PDA

View Full Version : Remote panel Tool KM


Custom Search


miesjel
01-07-2013, 09:04 AM
Hello!

Im trying to setup remote panel tool for our support. I've configured the server as told in the manual, placed the server in DMZ (seperate from our corporate network). We can acces the server perfectly with the client software on the desktops. those are configured with the external IP address for the DMZ. (thats a separete internet connection).

Now when i try to connect an MFP with it, it just wont connect. It gives an error when pressing start (could connect). I saw some settings for Certificate Verification level settings, i believe thats the part where it goes wrong. I've setup the external serveraddress (under client), turned it on offcourse, portnumber is correct, no proxy.

It worked when the server was in the same netwerk but now im getting trouble. What are the correct settings for the MFP? We use a Self-Signed certificate with IIS7.

thanks in advance!

Michel

scanzmgs
01-07-2013, 12:44 PM
hope this helps

miesjel
01-08-2013, 03:14 PM
Hello

Thank you for the reply!

Thats not exactly what i was looking for. Its okay for our network. But we use this for remote support, like teamviewer. In order to get it working we had to set up a server, so we did. I tested it here and it works. Instead of server in the MFP you use client. Now for security reasons we placed inside DMZ and made it accesible from the internet. The only ting we have to do now is connecting the printers to that server. On the network side everything is double checked and checked again, thats working. The client software can access the server from everywhere outside the network so thats working.

I've added the manual i used to install all this.

TheOwl
01-08-2013, 10:51 PM
I think the setting that you are looking for is as follows:

1. Web interface of copier
2. Login as Administrator
3. Security
4. Certificate Verification Setting
5. Turn off the Certificate Verification

I have had to do this before with these machines when getting them to embed with PaperCut. Because the server had a self signed certificate installed, the machine didn't automatically trust the certificate and therefore wouldn't connect.

Try turning this setting off and see if it helps. If it does, then you might just want to spend the $60 odd bucks and get a CA certificate (signed via a trusted Certificate Authority) which would save having to change every machine.

morpk
01-09-2013, 12:48 AM
were can i download this?, i just check the CSES site and can't find it.

RRodgers
01-09-2013, 03:15 AM
were can i download this?, i just check the CSES site and can't find it.
Right on the copier. :)

miesjel
01-09-2013, 06:47 AM
Okay, i will try that thank you!

We do want to buy a certificate but I want to test everything first :)




I think the setting that you are looking for is as follows:

1. Web interface of copier
2. Login as Administrator
3. Security
4. Certificate Verification Setting
5. Turn off the Certificate Verification

I have had to do this before with these machines when getting them to embed with PaperCut. Because the server had a self signed certificate installed, the machine didn't automatically trust the certificate and therefore wouldn't connect.

Try turning this setting off and see if it helps. If it does, then you might just want to spend the $60 odd bucks and get a CA certificate (signed via a trusted Certificate Authority) which would save having to change every machine.

miesjel
01-09-2013, 07:04 AM
It doesnt work yet, my settings:

http://i48.tinypic.com/i404d5.png

http://i48.tinypic.com/73kxlc.png

What are the settings when using a CA certificate?

Michel

pepper38_cnd
01-10-2013, 11:35 AM
If you are already using teamviewer to access local work stations externally, why not just access the terminal that does connect to Remote Panel locally through Teamviewer from your help desk and connect that way? Once the copier is set up and actually working it wouldn't be very often you would have to be remoting into it anyway. Just a thought.

miesjel
01-11-2013, 10:26 AM
We recieve a lot of questions regarding settings en how to setup stuff. Also is it possible to access the Service Mode via this screen, wich can be usefull. I dont want to drive 100 km to change one setting en drive back.

oxident
01-12-2013, 12:07 AM
hope this helps

WOW! Thanks for that information. I've been trying for hours now ... but absolutely nowhere in any of the manuals was the information about the correct URL (.../panel/top.html).

JR2ALTA
01-12-2013, 02:24 AM
If you're remoting on the client's PC through TeamViewer, why don't you just open their browser and pull up the machine's web interface.

I'm confused.

oxident
01-12-2013, 08:27 AM
Does anyone know the name of the corresponding -Server- application (in order to use the client setting on those machines)?

miesjel
01-14-2013, 07:22 AM
@JR2ALTA, i dont want to work via someone elses computer. Not every customer wants that.



Its called to Konica Minolta remote Panel tool. You can get it when you are an ASP.

miesjel
01-15-2013, 12:35 PM
Every manual is referring to the manual of the corresponding MFP, but the manuals on the CD (deliverd with the MFP) show nothing about the remote panel config.

TheOwl
02-03-2013, 11:39 PM
I GOT IT, I GOT IT!!!!

Ok, here are the settings that you need to use for both the software and the machines:

Server - Install using all defaults as per the standard installation. Once installed, ensure that you start the "Remote Panel Server" and also click on "Open Port" to punch a hole through the firewall. This hole should only be opened for the client software to communicate with, so there is no need for this port to be opened up and internet facing.

While on the server, ensure that the firewall also allows the following Inbound rule "World Wide Web Services (HTTPS Traffic-In). This should be running on port 443 and this is what is used for machines to connect from the outside world. You will also need to forward port 443 from your router to the IP address of the server.

Client Software - Install as per standard installation. Once the software is run for the first time, you will be presented with the configuration which basically means you just need to type in the address (DNS or IP address if your connection is assigned a static IP). Allow this to run on the default port which is 61239 and should match the port on the server.

Copier Settings - Ensure that you have an SSL Certificate setup on the machine and then configure the following settings on the copier:

Admin Settings > Network Settings > Remote Panel Settings > Client Settings

Port Number - 443 (This is a common port for routers to have open, other wise you would be able to view HTTPS web sites)
Connection Time Out - 60 Sec
Host Address - IP or DNS name of your internet connection such as mail.youcompany.com
Certificate Verification - This will need to be adjusted to the certificate settings on your server installation.
Synchronize WebDav Settings - I haven't entered anything in here.

Once all this has been setup, you can then test the connection.

On the machine go to Utility > Remote Panel Operation > Start

A randomly generated PIN will be displayed on the display of the machine and is required for the connection to be successful. You can now go to the client software and you should see a machine in the list. Once you attempt to start a connection with the machine, you will be requested to enter in the PIN number. If you have entered in the PIN correctly, you should now see the machine's panel.

This setup is done so that machines can be remote controlled on a customers network without any setup requirements on the customers network other than having port 443 allowed for outbound traffic on their router. As I previously stated, if 443 isn't opened on the customers router, then they won't be able to view HTTPS web pages.

The way I described this software to our sales guys is "Think of it as TeamViewer for the 4 Series Konica Minolta devices. You have a user initiated remote session which you are then able to connect to as long as the customer give you the correct PIN". This makes the customers feel more secure as well as they will know that we can't access the devices remotely without them knowing or giving us the PIN.

Play around with this stuff guys as it IS a powerful sales and technical tool which be utilised to decrease you response times and help users in remote areas without having to leave you desk.

I will also be allowing our helpdesk girls to access this as they will also be able to better inform techs of error codes and jams statuses in the event of getting that typical user on the phone requesting for help.

miesjel
02-04-2013, 07:34 AM
hello!

Thats fast! Good to hear you got it all working. I think i've found whats going wrong on my end. Port 443 is directed to an other server than the server Remote panels software works on, what i didnt know. I got everything set-up the same as you did but now I might know whats wrong.

I'll have to talk with my coworker on how to fix this. Thanks for looking in to it and letting me know the results!! You helped me out a lot by doing this!

Michel

TheOwl
02-04-2013, 09:57 PM
Wiht out 443 forwarded to the correct server, you are dead in the water so to speak.

The only issue that I have with forwarding this port is that I lost my webmail server, but I can access that in many different ways. What I might end up doing is getting another static IP address assigned to the network so that I can segregate 443 by different IP addresses.

Either that or do the unthinkable and use a different port number other than 443... lol

miesjel
02-05-2013, 08:07 AM
Ill let you know how we fixed it to get it working. We will lose our mail server as well when i forward 443 to the other server. Ill get back to you :)

habik
02-05-2013, 09:15 AM
I GOT IT, I GOT IT!!!!

Ok, here are the settings that you need to use for both the software and the machines:

Server - Install using all defaults as per the standard installation. Once installed, ensure that you start the "Remote Panel Server" and also click on "Open Port" to punch a hole through the firewall. This hole should only be opened for the client software to communicate with, so there is no need for this port to be opened up and internet facing.

While on the server, ensure that the firewall also allows the following Inbound rule "World Wide Web Services (HTTPS Traffic-In). This should be running on port 443 and this is what is used for machines to connect from the outside world. You will also need to forward port 443 from your router to the IP address of the server.

Client Software - Install as per standard installation. Once the software is run for the first time, you will be presented with the configuration which basically means you just need to type in the address (DNS or IP address if your connection is assigned a static IP). Allow this to run on the default port which is 61239 and should match the port on the server.

Copier Settings - Ensure that you have an SSL Certificate setup on the machine and then configure the following settings on the copier:

Admin Settings > Network Settings > Remote Panel Settings > Client Settings

Port Number - 443 (This is a common port for routers to have open, other wise you would be able to view HTTPS web sites)
Connection Time Out - 60 Sec
Host Address - IP or DNS name of your internet connection such as mail.youcompany.com
Certificate Verification - This will need to be adjusted to the certificate settings on your server installation.
Synchronize WebDav Settings - I haven't entered anything in here.

Once all this has been setup, you can then test the connection.

On the machine go to Utility > Remote Panel Operation > Start

A randomly generated PIN will be displayed on the display of the machine and is required for the connection to be successful. You can now go to the client software and you should see a machine in the list. Once you attempt to start a connection with the machine, you will be requested to enter in the PIN number. If you have entered in the PIN correctly, you should now see the machine's panel.

This setup is done so that machines can be remote controlled on a customers network without any setup requirements on the customers network other than having port 443 allowed for outbound traffic on their router. As I previously stated, if 443 isn't opened on the customers router, then they won't be able to view HTTPS web pages.

The way I described this software to our sales guys is "Think of it as TeamViewer for the 4 Series Konica Minolta devices. You have a user initiated remote session which you are then able to connect to as long as the customer give you the correct PIN". This makes the customers feel more secure as well as they will know that we can't access the devices remotely without them knowing or giving us the PIN.

Play around with this stuff guys as it IS a powerful sales and technical tool which be utilised to decrease you response times and help users in remote areas without having to leave you desk.

I will also be allowing our helpdesk girls to access this as they will also be able to better inform techs of error codes and jams statuses in the event of getting that typical user on the phone requesting for help.


Dude! You are brilliant! Thanks a lot. Have not used it..yet, but surely it is one of the set-ups I will keep on file as a reference! Can't give you rep as the last one went to you :) so .. Here it is " You have been awarded a Administrators IT Xross for best IT services on Copytechnet" Howl :P

miesjel
02-28-2013, 02:03 PM
How do i need to setup the SSLCertificate settings on the machine (under the Security Tab)?

Thanks in advance.

I think we are almost there, server and firewall are all setup correctly (as you described).

emujo
02-28-2013, 04:37 PM
I use the remote panel tool frequently, as it is a huge time saver..Wish KM would incorporate this tool on the new B&W MFPs..

If it can help, here are my settings;

After inputting all basic network info including DNS and Domain settings...

1. Create a new self-signed certificate, make it the default and delete the original.
2. Turn on SSL for user and admin modes
3. Under network settings, check all the boxes under open API and TCP Socket settings
4. Turn on the client settings under remote panel settings..I have never used the server side and I'm not sure how it works

Open a web browser and type https://IPADDRESS:50443/panel/top.html

Now you have access to the MFP as if you were standing right in front of it. You can also access service mode from here. I have used this tool to fix a lot of VCARE issues without needing to drive to the site...helps to have a accomodating customer that is willing to do a remote session with you though. EMujo

TheOwl
02-28-2013, 10:04 PM
Are you talking about the certificate verification settings under the Server Settings or just how to create an SSL Certificate?

In the server settings, I just set them to all to not verify which seems to work the best with a Self-Signed Certificate.

Emujo, you should really jump on-board with the server side setup. It means you don't even need to leave the office to get access to the machine. All you need is for some one to press Utility/Counter, Remote Panel Operation, Start and inform you of the temporary PIN code.

We have taken this to the point where I am in the middle of getting approval for a new server at work so I can get this to work for mulitple techs at once by using Microsoft Remote Desktop Services.

miesjel
03-01-2013, 07:12 AM
Im using the client setup on the MFP. But i tought you had to do something under the security tab also, but i guess thats only when using server?

We've also set everything to not confirm but it still isnt working (even on port 443), so i started looking at the security tab.

TheOwl
03-03-2013, 09:47 PM
Have you got port 443 forwarded from your router to the server which is running the Konica Minolta Remote Panel Tool?

Are you using the outside DNS name or the internal DNS name of the server?

Say you have an outside DNS name of abctechs.com as well as a website externally hosted, then you would have two DNS records.

www.abctechs.com (http://www.abctechs.com) - which would point to the IP address of your website host.
mail.abctechs.com - which would be for forwarding email to your email server (doesn't have to be mail.)

You need to make sure that you are using the correct DNS name to sucessfully get back into your own network or the external IP address of your router.

If you like, you can PM me your company name and web details and I will use a tool which should find your MX record which relates to your IP address.

miesjel
03-04-2013, 06:54 AM
I use our external IP adres to connect to our firewall, from there traffic is forwarded to the correct server. We havent registered an DNS name for the remote panel software, maybe later but for now this will do (if i get it to work offcourse!)

TheOwl
03-04-2013, 09:28 PM
Now from what I remember, your server that is running the Remote Panel Software is in your DMZ and the rest of your gear is in your local intranet. Is that correct?

Do you have a firewall between your DMZ and intranet?

Is the copier in the DMZ as well or on your intranet?

Is it possible to put your copier insode the DMZ for testing?

Do you have a customer nearby with a 4 Series device that you could quickly test your settings on?

Is port 443 blocked as an outbound port from your site at all?

Work through those and let us know how you go with each one as they should provide clues as to what is going on.

miesjel
03-05-2013, 07:17 AM
Now from what I remember, your server that is running the Remote Panel Software is in your DMZ and the rest of your gear is in your local intranet. Is that correct?
Not anymore. We have to seperate networks with two internet connections. So there is no DMZ. Its build like two seperate office locations.

Do you have a firewall between your DMZ and intranet?
There is a firewall on the network wich forwards port 443 to the remote panel server.

Is the copier in the DMZ as well or on your intranet?
The copier is on the office network, the server is on the other network. It can only be connected via the world wide web.

Is it possible to put your copier insode the DMZ for testing?
We've done this before placing the server outside the same network, everything worked perfect.

Do you have a customer nearby with a 4 Series device that you could quickly test your settings on?
I've just finished installing one and we are delivering it this week at a site nearby, ill test it out.

Is port 443 blocked as an outbound port from your site at all?
no

Work through those and let us know how you go with each one as they should provide clues as to what is going on.
Thanks :)

miesjel
05-13-2013, 07:59 AM
If i want to use another port instead of 443, can i just change the port number on the printer and on the remote panel server software/settings? And offcourse forward the other port. We need a second mail server on that other network, so 443 cannot be used by remote panel server any longer.

Thanks in advance

TheOwl
05-16-2013, 03:37 AM
I think you only need to forward the port that you use and set the machines to use that port.

kronical
05-21-2013, 08:51 PM
Hello

Thank you for the reply!

Thats not exactly what i was looking for. Its okay for our network. But we use this for remote support, like teamviewer. In order to get it working we had to set up a server, so we did. I tested it here and it works. Instead of server in the MFP you use client. Now for security reasons we placed inside DMZ and made it accesible from the internet. The only ting we have to do now is connecting the printers to that server. On the network side everything is double checked and checked again, thats working. The client software can access the server from everywhere outside the network so thats working.

I've added the manual i used to install all this.

If you are trying to access this outside of the network the machine you are connecting to is on, you need to set up a static route, or port forwarding, on the main router or firewall to direct the traffic coming in on that port to the address of the machine. Without this, the entire network will receive the request and not know where to direct it.

Good example is an FTP server. If you have an FTP server on your network, anyone on that network can access it, as you are directly accessing it via the IP or hostname of the server on that network. Now if you want to access this FTP server outside of the network, there is no direct route to the server itself, as you are actually connecting to the entire network using it's external IP. When the network receives the communication on port 23 (default ftp port) the routing system has no idea where to send the information on the internal network, as such, the routing system needs to have port 23 forwarded to a specific internal IP, that of the server.

Now, I know you aren't dealing with FTP, however you are dealing with a type of server. All servers of any type need to have outside traffic routed/forwarded to it's appropriate destination.

TheOwl
05-22-2013, 12:05 AM
Couple of quick corrections (please take with a grain of salt).

FTP default port number is 21.

When trying to push traffic into a router / modem from the outside world, if there is no port forward for that port and an internal client didn't initiate the traffic to the outside world on that port to start with, then the router / modem will block that traffic and not broadcast through out the internet.

miesjel
05-22-2013, 08:15 AM
Hi Kronical, Thanks for your reply. I know about port forwarding on router/firewall but the problem we are facing is that remote panel used HTTPS protocol, and we have an exhange server on the same network. So if i let remote panel us HTTPS our mail doesnt work. My question was about finding another way to use remote panel and exchange next to each other. (i Hope i made myself clear now, im dutch and my englisch is not as good as yours :o)

TheOwl
05-23-2013, 12:31 AM
Just thought of a way that you make everything work with out changing port numbers.

Have port 443 forwarded to the Remote Panel Server, but for emails, you could setup a VPN so that when you VPN into the network, you would then have access to email either via Outlook directly, or you would just go http://servername/owa to get to the webmail.

Another way around this would be to rent a cloud server and have the client software installed on all computers which are to access the Remote Ranel Server and point them to the cloud server for the connection. You would also then point all your devices to the cloud server and just register a DNS Name for your cloud server like kmrp.company.com.

miesjel
05-23-2013, 08:35 AM
Another way around this would be to rent a cloud server and have the client software installed on all computers which are to access the Remote Ranel Server and point them to the cloud server for the connection. You would also then point all your devices to the cloud server and just register a DNS Name for your cloud server like kmrp.company.com.
Thats a pretty good idea, thanks! Never tought of that but it is actually pretty good!

miesjel
07-19-2013, 11:42 AM
It finally works! Bizhubs outside our office can connect to our remote panel server :D. I took a little longer but its holiday time now so i've lots of time to work this out.

Just another anoying thing has come up. When I start remote panel on the MFP, the screen with pin code appears for a few seconds and then closes. I can connect to the mfp with remote panel but I cant see the display (it stays black). For now it only occurs with the newest bizhub C224e (with newest firmware)
Current settings:
MFP is at a customer site
Server is in our datacenter
Correct port is forwarded to the KM server

There is a connection, because i can see the printer in the remote panel client tool.

any idea?

trscolin
10-04-2014, 10:50 PM
I can't find anything in the manuals about adding user(s) for logging into server web interface. I am assuming I am missing something simple. If someone could let me know were to add a user it would be super appreciated.

Thanks

TheOwl
10-05-2014, 10:37 PM
You need to be looged into the KMRP as an administrator (either the admin or a user set to be an admin). Normal users aren't permitted to add / edit users.

Custom Search