Troubleshooting - Developer Documentation
Skip to content

Remote Services: Troubleshooting

This section provides tips and tricks for guiding users towards resolution of setup of communication issues.

General information

Please consider:

  • Remote Services (RS) was designed to deliver network-to-network access to customer-owned apps, that communicate via IP-based protocols (OSI layer 3), but it does not comprise any apps using the provided access. For instance, if Remote Login protocols such as RDP or VNC are going to be used, the required client and server apps are typically provided by the Operating Systems of the Service Device (hosting the Service Endpoint) and a corresponding Device (hosting the Device Endpoint), where RDP is typically delivered with Windows®. In a similar way, the user would provide engineering tools or other apps, that want to integrate across network boundaries.
  • The download package of the Service Endpoint contains a Windows® 10 driver (installer file RSTransparentProxy.msi). This driver must be installed on Service Devices to use them for remote engineering leveraging ISO protocol over TCP (RFC-1006), which underlies the Proxy-Unaware protocol supported by RS.

Setup issues

Please consider:

  • Release notes cover RS and inform about recommended or validated hardware and software configurations such as Operating Systems or suggested device characteristics.
  • Download of Service Endpoints and Device Endpoints is subject to export control (ECC). Please ensure, that the public IP address of a computer initiating an Endpoint download must match the country of the user operating the download - using VPNs might have an impact here by relocating a user's IP address to another country.
  • Downloaded Service Endpoints have individual configurations, that bind them to a particular Siemens cloud tenant and users. Thus, they cannot be shared.
  • To establish tunnel-based network-to-network connectivity, there must be RS-compliant Endpoints at either end. Please ensure, that Service Endpoints and Device Endpoints are up and running and that your network is configured appropriately enabling them to connect to Siemens cloud as outlined below.

Access issues

Please consider:

  • Remote Services apply Fine-Grained Access Control and enforces a RS-specific role model as outlined in section Concepts Used. In such setup, users typically may use only certain sub-organizations or sites of the RS device tree. If certain functionalities seem to be unusable or not even visible, please check your access rights or have them checked by an administrator.
  • Please ensure, that an administrator granted your user account with all necessary access rights and roles required to perform a particular operation as per your Siemens cloud tenant's or its owner's policies. This implies, that only those users, who have the required access rights, may perform certain operations such as deleting a particular Service Asset from a particular Site.
  • Users having multiple roles, may explicitely switch between them, because only one role will be active at a time to avoid unintended tampering or changes.
  • If Service Endpoints are used on a computer connecting to the Internet via VPN, then the geo-location of that PC's public IP address might be different from the registered physical geo-location of the PC and its user. That impacts the behavior of certain functions such as the download of Device Endpoints, because the user's registered physical geo-location and the IP-addresses' geo-location do not match. In such cases either deactivate the VPN or adapt the user's geo-location to the geo-location of the public VPN IP address by means of RS user management. Public services such as https://WhatIsMyIP.com may help with determining the geo-location of a PC's public IP address.

Network issues

Please consider:

  • Ensure that network and firewall setups do permit tunnel-based connections to MindSpere Remote Services. Further details are given in section Appendix for Experts.
  • For native Remote Login (not using a browser) and all custom connections using Remote Engineering Option it is necessary to launch the Service Endpoint before issuing any connection requests to Service Assets via the user interface. Connection Requests also demand targeted Device Endpoints to be up and running.
  • When launching a Service Endpoint on Windows® then Powershell should be used instead of the Command Prompt. When using the Command Prompt press "Return" a few times to ensure that the Endpoint starts.
  • Engineering protocols: please match the targeted remote web server's protocol (HTTP vs. HTTPS) when using "Web Application".
  • Protocol Applications maybe bound to certain devices and users. Setup of Protocol Applications must match required grants, which are needed to access Devices at a particular site. For instance, a Protocol Appliation might have been configured for site Istanbul, but you try to use it for site Munich as well.
  • In case of Service or Device Endpoints not connecting to Siemens cloud starting the respective Endpoint in diagnostic mode via RS-client –-diagnose will give first indications on potential network configuration issues. After doing so please restart the client in regular mode.
  • For network communication with Remote Services (RS) backend, the Operating System (OS) hosting the RS Endpoint (Service or Device Endpoint) needs to support TLS1.2. Related to that, the Operating System (OS) hosting the RS Endpoint (Service or Device Endpoint) needs to support OpenSSL libraries with version 1.0.1 or later. The reason is, that the RS Endpoint has a dependency on OpenSSL dynamic link libraries (DLLs). OpenSSL is a "robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication." (https://www.openssl.org/)
  • For proper symbolic name resolution (Domain Name Service (DNS)), please ensure that network nodes hosting RS Endpoints (Service or Device Endpoint) are configured with appropriate name servers (DNS servers). Please check DNS server settings in Operating System (OS) settings.

List of references:

Last update: June 15, 2023