Stanley ID Express Server Release Notes
=======================================
Prerequisites:
--------------
The following are required before the software can be installed:
1) The server must have network access to a server running the desired Access Control System (BASIS or Wi-Q).
2) If BASIS is to be used as the ACS, version 6.4.500 or later is required and the latest BASIS hot fixes must be installed for DataConduIT support to function properly.
3) If Wi-Q is to be used as the ACS, version 3.0 or later is required.
4) The server must be running Internet Information Services (IIS) before installing Stanley ID Express Server.
a) Launch Programs and Features Programs utility from the Control Panel
b) Select Turn Windows features on or off from the menu on the left
c) Check Internet Information Services (IIS) to install IIS
d) On a Windows 7 or later machine, you must install IIS 6 compatibility by navigating to and selecting Internet Information Services=>Web Management Tools=>IIS 6 Management Compatibility=>IIS Metabase and IIS 6 configuration compatibility
e) On a Windows 7 machine or later, you must manually select the following items under Internet Information Services=>World Wide Web Services=>Application Development Features: .NET Extensibility, ASP.NET, ISAPI Extensions and ISAPI Filters
Firewall:
---------------
The server’s firewall must be configured to accept connections through port 80.
**** Windows 7 ****
1) Open Control Panel (Start Menu=>Control Panel)
2) Click “Security”
3) Click “Allow a program through Windows Firewall”
4) On the “Exception” tab, click the “Add Port . . . “ button
5) Enter “IDExpress” for the Name field
6) Enter “80” or “443” for the Port field
7) Select the “TCP” radio button
8) Click the “OK” button
9) Click the “OK” button
Install Software and create IIS Application User in Windows 7
---------------------------------
In Windows 7 the User used to run the Web Application must be changed to a user that can be used for Single Sign-On (both BASIS and Wi-Q).
1) Create a new Windows User on the Server with Admin rights.
2) Open IIS by right clicking Computer and selecting "Manage" from the pop-up menu.
3) Under Services and Applications, select Internet Information Services.
4) Navigate to | Application Pools in the Connections tree.
5) Click on Application Pools, select Add application Pool.
6) Enter “Kiosk” for the name, click the ok button.
7) Click on “Kiosk” under Application Pools, click on Advanced Settings on the left.
8) Under Process Model, click radio box for Identity. Choose Custom account and click on set, enter the user name and password for the new user created in step 1.
9) Click OK
10) Click OK
11) Click OK
12) Set up Single Sign-On for the new user in the appropriate ACS (BASIS or Wi-Q).
13) Install IDExpress Server Setup by right clicking and running as Administrator leaving IIS (Internet Information Services) running.
14) After installation has completed go back to IIS (Internet Information Services) under Application Pool click on “DefaultAppPool”, then click on View Applications on the left.
15) Double Click on “/Kiosk under Virtual Path, then using the drop down menu select the Application Pool you added “Kiosk” click OK.
16) Navigate to Sites | Default Web Site | Kiosk. Double Click on Authentication, click on Anonymous Authentication, on the left side of the screen make sure it is Enabled and click on Edit. Select radio button “Application pool identity click OK.
Configuration Tool:
-------------------
When installation is complete, open the Configuration Tool from Programs=>Stanley ID Express.
At a minimum, you must configure the following settings:
Integration – Database (for BASIS) or Wi-Q SDK (for Wi-Q)
DataConduIT (for BASIS)
Security – Kiosk(s) must be added to the list of Authorized Kiosks
Fields – At least one Identify field and at least one Verify field must be selected
********************* For BASIS systems only *******************************
NOTE: DataConduIT Service must be running as the same users that you created for your Kiosk AppPool.
Open Control Panel, click on Administrative Tool.
Click on Services.
Locate “LS DataConduIT Service”, right it and select Properties.
Click on “Log On” tab and choose “This account” radio button.
Enter the same User Name and Password that you used for your Application Pool
Click OK
Click OK
Before the new logon name will take effect you will need to stop and start the service.
--------------------------
If the BASIS database is SQL Server, the following steps must be completed in order for DataConduIT to work properly:
1) The Kiosk AppPool user (Windows 7, see instructions for "IIS Application User") must be added to the SQLServer instance and must be given dbOwner rights to the BASIS database.
a) Open Microsoft SQL Server Management Studio Express
b) Connect to the database using Windows Authentication
c) In the Object Explorer window, expand the “Security” folder.
d) Right-click the “Logins” folder and select “New Login” from the menu.
e) Click the “Search” button next to the “Login name” text box.
f) Enter Kiosk AppPool user name into the text box and click the “Check Names” button.
g) Click “OK”
h) Select “User Mapping” from the list on the left.
i) Check the box next to the AccessControl database.
j) Select “db_owner” and “public” from the permissions listed at the bottom of the window.
k) Click “OK”
2) Enable Single Sign-on in BASIS and link the Kiosk AppPool user ID to a BASIS user that has “System Admin” and “Cardholder Admin” privileges. Creating a BASIS user specifically for DataConduIT is strongly encouraged.
3) On the “Database” tab of the IDExpress Configuration Tool, enter the DataConduIT path. If DataConduIT is running on the same server as the IDExpress Server, the User and Password fields MUST be left blank.
Oracle Configuration:
NOTE: This has not been tested on the lasted releases.
---------------------
If the BASIS database is Oracle and the IDExpress server is NOT installed on the database server, Oracle Data Access Components must be installed on the IDExpress server. The Oracle Data Access Components installation program may be found in the Server | Supplementary Content folder of the installation package.
1) Copy ODTwithODAC1020221.exe from the installation package to the server’s hard drive and execute it.
It is recommended to create a directory in the root of the server's hard drive (c:\odacinstall e.g.) because
installation errors can occur if the install directory is too long or contains spaces.
2) Open the “install” directory that has been created in the same directory as the ODTwithODAC executable. Execute Setup.exe
3) On the Welcome screen click Next.
4) Select only “Oracle Data Access Components” and click Next.
5) Accept the default values for the destination and click Next.
6) From the “Available Product Components” list select only “Oracle Data Provider for .NET 2.0” and click Next.
7) Click Install.
BASIS Alarms Setup:
-------------------
IDExpress sends alarms (events) to BASIS using the Source, Device and Sub-Device fields. The Source is always IDExpress. The Device is the description of the kiosk reporting the event. (The kiosk description is set up in the Configuration Tool’s Security settings on the server). The Sub-Device is the IP Address of the kiosk reporting the event.
NOTE: In Basis 694 “DataConduIT Sources is called “Logical Sources”.
1) Open the BASIS System Administration tool.
2) From the Additional Hardware menu, select DataConduIT Sources . . .
3) Add a new DataConduIT Source named “IDExpress” (no spaces)
4) Add a DataConduIT Device for each kiosk defined in the Authorized Kiosks section of the Security Settings in the Configuration Tool. The Device names should be the kiosk description. Set the DataConduIT Source to “IDExpress”
5) Add a DataConduIT Sub-Device for each kiosk. Set the name of the Sub-Device to the IP Address of the kiosk (10.4.25.100, e.g.) and the Device to the correct Device (kiosk description).
6) Be sure to add the Device named “localHost” with the IP address of “127.0.0.1” This is the Server.
****************************** End BASIS Systems only *******************************
********************* For Wi-Q systems only *******************************
1) The DefaultAppPool user (Windows 7, see instructions for "IIS Application User") must be added to the SQLServer instance and must be given dbOwner rights to the Wi-Q database.
a) Open Microsoft SQL Server Management Studio Express
b) Connect to the database using Windows Authentication
c) In the Object Explorer window, expand the “Security” folder.
d) Right-click the “Logins” folder and select “New Login” from the menu.
e) Click the “Search” button next to the “Login name” text box.
f) Enter “ASPNET” (no quotes) or the Kiosk AppPool user name into the text box and click the “Check Names” button.
g) Click “OK”
h) Select “User Mapping” from the list on the left.
i) Check the box next to the WAMS database.
j) Select “db_owner” and “public” from the permissions listed at the bottom of the window.
k) Click “OK”
2) Enable Single Sign-on in Wi-Q Kiosk AppPool user ID to a WAMS User that is an Administrator or is a Manager with all privileges enabled. Creating a WAMS user specifically for IDExpress is strongly encouraged.
3) The Windows User that will be logged-in when running the ID Express Configuration Tool will also need to be linked to a WAMS User that is an Administrator or is a Manager with all privileges enabled.
****************************** End Wi-Q systems only *******************************
General Notes:
-------------
1) Installation must be performed by a user who has local administrator rights.
2) Please reboot the computer after making all of these changes.
3) Confirm the directory security on C:\Inetpub\wwwroot\Kiosk\Images allows full access to ASPNET and IUSR_. This should already be set after the installation.
Troubleshooting:
----------------------
There are two places to look for error messages:
1) The ID Express Transaction History log accessible through the Configuration Tool.
2) The Windows Application Event Log on the Server which sometimes provides more detailed error messages than the
ID Express Transaction History Log. To access the Windows Event logs, right click "My Computer" (Windows XP) or
"Computer" (Windows Vista and Windows 7) and select "Manage" from the menu. In Windows XP, the Stanley ID Express System event
log is located directly under "Event Viewer." In Windows Vista and Windows 7, it is in Event Viewer | Applications and
Services Logs.
| 