Diamond II Troubleshooting Guide

GE Security Diamond II Troubleshooting Guide P/N 460985001A ISS 07MAR10

2010 GE Security, Inc. This document may not be copied in whole or in part or otherwise reproduced without prior written consent from GE Security, Inc., except where specifically permitted under US and international copyright law. Content Contact information 2 Workstation does not connect on server 3 D2Server not starting 5 D2Server starts with errors in the application log file 6 Workstation connects on server but does not connect this remote computer 8 When I start the Diamond II workstation I do not get a logon box 9 Workstation does not get a logon box or data does not appear on screens 9 Workstation connects on server but does not connect any remote computers 10 Other workstation connection problems 11 Photo badging issues 12 Problems printing reports from workstations 13 No sounds on alarms 13 Other notes 13 Software release history 15 Contact information For contact information see our Web site: www.gesecurity.com. 2 Diamond II Troubleshooting Guide

Workstation does not connect on server For the local Diamond II workstation to connect, the D2Server service must be running on the server computer. The easiest way to tell if the service is running is to open Windows Task Manager. To open the Windows Task Manager: 1. Press Ctrl + Shift + Esc. This opens the Windows Task Manager window as shown below. Diamond II Troubleshooting Guide 3

2. On the Processes tab, scroll to locate the D2Server.exe task. D2Server should be using at least 30,000 KB of memory. If D2Server is not using at least 30,000 KB of memory see the troubleshooting section D2Server starts with errors in the application log file on page 6. If the D2Server is using at least 30,000 KB of memory, then the problem is likely the data in the "RegionalServers" table in the Domain database. The "RegionalServers" table contains the Diamond II Server name. If the database was restored from another server, the old server name will still be in the "RegionalServers" table. It must be replaced with the new server name. There are two methods to update the RegionalServers table: Manually edit the RegionalServers table Delete the RegionalServers table and run UpgradeDB.exe Method 1: Manually edit the RegionalServers table 1. Open SQL Management Studio by clicking: Start > All Programs > Microsoft SQL Server > SQL Server Management Studio 2. Expand Databases, then expand Domain, and then expand Tables. 3. Right-click RegionalServers, and then click Edit Top 200 Rows. 4. In the column ServerName, enter the short name of the Diamond II server computer. 5. In the column ServerFullDNSName, enter the fully qualified name of the Diamond II server computer. 6. In the column ServerMachineName, enter the short name of the computer. Method 2: Delete the RegionalServers table and run UpgradeDB.exe 1. Open SQL Management Studio by clicking: Start > All Programs > Microsoft SQL Server > SQL Server Management Studio 2. Expand Databases, then expand Domain, and then expand Tables. 3. Right-click RegionalServers, and then click Delete. 4 Diamond II Troubleshooting Guide

4. Close SQL Server Management Studio. 5. Stop and Disable the D2Server service. 6. Locate UpgradeDB.exe on the Diamond II Service Pack CD. The file is located in the folder: \\Converters\Step 1\ 7. Run UpgradeDB. UpgradeDB will recreate the RegionalServers table and populate the row with the correct values. D2Server not starting Verify that the D2Server is listed in the Services window. 1. Click Start > Administrator Tools > Services to open the Services window as shown below. 2. Click the Name heading to sort the services, and then look for the D2Server. If the D2Server is not listed, close the Services window and run InstallDialog.exe. This is located in the folder: \\Program Files\Diamond II\. This will register the program in Windows Services again. If the D2Server is listed, right-click D2Server, and then click Start. If the D2Server still does not start, uninstall and then reinstall the Diamond II Service Pack. Diamond II Troubleshooting Guide 5

D2Server starts with errors in the application log file Check for errors the Windows application log. 1. Click Start > Administrator Tools > Event Viewer to open the Event Viewer window as shown below. 2. Double click to open the Application log, and then scan the Source column for Diamond II errors. An example is shown below. 3. Double-click an error item to open and read the error text. If the error is: Copy protection not found Application: D2Server.exe Version: 2.3.3 Build: 0050 Module: D2Init.cpp Line: 68 This means the Diamond II software cannot find the hardware dongle on the computer. 6 Diamond II Troubleshooting Guide

A number is programmed into the hardware dongle. Diamond II compares the number stored in the dongle with the number stored in the sysconfg.dat (license file). If the numbers do not match, this error occurs. If the error is: Event logging OpenConnection: Error# 80040e4d ConnectionString: Provider = SQLOLEDB.1; Data Source = D2Server; Initial Catalog = ; User Id =******; Password =******; Application: D2Server.exe Version: 2.3.3 Build: 0050 Module: EventsWriter.cpp Line: 71 This means the Diamond II software cannot connect to the SQL database. You can use Google to search for "0x80040e4d" and see that it is an SQL logon failure. Open SQL Server Management and verify that the user account and password used by Diamond II are correct. The Diamond II SQL password can be changed by running ServInstallDiag.exe or InstallDialog.exe. In some cases, it may be necessary to create a new SQL user account and password. If the error is: Cannot access partition [Warehouse]. 0x80040e14 Application: D2Server.exe Version: 2.3.3 Build: 0050 Module: WSService.cpp Line: 1035 This means the Diamond II software cannot connect to the database named Warehouse. Diamond II will wait until all databases are available before starting. Open SQL Server Management and verify that the database is available. If the database was deleted on purpose, you can remove the database from Diamond II list of databases by opening the Partitions table in the Domain database and removing the entry. If the database is valid, SQL may be performing a recovery on the database. In this case you will have to wait until SQL has completed the recovery. Diamond II Troubleshooting Guide 7

If there are no errors, verify that the D2Server.exe service is running. Restart D2Server in Windows Services to recreate the error or see if the problem is fixed. Also, verify that the sysconfg.dat file is in the folder: \\Program Files\Diamond II\Screens\. Workstation connects on server but does not connect this remote computer Verify that the Diamond II workstation connects on the server. If it does, then the problem is not related to the D2Server not starting. Verify that other workstations can connect but that this workstation does not. If other workstations connect, then problem is isolated to: Network connection problems Windows authentication Firewall Network connection problems 1. Can you ping the Diamond II server by name (short and long)? YES: Check the Windows Firewall settings. NO: Try to ping the server by IP address. 2. Can you ping the server by IP address? YES: The DNS server is not working or there is a wrong value in TCP/IP Properties. NO: Check network cabling and connectivity. Windows Authentication 1. Verify that the computer is joined to the Domain the Diamond II server is in. 2. Verify that you are logged on to the Windows Domain and not logged on to the local computer. 8 Diamond II Troubleshooting Guide

Firewall The simplest way to turn off the Windows Firewall is to disable it in Windows Services. (Do not trust the settings in the Windows Control Panel.) To turn off the firewall: 1. Click Start > Administrator Tools, Services. 2. Search the services list for Windows Firewall/Internet Connection Sharing. 3. Right-click this item, and then click Stop. When I start the Diamond II workstation I do not get a logon box Data Execution Protection can cause this problem on some Vista computers. If this occurs, disable Data Execution Prevention (DEP) by following these steps: 1. Click Start > All Programs > Accessories. 2. Right-click Command Prompt, and then click "Run as administrator." 3. At the command line enter: Bcdedit.exe/set {current} nx AlwaysOff Remember to press Enter after typing this text. You should get the message: "The operation completed successfully." 4. Close the command prompt and restart the computer. Workstation does not get a logon box or data does not appear on screens If a workstation does not connect, you can delete the files in the following directory: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys Then restart the computer. Diamond II Troubleshooting Guide 9

Workstation connects on server but does not connect any remote computers 1. Verify that the Diamond II workstation connects on the server. If yes, then the problem is not related to the D2Server not starting up. 2. Does the workstation connect, then in 60 seconds get disconnected? YES: Verify that the Diamond II server can ping the workstation by name. NO: Check the firewall on the workstation. The server pings the workstation by name, if it fails to get a reply the server drops the workstation. 3. On the Diamond II Server open Diamond II Server Management screen by clicking Other Menus > Sys Admin > Server Management. Click Search and verify that the Server Name, NetBIOS Name and Full Computer name are correct for the server. 4. If the Diamond II server is part of a Redundant System, there must be a server promoted as Primary before the workstations can connect. The ClusterServer service must be started on both computers. The ClusterServer service will promote one of the servers as Primary and the other as Alternate. If other workstations can connect, then problem is isolated to: Network connection problems Windows authentication Firewall Network connection problems 1. Can you ping the Diamond II server by name (short and long)? YES: Check the Windows Firewall settings. NO: Try to ping the server by IP address. 2. Can you ping the server by IP address? YES: The DNS server is not working or there is a wrong value in TCP/IP Properties. NO: Check network cabling and connectivity. 10 Diamond II Troubleshooting Guide

Windows Authentication 1. Verify that the computer is joined to the Domain the Diamond II server is in. 2. Verify that you are logged on to the Windows Domain and not logged on to the local computer. Firewall The simplest way to turn off the Windows Firewall is to disable it in Windows Services. (Do not trust the settings in the Windows Control Panel.) To turn off the firewall: 1. Click Start > Administrator Tools, Services. 2. Search the services list for Windows Firewall/Internet Connection Sharing. 3. Right-click this item, and then click Stop. Other workstation connection problems Data Execution Prevention On some computers Windows Data Execution Prevention can prevent the Diamond II workstation from starting. On these computers, data execution prevention must be disabled. 1. Click Start > All Programs > Accessories. 2. Right-click Command Prompt, and then click "Run as administrator." 3. At the command line enter: Bcdedit.exe/set {current} nx AlwaysOff Remember to press Enter after typing this text. You should get the message: "The operation completed successfully." 4. Close the command prompt and restart the computer. Workstation connects but in 60 seconds is disconnected Verify that the Diamond II server can ping the workstation by name. Check the firewall on the workstation. The server pings the workstation by name, if it fails to get a reply the server drops the workstation. Diamond II Troubleshooting Guide 11

Workstation does not get a logon box or data does not appear on screens If a workstation does not connect, you can delete the files in the following directory: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys Then restart the computer. Photo badging issues I get a black box where the live image should appear Sometimes the video capture card has to be registered on the computer. There are two registration files on the CD that can do this. MSHTA.REG registers the video capture card for composite video. MSHTA_SVIDEO.REG registers the video capture card for composite S-video. The files are on the Diamond II CD in the folder: Video Capture\Winnov. The MSHTA.REG or MSHTA_SVIDEO.REG programs must be run for each user who logs onto Windows. I see the live video but when I click the Click button, nothing happens The computer's display color range must be set to 65535 colors. (Some video display manufacturers call this setting "High Color 16-bit.") I do not see the new badge printer Diamond II is in backward compatibility mode. Remove any old printer drivers to get Diamond II to see the new badge printer. 12 Diamond II Troubleshooting Guide

Problems printing reports from workstations The report screens look funny Make sure a printer driver is installed on the computer. I get the error: message: (DBNMPNTW Connection Open (CreateFile()) Click Start > Run, and then enter the command: Cliconfg Change the default network library from "Name Pipes" to "TCP/IP," or verify that TCP/IP is enabled and at the top of the list of protocols. No sounds on alarms Open the Windows Control Panel and double-click "Sounds and Audio Devices." On the Sounds tab, assign a sound file (for example, ding.wav) to the Windows Default Beep. Other notes Registration Problems To register a service program (.exe) on the server use: program_name - service To register a service program (.exe) on the workstation use: program_name - regserver To register a DLL program use: Regsvr32 file_name Diamond II Troubleshooting Guide 13

Illegal Characters: Characters that give the Diamond II problems are: apostrophe (') comma (,) greater than (>) less than (<) quotes (") Limiting SQL's memory growth 1. Open SQL Server Management Studio. 2. Right-click the computer name, and then click Properties. The SQL Server Properties dialog box appears. 3. On the Memory tab, limit the Maximum Server Memory to 512 less than the physical memory. Windows Security problems If a workstation does not connect, you can delete the files in the following directory: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys Then restart the computer. 14 Diamond II Troubleshooting Guide

Software release history Overview: Diamond II Service Pack 4 contains all the features and enhancements of Diamond II Service Pack 3, plus all the hot fixes for Service Pack 3. Service Pack 4 combined the four separate installation programs (D2ServerInstaller.msi, ServiceInstallater.msi, Workstation.msi and DiamondII_ServicePack_2.3.3.28.msi) into a single installation file. Additional fixes are: Implemented new End User License Agreement. Added support for Windows 7 and Windows Server 2008 R2 Added support for SQL Server 2008 Added support for Internet Explorer 8 Diamond II Service Pack 4 fixes Added retry logic to Diamond II initialization. Diamond II will not initialize unless all databases are available. (Retries every 20 seconds.) Added support Alphacom Intercom. Alarms: Fixed the MSHTA from trapping when playing sound files. Cardholders: Added support for two-digit issue codes. Cardholders: Fixed problem with access authorization by security area date range feature where only the first 8 security areas were working properly. Cardholders: Increased the number of Cardholder Auxiliary Relay Control areas per cardholder from 8 to 32. Cardholders: Password protected security areas of Global Access Groups only worked on the Main database and not the other partitions. Cardholders: Set the default PIN number from "0" to "123456" for employees and visitors. This fixes a problem that allowed cardholders without a keypad number assigned to access readers requiring a PIN. Cardholders: Temporary Card Enrollment reader only worked on Employee and not Visitor cards. Diamond II Troubleshooting Guide 15

Created a single Diamond II installation file for Server, Services, and Workstations. Also added a Browse button to browse for the license file. It used to require a floppy disk for the license file. Fixed a problem if a relay time schedule was deleted it was not actually deleted until you restarted the Diamond II service. Now the system deletes the relay time schedule from memory properly. Fixed API's limit of 16 characters for Access Groups and Security areas. Fixed Apogee Gateway. New gateway.msi required. The new gateway.msi is on the Service Pack 4 CD in the "Additional Installers" folder. Fixed European date format on card expiration dates and access group dates. Fixed memory corruption problem that could prevent guard tours from starting. Fixed photo call-up to now show the complete first and last name. Fixed problem with time schedules where a user could not save a time schedule if only holiday types 5 through 8 were selected. Fixed problem with Topaz readers 4 through 7. These readers could not be modified. Fixed Server ADO errors from appearing in the window's event viewer when a workstation connects. Fixed Stentofon P9600 Intercom. Fixed the ping time-outs messages from appearing in the Windows Event Viewer application log. Increased the number of Time Intervals from 255 to 2048. The maximum number of Time Schedules is still 255. This requires change to license file and all ACU firmware must be 8.14.02 or better. Multiple Server: Fixed a problem where one workstation connects to multiple servers. When you log off from one server and try to connect to another server, the workstation would still connect to the first server not the selected server. Multiple Server: Fixed a problem where savings an access group on one server could cause another server to delete an access group. 16 Diamond II Troubleshooting Guide

Photo Badging: Added support for higher-resolution webcams now common on the market. The photo capture will now store photos up to 640x480 (was 320x240). Cameras with higher resolutions may use "digital zoom" without loss of image quality, provided that the zoomed rectangle is at least 640x480. Tested with Logitech Notebook Pro (a 1920x1440 resolution webcam) at 3x zoom. Photo Badging: Fixed photo badge printing on Vista computers. The Printer button for printer selection was not being displayed. Redundant System: Automatic Card Sequence number was not updating last number used on the alternate server. Redundant System: Fixed Access Trace not starting or stopping on the alternate server. Redundant System: If the same card number was deleted then added after a switch over that card number was deleted from the field panels. Now that card number is re-added to the field panels. Redundant System: Improved redundant system performance by reducing the number of messages created for card deletions, masked alarms and anti-passback status. Redundant System: Monitor Point Verification events were not transmitted to the alternate server. Redundant System: When double mastership is detected the workstations will now disconnect from the alternate server and reconnect to the new master server. Reports: Enhanced recall alarm event report to show two lines of comments instead of just 50 characters. Reports: Fixed problem with recall events where the user could not recall video clips of access events. Reports: Fixed problem with recall where if the device name has a dash "-" in the name the user could not recall device events. Reports: Fixed problem with User Defined Cardholder Report where it might not return a report if the report filter was by date. Reports: Fixed VB script error message on Reports - Setup - Card Types Report. Diamond II Troubleshooting Guide 17

Security Area: Fixed problem with deleting a Security Area. The security area would show relays assigned to the security area that were not really assigned to the area. Security Area: Fixed the Delete Security Area function. When a security area was deleted employees would lose the keypad masking authorizations on areas over 128. Security: Improved DCOM security by adding "Everyone" to DCOM COM Security Access Permission's Edit Default. This allows the DCOM Default Properties to be changed from "None" to "Connect" and the Default Impersonation Level from "Impersonate" to "Identify". If more security is required, "Everyone" can be replaced with "Authenticated User." END 18 Diamond II Troubleshooting Guide

P/N 460985001A ISS 07MAR10 2010 GE Security, Inc. Diamond II Troubleshooting Guide 19

20 Diamond II Troubleshooting Guide