Troubleshooting¶
This section provides tips and tricks for guiding users towards resolution of setup of communication issues.
General information¶
Please consider:
- Remote Services (RS) was designed to deliver network-to-network access to customer-owned apps, that communicate via IP-based protocols (OSI layer 3), but it does not comprise any apps using the provided access. For instance, if Remote Login protocols such as RDP or VNC are going to be used, the required client and server apps are typically provided by the Operating Systems of the Service Device (hosting the Service Endpoint) and a corresponding Device (hosting the Device Endpoint), where RDP is typically delivered with Windows®. In a similar way, the user would provide engineering tools or other apps, that want to integrate across network boundaries.
- The download package of the Service Endpoint contains a Windows® 10 driver (installer file
RSTransparentProxy.msi
). This driver must be installed on Service Devices to use them for remote engineering leveraging ISO protocol over TCP (RFC-1006), which underlies the Proxy-Unaware protocol supported by RS.
Setup issues¶
Please consider:
- Release notes cover RS and inform about recommended or validated hardware and software configurations such as Operating Systems or suggested device characteristics.
- Download of Service Endpoints and Device Endpoints is subject to export control (ECC). Please eensure, that the public IP address of a computer initiating an Endpoint download must match the country of the user operating the download. Using VPNs might have an impact here by relocating a user's IP address to another country. It is possible for an Organization Admin to temporarily modify the user's registered location following this procedure.
- Downloaded Service Endpoints have individual configurations, that bind them to a particular Siemens cloud tenant and users. Thus, they cannot be shared among users. A given user can however use the same Service Endpoint on multiple computers. If the same Service Endpoint shall be used of different computers it is required to Reset Location according to this procedure each time when switching the computers.
- To establish tunnel-based network-to-network connectivity, there must be RS-compliant Endpoints at either end. Please ensure, that Service Endpoints and Device Endpoints are up and running and that your network is configured appropriately enabling them to connect to Siemens cloud as outlined below.
- Linux systems typically require
root
privileges to execute the Endpoints.
Access issues¶
Please consider:
- Remote Services apply Fine-Grained Access Control and enforces a RS-specific role model as outlined in section Remote Services: Overview and Key Concepts. In such setup, users typically may use only certain Organizations or Sites or Products of the RS device tree. See Remote Services: Setup Users and Access for details. If certain functionalities seem to be unusable or not even visible, please check your access rights or have them checked by Organization Admin.
- Please ensure, that an Organization Admin granted your user account with all necessary access rights and roles required to perform a particular operation as per your Siemens cloud tenant's or its owner's policies. This implies, that only those users, who have the required access rights, may perform certain operations such as deleting a particular Device from a particular Site.
- Users having multiple roles, may explicitely switch between them, because only one role will be active at a time to avoid unintended tampering or changes.
- If Service Endpoints are used on a computer connecting to the Internet via VPN, then the geo-location of that PC's public IP address might be different from the registered physical geo-location of the PC and its user. That impacts the behavior of certain functions such as the download of Device Endpoints, because the user's registered physical geo-location and the IP-addresses' geo-location do not match. In such cases either deactivate the VPN or adapt the user's geo-location to the geo-location of the public VPN IP address by means of RS user management as described in this procedure. Public services such as
https://WhatIsMyIP.com
may help with determining the geo-location of a PC's public IP address. - Connectors will be assigned to certain Devices and only users with the the role Remote User can establish connections. However not every Remote User may have access to a given Site or Product. This depends on the grants the Organization Admin has given to that Remote User.
Network issues¶
Please consider:
- Ensure that network and firewall setups do permit tunnel-based connections to MindSpere Remote Services. Further details are given in section Remote Services Network Settings.
- For native Remote Login (not using a browser) and all custom connections using Remote Engineering Option it is necessary to launch the Service Endpoint before issuing any connection requests to Devices via the user interface. Connection Requests also demand targeted Device Endpoints to be up and running.
- When launching a Service Endpoint on Windows® then Powershell should be used instead of the Command Prompt. When using the Command Prompt press "Return" a few times to ensure that the Endpoint starts.
- Engineering protocols: please match the targeted remote web server's protocol (HTTP vs. HTTPS) when using "Web Application".
- Connectors will be assigned to certain Devices and only users with the the role Remote User can establish connections. However not every Remote User may have access to a given Site or Product.
- In case of Service or Device Endpoints not connecting to Siemens cloud starting the respective Endpoint in diagnostic mode via the command
rs-client –-diagnose
(Linux) orremote-client.exe --diagnose
(Windows®). will give first indications on potential network configuration issues. After doing so please restart the client in regular mode - i.e. without the parameter--diagnose
. - For network communication with Remote Services (RS) backend, the Operating System (OS) hosting the RS Endpoint (Service or Device Endpoint) needs to support TLS1.2. Related to that, the Operating System (OS) hosting the RS Endpoint (Service or Device Endpoint) needs to support OpenSSL libraries with version 1.0.1 or later. The reason is, that the RS Endpoint has a dependency on OpenSSL dynamic link libraries (DLLs). OpenSSL is a "robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication.
- For proper symbolic name resolution (Domain Name Service (DNS)), please ensure that network nodes hosting RS Endpoints (Service or Device Endpoint) are configured with appropriate name servers (DNS servers). Please check DNS server settings in Operating System (OS) settings.
Useful links¶
List of references:
Last update: March 18, 2024