Hikvision DS-7716NI-SP/16 no live view or playback over https

bhoth

n3wb
Joined
Jun 18, 2016
Messages
28
Reaction score
0
Location
Utah, USA
Hi All,

I searched and really didn't come up with anything on this so I am wondering if anyone else is having this issue. I have enabled https and port forwarded the https port. I can login from the outside and look at the config menu but no live view or playback works. Any ideas?

I do have H264+ enabled and wondering if that is the issue. (but it works just fine from inside my LAN and without https)
 
Last edited by a moderator:

bhoth

n3wb
Joined
Jun 18, 2016
Messages
28
Reaction score
0
Location
Utah, USA
I just did a test plugging in the internal IP address of my NVR and the https worked fine https://192.168.4.200:445 and it worked fine so now what? (yes I changed the https port from 443 to 445)

The error I get is "Live view failed"
 
Last edited by a moderator:

badmannen

Getting the hang of it
Joined
Nov 24, 2015
Messages
506
Reaction score
29
Location
Italy
check that your portforwarding is working with this: rtsp://youripnumber:10554/Streaming/channels/101
play the stream in vlc or whatever you like and see that it comes through to start with
 

tristanx

n3wb
Joined
Jul 21, 2017
Messages
4
Reaction score
0
Did you ever figure out a solution to your issue here? I'm having the same problem and I'm afraid I'm stumped. I haven't been able to find any information elsewhere to lead me to a solution. :(
 

tristanx

n3wb
Joined
Jul 21, 2017
Messages
4
Reaction score
0
Figured this one out!

Looks like the playback controls are hard-coded to operate on the HTTP port configured in the NVR, whether or not you're logging in via HTTPS. When I began forwarding both the HTTPS and HTTP ports through the firewall, playback and live view worked! So, HTTPS is used strictly for authentication, which is ok, since the whole point here is to secure passing of credentials so that man-in-the-middle attacks can't steal your password when you log into the NVR over WAN.

In the NVR, go to Configuration > Network > Basic Settings > Port. I'd recommend changing the HTTP port to something non-standard (not 80). Forward the HTTP port directly through the firewall (ie: 8800 ext -> 8800 int). This does not work if you're forwarding a different external port to the NVR's HTTP port (ie: 8800 ext -> 80 int).

For HTTPS, you can forward a different external port through to the NVR's HTTPS port (ie: 9000 ext -> 443 int).

Hope this helps anyone who happens upon this thread in search of the same answers.
 
Last edited:

tristanx

n3wb
Joined
Jul 21, 2017
Messages
4
Reaction score
0
True, but the point is to secure login credentials. I wish the video stream was served encrypted too, but these units don't seem capable of that. Sloppy programming, if you ask me. This is the best we get with these HIKVISION NVR's.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
True, but the point is to secure login credentials.
Sloppy programming, if you ask me. This is the best we get with these HIKVISION NVR's.
The point is that the NVR is not designed or marketed as a hardened device to be directly exposed to the internet.
Forward the HTTP port directly through the firewall (ie: 8000 ext -> 8000 int).
This is the 'command and control' port, not the HTTP port.
This does not work if you're forwarding a different external port to the NVR's HTTP port (ie: 8000 ext -> 80 int).
No surprise there.

The best advice is to spend some study time on this topic : VPN Primer for Noobs
It's not as hard as it appears, and is designed to be secure.
 

tristanx

n3wb
Joined
Jul 21, 2017
Messages
4
Reaction score
0
This is the 'command and control' port, not the HTTP port.
Poor choice of port, on my part, to serve as an example for changing the HTTP port from 80. I was talking about changing the HTTP port, not the command and control port.

Thanks for your input.
 

mcsing

n3wb
Joined
Mar 12, 2023
Messages
2
Reaction score
1
Location
dc
Figured this one out!

Looks like the playback controls are hard-coded to operate on the HTTP port configured in the NVR, whether or not you're logging in via HTTPS. When I began forwarding both the HTTPS and HTTP ports through the firewall, playback and live view worked! So, HTTPS is used strictly for authentication, which is ok, since the whole point here is to secure passing of credentials so that man-in-the-middle attacks can't steal your password when you log into the NVR over WAN.

In the NVR, go to Configuration > Network > Basic Settings > Port. I'd recommend changing the HTTP port to something non-standard (not 80). Forward the HTTP port directly through the firewall (ie: 8800 ext -> 8800 int). This does not work if you're forwarding a different external port to the NVR's HTTP port (ie: 8800 ext -> 80 int).

For HTTPS, you can forward a different external port through to the NVR's HTTPS port (ie: 9000 ext -> 443 int).

Hope this helps anyone who happens upon this thread in search of the same answers.
Hi. I hope the knowledge in this ancient post isn't dead. Just got my old system on the Internet and ran into same ssl issue w/ feed. I tried what I thought was your solution, but after authenticating w/ SSL, I am unable to change to http without it forcing me to authenticate again (insecurely). What am I missing?
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
What am I missing?
Security awareness!
By port forwarding to an insecure device, you are putting the LAN it resides on and the data and devices on it at risk of compromise.

The best advice is to spend some study time on this topic : VPN Primer for Noobs
It's not as hard as it appears, and is designed to be secure.
 

mcsing

n3wb
Joined
Mar 12, 2023
Messages
2
Reaction score
1
Location
dc
Security awareness!
By port forwarding to an insecure device, you are putting the LAN it resides on and the data and devices on it at risk of compromise.


I get that Alastair. However I am stuck being the only person in a small condo that knows how to operate the system. I've shown others, but they still come to me every time footage is needed. The requirement of the obsolete Internet Explorer doesn't help. We are stuck with the system for a couple more years. Until I got it Internet accessible, If I was on vacation and the police needed footage to investigate a crime in front of our building, they had to wait until I was home. I have placed the NVR on an isolated LAN and accept the risk that bad guys could compromise the system (and nothing else), since the bad guys we are trying to stop are a bigger concern to our neighborhood than the bad guys on the Internet. I am just trying to make an unsecure system a little less unsecure by using SSL. If there isn't a solution, so be it, but I thought it was worth asking a thread that suggested there was a solution. Hope this explanation helps explain why I would still like a solution.
 
Top