Knowledge Base

Did you know that the DCP includes documentation in the form of Help?

Many of you have seen the Registry Key Assignments document. Well we no longer maintain the PDF of that. The most current Registry documentation is distributed with every JNIOR as part of the DCP.

2017-10-24_14-41-07.png

Every configuration setting is associated with a Registry Key. Simply by placing your mouse over a setting a Tool Tip will display the associated Registry Key for you. You can make use of that if you want to access the Registry by some other means.

A link will also display at the bottom of the page as shown above. If you can remove your mouse from a setting without mousing over another you can then click the link to access the documentation. You can also use the F1 key while holding you mouse over a setting to access the documentation.

A form of context help is provided by opening the distributed Registry Key Assignments document and indexing to the referenced key.

Note that you might need to update your operating system (JANOS) to the latest to get access to all of these features. If you update manually (use JRUPDATE) then you will also need to update /flash/www.zip to install the latest DCP. And if you still get the old applets when you open your browser, then there is probably a /flash/www/index.php or similar index file in that folder that you will need to remove.

If you update using an update project in the Support Tool it is likely that the project takes care of these steps for you.

If you are working at the Command Line through a Telnet connection and want information on a particular Registry Key or setup, simply open your browser to the DCP and hit F1. If you are working in the Console Tab (DCP access to the command line interface) the F1 keystroke gets you to that document as well.

Or you can enter a URL to read it directly as follows:

http://[IP Address]/RegistryDoc.html

Okay, so you might search all through your JNIOR’s file system and not find any RegistryDoc.html file. That is because it is contained within the /flash/www.zip library and JANOS knows how to serve files directly out of a compressed library. It can locate the files using the path to the library, the name of the library and any path therein up to the filename. And since the default root for the Webserver is /flash/www it knows to look right in there.

The Series 4 JNIOR can be configured to send email. The approach is slightly different than what existed in the prior controller series. The differences are driven by the heightened concern for security and an increase in restrictions on email server use.

First of all, we now we require valid user credentials (username and password) for authentication at the defined MailHost. You can only submit email to a Comcast SMTP server if you have a valid Comcast email account for example. Just having a valid Comcast email address or originating on a Comcast subnet is no longer sufficient identification. A login is typically required.

Secondly, the Series 4 can establish SSL/TLS secure connections. That means that your email content and credentials are protected by encryption. This was not possible in the prior series where such communications had to be in the clear and readable by anyone clever enough to sniff the network.

The attached document was written prior to the introduction of the DCP (Dynamic Configuration Pages) which are accessed using your browser. At that time one had to use the IPCONFIG command to enter email user credentials in order to encrypt and protect the account password. Most configuration can be also achieved through Registry key modifications. But the password entry requires the active step of encryption which is handled by IPCONFIG.

I will detail recent changes here.

Configuring JANOS for Email

Up to and including the release of JANOS v1.6.2 email can be delivered through an SMTP port (default 25) or MSA port (default 587). JANOS handles both of these ports in the same manner. The JNIOR will authenticate and then if the STARTTLS option is supported JANOS will establish an encrypted connection. The latter requires that SSL be enabled on the JNIOR which it is by default.

You will not get an indication as whether or not an SSL/TLS connection is in use. You could enable SSL Required but that may have other ramifications (such as requiring the use of HTTPS protocols for web connections).

Beginning with JANOS v1.6.3 you will be able to use the SMTPS port (default 465) for guaranteed secure email delivery. The SMTPS port requires a SSL/TLS secure connection right from the start. The email submission procedure will not proceed until the connection is secure. So in this case you can be certain that content and credentials are fully protected. A new Registry key Email/SMTPS must be set TRUE or enabled so JANOS knows to immediately secure the connection.

By the way, JANOS uses this same STARTTLS option to secure FTP. The JANOS Telnet Server which can be used to access the Command Line interface also supports STARTTLS. In this case the option had be proposed but not adopted. So, to our knowledge, the INTEG Telent tools are the only ones that provide the secure Telnet channel. All of this becomes simple when the DCP is used over a secure connection (HTTPS).

So to setup email on the Series 4:

  1. Make sure that your IP configuration (IP address, Subnet, Gateway and DNS servers) is correct. If you are using the default NTP server for synchronizing the clock and you see that NTP is doing just that by the entry in the system log, then your IP configuration is most likely correct.
  2. Set the MailHost or Mail Server. This would be something along the lines of smtp.comcast.net.
  3. Enter you own email address as the From address. Emails will look like they come from you.
  4. Enter your Username. Depending on the system that may be your email address or just the prefix. Note that IPCONFIG and also the DCP will prompt for a password. Once that is confirmed it will be encrypted and stored securely.
  5. By default the email port is 25. That should work for you. Depending on your service they may ask you to use a different port. Set the port as needed. If it is port 465 (or other SMTPS port) you will need JANOS v1.6.3 and Email/SMTPS enabled.

A good test is to enable the Email On Boot and reboot the JNIOR. That setting is on the events page in the DCP. The document attached above tells you how to use the SENDMAIL command form the Command Line which is also useful for testing.

Since today you really need to keep the Login requirement enabled on your JNIORs, what if you want to serve some Web data publicly? You know, without having everyone use a password?

Well, you probably aren’t aware that in addition to the default WebServer root of /flash/www there is another called /flash/public. Yep. You can probably guess now that anything you put in /flash/public will be served by the WebServer without requiring that the client login/authenticate. Everything else remains secure and requires your login for access.

In fact that is how our HoneyPot unit that is sitting out directly on the Internet lets you access the following page:

http://honeypot.integpg.com/map.php

There you didn’t need to login and yet that JNIOR is secure and nothing else can be accessed or modified without securely logging in.

Pretty sweet, eh? :mrgreen:

Oh and you could rename /flash/www.zip as /flash/public.zip and serve the DCP publicly. Wait! wouldn’t that be dangerous? :o

Well, not really. The DCP makes a secure Websockets connection back to the JNIOR. That Websockets interface requires a login (assuming you haven’t also disabled that). So when you open the public DCP you are again asked to login. You have to properly authenticate before you can really do anything. 8-)

The Series 4 JNIOR supports TLS v1.2 and provides for secure communications through HTTPS port 443. Your unit’s certificate however is not signed by a Trusted Root Authority and you will need to approve access. While that procedure results in secure communications the browser tends to make you think otherwise. But, there is a way to get the coveted Green Secure Logo.

Now when you try to make such a connection you are more than likely going to be confronted by something like this:

I am using Chrome and every browser has its own way to scare you. In this case I would need to use the ‘ADVANCED’ link in the lower left.
In clicking ‘ADVANCED’ there is a bit of an explanation. Here I have to option to proceed.

Note that it says “unsafe” but you are accessing the JNIOR and what does the browser know about that? Why is the JNIOR unsafe? But if you were heading to your bank and plan to enter all of your secrets I guess then this might be unsafe. When you proceed (and the JNIOR is safe!) you get the page.

Even though it says that you are “Not Secure” the communications are indeed encrypted and quite secure. The browser just can be certain that you are communicating with someone or something that you can trust. By the way, I snapped the image before the map markers appeared.
Generally you can click on the red “Not Secure” logo and obtain some further details. There generally is some way to view the certificate and potentially trust it. I will show you how that is done at least with my version of Windows 7.

I am going to take you through the manual procedure as a browser-independent approach. First you will need a copy of the JNIOR’s certificate. Now it may be possible to get that using the browser. You would need to do that if you were not the administrator of the JNIOR. That would be the case for you and our HoneyPot unit.
Assuming that you are the administrator of your JNIOR, log into the the command line Console. We are going to use the CERTMGR command to get a copy of the current certificate. Note that when you change the unit’s IP address or hostname a new certificate will be automatically generated That new certificate will be different than one that you may have trusted. So you may need to repeat this for units running DHCP if they are assigned a new IP address and simply don’t continue to renew the same one.

HoneyPot /> help certmgr
CERTMGR
 -V             Verify installed keys and certificate
 -C [file]      Regenerate Certificate [Install file]
 -S file        Verify signature on certificate
 -K file        Install RSA Key Pair
 -D [file]      Decode and dump certificate [file]
 -E file        Export certificate to file
 -B             Export in binary
 -G [len]       Generate key pair [bit length]
 -R             Restore default credentials
SSL Certificate Management.
HoneyPot />

So here we see that the -E option will export the certificate. Simply use the following command to export the certificate to a file. The CER extension is appropriate.

Download the honeypot.cer certificate

Finally download this file to your PC. You can do that through the Folders tab in the DCP by double-clicking the file or through FTP however you like.

Now we are going to use the Microsoft Management Console (MMC) to import this certificate into the trusted area. Note that by doing so you are not creating any risk. The JNIOR’s certificate cannot be used to sign other certificates and having it present in the Certificate Store will not trust anything other than your JNIOR (and then only for as long as that certificate stays active).
In the following procedure you will open the MMC as an administrator, add the snap-in that handles Certificates, and import the JNIOR’s certificate into the proper trusted store.

  1. Open the Start Menu and enter “MMC” to search.
  2. Right-click on mmc.exe and select ‘Run as Administrator’. Allow the console to run.
  3. Click ‘File’ and “Add/Remove snap-in..’ from the menu bar.
  4. From the Available snap-ins select ‘Certificates’ and click ‘Add’. You will be managing certificates for the ‘Computer Account’ on the ‘Local Computer’. Click ‘Finish’ and ‘Ok’ to return to the main MMC screen.
  5. Expand ‘Certificates (Local Computer)’.
  6. Expand ‘Trusted Root Certificate Authorities’.
  7. Click ‘Certificates’. A lengthy list should appear on the right.
  8. Right-click on ‘Trusted Root Certificate Authorities’ back on the left and select ‘All Tasks’ and ‘Import…’. You can also right-click on ‘Certificates’ over there and get to the same ‘Import..’ action.
  9. Click ‘Next’ and follow the WIzard. You will browser for your CER file. Then use ‘Next’, ‘Finish’ and ‘Ok’ to perform the import. You should see a message indicating success.

Your certificate will now appear in the lengthy list of root certificates. Note that at some point you may have older certificates here for JNIORs. You can right-click them to ‘Delete; the older ones. Make sure to only delete JNIOR certificates. You don’t want to disturb the computers normal chains of trust.
Now exit the MMC and you don’t need to save the console.
Access your JNIOR using the HTTPS form of URL in your browser and you should now see the Green Secure logo!

Attached is the CER file for HoneyPot as of this writing. This has been pretty stable as this unit has a fixed IP address. If you add this to your Trusted Root Certificate Authorities store you will get the Green Secure logo too.
By the way the JNIOR can show you the content of these CER files. It is pretty cryptic and some of us know what it all means.

CODE: SELECT ALL

HoneyPot /> certmgr -d honeypot.cer
0000  30 82 02 ED    SEQUENCE {  (749 bytes)
0004  30 82 02 56    |  SEQUENCE {  (598 bytes)
0008  A0 03          |  |  [0] EXPLICIT {  (3 bytes)
000A  02 01          |  |  |  INTEGER 02
                     |  |  }
000D  02 04          |  |  INTEGER 2499A900
0013  30 0D          |  |  SEQUENCE {  (13 bytes)
0015  06 09          |  |  |  OBJECT IDENTIFIER 1.2.840.113549.1.1.11
0020  05 00          |  |  |  NULL
                     |  |  }
0022  30 81 81       |  |  SEQUENCE {  (129 bytes)
0025  31 20          |  |  |  SET {  (32 bytes)
0027  30 1E          |  |  |  |  SEQUENCE {  (30 bytes)
0029  06 03          |  |  |  |  |  OBJECT IDENTIFIER 2.5.4.10
002E  0C 17          |  |  |  |  |  UTF8STRING 'INTEG Process Group Inc'
                     |  |  |  |  }
                     |  |  |  }
0047  31 17          |  |  |  SET {  (23 bytes)
0049  30 15          |  |  |  |  SEQUENCE {  (21 bytes)
004B  06 03          |  |  |  |  |  OBJECT IDENTIFIER 2.5.4.11
0050  0C 0E          |  |  |  |  |  UTF8STRING 'JNIOR Controls'
                     |  |  |  |  }
                     |  |  |  }
0060  31 1D          |  |  |  SET {  (29 bytes)
0062  30 1B          |  |  |  |  SEQUENCE {  (27 bytes)
0064  06 03          |  |  |  |  |  OBJECT IDENTIFIER 2.5.4.3
0069  0C 14          |  |  |  |  |  UTF8STRING 'honeypot.integpg.com'
                     |  |  |  |  }
                     |  |  |  }
007F  31 25          |  |  |  SET {  (37 bytes)
0081  30 23          |  |  |  |  SEQUENCE {  (35 bytes)
0083  06 09          |  |  |  |  |  OBJECT IDENTIFIER 1.2.840.113549.1.9.1
008E  16 16          |  |  |  |  |  IA5STRING 'bcloutier2@comcast.net'
                     |  |  |  |  }
                     |  |  |  }
                     |  |  }
00A6  30 1E          |  |  SEQUENCE {  (30 bytes)
00A8  17 0D          |  |  |  UTCTIME[13] 170322173023Z
00B7  17 0D          |  |  |  UTCTIME[13] 190322173023Z
                     |  |  }
00C6  30 81 81       |  |  SEQUENCE {  (129 bytes)
00C9  31 20          |  |  |  SET {  (32 bytes)
00CB  30 1E          |  |  |  |  SEQUENCE {  (30 bytes)
00CD  06 03          |  |  |  |  |  OBJECT IDENTIFIER 2.5.4.10
00D2  0C 17          |  |  |  |  |  UTF8STRING 'INTEG Process Group Inc'
                     |  |  |  |  }
                     |  |  |  }
00EB  31 17          |  |  |  SET {  (23 bytes)
00ED  30 15          |  |  |  |  SEQUENCE {  (21 bytes)
00EF  06 03          |  |  |  |  |  OBJECT IDENTIFIER 2.5.4.11
00F4  0C 0E          |  |  |  |  |  UTF8STRING 'JNIOR Controls'
                     |  |  |  |  }
                     |  |  |  }
0104  31 1D          |  |  |  SET {  (29 bytes)
0106  30 1B          |  |  |  |  SEQUENCE {  (27 bytes)
0108  06 03          |  |  |  |  |  OBJECT IDENTIFIER 2.5.4.3
010D  0C 14          |  |  |  |  |  UTF8STRING 'honeypot.integpg.com'
                     |  |  |  |  }
                     |  |  |  }
0123  31 25          |  |  |  SET {  (37 bytes)
0125  30 23          |  |  |  |  SEQUENCE {  (35 bytes)
0127  06 09          |  |  |  |  |  OBJECT IDENTIFIER 1.2.840.113549.1.9.1
0132  16 16          |  |  |  |  |  IA5STRING 'bcloutier2@comcast.net'
                     |  |  |  |  }
                     |  |  |  }
                     |  |  }
014A  30 81 9F       |  |  SEQUENCE {  (159 bytes)
014D  30 0D          |  |  |  SEQUENCE {  (13 bytes)
014F  06 09          |  |  |  |  OBJECT IDENTIFIER 1.2.840.113549.1.1.1
015A  05 00          |  |  |  |  NULL
                     |  |  |  }
015C  03 81 8D       |  |  |  BITSTRING[140] Encapsulates {
0000  30 81 89       |  |  |  |  SEQUENCE {  (137 bytes)
0003  02 81 81       |  |  |  |  |  INTEGER
                     |  |  |  |  |     A99483174B2EBC8578ECEA5BE9F75840703B06EA49D9333D
                     |  |  |  |  |     493D035A8D84DB5AB7E5491D334BAF1B59A3A271E25C4276
                     |  |  |  |  |     D410F3B3C90E801E89A162C6A282EC51AB05CF9731561A95
                     |  |  |  |  |     22A0B3039DF72FA25BA1061E6BBB7A1AA6B287A314FDDBB9
                     |  |  |  |  |     E1034B45D5E1FFC15A59C40D772D3CDAD6142A707650F11E
                     |  |  |  |  |     BCD30CFF75E65E91
0087  02 03          |  |  |  |  |  INTEGER 010001
                     |  |  |  |  }
                     |  |  |  }
                     |  |  }
01EC  A3 70          |  |  [3] EXPLICIT {  (112 bytes)
01EE  30 6E          |  |  |  SEQUENCE {  (110 bytes)
01F0  30 1D          |  |  |  |  SEQUENCE {  (29 bytes)
01F2  06 03          |  |  |  |  |  OBJECT IDENTIFIER 2.5.29.14
01F7  04 16          |  |  |  |  |  OCTETSTRING[22] Encapsulates {
0000  04 14          |  |  |  |  |  |  OCTETSTRING[20]
                     |  |  |  |  |  |     29CB0357BCDD26E78AD5E564C1D087B0  )..W..&....d....
                     |  |  |  |  |  |     3B583082                          ;X0.
                     |  |  |  |  |  }
                     |  |  |  |  }
020F  30 0C          |  |  |  |  SEQUENCE {  (12 bytes)
0211  06 03          |  |  |  |  |  OBJECT IDENTIFIER 2.5.29.19
0216  04 05          |  |  |  |  |  OCTETSTRING[5] Encapsulates {
0000  30 03          |  |  |  |  |  |  SEQUENCE {  (3 bytes)
0002  01 01          |  |  |  |  |  |  |  BOOLEAN TRUE(255)
                     |  |  |  |  |  |  }
                     |  |  |  |  |  }
                     |  |  |  |  }
021D  30 3F          |  |  |  |  SEQUENCE {  (63 bytes)
021F  06 03          |  |  |  |  |  OBJECT IDENTIFIER 2.5.29.17
0224  04 38          |  |  |  |  |  OCTETSTRING[56] Encapsulates {
0000  30 36          |  |  |  |  |  |  SEQUENCE {  (54 bytes)
0002  87 04          |  |  |  |  |  |  |  [7] 32C5224B  2."K
0008  82 14          |  |  |  |  |  |  |  [2]
                     |  |  |  |  |  |  |     686F6E6579706F742E696E7465677067  honeypot.integpg
                     |  |  |  |  |  |  |     2E636F6D                          .com
001E  82 08          |  |  |  |  |  |  |  [2] 686F6E6579706F74  honeypot
0028  82 0E          |  |  |  |  |  |  |  [2] 686F6E6579706F745F6A6E696F72  honeypot_jnior
                     |  |  |  |  |  |  }
                     |  |  |  |  |  }
                     |  |  |  |  }
                     |  |  |  }
                     |  |  }
                     |  }
025E  30 0D          |  SEQUENCE {  (13 bytes)
0260  06 09          |  |  OBJECT IDENTIFIER 1.2.840.113549.1.1.11
026B  05 00          |  |  NULL
                     |  }
026D  03 81 81       |  BITSTRING[128]  0 unused bits
                     |     2B42E05E331AEEB265F4DAC118DF73E7  +B.^3...e.....s.
                     |     F555D72605F6ECAB67D860324A7C5056  .U.&....g.`2J|PV
                     |     14C5203337A98C2157D85C57A736B82D  .. 37..!W.\W.6.-
                     |     DA88475E93A6C9FC2C5983678C8D461A  ..G^....,Y.g..F.
                     |     9CE7F53A2766DBBD26C0B99CE1F4514F  ...:'f..&.....QO
                     |     6BAC3D09C33000BC7E5F6151C0BA175F  k.=..0..~_aQ..._
                     |     29B6E73B8E7FEBAE1099269A9AFD7067  )..;......&...pg
                     |     17C67CF9C7F17EBB3F8DB2ED4353C2D1  ..|...~.?...CS..
                     }
HoneyPot />

Download the honeypot.cer certificate

The Series 4 has moved away from the use of Java applets for the configuration pages. These pages are reached through the web interface and used to control and configure the JNIOR. Java applets can no longer be simply executed by browsers. For the most part this is due to security concerns in executing client-side programs. It was also the result of improvements in JavaScript and the fact that most client-side operations can be easily accomplished using that alone.

In order to control the Series 3 the web site has to make a connection to the JNIOR Protocol port (default 9200). JavaScript cannot do this. It can be accomplished by a Java applet. Thus, we relied on that for some years and still need it for the Series 3.

The Series 4 supports a built-in Websockets interface. Websockets operates through the standard HTTP ports and is supported by all browsers. The JNIOR Websockets interface supports all of the same functionality of the JNIOR Protocol and much more. The JNIOR Protocol is a binary protocol and challenging to implement. Websockets is JSON based and much more straight forward.

If your Series 4 is still presenting you with the applet issue, you need to update. We recommend always that you run the latest JANOS release. The update project for that will replace the applets with the DCP.

You should be running at least JANOS v1.6.2. If you update JANOS manually using a UPD. The DCP is installed by copying the www.zip file into the /flash folder. You should also make sure that any index.html or index.php file is removed from the /flash/www folder.

This www.zip folder should not be expanded as JANOS serves files directly from the compressed library.

This is what the DCP looks like.

2017-10-19_16-13-46.png

A controller depends on the availability of good clean and stable power. Unfortunately with the JNIOR any small interruption or glitch in the power source results in a reboot. Applications need to be written to handle unscheduled restarts.

The recommended solution is to place all critical systems on an Uninterruptible Power Source (UPS) like those available from APC.

Things like air conditioner compressors can cause momentary dips in local power. The amperage of the power circuit and distance from the subpanel come into play here. The voltage available at the end of wiring that operates near its rated current or that may be lengthy tends to be easily affected by current surges. The voltage drops very briefly. That minor drop can be significant enough to reboot a JNIOR located on that circuit. And, the addition of a separate UPS means extra cost.

The 412DMX model of JNIOR is being developed and here we are testing the new internal power circuit. This JNIOR will incorporate “ride-thru” power supply technology. Regardless of the selection of buzz words that we use to describe it, the basic function is to store enough energy to keep the JNIOR powered through a momentary loss of external power. The implementation will flash the blue power LED to indicate the loss of external power. If power is restored before the stored energy runs out then the JNIOR continues unaffected. The loss of external power and its restoration are logged in the system log. Here we let it run out to see how long we really have.

Can you do that? Does it work? Well observe the first prototype:

The birth of any operating system, and this is true for JANOS (Series 4) as well, begins with serial access to a command line interface. There are often boot and diagnostic messages transmitted over that first communications channel. The Series 3 is based up the TINI Operating System and the RS-232 (COM) port located at the bottom of the unit next to the ETHERNET (LAN) port is that very diagnostic channel for TINI.

The DB-9F connector there was designed to be directly connected to the COM serial port on the PC. Only a straight-thru M-F serial cable was required. Communications are at 115.2 Kbaud, 8 data bits, 1 stop bit and no parity. There is no handshake and this port is 3-wire (Rx, Tx and GND). Today no PC is manufactured with such a COM port. Fortunately USB-to-Serial adapters are readily available and provide the necessary compatible connection point.

If you are working with the JNIOR for the first time you may want to first try this serial connection. A new unit or one that has been configured to work elsewhere will not be immediately compatible with your network. While there are alternative solutions to the network setup the serial connection is the most basic. It is the only place where you can “watch” the unit go through it’s boot procedures.

This connection point and its use remain consistent through the Series 4 products. The command line interface found there is the same. There is a huge difference in response (where the Series 4 shines) and the diagnostic messages are different.

Now with the JNIOR powered and the serial port connected to the PC you can use a Terminal program. We used to use hypertext but now MS no longer distributes that. Nice of them, eh? You can use PuTTY (http://www.putty.org/) and configure for the proper baud rate (115,200) and data format (8/1/none).

If you open the port and strike any key (i.e. Enter) you should obtain something like the following on a Series 3).

Here, for example, is a terminal program that I designed for JNIOR use in-house but PuTTY works perfectly. This one has the capability to force a jnior:jnior login (administrator account ‘jnior’, default password ‘jnior’) because, as you can imagine, we here at INTEG log into JNIORs a lot!

If you have obtained your JNIOR from a prior installation the passwords may have been changed. There is a significant chance though that they have not and the above jnior:jnior login could work. Most Series 3 JNIORs have gone into physically secure networks where customers have not had the need to vary from default passwords.

If you can successfully login to the ‘jnior’ account you will reach the command line. Note that if you access the command line through a network Telnet connection the ‘TINI’ prompt is replaced by the unit’s defined hostname. Byte default the hostname is the unit’s serial number prefixed with ‘jr’.

There are a number of commands available at this point. The command line here emulates some DOS commands and some Linux commands. the goal being that it should appear familiar to those that work in either environment. But there are differences and the HELP command can be used to retrieve some limited assistance.

If the ‘jnior’ account password has been changed there is another administrator’s account that you can try. Try to login to the ‘admin’ account using the default password ‘admin’.

The Series 3 does not have a USERS command that would list the set of defined users. This has been added in the Series 4. Most customers are unaware of the ‘jnior’ account out of necessity but are not aware that there are also ‘guest’, ‘user’ and ‘admin’ accounts the latter also being an administrator.

On the Series 3 you can check the available accounts by displaying the content of the etc/passwd file. There is an entry in this file for each user. The username is apparent although the password is encrypted. The trailing user ID represents the user level. A ‘128’ signifies an administrator. A ’64’ a user who does not have administrator privileges but can control the unit’s outputs. And the ‘0’ representing a guest who can monitor the JNIOR’s IO status but cannot alter anything.

It is highly likely that the prior administrator of your JNIOR was unaware of these accounts and you can gain access using the ‘admin’ account. You can then utilize the PASSWD command to reset the password for the ‘jnior’ account. Um, perhaps setting it back to the default until you place your Series 3 JNIOR in service on-line someplace.

Note that you can use the ‘rm etc/passwd’ command and delete the passwd file and reboot (use the ‘reboot’ command or pull power). The boot process will restore the default etc/passwd file and therefore all of the default accounts.

If you cannot gain access with either the ‘jnior’ or ‘admin’ accounts then a more elaborate procedure will be required. That is beyond the scope of this thread. I’ll address it in another.

So now you are connected to the serial COM port (labelled “RS-232”) and it is supposedly the “diagnostic port”. That would tend to mean that the system might just blurt diagnostic messages out of this port regardless of what you might otherwise be using it for. Well that is true. Generally these messages are only issued during boot up. And, you can disable them if you are planning on using the port to communicate with another device.

So let’s watch the boot. The Series 3 is painful in that the boot takes a minute. That is very much unlike the Series 4 which completes the boot process so fast that you have barely removed your hand from the power connector. Here’s the Series 3 boot:

By the way the POR (Power On Reset) count reported in the above video is 00000001 because the battery in that unit is DEAD. This is likely going to be the case in many Series 3 units now that the line is over a decade old. If you are handy with the soldering iron that can be fixed. See the post 310/312/314 Battery Replacement.

Under certain conditions the Series 3 JNIORs are not able to obtain IP addressing via DHCP. This is due to a flaw in the early implementation of IPv6, The bug is part of the built-in TINI operating system supplied by the component manufacturer and INTEG is not able to directly correct it.

You can disable the use of IPv6 by making the call to com.dalsemi.tininet.TININet.enableIPv6 with a ‘false’ boolean parameter. As this would require a change to the OS release and the product being no longer in production and deprecated, the recommendation is to disable IPv6 on the local subnet or use a fixed IP address. Since a fixed IP address is usually required and few JNIORs actually use DHCP the OS update is not scheduled.

Alternatively an application can be set to run on boot that makes the call.

If you have a 310/312/314 Series 3 JNIOR you may also have its wall power supply. As we ship JNIORs in bulk we often supply them without the corresponding power supplies. Customers often use their own power sources. So you might just have the JNIOR or perhaps its original supply is still in service with a replacement Series 4.

By itself the JNIOR is not self explanatory. It’s a 6″ by 4″ by a little over 1″ black box with connectors filling the 4 sides. On the cover there are places for 18 LED indicators. You may recognize two DB-9F connectors for serial communications. You likely notice the CAT5 LAN connector. But the rest is somewhat mysterious. So what is next?

Typically we supply the JNIOR with a 12VDC Regulated 1A wall mounted power supply. Some series 3 are labelled with ‘9-24V DC/AC’ and some with ’12-24V DC/AC’. While the JNIOR will operate with a 9VDC supply that turns out to be too close to the low side and does not afford enough margin to insure reliable operation under all conditions. So at some point we made 12V the recommended low end.

The 4-position connector at the top of the unit is for the supply. The positive lead is connected to either of the left two positions (1 or 2) and the negative to either of the right two (3 or 4). We supply connectors wired to the center two positions, positive to pin 2 and negative to pin 3. The other two pins are there to allow you to tap this voltage for use in simple circuits involving the digital inputs or relay outputs as needed. Of course if an AC power source is used it is connected to pins 2 and 3 without regards to polarity.

One advantage to this particular design is that if you make an error and connect the DC supply backwards it will still work. Note though that the negative lead IS NOT circuit GND. More on that later.

Using any appropriate power source (and we all have a box of them laying around these days) the JNIOR should power up. A GREEN LED to the left next to the power specification will illuminate to indicate that power has been applied. We improved on this in the Series 4. The leftmost LED on the Series 4 is BLUE. That greatly enhances the product. :-)

Actually, it is hard to resist a BLUE LED. They were a rarity for many years. When we built the first Series 4 units the prototype boards were installed in Series 3 enclosures. I elected to use a BLUE LED for the power indicator so we could easily tell a prototype Series 4 from a standard Series 3. We have so many mounted around the office. It was supposed to be temporary but democracy prevailed and we were destined to leave it that way.

So power up your Series 3. If the LED illuminates then your internal power rails have reached their proper voltages. You should also see the rightmost LED (ORANGE) come on for a brief period. That is illuminated during the OS boot. It also flashes indicating connection status. More on that at some other time. The rest of the indicators are RED and will display the state of the corresponding input or output.

By the way if you have a Series 4 you will notice one other difference (besides the BLUE LED). When the Series 4 boots the ORANGE Status LED flashes on for no more than a second or two. That is because JANOS boots in just a couple of seconds and applications start in seconds.

The operating system on the Series 3 however can take minutes to boot. The ORANGE status LED only illuminating as the base TINI operating system loads and subsequently the JniorOS loads. Once that is done applications then load. The boot process is lengthy but the unit will get it job done.

So the Series 3 internal power supply is a bit unconventional. While we typically power the unit with 12VDC it is designed to be powered by an AC source. Here is the front end. I had to go back and reinstall OrCAD to get to these schematics. We use Altium for the Series 4.

It is important here to note that the negative (-) power supply connection IS NOT the same as GND.

Now that generally isn’t an issue as all of the JNIOR’s inputs are isolated and all of the outputs are dry relay contacts and therefore also isolated. The GND signal does appear on the serial connectors and on the Sensor Port. The external modules that are designed to run on our Sensor Port are also isolated. The bottom line is that you can possibly cause an issue if you ground (GND) the negative (-) supply lead and then also connect the GND pin of either serial port. This is also true with the Series 4 with the exception of the 412DMX that is currently under development.

Another issue that has been corrected in the Series 4 JNIOR is that the negative path is not fused. In this case if a grounding problem occurs and you use the GND pin of one of the serial ports you can cause high current to flow through the product. As mentioned this has been corrected with the addition of the second fuse on Series 4 units.

The VUNREG here supplies the rest of the power supply regulation. With a 12VDC regulated source VUNREG will be somewhat less than 12V but sufficient to power the regulator that generates the internal 5V rail. That was not true with a 9VDC source under some load. Thus, the change to a minimum 12VDC.

Another concern here is that if you use a 24VRMS AC source VUNREG becomes 34V challenging the 5V regulator to follow. This is easily worsened in an HVAC environment where the 24VAC supply can be an unloaded transformer with more like 30V+ RMS. VUNREG can exceed 40V and component ratings including the rating of the subsequent 5V regulator become a concern.

So run the JNIOR with a 12VDC 1A regulated supply and avoid issues. Use increased voltages with caution.

One does not need to use a Regulated external supply. That does insure though that you have precisely the voltage that you want. Unregulated supplies tend to vary more significantly in voltage than you would think from the nominal.

The internal 5V (VCC5) is used to power our relay coils. It if stepped down further to provide the 3.3V (VCC) and 1.8V (VCC1) rails that the processor and digital circuits require.

You can see here that the GREEN (BLUE in Series 4) Power LED illuminates when the 3.3V rail is powered.

The internal Series 3 power supply produces 5V at 0.75A (stepped up to 1A with Series 4) driving the rest of the product. In addition to relay coils the 5V is presented to the Sensor Port circuit as a source of power for external modules. The Series 3 also supplies the VUNREG to the Sensor Port which was not used and removed for Series 4.

To verify the supplies on the bench, power the JNIOR with 12VDC. You can check each rail across the associated capacitors as show below.

Here we note that VUNREG is approximately 10.6V showing the diode drops from the supplied 12V inherent in the full-wave bridge. The 5V (VCC5) and 3.3V (VCC) rails are nearby and easily checked. The 1.8V (VCC1) rail is developed at the far other end of the board as shown below.

That pretty much covers the power supply requirements, powering your JNIOR and testing voltages.

If you have a Series 3 that no longer functions, check carefully for evidence of damage from over-voltage or high-current in the area of the 5V regulator. The use of excessive input voltages can melt traces around the power connector. A grounding issue can cause damage to the 5V regulator U12 which can show physical damage. In these cases the JNIOR more than likely cannot be repaired.

In some cases the Power LED did not illuminate as a result of a bad LED or poor soldering. Voltages are otherwise as expected. Most of those failures are caught in production. A marginal solder joint can operate for some time but as pass production tests. But after aging it can present as an open circuit.

This power supply has proven to be very reliable. INTEG has seen an extremely small percentage in failure rate. In general, most causes have been tracked to improper external wiring and severe grounding issues.

The Series 3 JNIOR is no longer in production. The 310, 312 and 314 have some time ago been replaced by the much more capable Series 4 models 410, 412 and 414. All versions of JNIOR utilize a 3V Lithium cell as battery backup for the time clock and the RAM based portion of the file system. While the Series 4 employ standard coin cells (CR2016 or CR2032) that can be easily replaced with batteries available from your local convenience store, the Series 3 batteries are soldered in place.

The one shown here is dead. So DEAD in fact that you can barely detect the 0.008 volts that remain.

These batteries were expected to last 10 years in the typical JNIOR application where the unit remains powered 24/7 or nearly so. In applications where the JNIOR is powered less than 8 hours per day these batteries need to be replaced after about 6 years of service.

Note that the battery IS NOT required for product operation. In situations where the time clock needs to be accurate (scheduling) then units should be updating their clocks from a separate time server (NTP) through the network. The clock will be set after booting. The RAM based portion of the file system retains log files which are normally only necessary for debugging. Those files need not be retained through power loss.

INTEG no longer has inventory for these batteries. It is not cost effective for us to replace them.

If you feel confident using a soldering iron, these batteries can be replaced.

The original battery was Panasonic BR1632A/HAN and is currently not in stock at DigiKey. However, you can use the Panasonic BR-1632/HFN battery and at this writing there appears to be sufficient stock. These are less than $2 in quantities of a few.
https://www.digikey.com/products/en?keywords=P299-ND

You can however use any 3V battery source. You might add wires to accept wired batteries. You might even find a coin cell holder to fit. The pin spacing is 15.2mm. But since you will likely not need to replace the battery or another half dozen years you might not get too fancy.

Desoldering is tricky. First of all the solder has a high melting temperature due to its RoHS nature. Secondly the (-) GND terminal connects to the ground plane which represents a fair heat sink. It will take time and a lot of heat to loosen the negative battery terminal. Replacement is simpler if you first carefully cut the existing battery off of the board. The positive lead can be removed easily with the simplest desoldering equipment. The negative lead will take some effort. I end up using a hot air soldering iron in combination with a desoldering station. Be patient. It can be done.

Even though an old battery may be dead it should be disposed of properly. Most instructions for Lithium cell displosal are referring to serious batteries like that for your laptop computer. Those may require a more complicated procedure. If necessary in this case you can simply wrap the battery with tape sufficient to prevent the accidental shorting of the contacts and toss it out with your trash.

There is one additional note of caution. You will note that there are surface mount components under the battery itself and near the terminals. Care must be taken to not disturb those components. Don’t damage them if you go to cut the battery off of the board. Watch that you don’t apply so much heat to the terminals that you loosen the surface mount components. Apply heat only to the rear of the board.

If you damage those circuits you will impact product operation.

As you know we have been supporting ZIP and JAR files (they are the same as far as JANOS is concerned) for a while. JAR files being predominantly for application programs and Java support. More recent OS versions allow the WebServer to serve files directly out of a ZIP library. The DCP is an example where you need only add the www.zip file to the /flash folder to install the set of files that are the DCP. There is no need to expand the library.

To do this JANOS is able to understand the ZIP/JAR file structure and extract data stored within it with either the STORE or DEFLATE methods. Presently JANOS cannot handle the LZW compression or many other ZIP options such as encryption.

I had once developed a program called “Curator” which was a backup utility that worked much like SVN and stored all of its data using LZW compression. We were always amazed at the compression ratios. I had even worried at times that there might have been a problem in figuring that ratio because sometimes it seemed way off. But the program worked and accurately recovered data.

So I do have code that I have written (although in C++ in that case) that can be used in JANOS to handle LZW. We just haven’t encountered it. Apparently DEFLATE is the compression method of choice.

So I expect that we will encounter externally zipped libraries that JANOS will not be able to process. In those cases depending on the reasons for the incompatibility I am prepared to implement the fix.

But the question now is whether or not there would be any use in the JAR command being able to compress files and create libraries? I realize it has been suggested and even entered in our Redmine system. Would this be something worth doing?

Would you trust your controller directly connected to the Internet?

We’ve been testing a JNIOR 410 on the network with only the following safeguards:

  1. Disable all accounts except the administrator ‘jnior’ account.
  2. Changed the ‘jnior’ account password.

There has been enough malicious activity attempting to login into the Telnet port that we have an application processing the access/log failed login reports and mapping the host locations. Try http://honeypot.integpg.com or https://honeypot.integpg.com if you prefer a secure connection.

Note that this unit is running the current Release Candidate for JANOS v1.6.2 as we have continued to enhance the unit’s ability to withstand life on the open network.

By the way there are a couple of publicly accessible web pages on this unit:

http://honeypot.integpg.com/RegistryDoc.html
http://honeypot.integpg.com/map.php

The Series 3 JNIOR continues to be a reliable workhorse in a number of industries. The Series 3 models (310, 312, and 314) however no longer represent the performance, reliability and stability of the current JNIOR controller line. We no longer produce them. While you would likely benefit from an upgrade to a Series 4 model (410, 412, or 414), doing so is still your decision. The change is almost seamless. Just know that INTEG will dedicate itself to the success of your conversion with the same attention and personal support that you have always experienced.

Just a few added benefits of the Series 4:

  • Secure network connection using HTTPS, STARTTLS, etc.
  • Faster execution making applications more responsive.
  • Boots in only a few seconds.
  • Dynamic Configuration Pages (DCP) replaces the Java Applet panel.
  • Emphasis on Security.
  • Simpler approach to application programming makes user programming even more feasible.
  • Enhanced WebServer provides for the development of state of the art Web interfaces.
  • Supports server-side scripting (PHP).
  • Provides Websockets alternative to the binary JNIOR Protocol.
  • And much more…

The JNIOR can create a network capture! This network capture can be loaded in a sniffer application such as Wireshark for protocol analysis. To do this simply follow a few steps.

  1. Create a telnet connection to the unit. DO NOT USE THE DCP AS THIS CREATES A LOT OF EXTRA TRAFFIC THAT WILL FILL UP THE BUFFER.
  2. Execute the netstat -r command. This step is optional. If you are going to conduct a test procedure then you migth want to execute this command so that only the traffic that occurs during your test will be captured.
  3. Conduct your test
  4. Use the telnet connection to execute the netstat -c command. This will create the capture file with the network buffer content.
  5. Use the DCP and the folders tab to pull the resulting network.ngpcap file. It is in the temp directory. It will be removed when the unit reboots!

The USERADD command is used to add a new user to the system. There can be as many as 32 users. A unique user name no longer than 9 characters must be specified.

bruce_dev /> useradd
USERADD user

Options:
 -A             Administrator rights
 -C             Control rights
 -D             Disabled account

Adds a user to the system.

bruce_dev />

The new account can be tagged as Administrator, Control, or Disabled using the appropriate options. These account tags are described in detail in the USERS command topic.

The following command creates the ‘tech’ account which will be tagged with Control permissions. It will initially be Disabled.

bruce_dev /> useradd -cd tech
Enter password: *****
Reenter password: *****
tech added with UID 3
bruce_dev />

Note that an initial password is requested. The password can later be changed using the PASSWD command.

bruce_dev /> users
 guest       0  
 jnior       1  Administrator
 tech        3  Control, Disabled
 user        2  Control

bruce_dev />