Newb question

[abdel]

Hi everyone, 

My name is abdel I am working for the highway 30 in québec, canada. 

I am trying to setup an IRIS server to test the solution and maybe proceed to deploy it in production. 

I followed the istallation procedure on https://mnit-rtmc.github.io/iris/installation.html. I can connect to the iris http page, I launch the client and when I put the username and password this happens 

I see that the IRIS service is active as well as the httpd service 

Can you help me please?

[Tim Johnson]

Make sure that your client and server can communicate on TCP port 1037. Consider any firewalls in between or even the local firewall on the server.

--
You received this message because you are subscribed to the Google Groups "IRIS ATMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to irisits+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/b1a523bf-7a42-407c-87e4-1ece3345461fn%40googlegroups.com.

[abdel]

Hi Tim, 

Sorry for the delay, i disabled the firewall on my laptop (client) (192.168.229.7) and verified that the port 1035 was open and allowed on the server's firewall. 

here is a screenshot of the trace when i click on login. 

also here is a result from a port scanner i used from the client to he server. 

thank you 

[abdel]

forgot to mention that I still have the same problem

[Tim Johnson]

It looks like you were focused on port 1035. It should be 1037, not 1035.

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/8075bc74-534c-4aa1-9cc2-603d875375bfn%40googlegroups.com.

[abdel]

oups my bad 

I opened 1037 and still same error 

on wireshark i see esentially the same kind of talke with pourt 1037 that  I saw with 1035 

Could I have done something wrong when I installed the service IRIS?

thank you

[Lau, Douglas (MNIT)]

There are troubleshooting tips at https://mnit-rtmc.github.io/iris/troubleshooting.html

Have you checked /var/log/iris/iris.stderr?  Also, the sonar trace log might be helpful.

If that doesn't turn up any clues, try enabling the Java console on your client computer.  There might be another error happening before the timeout.

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel <khaa...@gmail.com>
Sent: Sunday, March 28, 2021 12:58 PM
To: IRIS ATMS <iri...@googlegroups.com>
Subject: Re: Newb question

 

This message may be from an external email source. Do not select links or open attachments unless verified. Report all suspicious emails to Minnesota IT Services Security Operations Center.

---

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/b16fe306-673f-4da4-bea6-c4e817b11f8cn%40googlegroups.com.

[abdel elkettani]

Hi Tim, 

Thanks for the tip. 

here is what I see 

java console 

in the iris.stderr

and in iris status from server terminal 

but I don't see the sonar log update nor the device log is it normal?

thank you for your support

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/SA1PR09MB8831EB1AA01A72B5E60EC75FC77E9%40SA1PR09MB8831.namprd09.prod.outlook.com.

[Lau, Douglas (MNIT)]

Hi Abdel,

Just to be sure, did you create the /var/log/iris/sonar file (with touch)?  Also, make sure it is writable by the tms user.  This can be done with:

chown tms.tms /var/log/iris/sonar

If nothing shows up in that file after that, then it's almost definitely a network problem, like Tim suggested.  Can you run Wireshark on the server to see if the login packets are showing up?

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel elkettani <khaa...@gmail.com>
Sent: Monday, March 29, 2021 10:59 AM
To: iri...@googlegroups.com <iri...@googlegroups.com>
Subject: Re: Newb question

 

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/CA%2By689P%3DCZzaDW3JSQFJ%2BdbciHF9eJa%2B%2B-yNVJJDaH-OQ%2BPKCQ%40mail.gmail.com.

[abdel elkettani]

Hi Doug, 

thank you after the chown command I see that the sonar log is updated  I see this error : 2021-03-29 17:29:25 SSL error no cipher suites in common on 192.168.229.3:65068, Unauthenticated

I dont't really know what it means. 

thank you for your help

You received this message because you are subscribed to a topic in the Google Groups "IRIS ATMS" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/irisits/CQnS2ekdTAk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to irisits+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/SA1PR09MB8831D349D73C25305231BA6DC77E9%40SA1PR09MB8831.namprd09.prod.outlook.com.

[Lau, Douglas (MNIT)]

Now we're getting somewhere!

This error indicates that the client and server cannot agree on an encryption cipher to use for communication.  Some older ciphers have been found to be relatively weak, so have been disabled in newer Java versions.

What Java versions are you using on the client and server?

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel elkettani <khaa...@gmail.com>

Sent: Monday, March 29, 2021 5:36 PM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/CA%2By689PGGopSuYDNJx%3Dsq_8ZsfZ4yqh05drVHytO_8Byv5w7kg%40mail.gmail.com.

[abdel]

Hi Doug, 

My client java version is 8 update 281 (build 1.8.0_281-b09)

My server java version is OpenJDK version 11.0.10 , OpenJDK runtime environment 18.9 (build 11.0.10+9) , OpenJDK 64-bit Server VM 18.9 (build 11.0.10+9, mixed mode, sharing)

-A

[Lau, Douglas (MNIT)]

I wrote a simple program to list supported Java cipher suites.  It is at http://iris.dot.state.mn.us/rpms/ciphers.jar

Could you download it and run on each of the computers?  Just use `java -jar ciphers.jar` at a command prompt.  Please reply with the output from each.

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel <khaa...@gmail.com>

Sent: Tuesday, March 30, 2021 9:49 AM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/9e3d6858-f82c-4f7e-b704-983473dc07f9n%40googlegroups.com.

[abdel]

Hi Doug, 

on client this is what I see : 

Enabled Protocols:

  TLSv1.3

  TLSv1.2

  TLSv1.1

  TLSv1

  SSLv2Hello

Disabled Protocols:

  SSLv3

Enabled Cipher Suites:

  TLS_AES_128_GCM_SHA256

  TLS_AES_256_GCM_SHA384

  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  TLS_RSA_WITH_AES_256_GCM_SHA384

  TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384

  TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384

  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  TLS_RSA_WITH_AES_128_GCM_SHA256

  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256

  TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256

  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

  TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  TLS_RSA_WITH_AES_256_CBC_SHA256

  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

  TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  TLS_RSA_WITH_AES_256_CBC_SHA

  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

  TLS_DHE_RSA_WITH_AES_256_CBC_SHA

  TLS_DHE_DSS_WITH_AES_256_CBC_SHA

  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  TLS_RSA_WITH_AES_128_CBC_SHA256

  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  TLS_RSA_WITH_AES_128_CBC_SHA

  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

  TLS_DHE_RSA_WITH_AES_128_CBC_SHA

  TLS_DHE_DSS_WITH_AES_128_CBC_SHA

  TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Disabled Cipher Suites:

on server : 

Enabled Protocols:

  TLSv1.3

  TLSv1.2

  TLSv1.1

  SSLv3

  SSLv2Hello

Disabled Protocols:

  TLSv1

Enabled Cipher Suites:

  TLS_AES_128_GCM_SHA256

  TLS_AES_256_GCM_SHA384

  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  TLS_RSA_WITH_AES_256_GCM_SHA384

  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  TLS_RSA_WITH_AES_128_GCM_SHA256

  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  TLS_RSA_WITH_AES_256_CBC_SHA256

  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  TLS_RSA_WITH_AES_256_CBC_SHA

  TLS_DHE_RSA_WITH_AES_256_CBC_SHA

  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  TLS_RSA_WITH_AES_128_CBC_SHA256

  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  TLS_RSA_WITH_AES_128_CBC_SHA

  TLS_DHE_RSA_WITH_AES_128_CBC_SHA

  TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Disabled Cipher Suites:

  TLS_RSA_WITH_NULL_SHA256

  TLS_ECDHE_ECDSA_WITH_NULL_SHA

  TLS_ECDHE_RSA_WITH_NULL_SHA

  SSL_RSA_WITH_NULL_SHA

I still have the same Issue, I rebooted both server and client and still same error in logs 

-A

[Lau, Douglas (MNIT)]

My best guess is that you have more than one java environment on your server, and a different one is being invoked when you start the service.  It's funny because I've seen this exact problem recently, and fixed it somehow, without noting the steps I took.  Now, I can't make it happen again.

Can you post the results of the following command?

alternatives --list | grep 'java\|jre'

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel <khaa...@gmail.com>

Sent: Tuesday, March 30, 2021 2:32 PM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/bfdf0ac8-612b-44d2-a048-5320a3e916c8n%40googlegroups.com.

[abdel]

this is the result: 

java                    auto    /usr/lib/jvm/java-11-openjdk-11.0.10.0.9-0.fc33.x86_64/bin/java

jre_openjdk             auto    /usr/lib/jvm/java-11-openjdk-11.0.10.0.9-0.fc33.x86_64

jre_16                  auto    /usr/lib/jvm/java-16-openjdk-16.0.0.0.36-1.rolling.fc33.x86_64

jre_16_openjdk          auto    /usr/lib/jvm/jre-16-openjdk-16.0.0.0.36-1.rolling.fc33.x86_64

jre_11                  auto    /usr/lib/jvm/java-11-openjdk-11.0.10.0.9-0.fc33.x86_64

jre_11_openjdk          auto    /usr/lib/jvm/jre-11-openjdk-11.0.10.0.9-0.fc33.x86_64

I think I have the same problem  which one do I need to uninstall?

thank you

-A

[Lau, Douglas (MNIT)]

I don’t think you need to uninistall anything – that looks fine.

 

I have uploaded a new RPM file at http://iris.dot.state.mn.us/rpms/iris-5.21.3-1.noarch.rpm

 

Hopefully, this will fix the problem.  If not, there is also a debug trace file called /var/log/iris/sonar_tls that might help with debugging the problem.

in the iris.stderr

and in iris status from server terminal 

also here is a result from a port scanner i used from the client to he server. 

thank you 

Le samedi 27 mars 2021 à 17:21:50 UTC-4, tim...@gmail.com a écrit :

Make sure that your client and server can communicate on TCP port 1037. Consider any firewalls in between or even the local firewall on the server.

 

On Sat, Mar 27, 2021, 4:03 PM abdel <khaa...@gmail.com> wrote:

Hi everyone, 

 

My name is abdel I am working for the highway 30 in québec, canada. 

I am trying to setup an IRIS server to test the solution and maybe proceed to deploy it in production. 

I followed the istallation procedure on https://mnit-rtmc.github.io/iris/installation.html. I can connect to the iris http page, I launch the client and when I put the username and password this happens 

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/c2c14482-e09c-45dd-8faf-3b438d2e10e9n%40googlegroups.com.

[abdel]

Hi Doug, 

Thanks for the help, I still have an error with the new version,  here is what I see in the sonar_tls log : 

2021-03-30 20:16:26 protocol enabled: TLSv1.3

2021-03-30 20:16:26 protocol enabled: TLSv1.2

2021-03-30 20:16:26 protocol disabled: TLSv1.1

2021-03-30 20:16:26 protocol disabled: TLSv1

2021-03-30 20:16:26 protocol disabled: SSLv3

2021-03-30 20:16:26 protocol disabled: SSLv2Hello

2021-03-30 20:16:26 suite disabled: TLS_AES_128_GCM_SHA256

2021-03-30 20:16:26 suite enabled: TLS_AES_256_GCM_SHA384

2021-03-30 20:16:26 suite enabled: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

2021-03-30 20:16:26 suite disabled: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

2021-03-30 20:16:26 suite enabled: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

2021-03-30 20:16:26 suite enabled: TLS_RSA_WITH_AES_256_GCM_SHA384

2021-03-30 20:16:26 suite enabled: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

2021-03-30 20:16:26 suite disabled: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

2021-03-30 20:16:26 suite disabled: TLS_RSA_WITH_AES_128_GCM_SHA256

2021-03-30 20:16:26 suite disabled: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

2021-03-30 20:16:26 suite enabled: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

2021-03-30 20:16:26 suite enabled: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

2021-03-30 20:16:26 suite enabled: TLS_RSA_WITH_AES_256_CBC_SHA256

2021-03-30 20:16:26 suite enabled: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

2021-03-30 20:16:26 suite enabled: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

2021-03-30 20:16:26 suite enabled: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

2021-03-30 20:16:26 suite enabled: TLS_RSA_WITH_AES_256_CBC_SHA

2021-03-30 20:16:26 suite enabled: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

2021-03-30 20:16:26 suite disabled: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

2021-03-30 20:16:26 suite disabled: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

2021-03-30 20:16:26 suite disabled: TLS_RSA_WITH_AES_128_CBC_SHA256

2021-03-30 20:16:26 suite disabled: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

2021-03-30 20:16:26 suite disabled: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

2021-03-30 20:16:26 suite disabled: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

2021-03-30 20:16:26 suite disabled: TLS_RSA_WITH_AES_128_CBC_SHA

2021-03-30 20:16:26 suite disabled: TLS_DHE_RSA_WITH_AES_128_CBC_SHA

2021-03-30 20:16:26 suite disabled: TLS_EMPTY_RENEGOTIATION_INFO_SCSV

2021-03-30 20:16:26 suite disabled: TLS_RSA_WITH_NULL_SHA256

2021-03-30 20:16:26 suite disabled: TLS_ECDHE_ECDSA_WITH_NULL_SHA

2021-03-30 20:16:26 suite disabled: TLS_ECDHE_RSA_WITH_NULL_SHA

2021-03-30 20:16:26 suite disabled: SSL_RSA_WITH_NULL_SHA

2021-03-30 20:16:26 TLS handshake NEED_TASK for 192.168.56.1:57003

2021-03-30 20:16:27 TLS handshake NEED_WRAP for 192.168.56.1:57003

and on the sonar log :

2021-03-30 20:16:27 SSL error No available authentication scheme on 192.168.56.1:57003, Unauthenticated

thank you 

-A

[Lau, Douglas (MNIT)]

Abdel,

 

Something in your keystore is not compatible with TLSv1.3.  This must have to do with the default Java when the iris_ctl command was run at installation.

 

Try this RPM file: http://iris.dot.state.mn.us/rpms/iris-5.21.4-1.noarch.rpm

 

This version will force the server to use TLSv1.2, which should hopefully work.

 

-Doug

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/c28bd790-87aa-40bb-b7ee-19cab397b272n%40googlegroups.com.

[abdel]

Hi Doug,

with version 5.21.4 I see the same error as I saw with version 5.21.1 like I said before the problem can come from me as I'm not experimented with fedora os. 

If possible can we do a Microsoft teams meeting and restart the installation of IRIS from scratch with you supervising us and giving us some tips? we will really apreciate that.

 

Thank you 

-A

[Lau, Douglas (MNIT)]

Can we try one more test first?  Run the following command:

keytool -printcert -file /etc/iris/iris-sonar-public.cert

This should display information about the certificate.  What are the "Signature algorithm name" and "Subject public key algorithm"?

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel <khaa...@gmail.com>

Sent: Wednesday, March 31, 2021 1:46 PM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/784a6cb0-babb-4253-955e-fb70522c1641n%40googlegroups.com.

[abdel elkettani]

Hi Doug 

The signature algorithm name is : SHA256withRSA

The subject public key is Algorithm is 2048-bit RSA key

Thank you for you help

-A

[Lau, Douglas (MNIT)]

Ok, I'm finally able to reproduce the problem.  It's due to a change in reading keystores that was made between Java 8 and later versions.  I'll get back to you with a fix soon.

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel elkettani <khaa...@gmail.com>

Sent: Thursday, April 1, 2021 8:29 AM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/CA%2By689M6TD4N%2BsWw-c4OwBHA%3DGtUFG3JUDCOP6qituQLeUd_vQ%40mail.gmail.com.

[Lau, Douglas (MNIT)]

The default keystore type was changed in Java 9 to PKCS12, but the IRIS code expects the older JKS format.  Here’s a new RPM: http://iris.dot.state.mn.us/rpms/iris-5.21.5-1.noarch.rpm

 

After installing this, run this command (as root):

 

Iris_ctl cert

 

This will create new keystores and certificates in JKS format.  Let me know if this works!

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/SA1PR09MB8831AC417D1DD475BDFBB109C77B9%40SA1PR09MB8831.namprd09.prod.outlook.com.

[abdel]

Hi Doug,

It's working thank you!

-A

[abdel]

Hi Doug, 

Little update, this week-end I made it work and closed the server, today when I tried to login again this happens on my java console 

java.nio.channels.ClosedSelectorException

at sun.nio.ch.SelectorImpl.selectedKeys(Unknown Source)

at us.mn.state.dot.sonar.client.Client.doSelect(Unknown Source)

at us.mn.state.dot.sonar.client.Client.selectLoop(Unknown Source)

at us.mn.state.dot.sonar.client.Client.access$100(Unknown Source)

at us.mn.state.dot.sonar.client.Client$1.run(Unknown Source)

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate signature validation failed

at sun.security.ssl.Alert.createSSLException(Unknown Source)

at sun.security.ssl.TransportContext.fatal(Unknown Source)

at sun.security.ssl.TransportContext.fatal(Unknown Source)

at sun.security.ssl.TransportContext.fatal(Unknown Source)

at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)

at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)

at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)

at sun.security.ssl.SSLHandshake.consume(Unknown Source)

at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)

at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)

at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source)

at us.mn.state.dot.sonar.SSLState.doTask(Unknown Source)

at us.mn.state.dot.sonar.SSLState.doHandshake(Unknown Source)

at us.mn.state.dot.sonar.SSLState.doRead(Unknown Source)

at us.mn.state.dot.sonar.client.ClientConduit.doProcessMessages(Unknown Source)

at us.mn.state.dot.sonar.client.ClientConduit.processMessages(Unknown Source)

at us.mn.state.dot.sonar.client.Client$MessageProcessor.perform(Unknown Source)

at us.mn.state.dot.sched.Job.performTask(Unknown Source)

at us.mn.state.dot.sched.Scheduler.performJob(Unknown Source)

at us.mn.state.dot.sched.Scheduler.performJobs(Unknown Source)

at us.mn.state.dot.sched.Scheduler.access$000(Unknown Source)

at us.mn.state.dot.sched.Scheduler$2.run(Unknown Source)

Caused by: sun.security.validator.ValidatorException: Certificate signature validation failed

at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)

at sun.security.validator.Validator.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

... 20 more

Caused by: java.security.SignatureException: Signature does not match.

at sun.security.x509.X509CertImpl.verify(Unknown Source)

at sun.security.x509.X509CertImpl.verify(Unknown Source)

... 25 more

us.mn.state.dot.sonar.SonarException: Login timed out

at us.mn.state.dot.sonar.client.Client.waitLogin(Unknown Source)

at us.mn.state.dot.sonar.client.Client.login(Unknown Source)

at us.mn.state.dot.tms.client.SonarState.login(Unknown Source)

at us.mn.state.dot.tms.client.IrisClient.createSession(Unknown Source)

at us.mn.state.dot.tms.client.IrisClient.access$300(Unknown Source)

at us.mn.state.dot.tms.client.IrisClient$4.doInBackground(Unknown Source)

at us.mn.state.dot.tms.client.IrisClient$4.doInBackground(Unknown Source)

at javax.swing.SwingWorker$1.call(Unknown Source)

at java.util.concurrent.FutureTask.run(Unknown Source)

at javax.swing.SwingWorker.run(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Warning: MAP_EXTENT_NAME_INITIAL system attribute was not found; using a default value (Home).

Warning: initial map extent Home does not exist

Warning: WINDOW_TITLE system attribute was not found; using a default value (IRIS: ).

did i do something wrong?

thank you .

[Lau, Douglas (MNIT)]

Is it possible you ran `iris_ctl cert` an extra time after starting the server?

Also, does the problem still happen after the server is restarted?

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel <khaa...@gmail.com>

Sent: Monday, April 5, 2021 3:10 PM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/49938ef0-54c5-47d6-a1af-f10ef9b1c5dcn%40googlegroups.com.

[abdel]

Hi doug It's possible that i ran iris_ctl cert  an extra time if it's the case how can i fix it? 

yes the problem is still there when I reboot the server

sorry for the trouble.

[Lau, Douglas (MNIT)]

I think running `iris_ctl update` and then restarting the server should fix it.

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel <khaa...@gmail.com>

Sent: Monday, April 5, 2021 3:16 PM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/9292d4ba-875c-41c1-a6f0-f18a77abb643n%40googlegroups.com.

[abdel]

Hi Doug, 

It worked thank you .

[abdel]

Hi everyone, 

I have another question : I tried successfully to add a vms that I have in my lab for test purposes and i made it work but I can't seem to add a vehicle detection radar. I have actually a Wavetronix Smart sensor 125 connected through an rs485 to IP. I can access to it with smart sensor manager but when I try to connect it with IRIS it just says Time out error. Is there something in the configuration of the radar or the converter that I must have in order to make it work?

thank you in advance and have a good day.

[Lau, Douglas (MNIT)]

I would check the configuration of the serial to IP converter.  Is it listening for TCP or UDP connections?  By default, IRIS will make a TCP connection.

 

Some of these converters have a screen which shows the IP of a remote connection.  Can you check to see that IRIS is connecting?

 

Also, with the Wavetronic 125, I think the default drop address is the last 4 digits of the device serial number.  Does the drop address on the comm link match that address?

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/50b735c4-3969-4a1c-a138-2b1ec3526dean%40googlegroups.com.

[abdel]

hi Doug, 

The converter is listening on TCP port 4002, I can see on the interface if the converter that there is a remote connection I can't see the IP of the client but when I disable the comlink the connection disappear on the converter do I assume that the connection I see is IRIS.

The part that I don't understand is the drop address how do i do find the drop address and how do I put it on the comme link because right now the com link that I use is TCP://(ip address of the converter):(listening port) 

when I do a detector search on the application Smart sensor manager I find it with this information ID : 15/4002 Connection: (ip of the converter)port 4002 

thank you 

[Lau, Douglas (MNIT)]

I'm not familiar with the Smart sensor manager, but maybe the sensor ID is 15?  In IRIS, this should be the drop address of the controller with the detectors assigned to it.

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel <khaa...@gmail.com>

Sent: Monday, June 7, 2021 12:11 PM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/c2e8eecd-440f-4617-811d-08847a21374an%40googlegroups.com.

[abdel elkettani]

Hi Doug,

Yes my error is that the sub ID of my detector was not at 0 so to make it work the sub ID have to be 0 and the ID is the drop that I have to put. Thank you for your support it's working 

My other question now is where the data is stored is it on a database on the server? If yes how can i access it? 

Thank you.

[Lau, Douglas (MNIT)]

The data is stored on the server filesystem at /var/lib/iris/traffic/tms/ (by default).  See https://mnit-rtmc.github.io/iris/vehicle_detection.html#traffic-data-archiving for details.

If you are using v5.22 or later, I would recommend using the SmartSensor 125 vlog protocol.  This will log every vehicle instead of data binned on the polling interval.

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel elkettani <khaa...@gmail.com>

Sent: Monday, June 7, 2021 3:13 PM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/CA%2By689NgjKXYAQLy2Ze67fYc764ks1ZkQ2j8sGoOGhG3iwvmgA%40mail.gmail.com.

[abdel]

Hi Doug, 

Thank you for the quick answer, as I am using the version 5.21.4 and trying to upgrade to the version 5.22.4 i followed the instructions on this page https://mnit-rtmc.github.io/iris/maintenance.html in order to do the update. I couldn't do it because i need the rpm file but the rpm repository http://iris.dot.state.mn.us/rpms/ returns 403 forbidden is there somewhere else where I can download the rpm file for the update??

thank you and have a good day.

[Lau, Douglas (MNIT)]

Sorry, we recently changed that web server configuration.  It should be fixed now, so you should be able to downloading the RPM file.

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/efb33122-6e13-478d-bdf2-6a90362de7f8n%40googlegroups.com.

[abdel]

Hi Doug, 

I did an upgrade to from the version 5.21.4 to 5.22.0 it didn't work after the upgrade so I started from scratch with the version 5.22.0 ( it's not a real issue for my setup as it's for test purpose only) I tried the new protocol for the SS125 vlog and it's showing some promising results. also the mayfly service is working fine too ( I had to do some changes in order to make it work  :  on the nginx iris-cache.conf and nginx.conf) 

I have some more questions if it's not too much trouble : 

I can see that there is a report generator on the IRIS client interface can it generate reports for the detectors? 
Also I can't seem to be able to put a station ID on a node, It doesn't accept anything that I put on it , is it normal?

Thank you and have a good day. 

[Lau, Douglas (MNIT)]

I'm curious -- what changes did you need to make for the nginx configuration?  Is it something we should change in the default setup?

I don't think the report generator will work for detectors, but I'm not sure.  That feature was contributed by someone else and I'm not very familiar with it.

Station IDs must be prefixed with "S" to be valid -- this makes them distinct from detector IDs.  I will look into making that more user-friendly.  Thanks for the feedback!

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel <khaa...@gmail.com>

Sent: Friday, June 11, 2021 1:15 PM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/9a4ddfc9-d363-4c91-a7c0-b88f3f9e316fn%40googlegroups.com.

[abdel]

Hi Doug, 

I had to change  there war two proxy_cache_path /var/cache/nginx/earthwyrm-iris/tms it was generating an error that stopped nginx so I had to change the second to /var/cache/nginx/earthwyrm-iris/mayfly

Thank you for the stations.

Have a nice week-end

[Lau, Douglas (MNIT)]

Ok, that issue has been fixed already.

FYI, there is a mayfly update in the works which will generate simple charts of detector data.  I can't say when it will be ready, though.

-Doug Lau

---

From: iri...@googlegroups.com <iri...@googlegroups.com> on behalf of abdel <khaa...@gmail.com>

Sent: Friday, June 11, 2021 2:10 PM

To view this discussion on the web visit https://groups.google.com/d/msgid/irisits/f733b54d-e33f-4f1b-9d7e-3189cd0b3cfdn%40googlegroups.com.

[abdel]

Hi Doug, 

This is good news for us. thank you!

I could put my test detector on iris to monitor 2 lanes on our toll plaza i can see data on mayfly and understand it, I can see that everything is well connected. I see that the label on my detectors is FUTURE is it something normal? If it's not normal did I do something wrong? here is what I did :

I put a road, and setup some nodes on a corridor, in one node I put detector 1 on lane #1 and detector 2 on lane #2 and i put a station name "S1" to the node.

In comm configs I have cfg_1 with protocol SmartSensor 125 vlog

In comm links I have a comm link called tvs with the URI pointed to my detector and I enabled it

I have a controller "ctl_1" linked with the comm link "tvs" with the good drop and condition "ACTIVE" and I see that the connection is good.

The detector 1 is on pin 1 of the controller and detector 2 is on pin 2.

I see data on mayfly and on the /var/log/iris/ss125 log and in the /var/lib/iris/traffic. 

On det.sample.xml ( i downloaded one on my computer to see what was in it) I see with notepad : 

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE traffic_sample [

<!ELEMENT traffic_sample (sample)*>

<!ATTLIST traffic_sample time_stamp CDATA #REQUIRED>

<!ATTLIST traffic_sample period CDATA #REQUIRED>

<!ELEMENT sample EMPTY>

<!ATTLIST sample sensor CDATA #REQUIRED>

<!ATTLIST sample flow CDATA 'UNKNOWN'>

<!ATTLIST sample speed CDATA 'UNKNOWN'>

<!ATTLIST sample occ CDATA 'UNKNOWN'>

]>

<traffic_sample time_stamp='Fri Jun 18 14:21:59 EDT 2021' period='30'>

<sample sensor='1'/>

<sample sensor='2'/>

</traffic_sample>

with java console I can see that : 

network: Connexion de http://192.168.57.60/iris_xml/det_sample.xml.gz avec proxy=DIRECT

network: Connexion de socket://192.168.57.60:80 avec proxy=DIRECT

thank you and have a good weekend

[abdel]

Hi doug, is there an update on my last question? 

thank you and have a good day.

[oai tiến]

Hi Abdel,

I am trying to install the IRIS server and the IRIS server is active and running. But the client computer  cannot open the path as shown in the manual http://your name server/iris-client. Do you help me?  What web browser do you use to access it? I use iris-5.23.0-1.noarch.rpm and java 8 on the client computer.

Vào lúc 04:03:44 UTC+7 ngày Chủ Nhật, 28 tháng 3, 2021, abdel đã viết:

Hi everyone, 

My name is abdel I am working for the highway 30 in québec, canada. 

I am trying to setup an IRIS server to test the solution and maybe proceed to deploy it in production. 

I followed the istallation procedure on https://mnit-rtmc.github.io/iris/installation.html. I can connect to the iris http page, I launch the client and when I put the username and password this happens 

[abdel]

Hi, 

I am not on the development team I think Doug or Tim can help you more than me. 

but I can try to help you the best I can if it's a problem that I encountered when I installed IRIS on my end

I have two questions for you, when you type the url on your browser do you type the ip address of the server or the name of your server? 
did you setup the firewall on your server?

thank you and have a good day 

[oai tiến]

Hi,

I am very happy to receive your response. I tried both the IP address server and the name server. I stopped the firewall with the command: systemctl stop firewalld.

Thank you and have a good day.

Vào lúc 21:56:15 UTC+7 ngày Thứ Năm, 30 tháng 9, 2021, abdel đã viết:

[Oaitien]

Hi Abdel,

Did you connect the camera to the IRIS? I have an axis camera without PTZ function to connect to IRIS but no video on my IRIS. I have manually installed Gstreamer and checked by URI there is the video from the axis camera. Can you help me with the steps you took?

Thank you and have a good day!

Oaitien,

Vào lúc 21:56:15 UTC+7 ngày Thứ Năm, 30 tháng 9, 2021, abdel đã viết:

Hi,