Testing your Installation
- 24 Mar 2023
- 7 Minutes to read
- Contributors
- DarkLight
- PDF
Testing your Installation
- Updated on 24 Mar 2023
- 7 Minutes to read
- Contributors
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Testing your Installation
HCI ExactAccess Server
To test that the environment is properly configured and is able to receive communications, follow these steps to confirm operation.
- Start the ExactAccess client on the SERVER by double clicking the ExactAccess icon on the desktop.
- If the current user logged into the server session is a member of the XA Admins group, the desktop should appear as the user is logged in. This confirms the server is accepting communications and can recognize the configured domain, database, and user permissions.
- If this test does not pass:
- Confirm that the HCI ExactAccess Server service is started.
- Confirm that the current sessions user is a member of the configured XA Admins group.
- if it is not, either add that user to the group, or log off of the session and log into the server using an XA user account that is a member of the XA Admins group.
- Confirm that the HCI ExactAccess Server service is running under a domain account.
- Confirm the domain account has full READ permissions to the directory service and that no domain policy prevents enumeration access of the XA Admins group.
- Confirm that the Database connection is correct.
- Confirm that the Database is set for NT Integrated authentication.
- Confirm that the Database user is the same user the service is running under, and has full access to the database.
- Perform a netstat -a and confirm that port(s) 15000, and/or 15001 are listening for connections.
- If you have disabled port 15000 to use the advanced authentication only, confirm you have made the necessary registry updates to the server so that the client components use the Indy protocol.
- Confirm that there is no firewall enabled/blocking the configured server listening ports.
HCI auditSERVER Service
- Perform the HCI ExactAccess Server tests above to cause a log-in event to occur.
- Verify that the database received the information by using the SQL Management tool to review rows that have a start date close to the time/date that the log-in was performed and that match the user session.
- If this test does not pass:
- Confirm the HCI Audit Client service is started
- Confirm the HCI auditSERVER Service is started
- Confirm that the HCI auditSERVER service is running under a domain account.
- Confirm that the Database connection is correct.
- Confirm that the Database is set for NT Integrated authentication.
- Confirm that the Database user is the same user the service is running under, and has full access to the database.
- Perform a netstat -a and confirm that port(s) 25000 is listening for connections.
- Confirm that there is no firewall enabled/blocking the configured server listening ports.
HCI ProxCard Server
This test requires that an XA client be configured and a prox card reader be attached to the system.
- From the client device, ensure the client is configured to use the correct server as the prox card server in the server settings.
- Tap a badge - if this is a new installation (empty database), the badge will be un-authenticated (the card has not been associated with a user).
- After the badge tap, XA should be prompting for credentials. Enter an XA users credentials (user name, password, and domain [depending on configuration options]) to associate that user with the badge.
- Open the ProxCard database and verify the new badge record exists.
- If this test does not pass:
- Confirm the HCI ProxCard Server service is started
- Confirm that the HCI ProxCard Server service is running under a domain account.
- Confirm that the Database connection is correct.
- Confirm that the Database is set for NT Integrated authentication.
- Confirm that the Database user is the same user the service is running under, and has full access to the database.
- Perform a netstat -a and confirm that port(s) 30000 is listening for connections.
- Confirm the client device has the correct port configured to communicate with the server
- Confirm that there is no firewall enabled/blocking the configured server listening ports.
- Confirm that there is no firewall enabled/blocking the CLIENT outbound connection.
HCI Remote Authentication Server
This test requires that an XA client be configured for Kiosk Mode, and that Remote Authentication has been configured on the client.
- Start the ExactAccess client on the CLIENT workstation by double clicking the ExactAccess icon on the desktop (If kiosk mode is configured to support lock (Version 4.5.844 and above) - the workstation should already be prompting for log-in.
- Type in the credentials for a user that is a member of the XA Admins group, the desktop should appear as the user is logged in. This confirms the server is accepting communications and can process authentication attempts.
- If this test does not pass:
- Confirm that the HCI ExactAccess Server tests above function to validate the XA Server SSO service installation. - It may be necessary to configure a domain-joined workstation to use local authentication to validate that the XA server if functional for login of an XA user.
- Confirm that the client is configured for remote authentication and that the remote authentication server is accessible from the client (ping the server)
- Confirm that the HCI Remote Authentication Server service is started.
- Confirm that the user entered in to the Kiosk Mode authentication dialog is a user that is a member of the XA Admins group.
- if it is not, either add that user to the group, use an XA user account that is a member of the XA Admins group.
- Confirm that the HCI Remote Authentication service is running under a domain account, and that the account has permissions to impersonate other users for log-on.
- Confirm that the File System permissions are correct and that the user account is authorized to read the HasAccess.txt file.
- Perform a netstat -a and confirm that port 20000 is listening for connections.
- Confirm that there is no firewall enabled/blocking the configured server listening ports.
- Confirm that there is no firewall enabled/blocking the CLIENT outbound connection.
HCI Deploy Service
- From the server, start the Deploy Publisher application.
- The typical install location for this application is: C:\Program Files\HealthCast\ExactAccess\HCIDeploy\redist\hcideploypublisher.exe
- Click the Refresh button to request the locations and packages display be updated.
- Verify that no dialog indicates a connection problem, and that the window displays the DEFAULT and STAGING location icons in the window.
- If this test does not pass:
- Confirm that the HCI Deploy Service is started.
- Confirm that the HCI Deploy Service is running under a domain account
- Confirm that the Database connection is correct.
- Confirm that the Database is set for NT Integrated authentication.
- Confirm that the Database user is the same user the service is running under, and has full access to the database.
- Perform a netstat -a and confirm that port 26000 is listening for connections.
- Confirm that there is no firewall enabled/blocking the configured server listening ports
E-Mail Notification
- Open the server configuration tool on the server
- Select the "Other" button.
- Verify the OpenSSL libraries are installed.
- Select the E-Mail tab.
- Click the button to the right of the Authentication drop down.
- Fill in a valid e-mail address to send a test message to an click the OK button on the prompt.
- The account entered should receive a test e-mail from the server.
- If this test does not pass:
- See OpenSSL requirements
- In order to use the TLS options, the OpenSSL libraries must be installed in the following folder: C:\Program Files (x86)\Common Files\HealthCast\bin required files: libeay32.dll, ssleay32.dll
- These files may be downloaded from the Fulgan host site for OpenSSL. ExactAccess requires only the 32-bit version of the latest OpenSSL libraries. These files are not included in the installation of ExactAccess as they are updated frequently for security.
- As of this writing, the latest version is found in the following file: openssl-1.0.2g-i386-win32.zip
- Verify the HCI System Service is running.
- Verify the e-mail server name is correct.
- Verify the from address is a valid email in the user@domain.com format.
- Verify the user name is correct - for the given from address. It may be necessary to use the domain\username format in a multi-domain environment
- Verify the password for this account is valid, and the account is not locked or disabled.
- Verify the correct authentication method is selected. Most exchange servers are configured for secure communications "Require TLS (SASL)"
- Verify the SMTP port is correct — if Require TLS is chosen, the service will internally switch to using port:587, even if it is not configured in the UI. — if the port is manually set to 587, the service will internally switch to using "Require TLS", even if it is not selected in the UI.
- In the event of an error sending e-mail, more details will appear in the Windows event log.
Was this article helpful?