NIEx9 Commissioning Guidecgproducts.johnsoncontrols.com/MET_PDF/12011922.pdf · Removing user...

NIEx9 Commissioning Guide

LIT-12011922

Release 9.0.7

MS-NIE29xx-x, MS-NIE39xx-x, MS-NIE49xx-x, MS-NIE59xx-x

Building Technologies & Solutionswww.johnsoncontrols.com2019-03-08

ContentsContentsDocument introduction................................................................................................................... 7

Summary of changes.......................................................................................................................7

Related documentation................................................................................................................... 7

NIEx9 commissioning overview..................................................................................................... 9

NIEx9....................................................................................................................................................... 9

NIE29 models............................................................................................................................ 10

NIE39 models............................................................................................................................ 10

NIE49 models............................................................................................................................ 10

NIE59 models............................................................................................................................ 10

Warning banner...................................................................................................................................11

Release 9.0.7..............................................................................................................................11

Release 10.0...............................................................................................................................11

Metasys network sites......................................................................................................................... 11

NIEx9 commissioning......................................................................................................................... 13

NIEx9 configuration............................................................................................................................ 14

SMP user interface.............................................................................................................................. 15

Metasys UI.............................................................................................................................................17

Metasys Help files.................................................................................................................................18

Browser options for downloading the Launcher............................................................................ 18

SCT.........................................................................................................................................................18

SCT Pro....................................................................................................................................... 19

CCT.........................................................................................................................................................19

Archive databases............................................................................................................................... 19

NIEx9 disk image updates and archive database upgrades..........................................................20

Site Director..........................................................................................................................................20

NIEx9 computer name........................................................................................................................21

NIEx9 object name.............................................................................................................................. 21

Basic Access operating mode............................................................................................................ 21

Log on user names and passwords.................................................................................................. 21

NIEx9 connectivity...............................................................................................................................22

Alarms and events...............................................................................................................................23

Email notification.................................................................................................................................24

Syslog DDA........................................................................................................................................... 24

Simple Network Management Protocol (SNMP) notification.........................................................27

RADIUS overview................................................................................................................................. 28

Initial default NIEx9 configuration....................................................................................................29

Allow HTTP........................................................................................................................................... 30

Site Security Level................................................................................................................................31

Advanced Security Enabled for Release 10.0...................................................................................32

System and user preferences............................................................................................................ 32

Reset device command.......................................................................................................................32

Detailed procedures...................................................................................................................... 33

Installing Launcher to access the NIEx9.......................................................................................... 33

Full Launcher installer..............................................................................................................36

Single site connection.............................................................................................................. 37

Upgrading an NIEx9............................................................................................................................38

Preparing an NIEx9 for a network that supports DHCP and DNS................................................ 39

Preparing an NIEx9 for a network without DHCP and without DNS support whenthe NIEx9 uses APIPA............................................................................................................... 42

Preparing NIEx9 for a network without DHCP and without DNS Support when theNIEx9 uses a static IP address................................................................................................ 43

Preparing NIEx9 for a network that supports DHCP but not DNS................................................44

Preparing NIEx9 for a network that supports DNS but not DHCP................................................45

Accessing the SMP UI on an NIEx9................................................................................................... 45

Establishing basic NIEx9 parameters in the Focus tab...................................................................45

Establishing the NIEx9 network parameters................................................................................... 46

Creating email alarm and event notifications and destinations................................................... 47

Configuring encrypted email............................................................................................................. 51

NIEx9 Commissioning Guideii

Configuring encrypted email with no authentication required..........................................52

Configuring encrypted email with SMTP authentication.....................................................53

Configuring encrypted email with POP-before-SMTP authentication............................... 53

Creating NIEx9 SNMP alarm notifications and destinations......................................................... 54

Enabling Syslog reporting.................................................................................................................. 57

Configuring a RADIUS server.............................................................................................................58

Adding RADIUS users..........................................................................................................................60

Setting the time, date, time zone, and time synchronization........................................................60

Setting up the NIEx9 alarm parameters...........................................................................................61

Editing the existing alarm parameters.................................................................................. 61

Creating a new alarm............................................................................................................... 62

Designating an NIEx9 as a child of a Site Director..........................................................................62

Changing the Site Director with the SCT............................................................................... 65

Removing user accounts from a demoted Site Director................................................................ 65

Moving security database and clearing it from demoted Site Director priorto Release 6.0............................................................................................................................ 65

Moving the security database and clearing it from demoted Site Director...................... 65

Enabling and disabling the warning banner at Release 9.0.7....................................................... 66

Enabling and disabling the warning banner at Release 10.0........................................................ 66

Replacing an NIEx9............................................................................................................................. 67

Troubleshooting............................................................................................................................. 67

Common NIEx9 problems.................................................................................................................. 68

Corrupted NIEx9 memory........................................................................................................68

Log on problems.......................................................................................................................69

RADIUS errors........................................................................................................................... 69

Network connection related problems.................................................................................. 70

NIEx9 reset related problems................................................................................................. 70

Troubleshooting guide.............................................................................................................70

NIEx9 diagnostic tools........................................................................................................................ 73

iiiNIEx9 Commissioning Guide

NIE29 LED startup sequence...................................................................................................74

NIEx9 LED status indicators.....................................................................................................74

NIE39/NIE49 LED startup sequence....................................................................................... 79

NIE59 LED startup sequence...................................................................................................79

Diagnostic tab........................................................................................................................... 80

Summary tab............................................................................................................................. 81

Troubleshooting Procedures..............................................................................................................82

Verifying Ethernet network communications (Ping)............................................................ 82

Pre-boot execution environment (PXE).................................................................................. 82

Determining the NIEx9 IP address and device name for a network connection............. 83

Determining the NIEx9 IP address by using the NCT.......................................................... 83

Determining the NIEx9 IP address and device name by using a serial port monitor......83

Setting a computer to be compatible with APIPA...........................................................................84

Technical specifications................................................................................................................. 84

Appendix: Time Zone, Date, and Time Management................................................................89

Time zone, date, and time management introduction.................................................................. 89

Overview of time synchronization.....................................................................................................89

ADS/ADX/ODS Site Director with network engines.............................................................. 90

Time synchronization methods......................................................................................................... 90

Windows time synchronization...............................................................................................91

Multicast time synchronization...............................................................................................91

BACnet time synchronization.................................................................................................. 91

Example network.................................................................................................................................91

Multiple time zones.............................................................................................................................92

Site time server....................................................................................................................................93

Time in device object and user interface status bar.......................................................................93

Steps for successful time management........................................................................................... 94

Verifying the Site Director defined for an engine/server.................................................... 94

Setting the time synchronization method.............................................................................95

NIEx9 Commissioning Guideiv

Network engine as Site Director.............................................................................................96

ADS/ADX/ODS as Site Director................................................................................................ 99

Configuring additional multicast time synchronization settings..................................... 101

Appendix: Certificate Management...........................................................................................103

Certificate Management...................................................................................................................103

Certificate Signing Request (CSR)....................................................................................................105

Import certificate...............................................................................................................................106

Export certificate............................................................................................................................... 106

Certificate list view............................................................................................................................ 106

Certificate tree view.......................................................................................................................... 107

Download certificate.........................................................................................................................109

Detailed procedures..........................................................................................................................109

Requesting a certificate......................................................................................................... 109

Importing a certificate........................................................................................................... 111

Exporting a certificate............................................................................................................ 113

Downloading a certificate......................................................................................................114

Uploading a certificate...........................................................................................................115

Deleting a certificate.............................................................................................................. 117

Deleting a certificate request................................................................................................118

Replacing a self-signed certificate........................................................................................118

Backing up a certificate..........................................................................................................119

Appendix: Configuring and Maintaining Preferences.............................................................119

Configuring and maintaining preferences introduction.............................................................. 119

Preferences concepts........................................................................................................................119

System and user preferences................................................................................................119

Managing preferences........................................................................................................... 122

Detailed Procedures..........................................................................................................................123

Configuring preferences........................................................................................................123

Restoring default system preferences.................................................................................123

vNIEx9 Commissioning Guide

Copying preferences between devices................................................................................ 123

Restoring default user preferences......................................................................................124

Removing user preference files............................................................................................124

Copying user preferences to another user......................................................................... 124

Preserving preferences for a network engine update.......................................................125

NIEx9 Commissioning Guidevi

Document introductionThis document describes how to complete the following tasks:

• Commission a Network Integration Engine (NIE)x9 for network connectivity in several networkscenarios.

• Upgrade an existing NIE29, NIE39, and NIE49 at Release 9.0.7.

• Upgrade an existing NIE59 at Release 10.0.

• Access the Metasys® system Site Management Portal (SMP) UI on an NIEx9.

• Configure the basic NIEx9 parameters for initial operation on the network.

• Troubleshoot an NIEx9.

• Configure the NIEx9 DDA for sending alarm and event messages through email and SimpleNetwork Management Protocol (SNMP).

• Configure a Syslog DDA for sending events and audits to an external Syslog server.

This document does not describe how to mount, wire, or power on an NIEx9. In addition, thisdocument does not describe how to build or download an archive database for a Metasys systemsite, or how to configure an NIEx9 to monitor and control a Building Automation System (BAS).

Note: In this document, NIEx9 refers to all NIE29, NIE39, NIE49, and NIE59 models, unlessnoted otherwise.

Note: The existing NIE29, NIE39, and NIE49 network engines, referred to as small-capacityengines, can have integrations added at Release 9.0.7 as the highest release. An existing NIE59network engine, referred to as large-capacity engines, can have integrations added at Release10.0.

Important: Small-capacity engines (NIE29x/NIE3920/NIE4920) do not support LonWorks atRelease 9.0.7.

Important: The C•CURE-victor third party integration is not supported on small-capacityengines at Release 9.0.7.

Summary of changesThe following information is new or revised:

• Screen examples from Launcher are updated throughout the document.

• Removed modem and pager support from NIEx9s, as they are no longer supported at Release9.0.7.

• Removed LonWorks support for small-capacity engines as it is no longer supported at Release9.0.7.

Related documentationTable 1: NIEx9 related documentation

For information about See documentThe overview of the Metasys system network featuresand functions

Metasys® System Configuration Guide(LIT-12011832)

7NIEx9 Commissioning Guide

Table 1: NIEx9 related documentation

For information about See documentDefinition of terms, concepts, and acronyms commonlyused to describe the Metasys system

Metasys System Extended ArchitectureGlossary Technical Bulletin (LIT-1201612)

The general network and information technologydefinitions and concepts, and creating a printer DDA foran NIEx9

Network and IT Guidance Technical Bulletin(LIT-12011279)

Metasys® SMP Help (LIT-1201793)The daily operation of the Metasys system network,navigating the SMP UI or System Configuration Tool(SCT) UI, monitoring and controlling BAS networks, andconnecting to cloud-based applications

Metasys® SCT Help (LIT-12011964)

Installation considerations and guidelines, mounting,wiring, and starting up an NIE39 or NIE49

NIE39/49 Installation Instructions (Part No.24-10050-103)

Installation considerations and guidelines, mounting,wiring, and starting up an NIE59

NIE59 Installation Instructions (Part No.24-10143-608)

Installation considerations and guidelines, mounting,wiring, and starting up an NIE29

NIE29 Installation Instructions (Part No.24-10143-594)

Commissioning an NIEx9 for the Modbus protocol NIEx9 Commissioning for Modbus®VendorIntegration ApplicationNote(LIT-12011928)

Commissioning an NIEx9 for the M-Bus protocol NIEx9 Commissioning for M-Bus VendorIntegration ApplicationNote(LIT-12011927)

Commissioning an NIEx9 for the KNX protocol NIEx9 Commissioning for KNX VendorIntegration Application Note(LIT-12011926)

Additional information if you add the C•CURE-victorthird party integration

NAE Commissioning for C•CURE-victorintegration (LIT-12013151)

Updating the NAE/NIE disk image to new softwarerelease versions

NAE/NIE Update Tool Help (LIT-12011524)

Installing the ADS and ADX software Metasys Server Installation and UpgradeInstructions Wizard (LIT-12012162)

Installing the ADS-Lite software Metasys Server Lite Installationand Upgrade Instructions Wizard(LIT-12012258)

Installing the ODS software ODS Installation and Upgrade InstructionsWizard (LIT-12011945)

Installing the SCT software SCT Installation and Upgrade InstructionsWizard (LIT-12012067)

Creating, editing, and loading archive databases withthe SCT


Managing trusted certificates created for networkengines


Integrating N2 devices into the Metasys system network N2 Integration with the NAE TechnicalBulletin (LIT-1201683)

How to install the Controller Configuration Tool (CCT)software

CCT Installation Instructions (LIT-12011529)

NIEx9 Commissioning Guide8

Table 1: NIEx9 related documentation

For information about See documentUsing the CCT Controller Tool Help (LIT-12011147)How to set up a local or remote MS/TP communicationsBus

MS/TP Communications Bus TechnicalBulletin (LIT-12011034)

Security issues, including adding users and roles tothe system and configuring standard and basic accessmodes

Security Administrator System TechnicalBulletin (LIT-1201528)

Installing the Launcher application Launcher Installation Instructions(LIT-12011783)

Using the Launcher Launcher Tool Help (LIT-12011742)Commissioning an NAE/NIE for the Modbus protocol atRelease 9.0.7 or Release 10.0

NAE/NIE Commissioning for ModbusVendor Integration Application Note(LIT-12013150)

Commissioning an NAE/NIE for the M-Bus protocol atRelease 9.0.7 or Release 10.0

NAE/NIE Commissioning for M-busVendor Integration Application Note(LIT-12013149)

Commissioning an NAE/NIE for the KNX protocol atRelease 9.0.7 or Release 10.0

NAE/NIE Commissioning for KNXVendor Integration Application Note(LIT-12013148)

Using SCT Pro to upgrade or migrate an NIEx9 SCT Pro Help (LIT-12013035)Pairing an NIEx9 with a Site Director Metasys SCT Help (LIT-12011964)

NIEx9 commissioning overviewNIEx9NIEx9s are web-enabled, Ethernet-based, supervisory controllers that connect BAS networks to IPnetworks and the web, and allow you to monitor and control BAS field devices from a computerusing the Launcher application. You use the Launcher application to log on to the NIEx9. If yourmachine does not have Launcher already installed, an install prompt appears when you attemptto log on when you use a web browser. Refer to Launcher Installation Instructions (LIT-12011783) formore information.The NIEx9 Series of supervisory controllers is a scalable line of appliance computers with varyingnetwork, trunk, and field device capacities to meet the requirements of different applications.All NIEx9s provide scheduling, alarm and event management, trending, energy management, dataexchange, and password protection. NIEx9s are factory-loaded with a supported Linux® operatingsystem and the current release of the Metasys system software. You can select the following threevendor integrations types during commissioning: Modbus, M-Bus, and KNX. Each NIEx9 can runtwo integrations. To commission each protocol, refer to the appropriate document:

• KNX - NAE/NIE Commissioning for KNX Vendor Integration Application Note (LIT-12013148).

• M-Bus - NAE/NIE Commissioning for M-bus Vendor Integration Application Note (LIT-12013149).

• Modbus - NAE/NIE Commissioning for Modbus Vendor Integration Application Note (LIT-12013150).

Important: Any engine upgraded to Release 9.0.7 or Release 10.0 needs the Metasys Server at10.0.


NIE29 modelsThe NIE29 models upgraded with Release 9.0.7:

• Supports one field bus into a Metasys system network, specifically:

- NIE296x-x: one BACnet® MS/TP trunk with up to 32 MS/TP controllers.

- NIE291x-x: one N2 Bus with up to 32 N2 controllers.

• Support up to two vendor integrations, that include Modbus, M-Bus, or KNX.

• Monitor and control up to 100 BACnet IP field devices over Ethernet at the supervisory level.

• Provide an integral MS/TP Field Equipment Controller with 33 Input/Output (I/O) points.

• Cannot serve as a Site Director, except in stand-alone applications.


• Supports one RS485 field bus into a Metasys system network. The NIE391x models integrate oneN2 Bus or one BACnet MS/TP trunk with up to 50 field controllers.



• Serve as a Site Director supervising a maximum of two additional network engines, which can beNIE29 or NIE39 model engines only.

The NIE39 models provide the Basic Access operating mode as the primary UI. See Basic Accessoperating mode for more information.


• Support one RS485 field bus into a Metasys system network. The NIE491x models integrate oneN2 Bus or one BACnet MS/TP trunk with up to 100 field controllers.



• Serve as a Site Director supervising a maximum of two additional network engines, which can beNIE29, NIE39, or NIE49 model engines only.

NIE59 modelsThe NIE59 models upgraded with Release 10.0:

• Support up to two RS485 field buses into a Metasys system. The NIE596x model integrates two N2Buses, two BACnet MS/TP trunks, or one N2 Bus and one BACnet MS/TP trunk. Each bus or trunkmay contain up to 100 field controllers. The NIE592x model integrates a LonWorks network trunkwith up to 255 LonWorks devices.

• Supports up to two vendor integrations, that include Modbus, M-Bus, and KNX.

• Supervise BACnet/IP field controllers from Johnson Controls, such as the FAC4911 AdvancedApplication Field Equipment Controller and the VMA1930 Variable Air Volume Modular Assembly.


• Serve as a Site Director supervising a maximum of four other network engines, which can beNIE29, NIE39, NIE49, or NIE59 network engines.

Warning bannerRelease 9.0.7An NIE29/NIE39/NIE49 configured as a Site Director or a child reporting to a Site Director thatsupports the warning banner can have the U.S. Department of Defense (DoD) warning banner atRelease 9.0.7. The warning banner is a statement that always appears when operators log on to theSMP of the engine.

Release 10.0An NIE59 configured as a Site Director or a child reporting to a Site Director that supports thewarning banner can have one of three warning banners at Release 10.0. The warning banner is astatement that always appears when operators log on to the SMP of the engine.You have the choice of three different warning banners with customized information for each of thefollowing agencies: U.S. Department of Defense (DoD), U.S. General Services Administration (GSA),or U.S. Department of Transportation (DOT) Federal Aviation Administration (FAA). The defaultselection is None. The reader must read and accept the conditions in the warning banner beforelogging on. The banner cannot be customized or have its text changed. For steps on how to enableor disable this banner, see Enabling and disabling the warning banner at Release 10.0.

Metasys network sitesA small Metasys network site comprises of a single NIEx9 or multiple NIEx9s with one of the NIEx9sdesignated as the Site Director. See the following figure for details. See Site Director for additionalinformation on Site Director hierarchy and the number of network engines a Site Director cansupervise.


Figure 1: Metasys network with NIE59 as Site Director for multiple NIEx9s

Larger Metasys network sites can comprise of multiple NIEx9s and one or more Application andData Server (ADS) or Extended Application and Data Server (ADX) with access to multiple remotesites. On any site with one or more ADSs/ADXs, the Site Director is the ADS/ADX. Figure 2 shows anexample of a simple Metasys network with multiple NIEx9s and an ADS as the Site Director.


Figure 2: Metasys network with ADS as Site Director for multiple NIEx9s

NIEx9 commissioningEach Metasys network installation, commissioning, and configuration scenario is unique. In somescenarios, the NIEx9s on a Metasys network can be commissioned and configured before they areinstalled and connected to the network; in other scenarios, the NIEx9s are mounted and wired tothe network before they are commissioned and configured.

Note: NIEx9 installation includes locating, mounting, wiring, and powering on an NIEx9. SeeRelated documentation for references to NIEx9 installation instructions for various NIEx9models.

The commissioning tasks, the task order, and the required attribute values at commissioningfor an NIEx9 are determined by the specific Metasys network installation, commissioning, andconfiguration scenario for the site. The NIEx9 commissioning procedures presented in thisdocument are the procedures required for most scenarios regardless of when commissioningoccurs.The first task in commissioning an NIEx9 is to establish a connection with the NIEx9 through theLauncher. If your machine does not have Launcher already installed, an install prompt appearswhen you attempt to log on using the web browser. For details, refer to Launcher Tool Help(LIT-12011742) and Launcher Installation Instructions (LIT-12011783).After a connection is established, you can access the SMP on the NIEx9 from the Launcher. SeeNIEx9 connectivity for six typical network connection scenarios. See SMP user interface andAccessing the SMP UI on an NIEx9 for more information about how to access and navigate the SMPUI.After you access the SMP UI on an NIEx9, you can configure the following NIEx9 parameters:

• Object name and basic device parameters

• Host name (Computer Name), domain name, and network parameters

• Trusted certificates (optional)

• Time and date management parameters

• Alarm and event parameters


• SNMP messages and the network management destination

• Site Director status

After commissioning an NIEx9, you must configure the NIEx9 at the job site. Figure 3 is a flowchartthat provides an overview of the sequence of steps you need to install, commission, and configurea new NIEx9.

NIEx9 configurationYou can configure the NIEx9 by downloading a pre-built archive database from the SCT thatcontains the device objects, object references, attribute values, logic, graphics, user information,and other references and data required for the NIEx9 to perform its specific tasks on the network.You can create and edit an archive database online in the SMP UI, but in almost all cases, create andedit the NIEx9 archive database offline in the SCT. When you download the database, the values inthe archive database overwrite the existing values on the commissioned NIEx9. Refer to Metasys®SCT Help (LIT-12011964) for information about how to create and download archive databases.After you configure an NIEx9 with an archive database containing user information, you can set upthe email, Syslog, and SNMP DDAs and create specific alarm and event notifications for delivery tospecific email, Syslog server, and network management destinations.


Figure 3: NIEx9 commissioning and configuration flowchart

SMP user interfaceYou can view and edit NIEx9 parameters and the parameters for associated devices in the engine'sSMP UI. Use the Launcher to access the NIEx9 SMP UI. See Accessing the SMP UI on an NIEx9.Figure 4 shows an example of the SMP UI.In the Display panel on the right side of the window is a series of tabbed screens. Table 3 and Table2 describe the information that you can view and edit in each tabbed screen. The navigation panelon the left displays the navigation tree for the BAS network integrations, field devices, field points,and their associated objects that the NIEx9 is monitoring and supervising.


Figure 4: NIEx9 Focus tab in edit mode - advanced

Table 2: NIEx9 Focus tab descriptions

Callout Description1 Previous and next arrows to navigate to viewed screens.2 NIEx9 object: Double-click or drag into display panel to view and edit NIEx9

parameters.3 Display panel in Edit view.4 Editable values: type in or select the appropriate value.5 Viewable but non-editable values in the displayed screen.6 Navigation panel.7 Alarm and event indicator.

When you view the online NIEx9 SMP UI, the border around the panels is blue as seen in Figure 4.When you view the offline SCT UI, the border is black. See Figure 5.


Table 3: Metasys SMP UI tabbed screens

Screen tabdesignation

Purpose Access online/offline

Focus orConfiguration

Provides the description and name (label) of thedevice object, the local time and date, the firmwareversion, message buffer and alarm, and auditrepository sizes. The Focus tab also identifiesthe local Site Director and includes general siteinformation about the ADS/ADX to which the NIEx9reports if applicable.

Both

Communications Establishes communication parameters such as theSerial port.

Both

Network Establishes the Computer Name (host name) fornetwork identity and LAN if applicable. The hostname cannot consist of only numbers.

Both

Email Establishes the NIEx9 email alarm-notificationsfeatures common to all email messages and createsunique email message destinations.

Both

Pager No longer supported at 9.0.7, but the Pager tab stillappears.

No longer supportedat 9.0.7.

SNMP Establishes the NIEx9 Simple Network ManagementProtocol (SNMP) features common to all SNMPnotifications and creates unique SNMP messagedestinations.

Both

Syslog Provides the NIEx9 Syslog server reportingdestination information.

Both

Alarm Provides the NIEx9 alarm setup and destinationinformation.

Both

Summary Provides network and field device status information.Also provides attribute values for supervisory andfield devices on the NIEx9 field trunks.

Online

Diagnostic Provides various status reports to aid introubleshooting the NIEx9.

Online

Trend Monitors and records the changes in the behavior ofan NIEx9 over time, assisting with diagnosing varioussystem-wide behavioral characteristics.

Online

Menus, tab screens, attribute lists, values, and units of measure in the SMP UI are dynamic andchange in the displayed screen according to the item you select from the navigation tree. Refer tothe Object and Feature Tabs section in the Metasys® SMP Help (LIT-1201793) for descriptions of menuitems.

Metasys UIIn addition to the SMP UI, the Metasys UI is installed with Metasys server software. The MetasysUI is a mobile-optimized software component that consolidates existing Metasys user interfaceproducts into a single, simplified, and easy-to-learn interface. The Metasys UI provides a simplelocation-based navigation approach to find information about the Metasys site, including the abilityto search for any location or equipment by name and to bookmark a location or equipment in a


web browser. The Metasys UI displays data in a dashboard format that gives you the overview ofwhat is happening within a space, equipment, or central plant. You can also create and managegraphics, and view their associations to equipment and spaces. Access the Metasys UI from anytype of client device with any screen size. For more details, refer to Metasys® UI Technical Bulletin(LIT-12012115).

Metasys Help filesThe Metasys Help files provide shared system information and individualized mode-dependentinformation for the Metasys SMP or the SCT. The Metasys® SMP Help (LIT-1201793) providesinformation about alarming, commanding, auditing live data values, and other online features.The Metasys® SCT Help (LIT-12011964) provides information about offline operations such asmanaging archives, creating spaces, simulating systems, and establishing equipment and servingrelationships.For small-capacity engines at Release 9.0.7, a link to the Metasys® SMP Help (LIT-1201793) stored onthe Johnson Controls® literature website is available. For large capacity engines at Release 10.0, theMetasys Help menu provides an option to open the Help file in PDF format.

Browser options for downloading the LauncherThe Metasys system currently supports Windows Internet Explorer to download the Launcherapplication. Other web browsers are not tested. After you install the Launcher, use the Launcher,not the web browser, to open the SMP UI.

SCTThe SCT is an offline software tool used to create, edit, save, and restore the various archive andsecurity databases used to configure the Metasys system networks, ODSs, ADSs/ADXs, NIEx9s, andsupported field devices.The SCT allows commissioning of N2 devices by allowing HVAC PRO software, GX-Tool software,and XTM Configurator software to access the devices on the N2 Bus of an NIEx9, and allowscommissioning of CGMs, CVMs, FECs, VMA16s, and IOMs controllers by using the CCT software toaccess the devices on the field bus of an NIEx9.The SCT provides a simulation feature so you can simulate an online supervisory device and testa database’s control logic prior to downloading it to an NIEx9. You can use the SCT, to view andconfigure multiple sites in one archive.


Figure 5: SCT UI screen in edit mode

SCT ProSCT Pro is the next generation of interface for SCT. It provides streamlined workflows, andsimplifies tasks. For example, you can use SCT Pro to maintain healthy backup practices for a site,including the creation of backups automatically on a recurring schedule. SCT Pro does not includethe full range of features that are available in SCT, but each release adds new features; and you canuse SCT for the tasks that SCT Pro does not support.Refer to SCT Pro Help (LIT-12013035) for more information on using SCT Pro.

CCTUse the CCT in conjunction with the Metasys system user interface to configure, simulate, andcommission CGMs, CVMs, FACs, FECs, IOMs, and VMA16s, on a MS/TP bus or N2 network. You mustinstall CCT on the same computer as the SCT software to use the Ethernet Passthru option in SCT.For more information on CCT, refer to Controller Tool Help (LIT-12011147).

Archive databasesA Metasys archive database contains the configuration information for ADSs/ADXs, NIEx9s, BASnetwork integrations, field devices, and field points that make up a single site or multiple sites ona Metasys system network. Multiple archive databases, representing multiple sites, can reside on asingle ADS/ADX running the SCT.An NIEx9 archive database, which resides in the NIEx9 internal memory, contains only the specificconfiguration information that makes up the network integrations, field devices, and field pointsthat the NIEx9 is supervising. Each NIEx9 retains only its own archive database. You can also savethe NIEx9 database in a Metasys archive database on an ADS/ADX or another computer using the


SCT. A graphical representation of some of the items contained in an NIEx9 archive database isshown in Figure 4 in the SMP UI navigation panel.You can upload an NIEx9 archive database to the SCT where you can save it to a hard disk orother long-term storage media. You can also edit an NIEx9 archive database offline in the SCT anddownload the edited archive database to the NIEx9.

NIEx9 disk image updates and archive database upgradesThe NIEx9 operating system, Metasys system software, NIEx9 archive database, and recent NIEx9operation data reside on the NIEx9 disk image.Use the NAE/NIE Update Tool to update the NIEx9 disk image. Refer to NAE/NIE Update Tool Help(LIT-12011524)You cannot downgrade an NIEx9 to a Metasys system release before 6.5.25. If you do so, the engineno longer allows trunk integrations, such as an MS/TP field bus, and no longer accepts an archivedownload from the SCT.

Site DirectorFor each Metasys system network site, the Site Director is either a single network engine or aMetasys server. The Site Director UI provides a single point of access to the site and all of the web-enabled devices on the site. The Site Director also supports functions such as user log on, useradministration, user views, time synchronization, and data traffic management.On larger Metasys system networks with one or more Metasys Servers, the Site Director is an ADS,ADX, or ODS. On small network sites without an ADS, ADX, or ODS, you must designate one of theNIEx9s as the Site Director.The Site Director, by default, is the NIEx9.

Note: You must demote any NIEx9 that is not the designated Site Director on a site. SeeDesignating an NIEx9 as a child of a Site Director for more information.

Note: You can establish or change the log on user name and password for the NIEx9 onlywhen the NIEx9 is the Site Director. Establish these values before you demote an NIEx9 fromthe Site Director.

If an ADS/ADX is on a site, an NIEx9 cannot be the Site Director. You must demote the NIEx9 tobe a child of an ADS/ADX or ODS. See Designating an NIEx9 as a child of a Site Director for moreinformation.An NIE29 cannot be the Site Director except in stand-alone applications.Table 4: Site directors and supervision

Site Director Engines the Site Director can superviseNIE39 Can supervise up to two additional NIE29s or

NIE39s on the site.Note: An NIE39 as the Site Director cannotsupervise NIE49s or NIE59s.

NIE49 Can supervise up to two additional engines onthe site: NIE29s, NIE39s, or NIE49s.

Note: An NIE49 as the Site Director cannotsupervise NIE59s.

NIE59 Can supervise up to four additional engines onthe site: NIE29s, NIE39s, NIE49s, or NIE59s.


Note: If you attempt to add an NIEx9 to a site and the new NIEx9 exceeds the supervisorydevice limit for the Site Director, the Site Director does not accept the additional device. TheSite Director records an error message in the Site Director Audit Trail each time you attemptto add a new device that exceeds the device limit. If you attempt to add the same device morethan once, each attempt fails but after the first attempt, the error is no longer recorded.

NIEx9 computer nameThe NIEx9 Computer Name is an editable Network Identification attribute on the NIEx9 Networktab. Devices on the building network and the Metasys system network use the NIEx9 ComputerName to identify and communicate with the NIEx9 across the network. The computer name issynonymous with the host name on a network.Each NIE29, NIE39, NIE49, and NIE59 ships with a unique initial Computer Name value ofNAExxxxxxxxxxxx, where xxxxxxxxxxxx is the Ethernet MAC address of the device without thehyphens. For example, if the NIE's MAC address is 00-80-66-05-0F-FC, the initial computer name isNIE008066050FFC. For NIE29s only, the unique initial Computer Name value is NCExxxxxxxxxxxx,where xxxxxxxxxxxx is the Ethernet MAC address of the device without the hyphens.The initial Computer Name, before configuration, is often useful during commissioning to locateand connect to an NIEx9. For the NIE59 only, you need to use the NAE prefix in the name, notthe NIE prefix. In most cases, the archive database download from the SCT overwrites the initialcomputer name value and determines the NIEx9 computer name on the Metasys site.Changing the NIEx9 computer name breaks any existing references between the NIEx9 object andother objects on the site and may break the existing network connection to other devices on thenetwork.

Note: Before building the archive database in SCT, consult the network administrator orInformation Technology (IT) department to determine if there is an existing protocol for hostnames (computer names) on the network.

NIEx9 object nameThe NIEx9 Object Name is an editable attribute on the NIEx9 Focus tab that the Metasys softwareuses to identify the NIEx9 in the SMP UI and in the SCT. The Object Name is a label only and is notnecessarily the same as the computer name. Changing the Object Name changes the name thatyou see in the navigation tree, alarm messages, trend reports, and other screens in the SMP UI andSCT that refer to the NIEx9. Changing the Object Name does not affect the object references ornetwork communication with other devices on the site. You can change the Object Name at anytime. Use an intuitive name that clearly identifies the NIEx9 in the SMP UI and Metasys site.

Basic Access operating modeBasic Access is a mode of operation allowing users with Basic Access user accounts access to asubset of the standard user interface capabilities based on their assigned permissions. Metasyssystem administrators using the Security Administration system can create basic access useraccounts. Basic Access meets the user interface requirements for most building operators. BasicAccess is provided on all of the Metasys system engines and servers but is the primary userinterface in the NIE3910 and NIE3920 controllers.You cannot commission or configure an NIE39 in Basic Access mode. You must log on to thefull SMP UI on the NIE39 to commission and configure the device. See Log on user names andpasswords for information about how to log on to NIE39 Basic Access.

Log on user names and passwordsAll NIEx9s have the same default initial log on user name and default password. The initial logon user name is MetasysSysAgent, and it is not case sensitive. For the MetasysSysAgent defaultpassword, contact your local Johnson Controls representative.


Use the initial user name and password to log on to any NIEx9 the first time you commission theNIEx9. The Change Password dialog box prompts you to change the initial default passwordbefore you continue. You must change the MetasysSysAgent default password when you first logon to a new NIEx9, or a recently updated NIEx9 with the SCT or the NAE/NIE Update Tool. Theprocess to update the password may take up to 60 seconds to complete.Complex passwords are required to access the NIEx9, or an NIEx9 securely on the site. Complexpasswords meet the following requirements of the particular language: English, non-English, orAsian, which you can review in the Change Password window. For English users, the requirementsare as follows:

• The password must include a minimum of 8 characters and a maximum of 50 characters.

• The password cannot include spaces or include a word or phrase that is in the Blocked Words list.

• The password and the username cannot share the same three consecutive characters.

• The password must meet the four following conditions:

- Include at least one number (0–9)

- Include at least one special character (-, ., @, #, !, ?, $, %)Note: Use only the special characters listed above; all other special characters areinvalid.

- Include at least one uppercase character

- Include at least one lowercase character

Note: The NIEx9 log on user name and password values can be changed only when an NIEx9is the Site Director. If you want to change the NIEx9 log on user name or password, you mustdo so before demoting the NIEx9 from Site Director status.

The models with Basic Access operation mode require an additional log on user nameand password to enable and use the Basic Access mode. The initial log on user name isBasicSysAgent, and it is not case sensitive. Create your own account password when prompted.

Note: When you change or add an NIEx9 log on user name or password, make sure to recordthe new user name and password and store them in a safe location. You cannot access theNIEx9 SMP UI without a valid user name and password. Refer to Security Administrator SystemTechnical Bulletin (LIT-1201528) for details.

NIEx9 connectivityYou can establish a connection between a computer and an NIEx9 using one of the followingprocedures:

• Preparing an NIEx9 for a network that supports DHCP and DNS

• Preparing an NIEx9 for a network without DHCP and without DNS support when the NIEx9 usesAPIPA

• Preparing NIEx9 for a network without DHCP and without DNS Support when the NIEx9 uses astatic IP address

• Preparing NIEx9 for a network that supports DNS but not DHCP


Alarms and eventsEach NIEx9 stores alarm and event messages generated by the NIEx9 and the connected field trunkdevices. You can configure an NIEx9 to send alarm and event notifications through the NIEx9 DDAsto email destinations, and SNMP devices.DDAs are agents that route and deliver alarm and event messages to destinations such as emailaddresses, Syslog servers, and SNMP management systems.If the site has an ADS/ADX or ODS, each NIEx9 can forward alarm and event information to theADS/ADX or ODS for centralized notification and long-term storage.

Important: To avoid a loss of notification when the repositories become full, the Metasyssystem manages the NIEx9 repositories according to the following criteria:

• Events forwarded to an ADS or ODS Event Repository are always removed before unforwardedevents.

• The event that is replaced first is the lowest priority event with the oldest time stamp, and withthe Acknowledge Required flag set to False.

• If the new event is of a higher priority than at least one event in the repository, it replaces theevent with the oldest time stamp and with the lowest priority.

• If all events are of the same priority, it replaces the event with the oldest time stamp.

• If the new event is of a lower priority than all other events in the Event Repository, it replaces noevent and the new event is discarded.

A loss of emailing can result if you do not commission the NIEx9 with strict adherence to thesecriteria. To avoid managing events in this way, move ADS/ADX and the notification DDAs to theserver.You can designate multiple alarm and event sources in an NIEx9 and in the connected field devices,and then configure the conditions that trigger those alarms or events. You can also define multiplenotification types and multiple notification destinations for each alarm or event.The NIEx9 also has several pre-configured internal diagnostic features that are factory set togenerate alarms. NIEx9 device diagnostic features with factory-set default alarm values includethose listed in the following table.Table 5: Default Network Engine Alarm values

Audit Rate Events LostBACnet Broadcast Receive Rate Event RateBattery Condition Flash UsageBoard Temperature Memory UsageCOV Rcv Rate Samples LostCPU Temperature Sample RateCPU Usage Transfer Buffer Full

You can check the status of these diagnostic features on the Diagnostic tab.Refer to Introduction to Alarm and Event Management in the Metasys SMP Help (LIT-1201793) for moreinformation.

Note: After you generate an alarm, anyone who acknowledges the alarm clears that alarmnotification for all other users. If an ADS/ADX or ODS is the Site Director, you can set the ADS/ADX or ODS to deliver alarm and event notifications to a network printer.


Email notificationYou can configure an NIEx9 to generate alarm and event messages by sending an email to one ormore email destinations using the email DDA. The steps require you to configure custom emailmessages and specify email message destinations in the Email tab of the SMP UI. Figure 6 providesan example of an email message destination that is active Monday through Friday, from 7:00 A.M.to 4:00 P.M.

Figure 6: Example of defining an email notification

Syslog DDAAn NIEx9 configured as a Site Director has the optional capability of sending its configured audit logentries and alarm notifications to the central repository of an external, industry-standard, Syslogserver, conforming to Internet published RFC 3164. After you save the Syslog DDA configuration,all messages go to the configured Syslog server. You can then open a user interface at the Syslogserver and use the provided filters to interrogate or apply forensic analysis on these messages. Avertical bar symbol (|) separates individual fields of each Metasys message and a single characterdash (-) replaces any blank field to help assist in reading the log.The Syslog option is disabled, by default. Changing the Syslog Reporting Enabled attribute to Trueon the Syslog window enables the Syslog function. The prerequisites to the Syslog DDA are asfollows:


• The Syslog server must be installed and running on a computer server, or virtual machine that isreachable by the NIEx9.

• The NIEx9 must be running Release 8.0 software or later.

• You can specify no more than three Syslog destinations.

• The firewall port must be open.

The definition of the Syslog DDA requires the following:

• A label to identify the Syslog server.

• The IP address of the Syslog server.

• Port numbers for the UDP send port and UDP receive port. For example, 514 for both.

• Event and audit filters to apply against all events and audit messages. Only those events andaudit messages that match the filters pass to the Syslog server.

The Syslog DDA attribute called Syslog Reporting Enabled appears on the Shared Configurationsection of the Syslog tab of an NIEx9 device object. See Figure 7. This attribute has two selections:True or False.When the Syslog Reporting Enabled attribute is set to True, the feature is active and forwardsyour Metasys messages (events and audits) to your destination Syslog server according to thefiltering you specified. When the Syslog Reporting Enabled attribute is set to False, the featureis inactive and forwards no Metasys messages to the Syslog server. The configuration example inFigure 7 is set to route to the Syslog server all High Warning alarms that require acknowledgment.The Syslog DDA implementation is UDP, not TCP. Therefore, any audits or events generated whilethe Syslog server is offline are not recorded at the Syslog server, even though the Metasys system,unable to determine the status of the Syslog server, continues to send out messages. A gap in timeis present between events when the Syslog server comes back online.


Figure 7: Syslog tab in engine's device object

Figure 8 shows an example of Metasys system messages as they appear on the Kiwi Syslog® ServerConsole user interface. Use the console to filter the messages. If you do not have a tool, open aweb browser and enter the following URL:http://<IP of the server>>:<Port>/Events.aspx

For example: http://SysLogserver1:8088/Events.aspxWhen you browse to this site, you must enter a valid username and password when prompted togain access to the Syslog server. A user interface appears with the captured messages.

Figure 8: Syslog user interface

If problems occur when you try to implement the Syslog DDA functionality, consult the followingtable:


http://SysLogserver1:8088/Events.aspx

Table 6: Syslog server troubleshooting

Scenario BehaviorThe engine is starting up but the Syslog DDAhas not yet started.

When started, all generated audits and eventsare cached and sent to Syslog DDA. Themaximum size of the cache is 1,000 audits and1,000 events per hour.

The Syslog server crashes. All generated audits and events that the enginesends to the Syslog server are lost and nothingis cached.

The Syslog server goes offline or is unreachable. All generated audits and events that theengine sends to the Syslog server are lost andnothing is cached. The Syslog server receivesno data until it comes back online or becomesreachable.

The IP address, name, or port numbers of theSyslog server as defined in the engine's objectare invalid.

All generated audits and events that the enginesends to the Syslog server are lost and nothingis cached. The Syslog server receives no datauntil you correct the invalid parameters in theSyslog DDA.

The Syslog Reporting Enabled parameteris set to True, but do not define the Syslogparameters.

All generated audits and events that the enginesends to the Syslog server are lost and nothingis cached. The Syslog server receives no datauntil you specify the parameters that the SyslogDDA requires.

Your firewall is blocking the by the UDP SendPort or UDP Receive Port

All generated audits and events that the enginesends to the Syslog server are lost and nothingis cached. The Syslog server receives no datauntil the ports on the Syslog server are opened.

A parameter of the Syslog server changes, butthe corresponding parameter in the Syslog DDAof the engine is not likewise changed.

All generated audits and events that the enginesends to the Syslog server are lost and nothingis cached. The Syslog server receives no datauntil you correct the invalid parameters in theSyslog DDA.

Simple Network Management Protocol (SNMP) notificationSNMP is a protocol governing network management and the monitoring of network devices andtheir functions. It is not necessarily limited to TCP/IP networks. Large BAS networks with manynetwork devices would use SNMP monitoring. The SNMP management computer monitors alldevices on the network and receives and stores all alarm and event notifications.The NIEx9 uses SNMP protocol to deliver network device status and conditions to a designatedSNMP management computer. You must set up SNMP monitoring at the network level, andyou must assign an SNMP management device on the network. For details, see Creating NIEx9SNMP alarm notifications and destinations. If you are applying a Metasys system to an existingnetwork, consult with the network administrator or IT department that administers the network todetermine if SNMP monitoring is available on the network.Configure custom SNMP messages and specify the SNMP message destinations in the SNMPtab of the SMP UI. Perform this configuration to each NIEx9 individually; SNMP configuration isunavailable on an ADS/ADX.


Enhanced SNMP functionality is available on Metasys systems, including a Metasys systemManagement Information Base (MIB) file for configuring third-party SNMP translation applicationsto request, receive, and translate specified SNMP trap messages generated by the Metasys SNMPDDA.

RADIUS overviewYou can optionally configure the NIEx9 to authenticate non-local user access through a RemoteAuthentication Dial-In User Service (RADIUS) server. The NIEx9 uses RADIUS to authenticate theidentity of authorized non-local users of the system.All RADIUS users must have a Metasys system user defined for which Metasys authorization iscreated and maintained. The NIEx9 RADIUS implementation adheres to the following Internet RFCdocuments:

• RFC 2865 - Remote Authentication Dial In User Service

• RFC 2548 - Microsoft® Vendor-specific RADIUS Attributes

• RFC 2759 - Microsoft Point-to-Point Protocol (PPP) Challenge Handshake Authentication Protocol(CHAP) Extensions, Version 2

The Metasys system implementation of RADIUS is as follows:

• Before you add a RADIUS user account to the security system of a network engine, first add thenetwork engine as a client of the RADIUS server. If you first configure the RADIUS server settingsin the network engine before you perform this prerequisite step, you may get the messageUnable to login - Unexpected Error when you try to log on. If this error appears, resetthe network engine from the SMP UI. Then try to log on again. The RADIUS server authenticatesthe user and log on is successful.

• The Metasys system does not import authorization; all Metasys system users, both local (Metasys)and non-local (RADIUS), are authorized through user configuration done online in the SMP andthen stored in the Metasys Security Database.

• The user ID must match what needs to be authenticated by the RADIUS server, with or withoutthe @domain as defined by the local RADIUS implementation.

• Since the Metasys system performs no local authentication of non-local users, all passwordfunctions are unavailable or ignored when creating and maintaining non-local Metasys useraccounts. RADIUS passwords are never stored in the Metasys Security Database.

• You can configure the RADIUS authorization as Administrator, User, Operator, Maintenance, orany custom roles created in the Metasys system.

• When a non-local user receives a number of consecutive RADIUS failures to authenticate andthe account has been set up to lock after receiving that many failed log on attempts, the Metasyssystem authorization locks, prohibiting you from accessing the Metasys system device until aMetasys system administrator unlocks the account.

• When the RADIUS system authenticates a non-local use and the Metasys system scheduleprohibits access during the log on time, the user's log on attempt fails.

When you provide a non-local username to the Metasys system for log on, after confirming thesupplied password conforms to Metasys complexity rules, the controller passes the credentials,including the username and password, to the configured RADIUS server for authentication. Afterthe RADIUS server confirms authenticated access, you are granted authorization as specified in theMetasys Security Database.


Messages reporting errors in RADIUS authentication are intentionally obscure to hinder possibleintrusion from unauthorized users. See RADIUS errors for some situations that can result in errormessages. When RADIUS is disabled, you receive Metasys system log on messages. When youenable RADIUS, local and non-local authentication failure messages are identical and obfuscated.

Initial default NIEx9 configurationNIEx9s come with standard initial values for many of the editable attributes. The following tableslist some important initial default configuration values for the NIE29, NIE39, NIE49, and NIE59models.Table 7: NIE29, NIE39, and NIE49 initial configuration values

Attribute/field name NIE29, NIE39, and NIE49 initial valueComputer Name NAExxxxxxxxxxxx or NCExxxxxxxxxxxx, where

xxxxxxxxxxxx is the Ethernet MAC address ofthe device without hyphens. For example, if theEthernet MAC address is 00-80-66-05-0F-FC, theinitial Computer Name is NAE08066050FFC.

DHCP Client EnabledSerial Port RS232C A 115,200 baud, 8 bits, no parity, 1 stop bit

(115200,8,n,1), Direct Connect IP over Point-to-Point (PTP).

Serial Port RS232C B 115,200 baud, 8 bits, no parity, 1 stop bit(115200,8,n,1).

Site Director A new NIE39/NIE49 is a Site Director by default.If an NIEx9 is not going to be the Site Director,you must demote it and you must enter theComputer Name or IP address of the designatedSite Director.

Note: Do not designate NIE29 as a SiteDirector, except in stand-alone applications.

Initial Login Username MetasysSysAgent (not case sensitive).Initial Login Password Contact your local Johnson Controls

representative.

Table 8: NIE59 initial configuration values

Attribute/field name NIE59 initial valueComputer Name NAExxxxxxxxxxxx, where xxxxxxxxxxxx is the

Ethernet MAC address of the device withoutthe hyphens. For example, if the EthernetMAC address is 00-80-66-05-0F-FC, the initialComputer Name is NAE008066050FFC.

DHCP Client EnabledSerial Port A 115,200 baud, 8 bits, no parity, 1 stop bit

(115200,8,n,1), Direct Connect IP over Point-to-Point (PTP).

Serial Port B 9600 baud, 8 bits, no parity, 1 stop bit(9600,8,n,1).


Table 8: NIE59 initial configuration values

Attribute/field name NIE59 initial valueSite Director A new NIE59 is a Site Director by default. If an

NIEx9 is not a Site Director, you must demote itand you must enter the Computer Name or IPaddress of the designated Site Director.

Initial Login Username MetasysSysAgent (not case-sensitive).Initial Login Password Contact your local Johnson Controls

representative.

Note: Do not disable the MetasysSysAgent account.

Allow HTTPA network engine at Metasys system Release 8.1 or later has an attribute called Allow Http locatedunder the Network tab of the engine in the SMP UI. This attribute controls if the Windows Firewallin the network engine blocks incoming network traffic over the HTTP port (port 80). By default,the Allow Http attribute is set to True for all network engines upgraded to Release 8.1 or later.Changing this attribute to False blocks all incoming network traffic over port 80 at the networkengine. Doing so does not interfere with NAE/NIE Update Tool operations.

Figure 9: Allow Http attribute for network engine

The Allow Http attribute is set independently on each network engine. A schedule or other controlaction can modify the value of this attribute. You can configure a tailored summary to view thevalue of the Allow Http attribute on all network engines at the site. You can also use the massediting capability in SCT to modify the Allow Http attribute across multiple devices.To provide the highest level of security, set Allow Http to False for every network engine upgradedto Release 8.1 or later. However, if the network engine is a Site Director and if you have notupgraded the child engines reporting to it to Release 8.1 or later, set Allow Http to True. Forreference, the following table lists which Metasys tools, utilities, and features depend on Port 80. Ifthe network engine uses one or more of these items that require Port 80, set Allow Http to True.


Table 9: Port 80 requirements for tools, utilities, and features

Item Does it requirePort 80

Notes

Advanced Graphics Application(AGA)

Yes Uses an older version of Metasys data accessservices that requires http.

Advanced Reporting andEnergy Essentials

Yes Uses http for communication with engines.

CCT Yes Uses an older version of Metasys dataaccess services that requires http. However,CCT only requires Port 80 for upload anddownload operations.

Graphic Generation Tool (GGT) Yes Uses an older version of Metasys data accessservices that requires http.

Launcher No Uses https for communication with enginesupgraded to Release 8.1 or later, but mustbe set for http to communicate with enginesprior to Release 8.1.

Metasys Export Utility Yes Uses an older version of Metasys data accessservices that requires http.

Metasys for ValidatedEnvironments (MVE)

No Uses https for communication with enginesupgraded to Release 8.1 or later.

Metasys UI No Uses https for communication with enginesupgraded to Release 8.1 or later.

NAE Configuration andInformation Tool (NCT)

Yes Requires port 80 for sending a file to anengine from the commissioning laptop.

NAE/NIE Update Tool Yes Requires port 80 to successfully performa code download to the engine using theHTTP update method. If Allow Http is set toFalse, the NAE/NIE Update Tool temporarilyopens port 80 for its operations, then closesthe port after the download completes.

P2000 Yes Requires port 80 (inbound) to be open onthe Windows Firewall of the Metasys server.

Ready Access Portal Yes Uses https between the Ready Access Portalserver and the client, but http between theReady Access Portal server and the engines.

SMP No Uses https for communication with enginesupgraded to Release 8.1 or later.

SCT No Uses https for communication with fieldcontrollers and engines upgraded to Release8.1 or later.

Site Security LevelA network engine at Metasys system Release 9.0 or later has an attribute in its Site object calledSite Security Level. If the network engine is a Site Director, you use this attribute to select if youwant to enable only encrypted communication or encrypted and trusted communication between


the network engine Site Director and its child engines. Do not set this attribute to Encrypted andTrusted until you have downloaded, with trusted certificates, all network engines reporting to theSite Director. If the site has one or more network engines with self-signed certificates and someolder engines without certificates, set this attribute to Encrypted Only.

Advanced Security Enabled for Release 10.0Note: This function is not supported at Release 9.0.7.

The Advanced Security setting indicates if the site uses the advanced security settings. Thisattribute provides an improved layer of security between Metasys Site Directors and devices. Withthis attribute set to True, backward-compatible methods of communication between the SiteDirector and its network engines are disabled, which means a Site Director at Release 10.0 discardsall communication attempts from network engines prior to Release 10.0.This setting applies to the entire site, so keep this attribute set to False (default) if you have anynetwork engines on the site that are running a Metasys release prior to Release 10.0.When you change this attribute to True, a user message appears to indicate that all networkengines prior to Release 10.0 remain online, but are disconnected from the site because they nolonger communicate with the Site Director. If this message appears, click OK to continue and setthe attribute to True, or Cancel to keep the attribute set to False.

System and user preferencesThe Metasys system provides customized preferences for the SMP UI. The preferences allow you toconfigure how the UI behaves, including the sounds and colors, the startup view, and the ability toadd links to external applications that can be accessed from within the UI of the NIEx9 device.

Reset device commandThe NIE Reset Device command in the SMP UI initiates an orderly reset that saves recent changesto the NIE archive database and restarts the NIE operating system. When the NIE requires a reset,the title bar of the object in the Display panel displays Reset Needed. A reset is required for newsettings to take effect after making changes to the following attributes:

• APDU Retries

• APDU Segment Time-Out

• APDU Time-Out

• BACnet IP Port

• Computer Name

• Contact Person

• Domain Name

• Max APDU Length

• Network Address

• Port Number

• Read/Write Community

• SNMP DDA

• SNMP Management Device

• Serial Port 1 Cable Config


• Time Sync Period

• Changing the NIE Computer Name value forces a device reset.

Important: To avoid losing data, do not push the RE-BOOT SYSTEM switch on the NIE toinitiate a device reset. Pushing the RE-BOOT SYSTEM switch initiates a CPU reset and restart ofthe NIE, which causes all unsaved data to be lost, including recent attribute value changes.

Detailed proceduresYou need the following items to perform the detailed commissioning procedures for an NIEx9:

• An NIEx9.

• A laptop or desktop computer with a suitable browser to download the Launcher application.

Note: In some scenarios, the computer must be a DHCP client or configured to use a static IPaddress appropriate for the network.

• The NIEx9 Ethernet MAC address.

You may also need the following items:

• A null modem Serial cable.

• An Ethernet crossover cable.

• A new, unique IP address for each NIEx9 on the Metasys network if DHCP cannot be used.

• A copy of the NIEx9 archive database that configures the NIEx9 for your specific site. You cancreate the NIEx9 archive database and store it offline in the SCT.

• SCT loaded on the commissioning computer.

Installing Launcher to access the NIEx9Use the Launcher application to access an NIEx9.

Note: The Single Site Connection install option is available to network engines and the ADS/ADX at Release 9.0 or earlier. For engines at Release 9.0.7, the option is available but notfunctional; for network engines and the ADS/ADX at Release 10.0, only the Full LauncherInstaller option is available.

If the Launcher application is already installed on your computer, skip to Full Launcher installer. Ifyou have not already installed the Launcher application, complete the following steps:

1. Start the Internet Explorer web browser.

2. Enter the following URL in the address field: http://NAENIEx9-computer-name/metasys. TheWindows Launcher Download dialog box appears.

3. Choose one of the following Launcher options.Go to Full Launcher installer if at least one of the following is true:

- you need to access the SMP (NIEx9) or SCT

- you need to access Metasys servers or engines of different release versions

- you have rights to install new applications on your computer


http://NAENIEx9-computer-name/metasys

Note: The Full Launcher Installer for small-capacity engines routes the user to the publiclauncher site where the user can obtain the resource files.

Go to Single site connection if at least one of the following is true:

- you only need to access the SMP (NIEx9), not SCT

- you only need to access Metasys servers or engines of a specific release version

- you do not have rights to install new applications on your computer

Note: For small-capacity engines, a single site connection is not valid.

4. Click Full Launcher Installer. Follow the instructions on the screen to install the Launcher.Refer to the Launcher Installation Instructions (LIT-12011783) if needed. When the Launcher isinstalled on your computer, proceed to Launcher window.

5. Start the Launcher application. The Launcher window appears.

Figure 10: Launcher window

6. Click Add. The Add New window appears.


Figure 11: Add new

7. Enter the host name (or IP address) of the NIEx9 including the domain name if required, andthen click Discover. The Launcher searches for the device on the building network. When thedevice is found, the Add New window refreshes to indicate the found device.

Figure 12: Add new: found device

8. Make sure the Add box next to SMP is selected. You can enter a descriptive name for the NIEx9in the Description field to make the NIEx9 easier to find in the profile list, or you can keep thedefault IP address. Click Save. The NIEx9 is added to the profile list on the SMP tab.

Note: If the device has SCT installed, you can also add its SCT profile (as shown).

9. Select the NIEx9 from the SMP profile list and click Launch. If the device you are adding hasnot yet been downloaded and installed on your computer, a Downloading window appears,followed by an Installing window. The windows close when the download and installation stepsare complete. The system login window appears.

10. Enter the initial Username and Password values for the NIEx9 and click Login. See Log on usernames and passwords.


11. If necessary, set the time, time zone, and date. See Appendix: Time Zone, Date, and TimeManagement.

Full Launcher installer1. Click Full Launcher Installer. Follow the instructions on the screen to install the Launcher.

Refer to Launcher Installation Instructions (LIT-12011783) if needed. When you install theLauncher on your computer, proceed to Launcher window.

2. Start the Launcher application.

Figure 13: Launcher window

3. Click Add.

4. Enter the host name (or IP address) of the NIEx9 including the domain name if required, andthen click Discover. The Launcher searches for the device on the building network and whenthe device is found, the Add New window refreshes to indicate the found device.


Figure 14: Add new: found device

5. Select the Add check-box next to the SMP. You can enter a descriptive name for the NIEx9 inthe Description field to make the NIEx9 easier to find in the profile list, or you can keep thedefault IP address.

6. Click Save. The NIEx9 is added to the profile list on the SMP tab.Note: If the device has SCT installed, you can also add its SCT profile.

7. Select the NIEx9 from the SMP profile list and click Launch. If you have not downloadedand installed the device you are adding on your computer, a Downloading window appears,followed by an Installing window. The windows close when the download and installation stepsare complete.

8. Enter the initial Username and Password values for the NIEx9 and click Login. See Log onuser names and passwords.

9. If necessary, set the time, time zone, and date. See Appendix: Time Zone, Date, and TimeManagement.

Single site connection1. Click Single Site Connection. Refer to Launcher Installation Instructions (LIT-12011783) for

instructions on how to download and install the Launcher files.

2. Double-click the Metasys Launcher.exe shortcut on your computer desktop.


Figure 15: Metasys launcher - single site connection

3. Enter the host name or IP address of the NIEx9, including the domain name if required.

4. Click Launch.

5. Enter the initial Username and Password values for the NIEx9 and click Login. See Log onuser names and passwords.

6. If necessary, set the time, time zone, and date. See Appendix: Time Zone, Date, and TimeManagement for more information.

Upgrading an NIEx91. In SCT, in the correct engine archive select Tools > Manage Archive.

2. In the Manage Archive Wizard, click Upgrade/Migrate Device and then click Next.

3. On the Select Devices page, configure the update and migration options by completing thefollowing steps:

a. To add a device, click the plus sign, select the device, and click OK, or remove a device,select the device and click the minus icon.

b. From the list in the New Model column, select a model number for each device that youwant to migrate.

c. From the Upgrade Selected Devices to Release list, select a release version for thedevice upgrade.

d. Click Next. If the Next button is disabled, then the combination of upgrade andmigration options that you have selected is not valid. Adjust any selections highlighted inred before you continue.

4. Select the upgrade schedule and click Next.

5. If a security database exists in the archive, complete the following steps:


a. Enter the MetasysSysAgent password for each archive device and click Authenticate ForUpgrade. If the log on for the device fails, the device remains in the Devices RequiringAction table.

b. Repeat the above step until you move all devices to the Selected Action table.Note:

- Select the device in the Devices Requiring Action table, open the ClearSecurity Database tab, and click Set to be cleared.

- SCT upgrades all devices with a clear security database but removes the securitydatabase from the archive. To add another security database to the device, referto SCT Help (LIT-12011964).

- A status of No Security Database to Upgrade indicates that you have notuploaded the device to the archive.

6. To upgrade a device with an unknown MetasysSysAgent password, set the selected action toClear Security Database.

7. Click Next.

8. Review the upgrade Summary and click Finish to perform the upgrade.

9. Click Finish in the Manage Archive Wizard and Refresh all Tabs for your changes to appear.

Table 10: ActionQ processing for device upgrade/migration

Step ActionQ processing1 After configuring an upgrade device in the Manage Archive

Wizard, the Manage Archive wizard sends the upgradecommand to the ActionQ feature in the SCT.

2 The ActionQ locks the engine in the archive database.3 1. The ActionQ begins the upgrade/migration process at

the time scheduled.

2. The device within the archive database is upgraded/migrated.

4 The ActionQ displays the final status of the upgraded/migrated device.

Preparing an NIEx9 for a network that supports DHCP and DNSThe following scenario is typical when you install an NIEx9 on an existing building network. Youmust connect your computer to the network. The computer must be a DHCP client or configured touse a static IP address appropriate for the network.

Note: Configure a DHCP reservation for the NIEx9 to ensure it always receives the same IPaddress when its lease expires. This practice prevents address bindings between the NIE89and other devices from breaking.

1. Verify that your network administrator has updated the DNS server and the DHCP server withthe NIEx9 Ethernet MAC address and the NIEx9 host name.


2. With your computer or commissioning laptop connected to the building network, start NCT.This tool listens for and shows the IP address information of the NIEx9 as it comes online.

3. Connect the NIEx9 to the network with an Ethernet patch cable.

4. Connect 24 VAC supply power to the NIEx9. Then wait for the NIEx9 to complete the startupand initialization sequence. The NCT indicates the current IP address of the network engine.

Note: Startup and initialization is complete when the NIEx9 green RUN LED is on steadyand the PEER COM LED is either off or flickering to show activity. The startup andinitialization sequence may take up to 10 minutes to complete. If the DHCP server is notonline when the NIEx9 is powered on (or if the NIEx9 Ethernet cable is disconnectedand reconnected with no DHCP server online), the NIEx9 assumes a unique IP addressbetween 169.254.0.1 and 169.254.255.254 and a subnet mask of 255.255.0.0. This is afeature of Automatic Private Internet Protocol Addressing (APIPA) that applies when DHCPis enabled in the NIEx9 (factory default).

5. Go to Installing Launcher to access the NIEx9, follow all instructions, and then return to thenext step in this section.

6. After you have completed the steps in Installing Launcher to access the NIEx9, including thestep for logging on to the NIEx9, select the NIEx9 device object in the Navigation panel, anddrag it to the Display panel of the SMP UI. The Focus tab for the selected NIEx9 appears in theDisplay panel.

7. Go to the Network tab and verify the Computer Name and Domain Name values. Changethese values to the assigned values for your network site.

8. Verify the Allow http attribute. If trusted certificates are not deployed to the engine,communication between the engine and its clients occurs over port 80. If you need to closethe network engines incoming http communication port (port 80), select False for AllowHttp. Doing so does not interfere with NAE/NIE Update Tool operations. Otherwise, keep thisattribute at the default value of True.


Figure 16: NIEx9 Network tab - edit mode

Important: The NAE/NIE Update Tool places restrictions on the Computer Name valuesyou can use for NIE29, NIE39, or NIE49 models. Names must start with a letter, must endwith either a letter or a number, and can contain hyphens only in the interior of the name.Failure to follow the name restrictions results in the Computer Name changing whenupdating NIE29, NIE39, or NIE49. Refer to NAE/NIE Update Tool Help (LIT-12011524) formore information on host name restrictions.

Note: Changing the Computer Name forces a device reset on the NIEx9. See NIEx9computer name and Reset device command.

9. Go to the Focus tab and check the NIEx9 Object Name. Change the Object Name to thedescriptive label used to identify the NIEx9 in the SMP UI and SCT.


Figure 17: NIEx9 Focus tab - advanced edit mode

Depending on the DNS server configuration, the NIEx9 may be reachable from the subnet on whichthe NIEx9 resides or from other subnets.

Preparing an NIEx9 for a network without DHCP and withoutDNS support when the NIEx9 uses APIPAThis scenario may occur when you install an NIEx9 on a stand-alone network designated as abuilding control network only. Perform these steps from a computer attached to the network.The NIEx9 uses APIPA to assign an IP address. For this procedure, do not attach an Ethernetcrossover cable directly to the NIEx9. In this scenario, a direct connection to the NIEx9 may affectthe assignment of an IP address.

1. Attach the NIEx9 to the network using an Ethernet patch cable.


3. Connect supply power to the NIEx9 and wait for the NIEx9 to complete initialization.Note: Startup and initialization is complete when the NIEx9 green RUN LED is on steadyand the PEER COM LED is either off or flickering to show activity. The startup andinitialization sequence may take up to 10 minutes to complete.


4. Verify that the computer can use APIPA or a static IP address and subnet mask that arecompatible with APIPA. If necessary, change the computer’s IP address and subnet mask to becompatible with APIPA.


6. After you have completed the steps in Installing Launcher to access the NIEx9, including thestep for logging in to the NIEx9, demote the NIEx9 from Site Director if the NIEx9 is not goingto be the Site Director. See Designating an NIEx9 as a child of a Site Director.

7. Optional. Select the Network tab of the NIEx9 device object. You can change the ComputerName value from the factory default. See NIEx9 computer name and Reset device command.Initial setup is complete. You can now log on to the NIEx9 by starting the Launcher and enter-ing the initial computer name of the NIEx9 or the computer name you assigned in Step 7.

Preparing NIEx9 for a network without DHCP and without DNSSupport when the NIEx9 uses a static IP addressThis scenario may occur when you install the NIEx9 on a stand-alone network dedicated to buildingcontrol only. Do not use this scenario when the NIEx9 uses APIPA. You can perform the steps from acomputer attached to the network or a computer connected directly to the NIEx9 with an Ethernetcrossover cable. If you connect the computer the network, connect the computer to the samesubnet as the NIEx9. To connect to the NIEx9 with this procedure, you need to know the IP addressof the NIEx9.

1. Check the network IP address and the subnet mask of the computer. If needed, change the IPaddress and the subnet mask of the computer so that the computer and the NIEx9 are on thesame subnet. The IP address assigned to the computer must be unique for the subnet.


3. Connect supply power to the NIEx9 and wait for the NIEx9 to complete startup andinitialization. Startup and initialization is complete when the NIEx9 green RUN LED is on steadyand the PEER COM LED is either off or flickering to show activity. The startup and initializationsequence may take up to 10 minutes to complete. The NCT indicates the current IP address ofthe network engine.


5. After you have completed the steps in Installing Launcher to access the NIEx9, including thestep for logging in to the NIEx9, demote the NIEx9 from Site Director if the NIEx9 is not goingto be the Site Director.

6. Select the NIEx9 device object from the Navigation panel of the SMP UI and drag it to theDisplay panel. The NIEx9 device object UI opens in the Display panel.

7. Select the Network tab of the NIEx9 device object and click Edit.

8. If you want, you can change the Computer Name. Change DHCP Enabled attribute value toFalse. This disables DHCP and APIPA.

9. Specify the IP Address, IP Mask, IP Router Address, and the DNS Server IP Addresses. Thenetwork administrator assigns these values.


10. Record the assigned IP address for the NIEx9 for future reference.

11. Click Save. The NIEx9 automatically logs you out and resets.

Figure 18: Network tab - edit mode

12. Wait for the NIEx9 to complete the startup and initialization sequence.Note: Startup and initialization is complete when the NIEx9 green RUN LED is on steadyand the PEER COM LED is either off or flickering to show activity. The startup andinitialization sequence may take up to 10 minutes to complete.

Note: If you connected your computer directly to the NIEx9 with an Ethernet crossovercable, disconnect the crossover cable and connect the NIEx9 to the network with anEthernet patch cable.

You can log on to the NIEx9 by entering its IP address in Launcher on any subnet of the net-work.

Preparing NIEx9 for a network that supports DHCP but notDNSThis scenario is common to many building networks. The NIEx9 uses DHCP only without DNS if youhave configured DHCP to assign the same IP address after device resets and lease renewals. If thisis not the case, use static IP addresses as described in Preparing NIEx9 for a network without DHCPand without DNS Support when the NIEx9 uses a static IP address.

1. Attach the NIEx9 to the network using an Ethernet patch cable.



3. Connect supply power to the NIEx9 and wait for the NIEx9 to complete initialization. The NCTindicates the current IP address of the network engine.Startup and initialization is complete when the NIEx9 green RUN LED is on steady and the PEERCOM LED is either off or flickering to show activity. The startup and initialization sequence maytake up to 10 minutes to complete.

4. Go to Installing Launcher to access the NIEx9, and then follow all instructions, then return tothe next step in this section.

5. After you have completed the steps in Installing Launcher to access the NIEx9, including thestep for logging in to the NIEx9, update the NIEx9 Computer Name value on the Networktab. After you update the computer name, the SMP UI automatically logs out, and the NIEx9automatically resets. Wait for the NIEx9 to complete the startup and initialization sequence.Startup and initialization is complete when the NIEx9 green RUN LED is on steady. Thissequence may take up to 10 minutes. See Pre-boot execution environment (PXE) for moreinformation.

Preparing NIEx9 for a network that supports DNS but notDHCPThis scenario is not typical of modern networks. The steps are identical to the steps in the Preparingan NIEx9 for a network without DHCP and without DNS support when the NIEx9 uses APIPA andPreparing NIEx9 for a network without DHCP and without DNS Support when the NIEx9 uses astatic IP address.Using the NIEx9 Ethernet MAC address from the NIEx9 label, the network administrator can updatethe DNS server and the assigned computer name. You can then enter dns-name in Launcher onany computer on the building network.

Accessing the SMP UI on an NIEx9After an NIEx9 is set up for connectivity, you can access the SMP UI through the LauncherSee SMP user interface and the Metasys® SMP Help (LIT-1201793) for additional information aboutnavigating the SMP UI.You need to know the Computer Name (or IP address) of the NIEx9 you want to access. If you donot know the IP address of the NIEx9, see Determining the NIEx9 IP address and device name for anetwork connection and Determining the NIEx9 IP address and device name by using a serial portmonitor.To access the SMP UI on an NIEx9 through the Launcher:

1. Start Launcher.

2. Select the Computer Name (or IP address) of the NIEx9 on the SMP tab of the Launcher, andclick Launch.

3. Enter the NIEx9 Username and Password, and then click Login or press Enter.

4. To view an NIEx9, select the NIEx9 object from the Navigation panel and drag it to the Displaypanel. The NIEx9 object opens with the Focus tab active.

Establishing basic NIEx9 parameters in the Focus tabTo establish basic parameter in the Focus tab, complete the following steps:


1. In the SMP UI, display the NIEx9 device object and click the Focus tab.

2. Click Edit. Edit the NIEx9 Object Name and Description values as required.

3. Click Save.

4. Select the Advanced option and click Edit.

Figure 19: NIEx9 Focus tab - Advanced Edit mode

5. Edit the advanced attribute values as needed.If the NIEx9 is on a site with an ADS/ADX, enter the ADS/ADX’s IP address in Local Site Directorfield in the Site section of this screen so the NIEx9 can find the ADS/ADX. Refer to NAE DeviceObject Help and Audit Trails Help in the Metasys® SMP Help (LIT-1201793) for guidance.

Establishing the NIEx9 network parametersThe NIEx9 Computer Name and Domain Name on the Network tab identify the NIEx9 on thenetwork so other computers can locate it. In many commissioning scenarios, you can use the initialComputer Name to commission the NIEx9. See NIEx9 computer name for more information.In most site configuration scenarios, you configure many of the Metasys network values in theNIEx9 UI by downloading a pre-built archive database from the SCT to the commissioned NIEx9.The download from SCT overwrites the initial Computer Name with the new value for the Metasysnetwork.


Note: If you are building the NIEx9 database online, you must establish the productionnetwork NIEx9 Computer Name value before you establish references to objects on theNIEx9. After creating object references, changing the Computer Name value breaks all objectreferences to local objects on the site.

Important: The NAE/NIE Update Tool places restrictions on the host name (Computer Name)values you can use for NIE29, NIE39, or NIE49 models. Names must start with a letter, mustend with either a letter or a number, and may contain hyphens only in the interior of thename. Failure to follow the name restrictions results in the Computer Name changing whenyou update NIE39, NIE49, or NIE29. Refer to NAE/NIE Update Tool Help (LIT-12011524) for moreinformation on host name restrictions.

To establish the network parameters, complete the following steps:

1. In the SMP UI, display the NIEx9 device object, click the Network tab, and then click Edit.

2. In the Network Identification section, enter the Computer Name value.

3. Enter the Network Identification and LAN attribute values as needed and click Save.

Creating email alarm and event notifications and destinationsAn NIEx9 can be set up to generate custom alarm and event email messages and send themessages to one or more specified email destinations.

Note: In most scenarios, set up the Email DDA and configure the email notifications and thenotification destinations after you configure the NIEx9 with an archive database that includesthe user database.

1. In the SMP UI, display the NIEx9 device object, click the Email tab, and then click Edit. See thetop half of the Display panel in Figure 20.

2. Enter the Shared Configuration values according to Table 11. These fields establish values forattributes that are common to all email alarm notifications generated from this NIEx9. Scrolldown to the Destinations section of the Email tab. Refer to Alarm and Event Management inMetasys® SMP Help (LIT-1201793) for additional information on setting the attribute values foralarm and event notifications.

3. Click New.


Figure 20: NIEx9 Email Configuration - edit mode

4. Enter the destination values according to the following table. Refer to Alarm and EventsManagement section in the Metasys® SMP Help (LIT-1201793) for additional information onsetting the attribute values for alarm and event notifications.

Table 11: Shared attributes for all email destinations

Attribute Description (value requirement/range) Initial valueSMTP Server Host Specifies the SMTP server name that handles

outgoing email. Required value.Fully qualified host name

SMTP Port Specifies the TCP port that the server uses todeliver email message. Required Value/1 to25.

25

Authentication Type Specifies the Authentication Type the NIEx9uses to log on to the outgoing email server.Select SMTP, POP before SMTP, or None.

None

SMTP User Name Specifies the user name the NIEx9 uses to logon to the SMTP server that handles outgoingemail messages. Required only if SMTP isselected for Authentication Type.

–

SMTP Password Specifies the password the NIEx9 uses to logon to the SMTP server that handles outgoingemail messages. Required only if you selectSMTP for Authentication Type.

–


Table 11: Shared attributes for all email destinations

Attribute Description (value requirement/range) Initial valuePOP Server Hostname Specifies the POP server name for incoming

email messages. Required only if the emailserver requires POP before SMTP, before itaccepts email messages from the client. Ifyou leave this field blank, POP before SMTP isdisabled.

–

POP User name Specifies the POP user name. Required only ifPOP Authentication is required and there is avalue specified for POP server host.

Maximum 20 characters

POP Password Specifies the POP Password. Required only ifPOP Authentication is required and there is avalue specified for POP server host.

Maximum 20 characters

From Email Address Specifies a valid email address that isrecognized and exists on the SMTP Server.Required Value.

Email address

SSL Email Enabled When True, emails are sent over an SSL-encrypted connection if the server supportsencryption with StartTLS. When this parameteris set to True, you cannot send emails if theycannot be encrypted, regardless of the SSLEmail Ignoring Errors attribute setting.

False

SSL Email IgnoringErrors

When set to True, the email is sent even ifthe email server certificate appears to beinvalid. When set to False, the email is sentonly if the operating system can verify thatthe server sent a valid SSL certificate. You canonly enable this feature if SSL Email Enabled isTrue.

False

Email Diagnostics Displays diagnostic information regarding thecommunication between the Email DDA (SMTPClient) and the SMTP Server. This attributedisplays both successful and unsuccessfulemail message deliveries.

–

Table 12: Attributes for specific email destinations and notifications

Attribute Description (value requirement/range) Initial valueLabel Specifies a name for the email destination. –Email Address Specifies the destination email addresses. This is a

required value.–

Priority Specifies the email message priority as high, low, ornormal.

Normal

Subject Contains the body text of the email message. Themaximum characters allowed is 256.

–

Retries Specifies the number of attempts at sending theemail message. (0–10 Retries)

3


Table 12: Attributes for specific email destinations and notifications

Attribute Description (value requirement/range) Initial valueEnabled Enables or disables Email Destination. (True, False) TrueFilters Enables you to specify the rules that filter alarm

and event notifications. Each filter has an Item,Operator, and Value.

–

Format Enables some predefined format characteristics ofthe notifications sent to a destination. Predefinedformat characteristics include:• Notification Priority• Notification Message (content)• Value• Site Name• Item Description• Item Fully Qualified Reference• Item Category• Acknowledge Required• Previous Status(Enable a format by selecting the check box next tothe format.)

–

5. Click New to the right of Destination Email Addresses. You can import user names and theassociated email addresses from the list of user names for the site. Refer to Metasys® SMP Help(LIT-1201793) for more information.


Figure 21: Import email addresses dialog box

6. To filter the email messages sent to a destination, click New beside the Filters section of theEmail Destination Configuration tab.

7. Select the Item, Operator, and Value for the condition that you want to trigger the emailnotification. Refer to Event Message Routing, Filtering, and Destinations in the Metasys® SMP Help(LIT-1201793) for additional information on filters.

8. Click OK.

9. Enable the Format characteristics for email notifications sent to the specified destinations byselecting the check boxes next to the Format characteristic. Add additional email destinationswith filters and formats as required.

10. Click Save.

Configuring encrypted emailYour user name and password is encrypted by Metasys software once you enter it into the SMP UI,but the software does not automatically encrypt email messages. This feature allows embeddedand server machines to send email to email servers over a secure channel (secure socket layer[SSL]). The software encrypts the entire email payload, and allows our software to communicate toemail servers that require SSL connections.Consider these points when using email encryption:


• The SMTP port is different when using secure socket layer connections. This port is usually 465.

• Server-class machines and embedded devices do not have the same list of trusted CertificateAuthorities. An embedded device may not trust a certificate that is trusted on a server-classmachine. To increase the chances of an embedded device trusting a certificate used by a server-class machine, you need to have the certificate signed by a major authority.

• To maximize efficiency when using this feature, set up mailing groups instead of individual usersin the destination field to minimize the number of users to which the machine has to send anemail. This setup allows you to create different email groups and customize the type of messagesthat each user receives.

• To increase the chance of an embedded device or an ADS/ADX trusting the certificate the mailserver uses, ensure a major certificate authority obtains the signed certificate.

• If you use an embedded device as your site director, no option is available to update the TrustedCertificate Authority list at this time.

• To ensure you have the latest list of Trusted Certificate Authorities installed on your ADS/ADX,install any available certificate updates from Microsoft Windows® Update.

You can configure encrypted email in three ways:

• Configuring encrypted email with no authentication required

• Configuring encrypted email with SMTP authentication

• Configuring encrypted email with POP-before-SMTP authentication

Configuring encrypted email with no authentication requiredNote: Encrypted Email with No Authentication Required functions only when you AnonymousAuthentication on the mail server.

1. View an engine or device.

2. Click the Email tab.

3. Click Edit.

4. Edit the Attributes in the Shared Configuration as shown in Table 13.

Table 13: Attributes for no authentication required

Attribute SelectionSMTP Server Host For example: mail.yourdomain.com or

yourdomain.comSMTP Port 465Authentication Type NoneSSL Email Enabled TrueSSL Email Ignoring Errors False

5. Verify that you sent the email correctly.


Configuring encrypted email with SMTP authentication1. View an Engine or device.


3. Click Edit.

4. Edit the Attributes in the Shared Configuration as shown in Table 14.Table 14: Attributes for SMTP authentication


yourdomain.comSMTP Port 465Authentication Type SMTPSSL Email Enabled TrueSSL Email Ignoring Errors False


Configuring encrypted email with POP-before-SMTP authenticationNote: When you enable SSL Email and you use POP-before-SMTP Authentication, the Metasyssystem uses port 995 to communicate to the mail server. Ensure that the mail server you areconnecting to uses port 995 for secure socket layer connections for POP3 access. When youenable SSL Email and you use POP-before-SMTP Authentication, the Metasys system uses port110 to communicate to the mail server. Ensure that the mail server you are connecting to usesport 110 for non-encrypted POP3 access.

1. View an engine or device.


3. Click Edit.

4. Edit the attributes in the Shared Configuration according to the following table:Table 15: Attributes for POP-before-SMTP authentication


yourdomain.comSMTP Port 465Authentication Type POP-before-SMTPPOP Server Hostname yourdomain.com or pop.yourdomain.comSSL Email Enabled TrueSSL Email Ignoring Errors False



Creating NIEx9 SNMP alarm notifications and destinationsYou can set up an NIEx9 to generate and deliver alarm and event messages on a network usingSNMP network monitoring.You can use SNMP monitoring for large BAS networks with many network devices. The SNMPmanagement computer monitors all devices on the network and receives and stores all alarm andevent notifications.You must set up SNMP monitoring at the network level and you must assign an SNMP managementdevice on the network. If apply a Metasys system to any existing network, consult with the networkadministrator or IT department that administers the building network to determine if SNMPmonitoring is available on the network.

Note: In most scenarios, we recommend that you set up the SNMP DDA and configure theSNMP notifications and the notification destinations after you configure an NIEx9 with anarchive database that includes the user database.

1. In the SMP UI, display the NIEx9 device object and click the SNMP tab.

2. Click Edit.

Figure 22: NIEx9 SNMP configuration Tab - edit mode

3. In the Shared Configuration section, set SNMP Enabled value to True if your networkapplication uses SNMP monitoring.

4. Type the IP address or host name values of the SNMP Management device.

5. In the Read Only Community and Read/Write Community fields, enter the community stringused by the ENMS to retrieve data from objects maintained by managed devices. See thefollowing table for more information.

Table 16: Share attributes for SNMP destination

Attribute Description (value requirement/range)

Initial value

SNMP Enabled Enables or disables SNMP DDA on theNIEx9. (True, False).

False


Table 16: Share attributes for SNMP destination

Attribute Description (value requirement/range)

Initial value

SNMP Trap Version Specifies the version of SNMP used onthe network on which the NIEx9 resides.Not required if SNMP Enabled is set toFalse.

SNMP Version 1

SNMP Management Device Specifies the IP address or host nameof the SNMP Management device onthe network on which the NIEx9 resides.The direction of communication is fromthe SNMP Management device to theNIEx9. Currently, the NIE89 does notsupport this function. Not required if SNMP Enabled is set to False.

–

SNMP Request Port Specifies the port on the SNMP serverwhere SNMP notifications go. Notrequired if SNMP Enabled is set toFalse.

161

Contact Person Specifies the contact person for theSNMP notifications. Not required if SNMP Enabled is set to False.

–

Public Community Name Specifies the community name usedby the NMS to modify data in objectsmaintained by managed devices. Notrequired if SNMP Enabled is set toFalse.

public

SNMP Trap Message Format Specifies the format used to generateSNMP notifications. Change to MIBBased when SNMP managementapplication uses the Metasys MIB fileto translate SNMP notifications. Notrequired if SNMP Enabled is set toFalse.

String Based

6. Click New in the Destinations section. The window where you can edit the DestinationConfiguration appears.


Figure 23: SNMP Destination Configuration tab - edit mode

7. Enter the destination information for the SNMP trap. See the following table for moreinformation.

Table 17: Attributes for specific SNMP notifications

Attribute Description (value requirement/range) Initial valueLabel Specifies a functional name for the destination SNMP

server. Maximum 20 characters.Destination #

Trap Community Name Specifies the SNMP Community Name used by theNetwork Management System (NMS) group to listento the traps. Maximum 20 characters.

Public

IP Address Specifies the IP Address of the NMS system thatreceives the trap messages.

0.0.0.0

Destination PortNumber

Specifies the port on the SNMP Management devicethat receives messages from the NIEx9. The directionof communication is from the NIEx9 to the SNMPManagement device.

162

Enabled Enables or disables the SNMP destination. TrueFilters Enables you to specify the rules that filter alarm and

event notifications. Each filter has an item, operator,and value.

–


Table 17: Attributes for specific SNMP notifications

Attribute Description (value requirement/range) Initial valueFormat You can enable some predefined format

characteristics of the notifications that are sent to adestination. Predefined format characteristics include:• Notification Priority• Notification Message (content)• Value• Site Name• Item Description• Item Fully Qualified Reference• Item Category• Acknowledge Required• Previous StatusEnable a format by selecting the check box next to theformat.

–

8. Click Save when finished.

Enabling Syslog reportingAn NIEx9 can be set up to generate custom alarm and event email messages and send themessages to one or more specified email destinations.

1. In the SMP UI, display the NIEx9 device object and click the Syslog tab.

2. Click Edit.

3. Click the down arrow for the Syslog Reporting Enabled attribute and select True.

4. In the Destinations section, click New.

5. Enter the Destination Configuration values according to the following table.Table 18: Attributes for specific syslog destinations

Attribute Description (value requirement/range)Label Specifies a name for the Syslog server. For

example, Syslog1.Syslog Server Specifies the IP address or resolvable host name

of the Syslog server configured to receive eventsand audits from the NIEx9.

UDP Send Port Specifies the Syslog port used to send messagesto an NIEx9.

UDP Receive Port Specifies the Syslog port used to receivemessages from an NIEx9.

Event Filters Specifies the rules for filtering the alarms andevents sent to the Syslog server. Each filter hasan Item, Operator, and Value.


Table 18: Attributes for specific syslog destinations

Attribute Description (value requirement/range)Audit Filters Specifies the rules for filtering the audit

messages sent to the Syslog server. Each filterhas an Item, Operator, and Value.

6. In the Event Filters section, click New.

7. In the Add Filter dialog box, select the item, operator, and value of the condition that you wantto trigger a message to the Syslog server.

8. Add any additional event filters.

9. In the Event Filters section, click New.

10. Select the item, operator, and value of the condition that you want to trigger a message to theSyslog server. You can add additional audit filters and syslog destinations.

11. Click OK.

12. Click Save.

Configuring a RADIUS serverTo configure a RADIUS account, use the Security Administrator system and complete the followingsteps:

1. Using Metasys Launcher, start and log on to the SMP with any Metasys system administratoraccount.

2. On the SMP UI window, select Tools > Administrator.

3. In the Security Administration menu, click RADIUS.


Figure 24: RADIUS configuration screen

4. Select the Enable RADIUS Authentication check box to enable the fields on the ConfigureRADIUS window.

5. Fill in the fields of the Configure RADIUS window using the information in the following table.Table 19: RADIUS configuration fields

Field Value DescriptionEnable RADIUSauthentication

Checked or unchecked Check box to configure and enable RADIUSserver authentication. The check boxdefaults to unchecked. If it is not checked,all fields in the RADIUS Configuration screenare not editable.

RADIUS Server IPv4 address or a DNS name IPv4 address of the RADIUS server.RADIUS Server port 0 - 65535 Port on the RADIUS server to which Metasys

directs messages.RADIUS client port 0 - 65535 Port on the network engine used to send

requests to and receive responses from theRADIUS server.

Note: The default port for RADIUS is1812.

Shared secret Text string A secret used to verify the validity ofmessages sent by the RADIUS server to theclient. Knowing the Shared Secret does notgrant access to a RADIUS server.

NAS identifier Text string A RADIUS attribute that the client uses toidentify itself to a RADIUS server.


Table 19: RADIUS configuration fields

Field Value DescriptionAuthenticationmechanism

MS-CHAPv2 Mechanism used for server authentication.

6. Click Save.Note: You can disable the RADIUS by clearing the Enable Radius Authentication checkbox and applying or saving the configuration. While RADIUS is disabled, only local userscan authenticate. Log on errors display when a user attempts to log on with a RADIUSaccount.

Adding RADIUS usersTo provide access to the Metasys system for users that a RADIUS server has authenticated, completethe following steps:

1. Using Metasys Launcher, start and log on to the SMP with any Metasys system administratoraccount.

2. On the SMP UI window, select Tools > Administrator.

3. You can add a new RADIUS user in two ways:

a. In the Insert menu, click Insert RADIUS User.

b. Right-click the RADIUS Users folder. Click Insert.

4. The User Properties dialog box appears. Enter the User Name.Note:

- Spell out the User Name the same as defined and expected by the RADIUS server.

- Many fields appear dimmed when you add a RADIUS user account because the RADIUSserver controls them. These fields include: Password, Verify Password, View BlockedWords List, View Password Policy, Min Password Length, Max Password Length, UserMust Change Password at Next Logon, and User Cannot Change Password.

5. Review the selections in the remaining tabs to ensure that you assign the appropriate Metasysauthorization to the user. Then click OK. When you add a new RADIUS user, the new useraccount opens to the Access Permissions page.

Note: The Maximum Password Age and Password Uniqueness fields on the AccountPolicy tab do not apply to RADIUS users because the RADIUS server handles thosefeatures.

Setting the time, date, time zone, and time synchronizationHow you set the time zone, date, and time on an NIEx9 depends on how the NIEx9 fits into theMetasys site hierarchy. See Appendix: Time Zone, Date, and Time Management for information anddetailed procedures about how to set the time zone, date, and time on an NIEx9 and on a Metasysnetwork.


Setting up the NIEx9 alarm parametersNIEx9s ship from the factory with several pre-configured default diagnostic alarms that monitorthe NIEx9 hardware. You can edit these default alarm settings or create new alarms for the NIEx9hardware.You can also create new alarms and edit existing alarms for supported field devices on the NIEx9field trunks.

Editing the existing alarm parameters1. In the SMP UI, select and drag the NIEx9 object or field device object that you want to edit the

alarm parameters from the Navigation panel and drop it in the Display panel. The NIEx9 orfield device Focus tab opens.

2. Click the Alarm tab. The Alarm tab opens.

Figure 25: NIEx9 Alarm tab

3. Select items in the Select Item(s) list to edit existing alarms. To create new alarms, seeCreating a new alarm.

4. Click Edit.


Figure 26: NIEx9 Alarms tab edit mode

5. Edit the desired attributes for the NIEx9 or field device, and click Save to save the edited alarmsettings.

Creating a new alarmYou can create new alarms for the NIEx9 or any of the supported field devices on the field trunksattached to the NIEx9.

1. Select and drag the NIEx9 or field device object from the Navigation panel into the Displaypanel.

2. Select the Alarm tab.

3. Click New.

4. In the Insert Alarm wizard, select the device attribute for which you want to create an alarm.

5. Follow the wizard instructions and create or edit the values for the Attribute for which youwant to create an alarm.

6. Click Save.

Designating an NIEx9 as a child of a Site DirectorAll NIEx9s have a Site Object and therefore are Site Directors by default. To designate the SiteDirector on a new site, you must demote all the NIEx9s on the site that are not the Site Director. You


must reset an NIEx9 when it is demoted. Also, if the NIEx9 is at Release 10.0 or later, you must pairit to its Site Director.In many Metasys network site commissioning and configuration scenarios, the Site Director statusof the NIEx9s on the site is built into the archive database for the site. The status of these devicesis established on the NIEx9s when the archive database is downloaded from the SCT to the sitedevices. The SCT database download overwrites the existing values in the NIEx9s.

Note: If an ADS/ADX/ODS is on a site, an NIEx9 cannot be the Site Director. If an NIE59 is theSite Director, it can supervise up to four additional supervisory devices on the site (NIE39s,NIE49s, NIE29s, or NIE59s only). If an NIE49 is the Site Director, it can supervise up to twoadditional supervisory devices on the site (NIE39s, NIE49s, or NIE29s only). If an NIE39 is theSite Director, it can supervise up to two additional NIE39s or NIE29s on the site. NIE29s cannotsupervise other network engines and should only be designated as the Site Director in stand-alone applications.

You typically demote an NIEx9 from the Site Director offline in the SCT UI, but you can complete theprocess online in the NIEx9 SMP UI. The procedure in this section describes how to use the NIEx9SMP UI to demote an NIEx9 from the Site Director. To do so with the SCT, go to the Changing theSite Director with the SCT section.

Note: If you do the site promotion or demotion online, you may lose any navigation treesbuilt for the site. If User Views (navigation trees) have already been built, upload them to theSCT, establish the Site Director, and then download the navigation trees back to the sourcedevices. The Site Director and NIEx9 Computer Name values in the NIEx9 UI must match thevalues in the SCT archive database.

To demote an NIEx9 and designate its Site Director, complete the following steps:

1. On the Navigation panel, select the NIEx9 that you want to demote from Site Director.

2. Drag the NIEx9 into the Display panel to open the Focus tab.

3. Select Advanced.

4. Click Edit.

5. Scroll down to the Site attributes and select the Local Site Director field.


Figure 27: Designating the Site Director

6. Type the host name or IP address of the NIEx9 or ADS/ADX that you want to designate asthe local Site Director. After you complete the process, the demoted NIEx9 is a child of thedesignated Site Director.

7. Click Save. To view an image of the message box, see Figure 28.

Figure 28: Confirmation for demoting Site Director

8. If you wish to proceed, click OK to this confirmation message; otherwise, click Cancel.

9. If the NIEx9 that you are demoting is at Release 9.0.7 or earlier, the NIEx9 logs you out andresets. Wait several minutes for the NIEx9 to reset, then log on to the Site Director. Thenavigation tree shows the NIEx9 is now a child of the Site Director.


10. If the NIEx9 that you are demoting is at Release 10.0 or later, you are prompted for the usercredentials of the Local Site Director you specified. Enter the administrator's user name andpassword of the Site Director, then click OK.

a. If the credentials you entered are correct, the NIEx9 logs you out and resets. Wait severalminutes for the NIEx9 to reset, then log in to the Site Director. The navigation tree showsthe NIEx9 is now a child of the Site Director, and the NIEx9 is paired with its Site Director.

b. If the credentials you entered are incorrect, a dialog box appears to report a failedconnection. Click OK and try to log in again.

Changing the Site Director with the SCTNote: If you have already changed the Site Director and downloaded the site, go to Movingthe security database and clearing it from demoted Site Director.

1. Start the SCT, open the archive database for the site, and choose the new Site Director in theSite object.

2. Perform a Download to update all devices. During the download process, for all NIEx9sat Release 10.0 or later that you demote, pair the NIEx9s with the Site Director. For moreinformation about device pairing in the SCT, refer to the Metasys SCT Help (LIT-12011964).

Removing user accounts from a demoted Site DirectorIf you demote a supervisory controller or ADS/ADX from a Site Director to a child device on the site,all user accounts that you added to the device while it was a Site Director remain in the securitydatabase. If you determine that user accounts on the demoted site should be removed after thedemotion has occurred, you must move the security database and clear it from the demoted SiteDirector. Follow the instructions in Moving the security database and clearing it from demoted SiteDirector.

Moving security database and clearing it from demoted Site Director prior toRelease 6.01. Create a backup of the security database of the demoted device, but only if you are using the

same set of users on the new or existing Site Director.

2. Create a backup of the security database from one of the devices (NIEx9/ADS/ADX) on thesite that has never been a Site Director and has never had a Site Director’s security databaserestored to it. For example, it has a clean security database with only the default user accounts.

3. Restore the clean copy of the security database that you created in Step 2 to the device thatwas demoted from the Site Director.

4. If you are using the security database of the demoted device on the new Site Director, restorethe security database that you backed up in Step 1 to the new or existing Site Director.

5. Create a backup of the security database from the device that was demoted and restored witha clean database in Step 3.This step ensures that the device security database in the SCT matches the clean Security yourestored to the device in Step 3.

Moving the security database and clearing it from demoted Site DirectorNote: The security database backup is performed as part of the SCT upload, regardless ofwhether or not the supervisory controller or ADS/ADX is a Site Director.


1. In the SCT, go to Tools > Security Copy to verify that a security database exists for the demotedsupervisory controller. This database is the security backup that was originally used by the SiteDirector.

Note: If the security database does not exist, it means the controller has never beenaccessed from the Site Management Portal and uploaded to the SCT.

If the security database does not exist, go to Step 2. If the security database does exist, go to 5.

2. Log on to the demoted controller from the SMP.

3. Change your password when prompted at the log on screen.Note: Changing your password creates the security database automatically the next timethe SCT database is uploaded.

4. Perform an SCT upload. Once the upload is complete, click Tools > Security Copy in the SCT.

5. In the Security Copy wizard, do one or both of the following:

- If the security database of the demoted supervisory device is required on the new SiteDirector, perform a security copy to the Site Director by selecting the supervisory devicethat contains the correct security database.

- If you do not want to use the Site Director security database on the demoted Supervisorydevice, perform a security copy by selecting a supervisory device that has never hadusers added to the security database and copy to the demoted supervisory device.

6. Perform an SCT upload for all Supervisory devices that have had their security databaseschanged. This upload ensures that the security database backup is synchronized with thesupervisory device.

Enabling and disabling the warning banner at Release 9.0.7Note: The warning banner that is set in the Site Director appears if you log on to a child deviceof the Site Director.

1. In the SMP UI, display the NIEx9 Site object, click the Site View tab, and then click Edit.

2. Scroll to the bottom of the window to locate the Warning Banner attribute.

3. To display the U.S. Department of Defence (DoD) warning banner select True, otherwise, selectFalse.

4. Click Save. The setting takes from three to five minutes to become effective at the networkengine.

Enabling and disabling the warning banner at Release 10.0Note: The warning banner that is set in the Site Director appears if you log on to a child deviceof the Site Director.

1. In the SMP UI, display the NIEx9 Site object, click the Site View tab, and then click Edit.

2. Scroll to the bottom of the window to locate the Warning Banner attribute.

3. Select a banner type from the Warning Banner list. None is selected by default.


Note: You can select one of the three different warning banners: U.S. Departmentof Defence (DoD), U.S. General Services Administration (GSA), or U.S. Department ofTransportation (DOT) Federal Aviation Administration (FAA).

4. Click Save. The setting takes from three to five minutes to become effective at the networkengine.

Replacing an NIEx9To replace an NIEx9 on a network site, update the site registration to ensure that devices on the sitecommunicate with the new NIEx9; otherwise, devices may attempt to communicate with the NIEx9that was removed from the site.If you do not remove an NIEx9 from a site correctly, the Site Director may send messages to the oldNIEx9, creating unnecessary network traffic.If the NIEx9’s trend data is stored in an ADS repository, forward the data prior to beginning theupgrade by following these steps for each engine:

1. Select a supervisory engine in the Navigation tree.

2. Select Action > Commands.

3. Select Archive.

4. Click Send.

To replace an NIEx9:

1. Using the SCT, upload the current copy of the NIEx9 database.

2. Physically replace the old NIEx9 with the new NIEx9, connect the new NIEx9 to the network,and power on the new NIEx9.

3. Complete one of the following steps:

- Configure the NIEx9 with the same host name and IP address of the old NIEx9 from theSMP.

Note: This configuration lets you download the database with SCT without usingthe Device Change option.

- Verify that the SCT can communicate with the NIEx9, then select the Device Changeoption when downloading the database with SCT to identify the Site Director and hostname of the new NIEx9.

4. Download the existing NIEx9 archive database to the new NIEx9.

TroubleshootingThis section describes the most common problems you may encounter when you set up andoperate NIEx9s. Use the general solution guidelines and procedure references in this section toavoid or resolve these problems. Table 20 provides a list of common NIEx9 problems and theirsolutions.This section is not a troubleshooting guide for Metasys system networks, customer networks, BASnetworks, or the field devices connected to the NIEx9.Field device troubleshooting is covered in the field device documentation. Refer to the appropriatefield device documentation for additional information.


Note: To effectively troubleshoot an NIEx9, it may be necessary to isolate the NIEx9 from theEthernet network and the associated field trunks and field devices, and then direct-connect tothe NIEx9 with a computer to browse the SMP UI.

Common NIEx9 problemsCorrupted NIEx9 memoryCorruption of non-volatile NIEx9 flash memory may render an NIEx9 inoperable. Flash memorymay become corrupted for a variety of reasons and is one of the most common NIEx9 problemsencountered when commissioning, configuring, updating, and operating the NIEx9.A typical method to recover from corrupted NIEx9 flash memory includes reloading the NIEx9 diskimage and downloading the NIEx9 archive database with a compatible version of the SCT. Referto the NAE/NIE Update Tool Help (LIT-12011524) for information on installing the NIEx9 disk image.Refer to Metasys® SCT Help (LIT-12011964) for information on upgrading NIEx9 archive databases.

NIEx9 disk image update and archive download related problemsNIEx9 flash memory commonly becomes corrupted when an NIEx9 disk image update or archivedownload is interrupted. To avoid memory corruption and data loss, follow the procedure for diskimage updates and archive downloads carefully, and allow the NIEx9 to complete the update anddownload without interruption.Update and upgrade related problems may also occur when the SCT software, NIEx9 software,and the NIEx9 archive databases are of incompatible versions. When you update the NIEx9 diskimage, you must update the NIEx9 archive database to match the new software version. The SCTapplication used to configure a Metasys or NIEx9 must also be of the same software version as theNIEx9 software.Refer to NAE/NIE Update Tool Help (LIT-12011524) and see the Related documentation section of thisdocument for additional information on disk image updates and archive upgrades and downloads.

Data protection battery related problemsImproper shipping, handling, installing, charging, or disconnecting of the NIEx9 data protectionbattery may also result in flash memory corruption and data loss.To avoid problems related to the data protection battery, refer to the Setup and Adjustment sectionsin the NIE39/NIE49 Installation Instructions (Part No. 24-10050-103), the NIE29 Installation Instructions(Part No. 24-10143-594), and the NIE59 Installation Instructions (Part No. 24-10143-608) for properprocedures for connecting, charging, and disconnecting the data protection battery before youconnect supply power to the NIEx9.

Data protection battery testing procedureUse this procedure to test the integrity of the battery in the NxE55 network engine. The lifeexpectancy of the 12 VDC battery installed in the NxE55 is three to five years. The batterymonitoring circuit of the NxE55 does not load test the battery. If the battery fails to maintaina proper voltage level during a power loss, the NxE55 may not be able to complete a normalshutdown and unarchived data could be lost. Therefore, periodically field test each battery orreplace a battery that is well beyond its life expectancy, even if a battery fault condition does notexist. As a best practice, establish a regular maintenance schedule to check the batteries of allNxE55s currently in service.Follow these steps to test the sealed 12 VDC battery used on NxE55s. This procedure does not applyto the N40-class network engines, including the NAE35, NAE45, and NCE25. To perform the test,you need to remove the battery from the network engine and assemble the parts listed here. Testleads are required to connect the 7.5 Ω resistor to the battery.Parts required:

• 7.5 Ω, 25 watt resistor (Ohmite® part number D25K7R5) or equivalent


• Jumper wire test leads (22 or 24 gauge)

• DC voltmeter

• Stopwatch or other time source

Follow these steps:

1. Verify that the battery that you want to test is fully charged.

2. Connect the 7.5 Ω load across the battery.

3. Wait 60 seconds, then record the voltage across the battery terminals (not across the loadresistor).

4. Wait another 60 seconds and again record the voltage across the battery terminals.

5. Remove the load from the battery.

6. Subtract the voltage reading taken in Step 4 from the voltage reading taken in Step 3. This isyour difference reading.

- If the difference reading is less than or equal to 0.25 VDC, the battery is good. Reinstallthe battery.

- If the difference reading is greater than 0.25 volts, the battery is no longer effective.Replace the battery.

Log on problemsLog on problems may occur when the user name or password is incorrectly entered at the log onstep. If the default user name and password fail, the initial values may have been changed by anadministrator-level user. You need the designated user name and password to log on to an NIEx9.Whenever you change the Security System database for small-capacity network engines withRelease 8.0 or later (NIE29, NIE39, or NIE49), you must issue the Reset Device command toensure that the security database is archived to non-volatile memory. This step is not required forlarge-capacity network engines (NIE59s). If you do not perform this step for a network engine thathas a poor or dead battery, and that engine loses power, the latest changes to the security systemdatabase are lost.As a last resort, you can also reload the NIEx9 with the NAE/NIE Update Tool, but that processdeletes the archive database, and for the NIEx9 engine, the device becomes unregistered. Fordetails, refer to NAE/NIE Update Tool Help (LIT-12011524).

RADIUS errorsThis section describes some situations that may result in error messages after enabling RADIUSto authenticate user log on credentials. When the NIEx9s are not configured for RADIUSauthentication, the standard Metasys log on error messages appear. When the NIEx9s areconfigured for RADIUS authentication, RADIUS errors are intentionally obscured to hinder possibleintrusion from unauthorized users. If you encounter these errors and cannot resolve them, contactyour local network administrator.The Fail RADIUS error message appears in any of the following scenarios:

• The RADIUS server is not online or available when the non-local (RADIUS) user tries to log in tothe Metasys system.

• The server or network engine is configured to communicate with a RADIUS server, but theRADIUS server is unavailable and therefore does not respond to a login request from the non-local user.


• The non-local user's account is disabled, either in the Metasys system or in the RADIUS server.

• The non-local user's account password has expired.

• The non-local user's account password does not meet the Metasys system password complexityrequirements.

• The RADIUS server is enabled, but the Metasys local user account the operator is using isdisabled, locked out, or cannot log in because the user's timesheet does not permit login at thistime.

• The RADIUS server is enabled, but the Metasys local user account the operator is using isentered incorrectly.

The Invalid Credential RADIUS error message appears if you try to log on to an NIEx9 with anon-complex password and RADIUS is not enabled.

Network connection related problemsMany network connection and communication problems result from incorrect device names,incorrect IP addresses, or other attribute value errors entered into the Site Management PortalUI or into the UI of the associated network devices. If the NIEx9 attribute values do not match thevalues entered in the devices connected to the NIEx9, the NIEx9 and associated devices may notestablish network connections or communications.Check the device names, IP addresses, gateway, subnet masks, ports, baud rates, and othernetwork parameters in the Site Management Portal UI. Also check the servers, computers, and fielddevices connected to the NIEx9, and ensure that the attribute values are correct for each computeror device.For example, communication between a Site Director and an NIE could be lost after you downloadthe network engine with SCT. This may occur on a network where device name resolution is notimplemented. To resolve this communication issue, log in to the NIE after the download andchange the Local Site Director field back to the IP address of the Site Director. Within minutes afteryou save this change, the engine comes back online to the Site Director.See Determining the NIEx9 IP address and device name for a network connection, Determining theNIEx9 IP address and device name by using a serial port monitor, and Verifying Ethernet networkcommunications (Ping).

NIEx9 reset related problemsCertain setting changes initiated in the SMP UI do not take effect until the NIEx9 is reset. Reset theNIEx9 whenever you are prompted, and allow the NIEx9 to complete the reset sequence. See Resetdevice command.

Troubleshooting guideThe following table provides information for troubleshooting an NIEx9.


Table 20: Troubleshooting the NIEx9

Problem SolutionNIEx9 does not operate whenpowered on (and the POWER LEDis on)

Corrupted flash memory or data loss are the most commoncauses of this problem. To resolve this problem:1. Ensure that the data protection battery is connected and

charged. Refer to the unit's Installation Instructions formore information on handling, installing, and charging thedata protection battery.

2. Ensure that the database does not exceed the NIEx9 flashmemory capacity.

3. Reload the disk image and download the archivedatabase to the NIEx9 while the NIEx9 is disconnectedfrom the network.

NIEx9 does not operate afterupdating the disk image,downloading an archive database,or installing a patch

Corrupted flash memory and data loss are the most commoncauses of this problem. To resolve this problem:1. Ensure that the database does not exceed the NIEx9 flash

memory capacity.

2. Reload the disk image and download the archivedatabase to the NIEx9 while the NIEx9 is disconnectedfrom the network.

Check to make sure that 24 VAC power is connected correctlyand that the 24 VAC and POWER LEDs are on.Check to make sure that communication terminal blocks andother communication connectors are firmly in place.Check that the wiring is the correct size (18 AWG minimumfor power, 18 AWG for N2 Bus, 26 AWG for Ethernetcommunication).Check that you have set the correct baud rate on eachconnected device.Check the integrity of the wires and cables.

NIEx9 does not communicate withany other device

Check that N2 EOL switches are correct. Refer to SettingTerminations section of the N2 Communications Bus TechnicalBulletin (LIT-636018) for details on N2 EOL terminations.Check that the N2 wires are connected properly and are notloose in the termination block.Check that the N2 LEDs indicate communication.Check that the N2 EOL switches are correctly set. Refer toSetting Terminations section of the N2 Communications BusTechnical Bulletin (LIT-636018) for details on N2 terminations.

No N2 communication (on devicesthat support the N2 Bus protocol)

Check the entire N2 Bus. Refer to the N2 Communications BusTechnical Bulletin (LIT-636018).Release 9.0.7 does not support a LON integration. Image tothe latest patch release of Release 9.0.

No LonWorks communication(on devices that support theLonWorks protocol) Check that the LonWorks network wires are connected

properly and are not loose in the termination block.



Problem SolutionConnect the Metasys system Connectivity to LonWorksnetwork Tool, the COM.PRO Tool, or a third-party LonWorksnetwork configuration tool to the LonWorks network. Verifythat it is possible to communicate with the devices on thenetwork including the NIEx9. If communication is good, verifythat the NIEx9 database has been generated correctly andthat the LonWorks enabled device data corresponds to thedevices installed. If the NIEx9 does not respond, verify that theNIEx9 has been correctly installed in the LonWorks networkdatabase and that the network configuration image has beensent to the NIEx9. If the NIEx9 cannot be installed, replacethe NIEx9. Refer to the LonWorks® Network Integration withNAE and LCS Technical Bulletin (LIT-1201668) for NIEx9 databasegeneration information.Check the entire LonWorks network. Refer to LonMarkGuidelines - Physical Layer for details (http://www.lonmark.org).Verify that you are using a patch cable for a hub or switch anda crossover cable for a single computer connection.

No Ethernet communication

Check the port and cable integrity. Make sure that eitherthe 10/Link, 100/Link, or 100/1000 Link LED is green oryellow (indicating an established Ethernet connection; 1000Mbps Ethernet connection is yellow). Check that the hub orswitch into which the LAN connector is plugged works and isconnected correctly.

No modem communication Modems are not support at Release 9.0.7.NIEx9 does not dial in or dial out Dial operations no longer supported.

Check to make sure the battery is installed and that the BATTFAULT LED is not lit. Replace, if necessary, with appropriatereplacement battery.

Periodically load-test the battery. The battery protection circuitin the network engine does not load test the battery, so dataloss can occur even if the battery fault LED is not illuminated.

NIEx9 loses data

Do not unnecessarily press the system RE-BOOT switch.NIEx9 runs slowly The amount of data you are trying to process is too much for

the NIEx9 to handle. A value of 50% or less for the CPU Usageattribute of the NIEx9 is considered acceptable, althoughother performance indicators should also be assessed. Referto Metasys® SCT Help (LIT-12011964) or Metasys® SMP Help(LIT-1201793) system for more information. Reduce the size ofthe database.


http://www.lonmark.org


Problem SolutionNIEx9 is generating high CPUalarms

Programming objects (LCT, Signal Select, Global Data)referencing analog objects with small COV values (0.5%) arethe most common cause of this problem. To determine thesource of the high CPU usage, follow these steps:1. Add a Trend extension to the Last Idle Sample of the

NIEx9. This attribute is the inverted instantaneous CPUUsage. For example, if this number is low (5%), then theCPU usage is high (95%). The CPU usage is an average overa 15–30 minute period.

2. Locate programming objects (Control System objects[LCT] or Signal Select) that reference objects withsmall COV increments and disable them one at a time.Monitor the Last Idle Sample value after disabling theobject. Within 30 seconds, the Last Idle Sample shouldsignificantly increase if that object was a contributingfactor to the high CPU usage.

3. When the problem object is determined, then eithermanually or with Mass Edit Live, update the COV incrementto a larger value before re-enabling the programmingobject.

Check for possible external interference. To reduce RFinterference, do not use cell phones or handheld transceiverswithin 3 meters (10 feet) of the NIEx9.

All communication is disrupted

Check that the power transformer secondary is not sharedwith another load.When the internal temperature reaches the high limit, theNIEx9 issues an alarm and lights the GENL FAULT or FAULTLED, allowing you a chance to intervene before heat-relateddamage results.Check that the unit has been installed according to theinstallation instructions and that the mounting orientation iscorrect.Make sure cables are not blocking the ventilation of the unit.

NIEx9 overheats

Clean out the dust in the unit with canned air (pressurized airused to clean computers and other sensitive devices).

Internal modem no longerfunctions

No modem support.

The NIEx9 has been damaged orall external causes of failure havebeen checked

Replace the NIEx9.

NIEx9 diagnostic toolsThe NIEx9 hardware and UI provide tools for diagnosing and troubleshooting hardware andsoftware problems with the NIEx9.


The primary NIEx9 diagnostic tools include:

• the NIEx9 LED status indicators

• the Diagnostic tab

• the Summary tab

• a serial point monitor (see Determining the NIEx9 IP address and device name by using a serialport monitor.)

Other tools are also available, such as the SNMP Trap Browser and the ping command fordetermining the NIEx9 IP address and the ability to communicate on the TCP/IP network. SeeDetermining the NIEx9 IP address and device name for a network connection and TroubleshootingProcedures for information on using the Trap Browser and the ping command.

NIE29 LED startup sequenceDuring startup, the NIE29 automatically initiates an LED test to verify the operational status of theLEDs. Immediately after connecting supply power, the following LED lighting sequence occurs:

1. The POWER, BATT FAULT, 10 LINK, FAULT, RUN, and PEER COM LEDs turn on, indicating that theOS is starting up. After two seconds, the LEDs may change states depending on site-specificnetwork activity.

2. The BATT FAULT, PEER COM, and FAULT LEDs shut off. The RUN LED flashes to indicate that theNIE29 software is loading.

3. The LEDs display the operational status of the NIE29. When the RUN LED goes on steady,startup is complete and the NIE29 is operational.The total time to start up the NIE29 depends on the size of the database and can take severalminutes.

NIEx9 LED status indicatorsFigure 29 and Figure 30 show the location and designation of the NIE39, NIE49, or NIE59 LEDsthat indicate the status of the engine. Some models do not have all the LEDs shown in thesefigures. Table 21 describes their Normal Status and Function. See Figure 31 and refer to the NIE29Installation Instructions (Part No. 24-10143-594) for information on the NIE29 LED status indicators.

Figure 29: NIE39/NIE49 LED status indicators


Figure 30: NIE59 LED status indicators

Figure 31: NIE29 LED status indicators

Table 21: NIEx9 LED status Indicators

LED label (color) NIEx9 series Normalstatus

Descriptions/other conditions

POWER (Green) NIE29, NIE39, NIE49,NIE59

On Steady On Steady = Unit is gettingpower from either the batteryor 24 VAC power. Also see the24 VAC LED. Off Steady = Unit isshut down.

ETHERNET (Green) NIE29, NIE39, NIE49,NIE59

Flicker Flicker = Data is transferringon the Ethernet connection.Ethernet traffic is general traffic(may not be for the NIEx9).

Off Steady = No Ethernettraffic, probably indicates adead Ethernet network or badEthernet connection.

10/LINK (Green) NIE29, NIE39, NIE49,NIE59

On Steady On Steady = Ethernetconnection is established at 10Mb/s.

100/LINK (Green) NIE29, NIE39, NIE49,NIE59

On Steady On Steady = Ethernetconnection is established at 100Mb/s.





100/1000 Link (Green/Yellow)

NIE59 On Steady On Steady (Green) = Ethernetconnection is established at 100Mb/s.

On Steady (Yellow) = Ethernetconnection is established at1,000 Mb/s.

FCA (Green) NIE59 Flicker On Steady = Controllersare defined to FC A (Trunk1) in the NIE59, but noneare communicating. (NIE59transmitting only).

Flicker = Normalcommunications; FC A portis transmitting and receivingdata. Flickers are generally insync with data transmission butshould not be used to indicatespecific transmission times.

Off Steady = No controllers aredefined to FC A (FC Bus 1 or N2Trunk 1) in the NIE59.

FCB (Green) NIE59 Flicker On Steady = Controllersare defined to FC B (Trunk2) in the NIE59, but noneare communicating. (NIE59transmitting only).

Flicker = Normalcommunications; FC B portis transmitting and receivingdata. Flickers are generally insync with data transmission butshould not be used to indicatespecific transmission times.

Off Steady = No controllers aredefined to FC B (FC Bus 2 or N2Trunk 2) in the NIE59.





FC BUS or LON 11 NIE29, NIE39, NIE49 Flicker = N2 controllers aredefined to FC BUS in theNIE39/49, but none arecommunicating. (NIE39/49transmitting only).

Fast Flicker (may appear Steadyon) = Normal communications;FC BUS port is transmittingand receiving data. Flickersare generally in sync with datatransmission but do not indicatespecific transmission times.

Off Steady = No field controllersare defined to FC BUS in theNIE39/49.

SA BUS (Green) NIE29 Blinking Blinking - 5 Hz = DataTransmission (normalcommunication) Off Steady = NoData Transmission On Steady =Communication lost, waiting tojoin communication ring.

PEER COMM (Green) NIE29, NIE39, NIE49,NIE59

Varies (seenext column)

Flicker = Data traffic betweenNIEx9 devices. For an NIEx9that is not a Site Director,this LED indicates regularheartbeat communicationswith the Site Director. For a SiteDirector NIEx9, flashes are morefrequent and indicate heartbeatcommunications from all otherNIEx9 devices on the site. Fora single NIEx9 on a networkwithout an ADS/ADX, there is noflicker.





RUN (Green) NIE29, NIE39, NIE49,NIE59

On Steady On Steady = NIEx9 software isrunning.

On 1 second, Off 1 second =NIEx9 software is in startupmode.

On 0.5 seconds, Off 0.5 seconds= NIEx9 software is shuttingdown.

Off Steady = Operating system isshutting down or software is notrunning.

24 VAC (Green) NIE59 On Steady On Steady = 24 VAC powerpresent.

Off Steady = Loss of 24 VACpower. In the Off Steadycondition, the NIEx9 may berunning on battery power. Alsosee the POWER LED.

BATT FAULT (Red) NIE29, NIE39, NIE49,NIE59

Off Steady Off Steady = Normal operation.

On Steady = Battery fault.Replace the battery. Batterynot connected or cannot becharged. The BATT FAULT LEDmay remain On for up to 24hours after initially poweringon the NIEx9. If the BATT FAULTLED remains on longer than 48hours after initially poweringon the NIEx9, check the batteryconnection or replace thebattery.





GENL FAULT or FAULT(Red)

NIE29, NIE39, NIE49,NIE59

Off Steady Off Steady = Normal operation.

On Steady = General Fault. CCTapplication may be corruptedor missing. Some FAULTconditions are user-configurablein the Metasys software. Pre-configured fault conditionsinclude excessive CPU flash ormemory use, excessive boardtemperature.

Blink - 2 Hz = Download orStartup in progress, not readyfor normal operation.

Blink Rapidly - 5 Hz = One ormore defined SA Bus devices areoffline. Check SA Bus devicesfor problems, including lowbatteries on wireless sensor.

Note: On NIE39/49and NIE29 models, theGENL FAULT LED labeldesignation is FAULT.

1 LED labeled FC BUS on models that support MS/TP Bus or N2 Bus and labeled LON on models that support LonWorksnetwork.

NIE39/NIE49 LED startup sequenceDuring startup, the NIE39/NIE49 automatically initiates an LED test to verify the operational statusof the LEDs.Immediately after connecting supply power, the following LED lighting sequence occurs:

1. The POWER, FAULT, RUN, and PEER COM LEDs turn on, indicating that the OS is starting up.(After 2 seconds, the LEDs may change states depending on site-specific network activity.)

2. The PEER COM and FAULT LEDs shut off. The RUN LED flashes to indicate that the NIE39/NIE49software is loading.

3. The LEDs display the operational status of the NIE39/NIE49. When the RUN LED goes onsteady, startup is complete and the NIE39/NIE49 is operational.The total time to start up the NIE39/NIE49 depends on the size of the database and may takeseveral minutes.

NIE59 LED startup sequenceDuring startup, the NIE59 automatically initiates an LED test to verify the operational status of theLEDs.


Immediately after connecting supply power, the following LED lighting sequence occurs:

1. The POWER, PEER COM, RUN, and GENL FAULT LEDs turn on, indicating that the OS is startingup. For the NIE59, the N2A and N2B LEDs also turn on.

2. The FCA, FCB, PEER COM, and GENL FAULT LEDs shut off. The RUN LED flashes to indicate thatthe NIE59 software is loading.

3. The LEDs display the operational status of the NIE59. When the RUN LED goes on steady, theapplication is running and the NIE59 is ready.The total time to start up the NIE59 depends on the size of the database and may take up to 15minutes.

Diagnostic tabThe Diagnostic tab displays NIEx9 hardware status information that may aid troubleshooting.With the NIEx9 object selected, click the Diagnostic tab to view current information about theNIEx9 hardware status. Figure 32 shows an example.

Figure 32: NIEx9 Diagnostic tab


You can also select and drag Network Protocol objects into the Display panel and click theDiagnostic tab to view information for the selected Network protocol as shown in Figure 33.

Figure 33: BACnet Protocol Diagnostic tab

Summary tabThe Summary tab, shown in Figure 34, in the SMP UI provides a quick view of the status of theobjects and items currently in your site.Select, drag, and drop an object from the Navigation panel in the Display panel, and click theSummary tab. When you first click the Summary tab, the NIEx9 requests the status of the items inthe Display panel (Figure 34). This request may take a few minutes.For additional information and explanations of the attributes found in the Summary and Diagnostictabs, refer to the Object Help in the Metasys® SCT Help (LIT-12011964) or the Metasys® SMP Help(LIT-1201793).


Figure 34: NIEx9 Summary tab

Troubleshooting ProceduresVerifying Ethernet network communications (Ping)You can use the ping command to verify that computers on the Ethernet network can communicatewith other computers on the network.To use the ping command, you must have a computer configured to use the TCP/IP protocol and atleast one other computer connected to the network.To verify the computers can communicate on the network using the ping command:

1. Go to Start > Run. Type cmd, then click OK to display the Command Prompt window. (Ifyou are using Windows 8.1, Windows 8, Windows Server 2016, Windows Server 2012 R2, orWindows Server 2012, type Command Prompt from the Start screen, then select CommandPrompt from the Apps results.)

2. Type the ping command. Use the format ping <address>, where <address> is the IP address ordomain name of the computer you want to ping. (For example: 198.81.196.2, www.jci.com, orNIE008066050FFC.)

3. Press Enter.

If you receive a reply, the computers are communicating on the network.If you do not receive a reply, try pinging your own computer address.

• If you can ping your own address but not any other addresses, the problem is with the network.Check the Link light on the network card.

• If you cannot get a reply from your own address, the problem is probably with the network cardin your computer or with the TCP/IP properties. Check the network card in your computer, andverify the TCP/IP properties.

Pre-boot execution environment (PXE)The NIEx9 implements a PXE client. If your network uses a PXE server, exclude the NIEx9 MACaddress from the PXE server. If you do not exclude the NIEx9 MAC address, the NIEx9 may not startproperly.


Note: Consult with the system administrator or IT department to determine if the networkhas a PXE server.

Determining the NIEx9 IP address and device name for a network connectionThe IP address determined by this procedure is the IP address used on a building networkconnection, not serial or dial connections.

Determining the NIEx9 IP address by using the NCTYou can use the Network Engine (NxE) Information and Configuration Tool (NCT) to discover theNIEx9. To determine the IP address of an NIEx9 by using the NCT to discover the device, startthe NCT, click Discover, and look for the NIEx9 in the Discovered Devices list. The NIEx9s mustbe connected to the same subnet as the NCT computer for the NCT to detect them. For moreinformation, refer to NxE Information and Configuration Tool Technical Bulletin (LIT-1201990).

Determining the NIEx9 IP address and device name by using a serial portmonitorWhen an NIE29, NIE39, NIE49, or NIE59 is powered on, it sends a text string to its serial port thatcontains helpful information, such as its current IP address and device name. For the NIE39 orNIE49, this data stream is sent to the RS232C A Serial Port. For the NIE59, this data stream is sentto Serial Port B; for the NIE29, the data is sent to the RS232C port. Table 22 and Table 23 provideexamples of the data that is sent.Table 22: Example NIE29, NIE39, or NIE49 startup data stream

Device information Example outputHost Name NIE49-1DHCP Enabled YesIP Address 159.222.8.206Subnet Mask 255.255.252.0Default Gateway 159.222.8.2DHCP Server 159.222.8.9MAC Address 00-80-66-05-0F-FCNeuron® ID 00-00-00-00-00-00Model Number MS-NIE4910RAM Memory 108 MbNAND Memory 101 MbBattery Status Good

Table 23: Example NIE59 startup data stream

Device information Example outputHost Name NIE59-1DHCP Enabled YesIP Address 159.222.8.206Subnet Mask 255.255.252.0Default Gateway 159.222.8.2DHCP Server 159.222.8.9MAC Address 00-80-66-05-0F-FC


Table 23: Example NIE59 startup data stream

Device information Example outputNeuron ID 00-06-10-25-03-00Model Name MS-NIE5920

Note: The IP address and device name are internal to the NIEx9 and change if the NIEx9 isattached to a network using DHCP, unless the DHCP server is configured to assign a static IPaddress. Also, if the NIEx9 has an IP address and is then disconnected from the network, aVT100 terminal emulator sees zeros as the IP address until the NIEx9 is restarted.

To determine the NIEx9 IP address and device name, attach an RS232 DB9 cable between the serialports of the computer and the NIEx9, then connect a computer monitor. Install a VT100 terminalemulator program on the computer that connects to the device. Check with your IT department(or technical support team) for a recommended VT100 terminal emulator program to use withyour Windows operating system. (In the terminal emulator program, use these settings: baudrate=115200 bps; data length=8 bit; no parity; one stop bit.)

Setting a computer to be compatible with APIPAIf you are configuring an NIEx9 for use on an Ethernet network without DHCP or DNS support, thecomputer’s IP address must be compatible with APIPA.

1. View the local area connection properties of the active network connection as follows:

a. In the Control Panel, select Network and Internet > Network and Sharing Center >Change adapter settings. The Network Connections window appears.

b. Right-click Local Area Connection and select Properties.

2. Click Internet Protocol Version 4 (TCP/IPv4) and then click Properties.

3. Make sure the option Obtain an IP address automatically is selected.

Technical specificationsTable 24: NIE29

Power requirement Dedicated nominal 24 VAC, Class 2 power supply (NorthAmerica), SELV power supply (Europe), at 50/60 Hz (20VAC minimum to 30 VAC maximum)

Power consumption 25 VA maximum

The 25 VA rating does not include any power supplied todevices connected at the NIE BOs. Binary output devicesconnected to and powered by an NIE can require anadditional 125 VA (maximum).

Ambient operating conditions 0 to 50°C (32 to 122°F); 10 to 90% RH, 30°C (86°F)maximum dew point

Ambient storage conditions -40 to 70°C (-40 to 158°F); 5 to 95% RH, 30°C (86°F)maximum dew point


Table 24: NIE29

Data protection battery Supports data protection on power failure.Rechargeable NiMH battery: 3.6 VDC 500 mAh, with atypical life of 5 to 7 years at 21°C (70°F); Product CodeNumber: MS-BAT1020-0

Processors Supervisory Controller: 192 MHz Renesas SH4 7760RISC processor

Field Controller: 20 MHz Renesas H8S2398 processorMemory Supervisory Controller: 128 MB flash nonvolatile

memory for operating system, configuration data,and operations data storage and backup and 128 MBSDRAM for operations data dynamic memory

Field Controller: 1 MB flash and 1 MB RAMOperating system Microsoft® Windows Embedded CE 6.0 (Release 9.0)

Buildroot 2017.08.2 with Linux kernel 14.4 (Release9.0.7)

Network and serial interfaces MS-NIE291x-0 (MS/TP) or MS-NIE296x-0 (N2)

• One Ethernet port: 10/100 Mbps; 8-pin RJ-45connector

• One optically isolated RS-485 FC Bus port or N2 Busport; with a pluggable and keyed 4-position terminalblock

• One optically isolated RS-485 SA Bus port; with apluggable and keyed 4-position terminal block

• One RS-232-C serial port: standard 9-pin sub-Dconnectors, that support all standard baud rates

Analog input/analog output

Resolution and accuracy

Analog Input Points: 16-bit resolution

Analog Output Points: 16-bit resolution and +200 mVaccuracy on 0-10 VDC applications

Dimensions (height x width x depth) 155 mm x 270 mm x 64 mm (6.1 in. x 10.6 in. x 2.5 in.)

Minimum mounting space required: 250 mm x 370 mmx 110 mm (9.8 in. x 14.6 in. x 4.3 in.)

Housing Plastic housing

Plastic material: ABS and polycarbonate

Protection: IP20 (IEC60529)Mounting On flat surface with screws on three mounting clips or a

single 35 mm DIN railShipping weight 1.2 kg (2.7 lb)Compliance United States: UL Listed, File E107041, CCN PAZX, UL

916, Energy Management Equipment, FCC Compliant toCFR47, Part 15, Subpart B, Class A


Table 24: NIE29

Canada: UL Listed, File E107041, CCN PAZX7, CAN/CSA C22.2 No. 205, Signal Equipment, Industry CanadaCompliant, ICES-003Europe CE Mark - Johnson Controls declares thatthis product is in compliance with the essentialrequirements and other relevant provisions of the EMCDirective.Australia and New Zealand RCM Mark, Australia/NZEmissions CompliantBACnet International: BTL 135-2010 Listed B-BC

Table 25: NIE39 and NIE49

Power Requirement Dedicated nominal 24 VAC, Class 2 power supply (NorthAmerica), SELV power supply (Europe), at 50/60 Hz (20VAC minimum to 30 VAC maximum)

Power Consumption 25 VA maximumAmbient Operating Conditions 0 to 50°C (32 to 122°F); 10–90% RH, 30°C (86°F)

maximum dew pointAmbient Storage Conditions -40 to 70°C (-40 to 158°F); 5–95% RH, 30°C (86°F)

maximum dew pointData Protection Battery Supports data protection on power failure.

Rechargeable NiMH battery: 3.6 VDC 500 mAh, with atypical life of 5 to 7 years at 21°C (70°F); Product CodeNumber: MS-BAT1020-0

Processor 192 MHz Renesas® SH4 7760 RISC processorMemory 128 MB flash nonvolatile memory for operating system,

configuration data, and operations data storageand backup and 128 MB SDRAM for operations datadynamic memory

Operating System Microsoft® Windows Embedded CE 6.0 (Release 9.0)

Buildroot 2017.08.2 with Linux kernel 14.4 (Release9.0.7)

Network and Serial Interfaces MS-NIE3910-2/MS-NIE4910-2 (MS/TP)

• One Ethernet port: 10/100 Mbps; 8-pin RJ-45connector

• One optically isolated RS-485 port: 9,600, 19.2k,38.4k, or 76.8k baud; pluggable and keyed 4 positionterminal blocks

• Two RS-232-C serial ports: standard 9-pin sub-Dconnectors, that support all standard baud rates

Housing Plastic housing material: ABS + polycarbonate

UL94-5VB Protection: IP20 (IEC 60529)


Table 25: NIE39 and NIE49

Mounting On flat surface with screws on three mounting clips or asingle 35 mm DIN rail

Dimensions (Height x Width x Depth) 131 mm x 270 mm x 62 mm (5.2 in. x 10.6 in. x 2.5 in.)

Minimum space for mounting NIE: 210 mm x 350 mm x110 mm (8.3 in. x 13.8 in. x 4.3 in.)

Shipping Weight 1.2 kg (2.7 lb)United States: UL Listed, File E107041, CCN PAZX, UL916, Energy Management Equipment; FCC Compliant toCFR47, Part 15, Subpart B, Class ACanada: UL Listed, File E107041, CCN PAZX7, CAN/CSA C22.2 No. 205, Signal Equipment; Industry CanadaCompliant, ICES-003Europe: CE Mark – Johnson Controls declares thatthis product is in compliance with the essentialrequirements and other relevant provisions of the EMCDirective.Australia and New Zealand: RCM Mark, Australia/NZEmissions Compliant

Compliance

BACnet International: BTL 135-2010 Listed B-BC

Table 26: NIE59xx-3

Power Requirement Dedicated nominal 24 VAC, Class 2 power supply (North America),SELV power supply (Europe), at 50/60 Hz (20 VAC minimum to 30 VACmaximum)

Power Consumption 50 VA maximumAmbient OperatingConditions

0 to 50°C (32 to 122°F); 10 to 90% RH, 30°C (86°F) maximum dew point

Ambient StorageConditions

-40 to 70°C (-40 to 158°F); 5 to 95% RH, 30°C (86°F) maximum dew point

Data ProtectionBattery

Supports data protection on power failure. Rechargeable gel cellbattery: 12 V, 1.2 Ah, with a typical life of 3 to 5 years at 21°C (70°F);Product Code Number: MS-BAT1010-0

Clock Battery Maintains real-time clock through a power failure. Onboard cell: typicallife of 10 years at 21°C (70°F)

Processor 1.46 GHz Intel Atom® Bay Trail E3815 processor for MS-NIE59xx-3models

Memory 16 GB flash nonvolatile memory for operating system, configurationdata, and operations data storage and backup for MS-NIE59xx-3models.

2 GB DDR3 SDRAM for operations data dynamic memory for all modelsOperating System Johnson Controls® OEM Version of Microsoft Windows Embedded

Standard 7 with SP1 (WES7)


Table 26: NIE59xx-3

Network and SerialInterfaces

MS-NIE5960-1 (MS/TP)

• One Ethernet port: 10/100/1,000Mbps; 8-pin RJ-45 connector

• Two optically isolated RS-485ports: 9,600, 19.2k, 38.4k, or76.8k baud; pluggable andkeyed 4- position terminalblocks

• Two RS-232-C serial ports:standard 9-pin sub-Dconnectors, that support allstandard baud rates

• Two USB 2.0 serial ports.Note: Modem support is nolonger offered after Release9.0.

MS-NIE5920-1 (LON)

• One Ethernet port: 10/100/1,000Mbps; 8-pin RJ-45 connector

• Two optically isolated RS-485ports: 9,600, 19.2k, 38.4k, or76.8k baud; pluggable andkeyed 4- position terminalblocks

• Two RS-232-C serial ports:standard 9-pin sub-Dconnectors, that support allstandard baud rates

• Two USB 2.0 serial ports.Note: Modem support is nolonger offered after Release9.0.

• One LonWorks port; FTT1078 Kbps; pluggable, keyed 3-position terminal block

Housing Plastic housing with internal metal shield

Plastic material: ABS + polycarbonate; Protection: IP20 (IEC 60529)Mounting On flat surface with screws on four mounting feet or on dual 35 mm

DIN railDimensions(Height xWidth x Depth)

226 mm x 332 mm x 96.5 mm (8.9 in. x 13.1 in. x 3.8 in.) includingmounting feet

Minimum space for mounting: 303 mm x 408 mm x 148 mm (12.0 in. x16.1 in. x 5.8 in.)

Shipping Weight 4.15 kg (9.15 lb)United States: UL Listed, File E107041, CCN PAZX, UL 916, EnergyManagement Equipment, FCC Compliant to CFR47, Part 15, Subpart B,Class ACanada: UL Listed, File E107041, CCN PAZX7, CAN/CSA C22.2 No. 205,Signal Equipment, Industry Canada Compliant, ICES-003Europe: CE Mark - Johnson Controls declares that this product isin compliance with the essential requirements and other relevantprovisions of the EMC Directive.Australia and New Zealand: RCM Mark, Australia/NZ EmissionsCompliant

Compliance

BACnet International: BTL 35-2010 Listed B-BC

The performance specifications are nominal and conform to acceptable industry standard. Forapplication at conditions beyond these specifications, consult the local Johnson Controls office. JohnsonControls shall not be liable for damages resulting from misapplication or misuse of its products.


Appendix: Time Zone, Date, and Time ManagementTime zone, date, and time management introductionThe time zone, date, and time used by all devices connected to a Metasys site are synchronizedautomatically, preventing errors from manual time entry and clocks that become inaccurate overtime. Network-wide time management ensures that scheduling, trending, audit trailing, datacollecting, time-stamping of alarms, and other functions that require accurate time managementuse the same time zone, date, and time consistently for all system operations.Time synchronization occurs on the Metasys network when an engine or server sends an IAmLivemessage to the Site Director. If the IAmLive message fails, the engine or server sends anothermessage to retrieve the time from the Site Director. When the time is synchronized between thedevices, a second IAmLive message is successful.For network-wide time synchronization, the network engine designated as Site Director is thedevice time server because it provides the time zone, date, and time for all other engines/serverson the site. All other devices are considered time clients because they receive the time zone, date,and time from the Site Director. Beginning at Release 8.0, multiple time zone support was madeavailable for upgraded network engines. The network engine designated as Site Director remainsthe device time server, but for network engines at Release 8.0 or later, the time synchronizationoccurs in UTC time, not in the time zone of the Site Director. For more details, see Multiple timezones.To set the date and time in the Site Director (and therefore the entire site), you can set the timemanually or select a time server for the Site Director. The time server for the Site Director isreferred to as the site time server and should be a reliable source that is not on the Metasysnetwork. Regardless of how you set the date and time, you must set the time zone in the SiteDirector.

Note: Beginning at Release 8.0, the Metasys System supports Release 8.0 (or later) networkengines set in different time zones.

Important: Edit the Device Time Servers attribute or Time Sync Period attribute in the Siteobject only.

Note: To ensure that the correct time appears on the SMP user interface accessed from aclient computer, apply the most recent Daylight Saving Time (DST) patch for the operatingsystem on all clients that access the Site Director. The latest DST patch is available fromMicrosoft Corporation.

Overview of time synchronizationThis section contains a summary of how time synchronizes on a site with various systemcomponents. Table 27 summarizes the time sources for various system items. All time is UniversalTime Coordinated (UTC) and all system devices handle DST.Table 27: Time sources

Item Time sourceNAE/NIE Trend Data NAE/NIENAE/NIE Events NAE/NIENAE/NIE Commands NAE/NIEAnnotations ADS/ADX/ODSEvent Acknowledgements ADS/ADX/ODS


ADS/ADX/ODS Site Director with network enginesOn a site with an ADS/ADX/ODS Site Director and network engines, the following timesynchronization steps occur:

1. ADS/ADX/ODS Site Director comes online.

2. Network engines come online and check in with the Site Director.

3. Every 15 seconds, the network engines check for ADS/ADX/ODS online/offline conditions. If theADS/ADX/ODS is offline, the network engines send an IAmLive message to the ADS/ADX/ODSevery 20 seconds.

4. When the ADS/ADX/ODS receives the IAmLive message, it attempts to validate the securitycredentials of the network engines. If the time in the network engines is different than thetime in the ADS/ADX/ODS by 5 or more minutes (also taking into account the time zone of eachnetwork engine), the engine security credentials are invalid.

5. Network engines come online and check in with the Site Director.

6. Every 15 seconds, the network engines check for ADS/ADX/ODS online/offline conditions. If theADS/ADX/ODS is offline, the network engines send an IAmLive message to the ADS/ADX/ODSevery 20 seconds.

7. When the network engine receives an invalid credential, the network engines request thecurrent time from the ADS/ADX/ODS and update the engine time to match, also taking intoaccount the time zone of each network engine.

Note: Time between an ADS/ADX/ODS and network engines synchronizes only if the timediffers between the ADS/ADX/ODS and network engines by five or more minutes. In theworst case scenario, one network engine could be four minutes and 59 seconds ahead ofthe ADS/ADX/ODS, and another network engine could be four minutes and 59 secondsbehind the ADS/ADX/ODS.

8. After time is synchronized and the ADS/ADX/ODS is online, the network engines send IAmLivemessages to the ADS/ADX/ODS every five minutes (instead of every 20 seconds).

Note: Time synchronization is affected if you change the network engine's Site Directorfrom an ADS/ADX/ODS in one time zone to an ADS/ADX/ODS in a different time zone.If you make this change online, as an interim step, promote the network engine to beits own Site Director, wait several minutes, then assign to the network engine the ADS/ADX/ODS Site Director in the new time zone. This interim step ensures proper timesynchronization.

Time synchronization methodsThree methods for network time synchronization are available in the Metasys system, includingWindows Simple Network Time Protocol (SNTP) time synchronization, Multicast, and BACnet® timesynchronization.You can use the Microsoft Windows and Multicast methods when an SNTP master time serveris available. If the Site Director has no access to SNTP time servers, you can use the BACnetsynchronization method.To enable a time synchronization method, modify the Time Sync Method attribute for the Site. Seethe Steps for successful time management and Setting the time synchronization method sections.


Windows time synchronizationThe Windows time synchronization is Microsoft Corporation’s implementation of the standardWindows SNTP w32time. This method is also referred to as unicast synchronization. With this formof time synchronization, all routers can route User Datagram Protocol (UDP) traffic. Windows timesynchronization may have a larger time interval in which devices are out of sync with the SNTPmaster time server due to skewing and convergence.If you use Windows time synchronization, you must define a device time server in the Site Directorusing the Device Time Servers attribute.

Note: If you implement an intentional time change for your site, in less than five minutes, allother devices on the site update with the new time with Windows time synchronization.

Multicast time synchronizationThe Multicast time synchronization is the Johnson Controls implementation of SNTP w32timewith Multicast capabilities and RFC-2030 compliance. This method delivers the same features asthe Windows method, but also provides Multicast functionality. The Multicast method providesimproved Metasys time synchronization between the Site Director and supervisory devices. A timeserver provides the master time to the Site Director, and the Site Director in turn multicasts thetime to all supervisory devices on the Metasys network.When a supervisory device first signs up with the Site Director, it polls the Site Director for thecurrent time and matches its time with the Site Director time. By default, every five minutes the SiteDirector broadcasts the current time to all supervisory devices. If a particular device time differs 1.5seconds or more from the Site Director time, the device adjusts its time to match. Additionally, if theSite Director time changes by more than 1 to 1.5 seconds, it sends out a Multicast time message toall devices within 2 seconds of the change.This form of time synchronization requires that all routers on the site support Multicast routing(Internet Group Multicast Protocol [IGMP]) because the Multicast time message crosses routers.The Johnson Controls SNTP time synchronization reduces the time interval in which devices are outof sync with the SNTP master time server.

BACnet time synchronizationBACnet time synchronization uses BACnet protocol to synchronize with BACnet devices such as thenetwork engine. Use this method when the Site Director has access to a BACnet time server. Thismethod is not available on the ADS/ADX/ODS.

Example networkFigure 35 shows an example system with a common time zone, date, and time management setup.This example is representative of the Multicast and Windows time synchronization methods.The ADS/ADX/ODS Site Director is configured to receive the date and time from an intranet timeserver. The date and time originates at an Internet time server (such as the Naval atomic clock).Using Simple Network Time Protocol (SNTP), the intranet time server requests the time from theInternet time server. The Site Director requests the time from the intranet time server. Then, usingthe Metasys system automatic time synchronization, and the manually configured time zone, theSite Director automatically provides the time zone, date, and time to the other engines/server onthe Metasys network.


Figure 35: Time Management sample system

Multiple time zonesThe time zone of the Site Director defaults to (GMT-06:00) Central Time (US & Canada). If your site isnot in the Central time zone, set the time zone for your location. When you set the time zone in theSite Director, it propagates the current time to all the engines/servers on the site. You must set thetime zone in the Site Director even if you select a site time server. In addition, you must set the timezone in all non-Site Director ADS/ADX/ODS devices after ADS/ADX/ODS software installation.Starting at Release 8.0, multiple time zones across a site are supported. This new capability isaccomplished with a new attribute on the network engine's Site object called Default Time Zone.This attribute has a drop-down list of all available world time zones to identify the local time zonewhere the engine is located. Selecting a time zone means that the operator is no longer requiredto apply time zone math when working with Schedule objects defined at the engine. The time zoneyou select is also applied to Schedule objects you define at the engine.By default, each updated network engine continues to time-sync with the Site Director, but the timesync occurs in UTC time. For example, a Site Director in the central time zone (UTC-06:00) that syncswith an engine in the mountain time zone (UTC-07:00) does not change the engine to the centraltime zone. The local time and date attributes of the Site Director show its local time and date asdoes the network engine. Also, consider the following:

• Scheduling: schedules at each network engine execute relative to the local time zone of theengine, allowing you to schedule based on the local time zone, rather than the Site Director'stime zone. Prior to Release 8.0, you had to take into account the local time zone of the engine,then mentally convert the time based on the time zone of the Site Director. These time zonecalculations are no longer required.

• Historical data: alarms, audits, and trended values from engines that are viewed on the SiteDirector report in local UTC time. However, alarms, audits, and trended values from engines thatare viewed on the engine itself report in local time.

• Other features: items such as Archive Date and ADS Delivery Time report in the local time of theengine.

The ADS/ADX/ODS Site Director and the network engines must be at Release 8.0 or later to takeadvantage of the multi-time zone features. If a site has a mixture of engines at different Metasysreleases, the older engines do not exhibit this new feature. For example, as Table 28 indicates, thelocal time of an NAE at Release 7.0 uses the Site Director's time, whereas an NAE at Release 8.0 orlater uses a time specified by its Default Time Zone attribute.


Table 28: Time zone examples

Device Release Time zone Time zone usedADS/ODS 8.0 or later Central Central Standard TimeNAE 6.5 Mountain Site Director's time zone (Central)NAE 7.0 Central Site Director's time zone (Central)NAE 8.0 or later Pacific Pacific Standard TimeNAE 8.0 or later Eastern Eastern Standard Time

Note: If your system consists of a network engine Site Director with multiple child networkengines, make sure you use the Default Time Zone attribute of the Site object, not the TimeZone attribute in the engine, or undesirable behavior may occur.

Site time serverAs an alternative to setting the date and time manually for a device, you can select a site timeserver. A site time server sets the date and time in the Site Director. Site time servers can be on yourintranet, such as a Domain Controller/Server; or on the Internet, such as the U.S. Naval ObservatoryMaster Clock.For a list of Navy master clocks, go to http://tycho.usno.navy.mil.See the Selecting a site time server for the Site Director network engine or Selecting a Site TimeServer for the Site Director ADS/ADX/ODS (Windows method only) sections.

Time in device object and user interface status barThe date, time, and time zone in the Status Bar of the SMP user interface indicates the local date,time, and time zone for that device. The date, time, and time zone in the device object to which youare browsing are the same time; however, there may sometimes seem to be a discrepancy or delaybetween the two. This is normal operation. See Figure 36.

Figure 36: Local time and date shown in user interface

For a network engine at Release 8.0 or later, the local time and date shown on the device object'sFocus window is based on the default time zone set for the device. If the engine is located in adifferent time zone than the Site Director, the current time and date shown for each differs.


http://tycho.usno.navy.mil/

In the ADS/ADX/ODS Site Director, the time zone, date, and time in the device object of the deviceare set by you or by the designated site time server. In a non-Site Director network engine, the timezone, date, and time in the device object come from the Site Director. The device object then passesthe time zone, date, and time along to the Status Bar for display. If the device is busy, it may take afew minutes for the time zone, date, and time to update correctly in the Status Bar.

Steps for successful time managementFor successful time management, complete the following steps:

1. Verify that each non-supervisory engine/server on the Metasys network has the correct SiteDirector defined.See the Verifying the Site Director defined for an engine/server section.

2. Set the time synchronization method for the site.See the Setting the time synchronization method section.

3. Set the default time zone of the Site object for each network engine that has Metasys softwareat Release 8.0 or later.

4. Set the time zone and then set the date and time or select a site time server for the site.See the Network engine as Site Director or ADS/ADX/ODS as Site Director section.If you have a network engine as the Site Director, the time zone, date, and time are set in theengine's Site object. See the Network engine as Site Director section. If you have non-SiteDirector ADSs/ADXs on the site, you must set the time zone for these servers.If you have an ADS/ADX/ODS as the Site Director, the time zone, date, and time are set in theWindows operating system of the computer where the ADS/ADX/ODS resides. See the ADS/ADX/ODS as Site Director section. If you have non-Site Director ADS/ADX/ODS devices on thesite, you must set the time zone for these servers.

5. For Multicast time synchronization only, configure the SNTP Multicast attributes for the site.See the Configuring additional multicast time synchronization settings section.

6. If a P2000 Security Management System (SMS) is integrated to the ADS/ADX/ODS server, boththe P2000 and ADS/ADX/ODS servers should reference the same network time server. If thetwo systems use different time servers, the P2000 and ADS/ADX/ODS servers are not clocksynchronized, which results in intermittent or no communication between the two systems.

Verifying the Site Director defined for an engine/serverFor time synchronization to work properly, all engines/servers on a site must have the correct namefor the Site Director in the Local Site Director attribute. If an engine/server has the wrong devicedefined as Site Director, time synchronization may not work properly on your Metasys site.

1. Log on to the engine/server.

2. Drag and drop the engine/server object to the Display frame.

3. Select Advanced.

4. Scroll to the Site section and verify that the Local Site Director attribute contains the correctdevice (Figure 37). In this example, the Site Director is a network engine (NxE-THREE).

Notes:


- The Local Site Director may be entered as an IP address or host name. If entered asa host name, the name is case-sensitive (for example, NxE-THREE is not the same asnxe-three).

Figure 37: Site Director Field

- If the Site Director field contains the wrong device or is empty, click Edit. Edit theSite Director entry and click Save.

5. Go to Setting the time synchronization method.

Setting the time synchronization methodSee the Time synchronization methods section for descriptions of the methods.

1. Log on to the Site Director engine/server.

2. Drag the Site object to the Display frame.

3. Click Edit.

4. Select Advanced.

5. In the Time section, in the Time Sync Method list, select the desired time synchronizationmethod (Windows or Multicast).

Figure 38: Time sync method field

6. If you select Windows time, enter a device time server in the Device Time Servers attribute. Adevice time server is required for Windows time synchronization.

7. Click Save.


Important: When the Time Sync Method is set to Multicast and the ADS/ADX/ODScomputer is synchronized with a time source other than itself, the Site Time Server mustbe an SNTP Time Server to allow the ADS/ADX/ODS to perform time synchronization. Timesynchronization occurs when a change is detected in the ADS/ADX/ODS computer localclock, or at the Site configured Time Sync Period. Enabling Multicast time synchronizationterminates the Windows win32time service, but changing the Time Sync Method backto Windows does not re-enable the service. If you change the Time Sync Method back toWindows, you must manually start the win32time service, or restart the Site Director.

Note: When the Time Sync Method is set to Windows, also set the Internet Time Server inthe Windows operating system of the Site Director to match the IP Address specified forthe Site Time Server. In the Control Panel of the Site Director, search for Date and Time.On the Date and Time dialog box, click the Internet Time tab. Click Change Settingsand enter in the Server field the same IP address that you defined in the Site Time Serverattribute. Click OK to apply the change.

8. Go to Network engine as Site Director or ADS/ADX/ODS as Site Director.

Network engine as Site DirectorIf a network engine is the Site Director, you must set the time zone first, then either set the dateand time or select a time server for the Site Director network engine.

Note: See the Verifying the Site Director defined for an engine/server and Setting the timesynchronization method sections before following the steps in this section.

Setting the default time zone in the site director network engine

1. Log on to the Site Director network engine.


3. Click Edit.

4. In the Time section, in the Default Time Zone list, select the correct time zone for the device.

Figure 39: Default time zone in the Site Object

5. Click Save.Note: The Site object's focus window is updated immediately to indicate the current timeand selected time zone, but the blue status bar in the lower right corner does not updateuntil you log off, then log in to the network engine again.

If you are also manually setting the date and time in the Site Director network engine, go toSetting the date and time in the Site Director network engine.If you are selecting a time server for the Site Director network engine, go to Selecting a sitetime server for the Site Director network engine.


Setting the date and time in the Site Director network engineBefore you manually set the date and time in the Site Director network engine, follow the steps inSetting the default time zone in the site director network engine.

1. In the navigation tree, right-click the Site object and select Command. The Command dialogbox appears.

2. Click Set Time and enter a value in the text box.

3. Click Send.Note: If you have a site time server selected, do not attempt to set the time manually.If you have one or more site time servers defined, sending this command generates anerror.

4. In the navigation tree, right-click the Site object and select Command. The Command dialogbox appears.

5. Click Set Date and select a date from the calendar (Figure 40).

Figure 40: Date in a Site Director network engine

6. Click Send.Note: If you have one or more site time servers defined, sending this command producesan error. If you have a site time server defined, do not attempt to set the time manually.

The Site Director time zone, date, and time are now set and propagate to all other engines onthe site.


Selecting a site time server for the Site Director network engineBefore you select a site time server for the Site Director network engine, follow the steps in Settingthe default time zone in the site director network engine.

1. Reset the network engine for the time zone change to take effect.

2. Log on to the network engine.


4. Click Edit.

5. In the Time section, in the Site Time Servers field, click the browse button.Note: The Device Time Servers field should be blank unless you are using Windows timesynchronization. Do not change the value for the Time Sync Period attribute.

Figure 41: Site time servers in the Site Object

6. In the screen that appears, click Add (Figure 41).

7. Enter the IP address of the SNTP server from which the Site Director receives its time (Figure42).

Note: Specify a host name only if a DNS server is available to the Site Director. If you addmore than one address, the Site Director network engine tries to contact the first address.If that fails, the network engine contacts the second one, and so on. The network engineuses only the first address in the list.

Figure 42: Add site time server


8. Click OK.

9. Click Save. The Site Director now requests the date and time from the selected time server andpropagates it to all other engines on the site.

ADS/ADX/ODS as Site DirectorSet the time zone first, then either set the date and time or select a time server for the Site DirectorADS/ADX/ODS.

Notes:

• See the Verifying the Site Director defined for an engine/server and Setting the timesynchronization method sections before following the steps in this section.

• If you select a site time server for your Site Director ADS/ADX/ODS, and you also set thetime manually in the ADS/ADX/ODS, the manual time is overridden at the end of the timespecified in the Time Sync Period attribute. The default is 1 hour.

Setting the time zone in the Site Director ADS/ADX/ODS

1. In the lower-right corner of the ADS/ADX/ODS computer screen, click the time. The Date andTime Properties box appears as shown in Figure 43. The appearance of this screen variesdepending on the operating system.

Figure 43: Time and date on a Site Director ADS/ADX/ODS

2. Click Change date and time settings, then click Change time zone.

3. Select a time zone from the drop-down list box.

4. Select Automatically adjust clock for Daylight Saving Time, if present.

5. If you have non-Site Director ADS/ADX devices on your site, set the time zone in those serversfollowing the instructions in this section.If you are also manually setting the date and time in the Site Director ADS/ADX, go to the Set-ting the date and time in the Site Director ADS/ADX/ODS section.If you are selecting a time server for the Site Director ADS/ADX, click OK and go to the Select-ing a Site Time Server for the Site Director ADS/ADX/ODS (Windows method only) or Selecting aSite Time Server for the Site Director ADS/ADX/ODS (Multicast method only) section.


Setting the date and time in the Site Director ADS/ADX/ODSBefore manually setting the date and time in the Site Director ADS/ADX/ODS, follow the steps in theSetting the time zone in the Site Director ADS/ADX/ODS section.

1. Click the time in the lower-right corner of the screen. Click Change date and time settings.

2. Set the time and date.

3. Click OK.The Site Director time zone, date, and time are now set and propagate to all other engines andservers on the site.

Selecting a Site Time Server for the Site Director ADS/ADX/ODS (Windows methodonly)If you set up a site time server for your Site Director, you can set the date and time manually in theADS/ADX/ODS, but the manual settings are overridden at the end of the Time Sync Period.Before selecting a site time server for the Site Director ADS/ADX/ODS, follow the steps in the Settingthe time zone in the Site Director ADS/ADX/ODS section.

1. On the ADS/ADX/ODS computer, press the Windows key + R. The Run dialog box appears.

Figure 44: Run dialog box

2. Type Net time /setsntp:"10.10.16.1 10.10.16.2 ...", where 10.10.16.1 and10.10.16.2 are example IP addresses of time servers.

Note: The IT department should provide the address of a suitable time server. Be surethat the quotation marks are included especially when listing multiple time servers.

3. Click OK.The Site Director now requests the date and time from the selected time server and propa-gates it to all other engines and servers on the site.

Selecting a Site Time Server for the Site Director ADS/ADX/ODS (Multicast methodonly)Before selecting a site time server for the Site Director ADS/ADX/ODS, follow the steps in the Settingthe time zone in the Site Director ADS/ADX/ODS section.

1. Log on to ADS/ADX/ODS.

2. Drag and drop the Site object to the Display frame.


3. Click Edit.

4. In the Time section, in the Site Time Servers field, click the browse button shown in Figure 45.Note: Leave the Device Time Servers field blank. Do not change the value for the TimeSync Period attribute.

Figure 45: Site time servers in the Site Object

5. In the Modify List dialog box that appears, click Add.

Figure 46: Add site time server

6. Enter the IP address of the SNTP server from which the Site Director receives its time.Note: Specify a host name only if a DNS server is available to the Site Director. Leave theDevice Time Servers field blank. For Multicast time synchronization, if you add more thanone address, the Site Director ADS/ADX/ODS tries to contact only the first address.

7. Click OK.

8. Click Save. The Site Director now requests the date and time from the selected time server andpropagates it to all other engines and servers on the site.

Configuring additional multicast time synchronization settingsIn addition to selecting the Multicast time synchronization method (Setting the timesynchronization method), you must define other Multicast attributes.To configure additional Multicast time synchronization settings:


1. Log on to the Site Director engine or server.


3. Click Edit.

4. Select Advanced.

5. In the Time section, modify the attributes listed in Table 29 (Figure 47) and then click Save.

Figure 47: Multicast time synchronization fields

Table 29: Multicast time synchronization fields

Attribute DescriptionMulticast Group Address Specifies the IP address used to multicast the

SNTP message. This address identifies thegroup of devices to receive the SNTP message.The RFC-2030 defined standard address is224.0.1.1. The address is configurable to allowsite-specific use.

Multicast UDP Port Specifies the UDP port where the Multicast timesynchronization polls and listens for messages.The RFC-2030 defined standard port is 123. TheUDP port defined here must match the TimeServer’s UDP port for successful polling to occur.

Multicast TTL Specifies the Time-to-Live (TTL) for a Multicastmessage. The value indicates the number ofrouter hops allowed (number of routers topass through) before the message is not sent.Routers must be configured to pass Multicastmessages to allow the time sync message topass.

Note: A default value of 1 typically stopsthe Multicast message from leaving the IPsubnet of the Site Director. Most routersdecrease the existing TTL upon arrival ofa packet, and drop the packet instead ofrerouting it when the TTL reaches 0.


Table 29: Multicast time synchronization fields

Attribute DescriptionMulticast Heartbeat Interval Specifies the number of minutes between

forcing a Multicast time synchronizationmessage from the Site Director to participatingdevices.

Appendix: Certificate ManagementCertificate ManagementCertificate Management is an option in SCT that you use to manage trusted certificates that arestored in network engines. Enhancements at Metasys Release 8.1 provided for improved securityby enabling encrypted communication between Metasys servers and network engines. Theseenhancements included the option to configure encrypted and trusted communication for networkengines. New at Release 9.0, encrypted and trusted communication is available between theMetasys server and network engines. The Site Security Level attribute in the Site object controlsthis capability. For details, as it applies to a Metasys server, refer to ADS/ADX Commissioning Guide(LIT-1201645).When you install or upgrade a Metasys site to Release 8.1 or later, self-signed certificates areinstalled for the ADS/ADX/ODS and network engines by default. Self-signed certificates fornetwork engines have three-year durations. Once devices are installed or upgraded, Metasyssystem communication is encrypted. If a customer is satisfied with encrypted communications, noCertificate Management steps are required. System components come online and communicate asthey would at any Metasys software release.Optionally, if trusted communications is desired, the customer's IT department can generatetrusted certificates or obtain trusted certificates from a Certificate Authority (CA) for the Metasysserver and network engines. You use the Certificate Management option in SCT to manage trustedcertificates for network engines.

Note: If you are implementing certificate management on an existing Metasys system,if you add a trusted certificate it may require you to add a domain name to the originalhost name of a server or engine. This action requires you to rename all data in the Metasyshistorical databases. You can perform the renaming operation within SCT, but be aware thatthis procedure requires intensive database operations that significantly prolong a systemupgrade. Therefore, be sure to allocate extra time if you are renaming historical data as partof an upgrade to Metasys Release 9.0. For details about renaming a network engine, refer toDownload section in Metasys® SCT Help (LIT-12011964).

The connection status currently active on the computer is indicated by a security shield icon thatappears on the Metasys SMP and SCT login windows, and SMP and SCT UI main screens. If theengine is using trusted certificates, a green shield icon with a checkmark appears. If the engine isusing self-signed certificates, an orange shield icon with an exclamation mark appears. And finally,if the certificate chain to the engine is broken, the certificate is misnamed, or the certificate hasexpired, a red shield icon with an X appears. The Metasys UI login screen does not indicate theactive connection status.To help you remember when server certificates installed on network engines expire, the Site objecthas an attribute called Certificate Renewal Reminder. This attribute regulates when certificateexpiration reminders begin. It specifies the number of days prior to security certificate expirationbefore operators are notified daily that an engine certificate is about to expire. For example, if youuse the default period of 60 days, and a server certificate on a network engine expires on January 1,beginning on November 1, an event requiring acknowledgement is sent to operators once a day oruntil the self-signed certificate is renewed or a new trusted certificate is installed.The sections that follow describe how to manage security certificates for network engines withSCT 12.0, including how to request, upload, and download certificates. You also use Certificate


Management to add each Metasys server certificate so that SCT can push the server's rootcertificate to network engines. Without the root certificate, network engine communication to theMetasys server works, but it is untrusted. For setting up root, intermediate, and server certificateson a Metasys server (ADS, ADX, ODS, or NxE85), refer to the appropriate document: Metasys® ServerInstallation and Upgrade Instructions Wizard (LIT-12012162), ODS Installation and Upgrade InstructionsWizard (LIT-12011945), or NxE85 Installation and Upgrade Instructions (LIT-12011530).Figure 48 shows an example of the Certificate Management window in SCT. Click Tools > CertificateManagement to open it. The window has a Certificates tab that includes details about eachcertificate in the archive. From this window, you can request, export, or delete a certificate. You canalso replace an existing certificate with a self-signed certificate.

Figure 48: Certificate Management main screen

The following table explains each column in the Certificates window. Click inside a column headerto sort the column.Table 30: Description of Certificates table

Column name DescriptionStatus A security shield icon that indicates the connection status afforded by the

certificate.

A tick icon: encrypted and trusted

An exclamation mark icon: encrypted and self-signed

An X icon: encrypted, but either the certificate chain to the site or engine isbroken, the certificate has a name mismatch, or the certificate has expired.

Checkbox Icon A check box to select the device that you want to work with.Issued To The name of the device to which the certificate is issued.Type The type of certificate: root, intermediate, or server.Device The device to which the certificate is bound (single or multiple for

intermediate and root certificates).


Table 30: Description of Certificates table

Column name DescriptionExpiration The date on which the certificate expires. The certificate management tool

highlights all certificates that expire within the number of days specifiedby the Certificate Renewal Period attribute of the Site object (or havealready expired). Also, the Certificate Renewal Period attribute in the Siteobject controls when certificate expiration reminders begin. It specifiesthe number of days prior to security certificate expiration before theoperator is notified daily that a certificate is about to expire. This attribute issynchronized to all child devices. The Certificate Renewal Period attributeapplies only to devices at Release 8.1 or later.

Details A clickable arrow that opens an expanded panel with more detailedinformation about the certificate.

Certificate Signing Request (CSR)SCT can generate a certificate signing request (CSR) on behalf of a network engine. However, SCTcannot act as a certificate authority (CA) for signing certificates. Requesting a certificate is a multi-step process that involves specifying the following information:

• Common name

• Email address

• Name of organization

• Name of organizational unit

• City

• State or province

• Name of country

Summary of steps for network engines:

1. Verify that the device name in the SCT archive and the subject common name for the devicematch.

2. Use SCT to create a CSR and an associated private key for each network engine. SeeRequesting a certificate.

3. Send the CSR for each engine to the internal IT department or CA for signing. The internal ITdepartment or CA returns the signed certificate files.

4. Import the signed certificate files for each network engine into the SCT archive. See Importinga certificate.

Note: You need to import the root certificate, the server certificate, and an intermediatecertificate file if provided. The combination of one root certificate, one or moreintermediate certificates, and one server certificate is known as a certificate chain. Thecertificate chain must be complete for both the server and each network engine tosuccessfully configure a site.

The CSR is complete and SCT removes the certificate request from the Requests table. Theprivate key that SCT previously created is paired with the imported certificate.


5. Export all certificate files and store them in a safe and secure location in case you need to re-import them. See Exporting a certificate.

Note: You cannot request a CSR for a device if an existing CSR is still pending. You must deletethe existing CSR first.

Important: The private key that is generated when the CSR is created can be associated withthe new certificate only if the device name in the SCT archive and the subject common namefor the device match. Therefore, before you request a device CSR, verify that the device nameis correct. If not, the newly purchased certificate could be worthless because of the devicename mismatch. A common mistake is to forget to include the company domain name withthe CSR. No workaround is available that can recover the use of the new certificate.

Import certificateUse SCT to import certificates and private keys from the local file system. Three file formats aresupported: *.pem, *.cer, and *.crt. Typically, each device has two or three certificate files toimport: one root, one intermediate, and one server certificate. Some devices may have morethan one intermediate certificate. Whatever the case, always import every certificate file that thecustomer's IT department or CA provides from the CSR you sent them.SCT supports the import of only one certificate at a time. For example, if the root and intermediatecertificate information comes in a single file, you need to split it into two different files, one for theroot and the other for the intermediate certificate.When you import a server certificate, SCT pairs the imported server certificate with the privatekey from the associated CSR. If a server certificate is imported that contains an identical IssuedTo Common Name (CN) as an existing certificate, the imported certificate replaces the existingcertificate, but the private key is retained; it is not replaced.

Export certificateUse SCT to export certificates and private keys to the local file system. Exporting certificates is anoptional precautionary measure that allows you to export and store certificates to a computer orremovable media for safekeeping. Keep in mind that certificates with private keys are sensitiveinformation that you should treat as highly confidential files.Three file formats are supported: *.pem, *.cer, and *.crt. Typically, each device has two or threecertificate files to export: one root, one intermediate, and one server certificate. Some devices mayhave more than one intermediate certificate. Whatever the case, always export every certificate filethat the customer's IT department or CA provides from the CSR that you sent them to.

Certificate list viewUse the certificate list view to determine if all certificates required by each device reside in thearchive. The certificate list view provides these features:

• Indication of an expired certificate.

• Indication of whether a certificate is required in one or more certificate chains used by a device inthe archive. The list view also makes clear which certificates are not needed and may be deleted.

• Information about the certificate, including: Issued To, Type, Device Name (server certificates),Expiration Date, Details (for example, SHA1 Thumbprint).

• Clickable column headers that sort the rows by the data in that column.

• Options for importing, exporting, and deleting root, intermediate, or server certificates.


Figure 49: Viewing certificate details

Certificate tree viewUse the certificate tree view to verify the certificate chain, which is the combination of root,intermediate, and server certificates required by the device. This information is important becausethe certificate chain must be complete to successfully configure a site. The certificate tree viewdisplays the following:

• Root certificate: the highest level certificate; only one for each device.

• Intermediate certificate: one level for each intermediate; there may be none, one, or multiple.

• Server certificate: the lowest level certificate; only one for each device.

The certificate tree view indicates if the certificate chain is missing or incomplete for any device. Foreach certificate, the following data is shown:

• Issued To: the common name (CN) field. For server certificates, the common name must exactlymatch the device’s computer name (hostname).

• Expiration: date when the certificate is set to expire.

• Details: drop-down box that contains the SHA1 Thumbprint to distinguish certificates with thesame common name.


Figure 50: Certificate Chain view

The following example shows the certificate chain view when a certificate is missing:

Figure 51: Missing Certificate example


Download certificateUse the Download Certificate option to download server certificates independently from otheractions. This method is much faster than downloading the full database with the Download ToDevice option under Manage Archive.When you download certificates to a site device, SCT determines the correct set of certificatesrequired by that device for successful site configuration. If any certificates are missing, SCT includesthe set of certificates that it recognizes during the download, but the missing certificates need to beimported before trusted connections can be established. Also, no certificates are downloaded if theserver certificate and private key for that device are not present in the SCT archive.

Detailed proceduresFollow these procedures to manage certificates in a network engine.

Requesting a certificateTo request a certificate for a network engine in an archive database, complete the following steps:

1. Open the archive database.

2. Verify that the network device name in the archive matches the subject common name of theonline network engine. If not, change the network device name in the archive to match theonline network engine name.

3. In the Tools menu, select Certificate Management.

4. Click the Devices tab.

Figure 52: Request Certificate - Devices tab

5. Click the network engine for which you want to request a certificate. Click RequestCertificate(s).


Figure 53: Request Certificate(s) form

6. Complete all the fields on the form. Click Save CSR Details.

7. Click Yes.

8. Browse to a folder where you want to save the CSR file and click Export. The certificaterequest file with a .PEM extension is exported to the selected folder. For example, thecertificate request file for a network engine called NAE-1 on a computer called ADX-1 would beADX-1_NAE-1_CSR.PEM for a network engine with a fully qualified name of ADX-1:NAE-1.


Figure 54: Export CSR(s) - Select Folder

9. Send the certificate request file to the IT department to obtain your trusted certificate. Whenyou receive the file, go to Importing a certificate to import the certificate into SCT for thenetwork engine.

Importing a certificateTo import a certificate for a network engine in an archive database, complete the following steps:



3. Click Import Certificates.


Figure 55: Request Certificate screen

4. Select the certificate file. The file has a .crt, .cer, or .pem extension. Click Import. Thecertificate for the network engine is imported.

Figure 56: Import Certificates screen

5. Click the Certificates tab to view the newly imported certificate.


Figure 57: Newly Imported Certificate

Exporting a certificateTo export a certificate for a network engine in an archive database, complete the following steps:



3. Click the Devices tab. Select the device whose certificate you want to export.

Figure 58: Exporting a Certificate

4. Click Export Certificate(s).


Figure 59: Export Certificate(s) - Select Folder screen

5. Click Export Certificate(s). The certificate file is exported to the selected folder location. Forexample, if the name of the NAE is NAE-1, the certificate file would be called NAE-1.pem.

Downloading a certificateTo download a certificate to a network engine from an archive database, complete the followingsteps:



Figure 60: Downloading a Certificate


3. Select the device that has the certificate that you want to download. If you need to downloadthe certificates of multiple engines, you can select more than one from the devices table.

4. Click Download.

Figure 61: Certificate Download Wizard

5. Specify the username and password of the network engine or click Communicate via SiteDirector to use the Site Director's credentials.

6. Click Test Login. When the login is confirmed, click Next to complete the remaining steps inthe Certificate Download Wizard. The ActionQ window appears to indicate the progress ofthe download. A completion status of OK indicates that the certificate download process wassuccessful.

7. Close the ActionQ window.

Uploading a certificateTo upload a certificate from a network engine to an archive database, complete the following steps:




3. Click the Devices tab. Select the device that has a certificate that you want to upload. If youneed to upload the certificates of multiple engines, you can select more than one from thedevices table.

Figure 62: Uploading a Certificate

4. Click Upload.


Figure 63: Certificate Upload Wizard

5. Specify the username and password of the network engine or click Communicate via SiteDirector to use the Site Director's credentials.

6. Click Test Login. When the login is confirmed, click Next to complete the remaining steps inthe Certificate Upload Wizard. The ActionQ window appears to indicate the progress of theupload. A completion status of OK indicates that the certificate upload process was successful.

7. Close the ActionQ window.

Deleting a certificateTo delete a network engine certificate from an archive database, complete the following steps:



3. Select the device whose certificate you want to delete. Click Delete.

4. Click OK to delete the certificate. The certificates list refreshes indicating that the certificate isremoved.


Deleting a certificate requestTo delete a network engine certificate request from an archive database, complete the followingsteps:



3. Select the device whose certificate request you want to delete. Click Delete.

Figure 64: Delete CSR Confirmation message

4. Click OK to delete the certificate request. The certificate requests list refreshes indicating thatthe certificate request has been removed.

Replacing a self-signed certificateFollow these steps to replace an existing certificate with a new self-signed certificate for a networkengine in the archive database. This procedure is useful if you need to replace an expired orcompromised trusted certificate with a self-signed certificate.



3. Click the Devices tab.

Figure 65: Devices Tab in Certificate Management


4. Select the device and click Replace Self-sign.

Backing up a certificateTo back up a certificate for a network engine, select the Export Certificate(s) button in Tools >Certificate Management. For details, see Exporting A Certificate.Certificates are also backed up and stored when you export or backup an archive database. Tocreate a backup of an archive and a certificate, please adhere to the following steps:

• Select Tools > Database > Create Backup.

• Select Tools > Database > Export Database.

Important: As an important restriction for creating and restoring database archive backupsthat contain network engine certificates, you must use the same SCT computer for bothoperations. Do not restore the archive using a different SCT computer, or the certificate data isdeleted. This is a security precaution that protects against certificate theft.

Appendix: Configuring and Maintaining PreferencesConfiguring and maintaining preferences introductionThe Metasys system provides customized preferences for the user interface. The preferences allowauthorized users to configure how the user interface behaves, including the sounds and colors, thestartup view, and the ability to add links to external applications that can be accessed from withinthe user interface of the NIEx9 device.Some steps in the following sections involve certain file operations, such as copying files andnavigating to specific folders. The tool used for these operations is the NxE Information andConfiguration Tool (NCT) for the NIE. For a hardware engine, log on to the device remotely usingthe NCT, then use the Get File and Copy File options in the Explorer tab of the NCT.For information on the NCT, refer to the NxE Information and Configuration Tool Technical Bulletin(LIT-1201990).

Preferences conceptsSystem and user preferencesPreferences are divided into two categories: System preferences and User preferences.

System preferencesSystem preferences apply to all users who log on to the site or device. System preferencesaffect the performance and operation of the system. Only the MetasysSysAgent user and theBasicSysAgent user have authorization to configure system preferences. An audible alarmnotification change is an example of a system preference.Before you make system preference changes, the device reads the preferences from theDefaultSystemPreferences.xml file. Once you make system preference changes, a new file calledSystemPreferences.xml is created (Figure 66). Both of these files are located in the directory on thenetwork engine as indicated in Table 31.Table 31: Location of preferences files

Network engine File locationNIE29/NIE39/NIE49(Release 9.0.7)

NIE59 (Release 10.0)

NAE Device\opt\metasys\var\Preferences\

NAE Device\opt\metasys\bin\UI\audio\


Table 31: Location of preferences files

Network engine File locationNIE89 C:\ProgramData\Johnson Controls\MetasysIII\Preferences

C:\Program Files (x86)\Johnson Controls\MetasysIII\UI\audio

The procedure to synchronize system preferences within a site or to reuse the system preferenceson another site is a manual copy and paste process. Use the process to copy system preferences toother devices on the site or to other sites. See Copying preferences between devices.

Figure 66: System preference files

• DefaultSystemPreferences.xml: This is the default system preferences file. It is installed as part ofthe standard installation for all network engines.

• SystemPreferences.xml: This file stores the configured system preferences. If you have not yetconfigured system preferences, this file does not appear in the directory.

User preferencesUser preferences apply to a specific network engine user. User preferences define how theinformation is displayed in the user interface and do not affect the operation of the system.The colors and marker styles of a trend display are examples of user preferences. Each user isauthorized to view and edit their own user preferences.The system automatically assigns a numbered user preference file name for each user calledUserPreferences-userID.xml, where userID is the identification number of the user. Using anidentification number, rather than using the actual user name, serves two purposes. First, it avoidsany conflicts that might arise if the user name contains special characters. Second, it allows theuser to be renamed without breaking the connection to the user preferences file.


To view user identification numbers, open the Security Administrator screen and select UserPreference File Names under the View menu (this option is available only to the MetasysSysAgentuser). The user preference file names appear in the Roles and Users pane (Figure 67) andcorrespond to files on the Metasys device in the directory as indicated in Table 31. As shown by twocallouts in Figure 67:

• 1: User preference file name as seen in the Security Administration in the user interface.

• 2: User preference file as seen when accessing a network engine using the NCT.

The procedure to synchronize user preferences within a site or to reuse the user preferences onanother site is a manual copy and paste process. Use the manual process to copy user preferencesto other devices on the site or to other sites. See Copying preferences between devices.


Figure 67: User preference file

Managing preferencesSystem and user preferences stored in a network engine are not saved in the archive database bySCT, and they are not part of the archive upload/download process. Additionally, preferences arenot saved during a security backup when you upgrade. You must manage preferences manually.For information on managing preferences for each preference type, see the following sections:

• System preferences


• User preferences

Detailed ProceduresConfiguring preferences

Note: To configure the preferences of a specific user, you must log in as that user or as a userwith Administrator rights.

1. On the Tools menu of the user interface, click Configure Preferences. The MetasysPreferences dialog box appears.

2. Set the preferences according to the Preferences section of the Metasys® SMP Help (LIT-1201793).If you specified Level 1-4 Sound Files on the Alarm Settings tab, place the alarm sound filesinto the audio folder on the network engine. Some network engines do not permit the filecopy operation because the audio folder is write-protected. The audio folder is located inthe following directory:For NIE89:C:\Program Files (x86)\JohnsonControls\MetasysIII\UI\audioFor NIE29/NIE39/NIE49 (Release 9.0.7) and NIE59 (Release 10.0):NAE Device\opt\metasys\bin\UI\audio\

Note: If a sound file is missing from the folder, the Metasys system uses the defaultsystem beep for that alarm priority.

Restoring default system preferences1. Using NCT, connect to the network engine on which you want to restore the default system

preferences.

2. Click Start SSH on the Connections tab. NCT now opens a port to the engine for you to use.

3. Use an SSH client like PuTTY to log on to the network engine. Use the MetasysSysAgentcredentials.

4. Navigate to the \opt\metasys\var\Preferences directory on the engine.

5. Delete the file with this command: rm SystemPreferences.xml.

6. Exit from the SSH client and disconnect the engine from NCT.

Copying preferences between devices1. Using NCT, connect to the source network engine; that is, the one that contains the

preferences you want to copy.

2. Click the Explorer tab, click Refresh Device Contents, then navigate to the Preferencesdirectory for the device as shown in Table 31.

3. Use Get File in NCT to copy SystemPreferences.xml (system preference) orUserPreferences-userID.xml (user preference), where userID is the identification numberthat appears in the Security Administration tool.

4. Paste the file onto the desktop of your computer.

5. Disconnect the network engine from NCT.


6. Connect NCT to access the destination network engine (where you want to copy thepreferences) as the MetasysSysAgent user and navigate to the Preferences directory for thedevice as shown in Table 31.

7. Use the Send File option in the NCT to paste the SystemPreferences.xml file or UserPreferences-userID.xml file that you copied to your computer desktop with Step 4.

Restoring default user preferences1. Log on to the SMP user interface of the network engine as the MetasysSysAgent user.

2. On the Tools menu of the user interface, select Administrator. The Security Administrationtool appears.

3. On the View menu, select User Preference File Names. The user preference file namesappear in the Roles and Users pane of the Security Administration tool.

4. Record the file name of the user whose preferences you want to restore.Note: If the user has been removed from the system, there is no record of the userpreference file name in the Security Administration tool. In this case, remove userpreference files from the network engine that do not have a corresponding userpreference file name in the Security Administration tool.

5. Close the Security Administration tool and continue with Removing user preference files.

Removing user preference files1. Using the NCT, connect to the network engine from which you want to remove the user

preference files and navigate to the Preferences directory for the device as shown in Table 31.

2. Delete files named UserPreferences-userID.xml, where userID is the identification number thatappears in the Security Administration tool.

Note: Do not delete DefaultUserPreferences.xml.

Copying user preferences to another user1. Log on to the SMP user interface of the network engine as the MetasysSysAgent user.

2. On the Tools menu of the user interface, select Administrator. The Security Administrationtool appears.

3. On the View menu, select User Preference File Names. The user preference file namesappear in the Roles and Users pane of the Security Administration tool.

4. Record the file name of the user whose preferences you want to copy (Source User) and the filename of the user whom you want to share those preferences (Destination User).

5. Close the Security Administration tool.

6. Using NCT, connect to the network engine and click the Explorer tab.

7. Click Refresh Device Contents and navigate to the Preferences directory for the device asshown in Table 31.

8. Use the Get File option to retrieve a copy of the user preferences file (source user) that youwant to duplicate for another user (destination user). Copy the file to an accessible location onyour laptop.


9. Rename the user preferences file of the source user to match the name of the destination user.

10. Use the Send File option to send the user preference file of the destination user to thePreferences directory of the engine.

Preserving preferences for a network engine updatePreferences do not persist after an engine update unless you take manual steps to save thesettings before you begin a system upgrade.

1. Before you begin the engine update process, use the NCT to connect to the network enginethat contains the preferences and custom files you want to copy.

2. Click the Explorer tab, click Refresh Device Contents, then navigate to the Preferencesdirectory for the device as shown in Table 31.

3. Use the Get File option in NCT to copy SystemPreferences.xml (system preference) orUserPreferences-userID.xml (user preference), where userID is the identification number for eachspecific user with customized preferences. If you are saving preferences for multiple users, besure to retrieve all files. Also, retrieve any special files, such as customized sound .wav files,from the location shown in Table 31.

4. Paste these files in a safe location on your computer or network drive, or store them on othermedia.

5. Update the network engine according to the Metasys® Server Installation and UpgradeInstructions Wizard (LIT-12012162).

6. With NCT, connect to the updated network engine and use Send File to copy the files that youcopied in Step 3 back to the appropriate location as listed in Table 31.


NIEx9 Commissioning Guidecgproducts.johnsoncontrols.com/MET_PDF/12011922.pdf · Removing user...

Documents

Transcript of NIEx9 Commissioning Guidecgproducts.johnsoncontrols.com/MET_PDF/12011922.pdf · Removing user...