Make sure that you have a valid and up to date backup of your database. Select the radio button stating that this

is true. 5. Select Visitor from the list and click [OK]. 6. On the Visitor tab:

a. Insert a new text field for the visitor’s e-mail address. A good name for the object might be “Visitor E-mail”. Make sure to select “Internet Email” in the vCard drop-down list on the Field Settings form.

i. ***NOTE*** The default length of the field is 15 characters. It is recommended that you increase the field length to accommodate e-mail addresses.

b. Insert a new label field. A good name for the object might be “Visitor Email Label”. In the Assigned field drop-down list (“Visitor E-mail” if you followed the suggested naming convention.), make sure to select the field that you just added in step i.

7. From the Form menu, select Save. 8. Select the radio button to save and preserve your settings. 9. Be sure to run the Forms Translator to update the forms in the web applications.

Confirm that the Email Field for Visitors was added:

1. Go to System Administration > Administration > Cardholder Options 2. Select the Person Email Fields tab.

a. Notice that the Visitor E-mail field that you just added is now listed in the Visitor e-mail fields listing window, and it is selected by default.

Visitor email notification when they are scheduled for a visit:

1. Go to System Administration > Administration > Cardholder Options 2. Select the Visits tab.

a. Place a check mark next to: include host’s email by default 3. Click [OK]. 4. ***NOTE*** In order for email to work properly, the Global Output Server must be configured. See the System

Administration User Guide for more information on how to set this up.

Permissions needed for Users logging into the Kiosk application:

1. Go to System Administration > Administration > Users… 2. Locate the OnGuard User that will be logging into the Front Desk application and make sure they have the


Cardholder Permission Groups > Cardholder tab > Check Directory Accounts and Link/Unlink.

Cardholder Permission Groups > Visitor Management tab > Check Kiosk (Add, Modify, and Delete).

Cardholder Permission Groups > Visitor Management tab > Sign-In Location (Add, Modify, and Delete).

- 20 -

Troubleshooting

IIS Troubleshooting

How to test if IIS is installed and working

1. If IIS is working properly, you will see the following screen at the address: http://<server name>

a. Server 2003: Windows XP:

2. If this is not installed, go to the Install IIS section

If you receive a SOAP error

1. You likely have an issue with permissions. Verify correct installation and configuration of all the following areas:

a. Create an admin account for the LS Application Server

b. Add the SQL Login for the new user

c. Start the Application Server using a specific user account

d. Be sure to have IIS installed prior to installing OnGuard

i. If IIS is not installed the following error will show in 6.3.249. No error will be presented in

previous versions.

ii. If IIS was not installed prior to the LS Application Server, you will need to either uninstall and

reinstall OnGuard, or copy the bin folder from Lnl.OG.WebService folder on the root of the CD.

This folder should be placed in C:\Inetputb\wwwroot\Lnl.OG.WebService folder on the server. If

this folder does not exist, the reinstall will be necessary.

Installing OnGuard with Web Apps

LS Application Server starts then stops

1. Forms Translator must be run prior to using Web Apps

a. If Forms Translator has not been run, the LS Application Server will not stay running, it will give a

message about stopping due to having nothing to do.

- 21 -

Page cannot be found

1. If all appears to be configured correctly, but you get the following screen when attempting to reach wAAM or

wVV, the issue is likely that ASP.NET is either not installed, or if it is Server 2003, is not allowed. Install ASP.NET,

or go here for how to allow ASP.NET in Server 2003.

If IIS is installed to a non-standard location, make the following changes:

1. There is a hard coded file path in two of the files that must be updated.

a. The first file is the web.config file in the Lnl.OG.WebService folder.

i. Find the line:

1. <add key="baseConfigFilePath"

value="c:\inetpub\wwwroot\lnl.og.webservice\pfxwebservice\web.config"/>


b. The second file is the web.config file in the PFXWebService folder under the Lnl.OG.WebService folder

i. Find the line:

1. <add key="soapDispenserPath"

value="C:\Inetpub\wwwroot\Lnl.PFx.WebService\"></add>


Is there an Auto Log Off option in our web applications?

1. No, there is no way to set a log off time for our web applications. The system will stay logged in.

Opening wAAM or wVV

If you receive the following message about error communicating with the web service

1. The preferences.js file needs to be updated with the server name:

a. Note the address does not have the server name. The entry states localhost because the

preferences.js file has the address as http://localhost. Change this to the proper server name. Also

be sure to use https if you are using SSL

If you do not see the directory listed in the sign on dropdown

1. Verify that it is a domain directory. Workstations will not show up in the dropdown list.

Unable to view video – Recorder in a different domain/workgroup

1. Verify that the client you are viewing from has Use Simple File Sharing disabled in folder options

2. Create a shared folder with full access to everyone on the LNVR with the problem

3. If this is a workgroup, be sure the same user/password combinations are on all of the machines in the

workgroup

http://localhost/

- 22 -

Single Sign-On Issues

If you see the error, “Error: ‘firstChild’ is null or not an object”, or the error, “Error: ‘True’ is undefined”

1. The issue is that a capital T was used in the line var g_lnl_useSingleSignOn = true;. This must be lower case as the

line is case sensitive. Correct the line using the steps here.

If the sign in box opens up immediately

1. It could be a result of the IIS configuration or the Internet Explorer configuration. Go to each section and verify

the configuration.

wAAM Report Issues

If the report button does not show

1. The line in the preferences.js file likely needs to be updated.

If a window does not pop open when you press the Run Reports… button

1. Try it a second time. If the pop up still does not show, it may be getting blocked by Internet Explorer. Verify that

the pop up blocker is not enabled.

Receive a message stating that the Crystal.NET engine cannot be found when you attempt to run a report

1. Crystal.NET has not been installed on the machine running the LS Application Server.

If a message shows about being unable to load report template

1. The proper temporary path for the reports has not been created. The default location is

C:\Temp\LnlWebServiceReports.

2. It may be necessary, if you get write errors or permission problems on execution of a report to grant full access

to the Inetpub folder for the IIS user. This should only be necessary if the directory security is set to anonymous

for Lnl.OG.Web or Lnl.OG.WebService.

a. This is accomplished through right clicking on the Inetpub folder and choosing Properties

b. Go to the Security tab and then click [Add] under Group or user names

c. Add the IIS user that is listed in the Anonymous Access section of the Directory Security for Lnl.OG.Web

and Lnl.OG.WebService

d. Give the user Full Control in order to make all temporary file locations available to the user

3. The same steps as above may be necessary for the temporary path created for reports. The security may need to

be changed on this

IDVM General Troubleshooting

Unable to link cardholders to directory accounts

1. Verify that you have the necessary license

a. Check for the following license in license admin: Maximum Number of Cardholders with Directory

Accounts (SWG-ALXXX) STD. Verify that this count has not been exceeded

2. Verify that the user logged in has the correct permissions

a. Cardholder Permission Groups ->Cardholder: Directory Accounts and Link/Unlink must be selected

- 23 -

Visit types do not show in IDVM

1. Enter the visit types through List Builder

a. Open System Administration

b. Go to Administration -> List Builder

c. Select Visit Type and add entries

“Could not sign out visit event. The badge status for sign out must be configured.”

1. In System Administration, go to Administration -> Cardholder Options -> Visits

2. Click [Modify] and configure an option under “Badge status for sign out:”.

3. Click [OK].

IDVM Host Troubleshooting

If you get an error about Javascript needing to be enabled for this page to display

1. Go to Internet Options, Trusted Sites, Custom Level

2. Find the option under Scripting called “Scripting of Java applets”

3. Enable the option then close out the window by clicking [OK]

4. Click [OK] again to close internet options

Get the following error, known as the NTLM error

1. Add this site to the Intranet zone

a. Go to Internet Options, Intranet Sites, Sites

b. Click [Add]

c. Set all security settings under Custom Level to match the standard settings for the Trusted Sites zone.

If you are unable to add the visit key to the system

1. You may need to get Forms Designer Full. If you are using Forms Designer Lite you cannot add the key. This can

be verified by checking the title bar of the Forms Designer application to see if it says Forms Designer or Forms

Designer Lite.

- 24 -

IDVM Admin Troubleshooting

If the page will not load

1. Verify that the IDVM Host application will load

2. Verify that Microsoft Silverlight is installed

IDVM Front Desk Troubleshooting

The following error appears when trying to start the Front Desk application:

1. Uninstall IDVM Front Desk on the client using Add/Remove Programs.

2. Go to C:\Inetpub\wwwroot\FrontDeskClickOnce\config on the server.

3. Edit the file named: serviceModelClient.config.deploy

a. Find all three instances of localhost and change to the server name

4. Install application again the same way it was installed before.

Sign In Locations not showing in Front Desk application

Verify cardholder permissions in System Administration for the user that you are attempting to log into Front Desk with. 1. Go to System Administration > Users… > Cardholder Permission Groups > Visitor Management

a. Ensure that the Sign in Location is selected as well as Add, Modify, and Delete. 2. After making the changes to Cardholder Permissions:

a. Run Forms Translator. b. Restart IIS. c. Restart the LS Application service.

Need to change default printer in IDVM Front Desk

1. Log into Front Desk

2. Choose My Account

3. Set Default Printer by clicking [Make Default] button next to desired printer

4. Save Changes

- 25 -

IDVM Kiosk Troubleshooting

The following error about endpoints appears when trying to start the Kiosk application:

1. To fix this, find the following file location on the installation location and update it as listed below.

a. KioskClickOnce\config\serviceModelClient.config.deploy

b. Find all three instances of localhost and change to the server name

2. Install application again the same way it was installed before.

The wrong printer shows up as the default printer:

1. To fix this, uninstall and reinstall the kiosk so that it shows the printer choice box again as this only displays on

initial load.

Badge prints look different in IDVM than in the stand alone Visitor Management

1. Printing choices made in the web environment cause any box designed to not show to print on web badges. We

also can only print True Type/Open Type fonts. These are fonts that are listed in C:\Windows\Fonts.

2. When creating the badge in Badge Designer, make all text box fields extremely large. There has been a change

in how word wrap and the new fonts work. If the system feels that the text is too large for the text box, then it

will shrink the size of the text. So, by making all text fields really large, we eliminate this possibility.

a. When this is done, the text will be the same size, but will look bolded. There are no other changes that

can be made at this point to get both web apps and application to print exactly the same.

Certain fields cannot be viewed, or can be viewed, in Kiosk under cardholder information.

1. Change View/Edit Field Page Permissions. All settings for User Defined Visitor can be modified to affect what

users can see in the kiosk.

Things that cannot be changed in the kiosk display include:

1. Disabling Camera

2. Disable Auto Print on Sign In

3. Badge Type for Printing

4. Adding a custom logo to the splash screen.

Things that can be customized on the kiosk:

1. What cardholder information can be viewed/edited

onguard web applications setup & troubleshooting guide

Documents