Skip to content
Docs

Troubleshoot Mideye Installation & Auth Errors

Verify Mideye Server is running

Section titled “Verify Mideye Server is running”

After starting the Mideye Server service, check the log file to confirm the server started successfully. A successful startup produces the following log output:

Application 'MideyeServer' is running! Access URLs:
  Local:      https://localhost:8443/
  External:   https://192.168.1.100:8443/
  Profile(s): [prod]

Where to check:

  • Linux: /opt/mideyeserver6/log/mideyeserver.log
  • Windows: C:\Program Files (x86)\Mideye Server 6\log\mideyeserver.log

You can also verify by opening the External URL shown in the log in a web browser. If the Web GUI loads, the server is running.

If you do not see the startup message in the log, the server failed to start. Check the sections below for common causes.

Connectivity to Mideye Switch

Section titled “Connectivity to Mideye Switch”

Mideye Server communicates with the Mideye Switch (Mideye’s central authentication infrastructure) to process authentication requests. If this connection fails, authentications will not work.

Requirements

Section titled “Requirements”
  1. Unique outgoing port — Each Mideye Server installation is assigned a unique outgoing port by Mideye. This is configured during installation and can be found in the server configuration.
  2. Firewall rules — The firewall must allow outgoing traffic from the Mideye Server to the Mideye Switch. Ensure that no firewall or network device is blocking this connection.
  3. IP whitelisting — Mideye support needs to know the public source IP address of your Mideye Server to whitelist it on the Mideye Switch. If the source IP changes (e.g., new internet connection, NAT changes), contact Mideye support to update the whitelist.

Troubleshooting steps

Section titled “Troubleshooting steps”
  1. Verify the outgoing port is correctly configured in the Mideye Server settings.
  2. Check your firewall — Ensure outgoing UDP traffic from the Mideye Server is not blocked.
  3. Confirm your public IP — Verify that the IP address Mideye has on file matches your current public source IP. You can check your public IP by running:
    • Linux: curl -s https://ifconfig.io
    • Windows (PowerShell): (Invoke-WebRequest -Uri https://ifconfig.io -UseBasicParsing).Content
  4. Contact Mideye support at support@mideye.com if you suspect an IP whitelisting issue. Include your public source IP and the assigned outgoing port.

Log files

Section titled “Log files”

Mideye Server writes two log files:

Log fileLevelDescription
mideyeserver.logINFO and abovePrimary log — all general server activity
mideyeserver.errorWARN and aboveErrors and warnings from Mideye components only

Log locations:

  • Linux: /opt/mideyeserver6/log/
  • Windows: C:\Program Files (x86)\Mideye Server 6\log\

On Windows, Mideye Server also writes to the Windows Event Viewer (WARN and above from Mideye components). See Server Logs for details on Event Viewer setup and log configuration.

For detailed information about log configuration, logback.xml, syslog forwarding, and SNMP traps, see the Server Logs reference documentation.

Server not starting

Section titled “Server not starting”

Wrong database credentials

Section titled “Wrong database credentials”
Error message: ERROR [XNIO-2 task-19] HikariPool: HikariPool-2 - Exception during pool initialization.java.sql.SQLException: Login failed for user 'user.name'.

This error message is due to invalid credentials to the SQL database. Verify the configuration in C:\Program Files (x86)\Mideye Server 6\config\application-prod.yml. Also, check the database log files. Manually start the Mideye Server service from Services.

Source IP not correctly defined in RADIUS Shared Secrets

Section titled “Source IP not correctly defined in RADIUS Shared Secrets”

Written to mideyeserver.log

Example:

2023-02-08 10:49:14.716Z INFO  [pool-7-thread-5] RadiusServerRunnable: RADIUS server name [StandardRadius] received packet, source IP: [/10.10.10.10], source port: [26602], RADIUS auth port: [1812]
2023-02-08 10:49:14.893Z INFO  [pool-7-thread-5] RadiusServerRunnable: Source IP [10.10.10.10] not found in table 'RADIUS shared secrets'.
2023-02-08 10:49:14.893Z INFO  [pool-7-thread-5] RadiusServerRunnable: Source identify failed, discarding request

Add correct Source IP or correct defined Source IP in RADIUS Shared Secret.

NAS-IP or NAS-ID mismatch

Section titled “NAS-IP or NAS-ID mismatch”

Shown as “failed” in WebGUI Authentication Logs.

Written to mideyeserver.log:

2023-02-08 10:26:35.370Z INFO  [pool-8-thread-214] RadiusClientService: Performing Client lookup based on Attributes NAS-IP [10.10.10.10] and Nas Identifier [NasID_example] lookup of client
2023-02-08 10:26:35.370Z WARN  [pool-8-thread-214] RadiusClientService: Request attribute values did not match any RADIUS clients
2023-02-08 10:26:35.370Z WARN  [pool-8-thread-214] RadiusClientNotFoundException: Code: [2004], Could not identify the RADIUS client using values id:['c'], ip:['10.10.10.10'] on server ['StandardRadius']

Also written to mideyeserver.error:

2023-02-08 10:26:35.370Z WARN  [pool-8-thread-214] RadiusClientService: Request attribute values did not match any RADIUS clients
2023-02-08 10:26:35.370Z WARN  [pool-8-thread-214] RadiusClientNotFoundException: Code: [2004], Could not identify the RADIUS client using values id:['NasID_example'], ip:['10.10.10.10'] on server ['StandardRadius']

Service ports

Section titled “Service ports”

MideyeServer needs two ports to start correctly. A port for Web GUI and a port for RADIUS traffic. The Web GUI Port can be changed.

  • Web GUI: tcp/443 or tcp/8443
  • RADIUS: udp/1812

Check the firewall too see that these ports are open.

Enable TCP/IP 1433/tcp on MS SQL Server Express

Section titled “Enable TCP/IP 1433/tcp on MS SQL Server Express”

If the MS SQL Express version is used, TCP/IP is not enabled by default. This can be enabled from “SQL Server Configuration Manager”, submenu “SQL Server Network Configuration”. Once enabled, open properties for TCP/IP and add 1433 to ‘TCP Port’ at the bottom of the window (IPAll).

MSSQL documentation can be found here

LDAPS connection issues

Section titled “LDAPS connection issues”

LDAPS (LDAP over SSL/TLS) connections can fail for several reasons. The following log line is written to mideyeserver.log when the connection is rejected:

2022-11-17 12:51:03.981Z WARN  [XNIO-1 task-6] LdapsCertificateHandler: I/O error occurred when fetching certificate from LDAP
java.net.SocketException: Connection reset by peer

Domain controller missing certificate

Section titled “Domain controller missing certificate”

If the domain controller doesn’t have a certificate installed, LDAPS connections from Mideye Server will not work. Install a certificate on the domain controller to enable LDAPS.

Connecting to LDAP server using IP address instead of hostname

Section titled “Connecting to LDAP server using IP address instead of hostname”

Mideye Server validates the certificate Common Name (CN) or Subject Alternative Name (SAN) when connecting over LDAPS. If you connect using an IP address (e.g., ldaps://10.20.30.40), certificate validation will fail because the certificate typically contains a hostname, not an IP address.

Solution: Use the LDAP server’s fully qualified domain name (FQDN) instead of the IP address (e.g., ldaps://dc01.corp.local).

Quick workaround using hosts file: If DNS resolution is not available for the LDAP server, add a hosts file entry to map the hostname to the IP address:

Windows — Edit C:\Windows\System32\drivers\etc\hosts as administrator:

10.20.30.40    dc01.corp.local

Linux — Edit /etc/hosts:

10.20.30.40    dc01.corp.local

Then configure Mideye Server to connect using the hostname (ldaps://dc01.corp.local) instead of the IP address.

LDAPS not enabled on the directory server

Section titled “LDAPS not enabled on the directory server”

LDAPS must be explicitly enabled on the Active Directory domain controller or other LDAP directory server. If LDAPS is not enabled, the server will refuse connections on port 636.

Verify that LDAPS is enabled:

  • Active Directory: A valid certificate must be installed on the domain controller. See Microsoft documentation on LDAPS.
  • Other LDAP servers: Consult your directory server documentation for enabling TLS/SSL.

Mideye Server update can’t find MideyeServer.msi file

Section titled “Mideye Server update can’t find MideyeServer.msi file”

The error message displayed during the installation is:

“The feature you are trying to use is on a network resource that is unavailable.”

When updating between versions there is a possibility that the MideyeServer.msi file for the existing Mideye Server version is not found. The solution is to download the same version again and extract the MideyeServer.msi file.

  • Check the Mideye Server version of the existing server.
  • Download that version from the Downloads page.

Extract the MSI-package from the downloaded MideyeServer-x.x.x-xxxx.exe file by starting the installation, finding the MSI file and moving it to a different directory. Note that the directory AppData (in step 2) is a hidden directory and is not shown unless “Hidden items” is checked in Windows “File Explorer” -> “View”.

  1. Run the MideyeServer-x.x.x-xxxx.exe file so that the “Mideye Server Setup” window shows. Don’t click on anything else in that window and don’t close the window.
  2. Find the temporary MSI file which have been extracted to: C:\Users<username>\AppData\Roaming\Mideye Server x.x.x\install<random folder>\MideyeServer.msi
  3. Copy the MideyeServer.msi to a different directory.
  4. Close the MideyeServer-x.x.x-xxxx.exe “Mideye Server Setup” window that was opened in Step 1. The temporary Mideye directory in C:\Users<username>\AppData\Roaming\ will now be automatically removed.
  5. Run the installation of the new Mideye Server version that you want to update to.
  6. When the same error message as before appears, browse to the location where the MideyeServer.msi package was copied to and select it.

Now the installation can proceed as expected.