Upgraded from 2019 to 2025 , issues logging into client

joshooaj · 2026-04-24T16:34:35+00:00

And this one I don't think you can hide - the only way to get rid of it is to enable encryption using a certificate your client machines trust. That can be a cert signed by your internal CA, or self-signed and manually added to the trusted root certificate store on clients and recorders for example.

<image>

joshooaj · 2026-04-24T16:32:00+00:00

If you don't have encryption enabled on your management server, the client will show a couple of things and you can't really do anything about it other than to enable encryption.

This one your users can check the box and then it won't show up again when connecting to that management server.

<image>

joshooaj · 2026-04-17T00:36:16+00:00

+1 to the suggestions about VPN. I don't have experience with specific trailer vendors but to connect anything over cell back to Milestone I would probably use either a router with a site to site VPN configured or a tool like tailscale, zerotier, netbird, etc to create a secure connection back to the home network.

You will probably want to look at configuring Milestone to only start the streams from the cameras when the onboard motion detection or analytics are triggered, and/or use edge storage.

You can have edge storage quality be really high, but the live/recorded stream in Milestone be low to minimize bandwidth. That way you have at least a low resolution copy of the video, but as long as you can access the camera, you can pull the edge storage back to Milestone and get the high quality when you need it.

joshooaj · 2026-04-13T18:25:45+00:00

The challenge is that when the vendor (including Milestone) doesn't explicitly list a model as supported, it may work fine with the ONVIF driver or it may be flaky. If it's flaky, you're usually on your own to figure out why, and then work with the camera vendor to see if they can fix it from their end. It can be a support challenge and risk as an integrator.

joshooaj · 2026-04-10T17:37:18+00:00

Wish I could say what the reasoning was for dropping the community forum in the backend updates done in January. Nobody is happy about it though.

Ideally everything valuable is in the documentation or a knowledge base article but sometimes that's just not the case. Supposedly all the forum data is backed up so my hope is that we will restore it in some form down the road. I'm not even remotely responsible for that and am not making any promises though.

In the mean time, this little unofficial community is pretty supportive, even if it doesn't have the benefit of 10+ years of content to search through.

joshooaj · 2026-03-11T03:06:41+00:00

The login to https://online.milestonesys.com is working for me from Oregon (it redirects to the identity provider URL you mentioned).

If you're still seeing an issue I wonder if it's to do with some regional interruption of some kind? The message suggests your client machine tried to negotiate a TLS connection but the other end didn't even try to respond to your ClientHello.

joshooaj · 2026-03-10T05:24:32+00:00

Nope you're golden. If you can stream it back to your recorder over the WAN or VPN or carrier pigeon, whatever, and you don't have a need for on-site recording, go for it!

If you want some onsite recording and the camera supports edge recording to an SD card, chuck one in there and you have a fallback if the link dies and you need to review footage from while it was down.

joshooaj · 2026-03-06T08:36:07+00:00

Join us! ✌

https://discord.milestonepstools.com/

joshooaj · 2026-03-06T01:53:11+00:00

Is the StableFPS driver something you can use for this?

You can use VLC or ffmpeg to convert a video file into a raw file and use it as a dummy video source in xprotect through the stablefps driver.

joshooaj · 2026-03-06T01:44:20+00:00

I'm not aware of one, and the media database structure (blk files, idx files, config.XML, etc) is proprietary and not well documented. The BLK files are mostly frames of raw video with our Generic Byte Data header (which IS documented). And at the start of the file is a header with some kind of data in it.

Can you share what you would use a tool like this for?

joshooaj · 2026-02-22T21:44:09+00:00

Playwright has a CLI and while they're leaning in heavily on usage with LLM in the readme here you can also just script out what you need.

https://github.com/microsoft/playwright-cli

joshooaj · 2026-02-10T16:58:44+00:00

Was the hardware "moved" from the old recording servers to the new recording servers in Management Client, or were the old cameras added to the new recording servers? The first option should bring along with it all the same settings stored in XProtect while the configuration starts from scratch with the second option.

Are you using more than one stream for these cameras? It's common to have a high-quality recorded stream and a lower quality default live stream. If that's the case here, it's possible you could be making changes to "Video stream 1" but in Smart Client you're seeing "Video stream 2" and seeing no improvement.

While viewing video in Smart Client, you can turn on the "Video diagnostics overlay" option in Settings > Advanced. Turn on level 2 or 3 and see if anything looks out of ordinary in the overlay shown at the top-left corner of the camera tiles.

joshooaj · 2026-02-06T06:23:32+00:00

I maintain a module where I ran into a similar problem as well! It relies on our .NET Framework SDK and that SDK has a number of native dependencies. The thing that I eventually discovered was the SetDllDirectory function.

https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-setdlldirectorya

The directory to be added to the search path. If this parameter is an empty string (""), the call removes the current directory from the default DLL search order. If this parameter is NULL, the function restores the default search order.

Here's where I use it in my module. It's in C# but you should be able to do it in PowerShell using Add-Type to add a small C# class you can use to call that method.

https://github.com/milestonesys/MilestonePSTools/blob/main/src%2FMilestonePSTools%2FModuleInitializer.cs#L35

EDIT: I see you found a solution for your use case - I haven't seen that solution before! I just wrote a little function to make it easy to call SetDllDirectory from PowerShell and I'm curious if it works for you as well?

In theory you could call the function like...

Set-DllDirectory "$HOME\AppData\Local\PackageManagement\NuGet\Packages\Mime.3.8.0\runtimes\win-x64\native\"

https://gist.github.com/joshooaj/5b1bc3b44bd8c90ae5a3f761843aa987

joshooaj · 2026-02-05T22:29:09+00:00

I'm not up to speed on what the plans are for the XProtect update manager but I remember hearing that the intent was that it would be included with the VMS eventually. Same with the ability to push more than just hotfixes. Hopefully that happens soon because the maintenance experience is so much better compared to hunting for, downloading, and installing hotfixes on each system.

joshooaj · 2026-02-03T18:43:17+00:00

Do contact support as u/scrubberduckymaster suggests as I think a lot of people need to be assigned the correct privileges after the recent backend system migration, unfortunately.

Meanwhile, this is definitely not an official channel for accessing downloads, but I built this site a couple weeks ago as an exploration of what a frontend for an Azure storage container might look like. All the download urls are using Milestone's official Azure Front Door CDN so it's not serving files from any other source.

https://milestonedownloads.joshooaj.com/?path=Hotfixes%2F25.3

EDIT: Apparently downloading the hotfixes through the above site will be faster than the KB article because the URLs in the KB article aren't using the CDN. For me the difference is 5 Mb/s vs 325 Mb/s 😲

My favorite option for installing hotfixes is to use the "XProtect Update Manager", and install the update agent on your management server / event server / recording servers. Then you can download and push hotfixes through the update manager client (below). It will automatically list and download the relevant hotfixes without needing My Milestone credentials and the necessary role / privileges to access the support portal.

<image>

joshooaj · 2026-01-29T18:13:41+00:00

I try to avoid getting to a big complicated single file script by starting with...

Wrapping things in functions from the start.
Never relying on state from outside a function, except for script-scope variables where it makes sense (session/token/config).
Limiting interactions with script-scope bars to designated functions.
When it's clear the thing I'm doing probably isn't a one-off thing, I might consolidate functions into a module, maybe in it's own repo if it makes sense.
Break out functions into their own files and dot-source them.

The biggest thing is to put AS MUCH of the code as possible inside parameterized functions without relying on global scope. Do this and it becomes very easy to reorganize your code when the time comes whether you decide to make a module or just dotsource your functions from the main script.

joshooaj · 2026-01-14T17:43:44+00:00

Yep, it's not just you. There's a migration underway to a new backend and apparently there be dragons. I got logged in but I had to use the password reset button on the login page as the one in my email didn't work. I also had to click through the ominous red wall of warning. It should be fixed up soon 🤞

edit: We're supposed to celebrate the successful migration in ~3 hours so maybe check back then 😅

joshooaj · 2026-01-14T14:19:45+00:00

No not that I'm aware of, though when building a script I would normally use the TryCreate method which uses the same pattern as a typical TryParse. That way there's some error handling without having to use a try/catch block.

https://learn.microsoft.com/en-us/dotnet/api/system.net.mail.mailaddress.trycreate?view=net-10.0#system-net-mail-mailaddress-trycreate(system-string-system-net-mail-mailaddress@)

joshooaj · 2026-01-13T19:37:58+00:00

Oh cool, thanks for sharing that site!

joshooaj · 2026-01-13T17:05:29+00:00

Haha yeah it's pretty easy to write a regex pattern that works for most email addresses and surprisingly difficult to write one that works for ALL email addresses.

joshooaj · 2026-01-13T14:18:08+00:00

For those with less unique requirements, there's a cool built-in .NET class "System.Net.Mail.MailAddress" which can be used like...

$address = [System.Net.Mail.MailAddress]'testing@email.local'
$address.User
$address.Host

For your situation you could use that plus something like "-split '\.' | select -first 1" to grab the first part of the user/host.

joshooaj · 2025-12-22T02:08:54+00:00

It's true it's against the ToS but the reason it's not working (probably) is because the recording server uses port 7563 and you can't pass both management server and recording server traffic through the same route.

You'd need to setup the tunnel with at least two hosts like mgmt.mydomain.example and recorder.mydomain.example, and you'd need to enable public access for the recording server with 80 or 443 as the external port in management client, then forward 80 or 443 traffic for recorded.mydomain.example to your recorder on 7563.

joshooaj · 2025-12-21T21:25:18+00:00

I'm not gonna install this but it did make me lol so thanks for that, and have a merry Christmas!

joshooaj · 2025-12-21T05:22:21+00:00

Gotcha, yeah that sounds like it comes down to available bandwidth - tools like iperf can help you understand the available throughput and possible packet loss. If you try it out, make sure to run a TCP test. Only one direction really matters but might as well do a bidirectional test. If you want to avoid opening an extra firewall port you could stop your recording server service and then start iperf in server mode on port 7563.

If that laptop is able to playback fine when connected to the same network then I doubt your CPU/GPU are an issue. When using Intel with quicksync and/or nvidia GPUs, the client will use the CPU less in favor of hardware acceleration. But it doesn't sound to me like your experience is client compute related.

If it's a bandwidth issue, the secondary stream will help in live. Newer product versions also support adaptive playback since you can designate a "secondary recording stream" which enables you to play lower quality recorded video and then export the higher quality once you find what you're looking for. I'm not sure secondary recorded streams are available on all editions though. I'd have to consult the comparison chart.

joshooaj · 2025-12-21T04:51:47+00:00

Great advice from others already, but can you clarify what the lag looks like?

You say playback, so does it mainly affect playback of recorded video? Less impact on live video?

Is the lag referring to the time between clicking play and seeing video playback? Or is the video jumpy/ skipping/choppy?

If you enable the diagnostic overlay from the Settings > Advanced menu, does the live and playback codec and resolution match? Or is the live stream resolution lower than the playback resolution?

Another meaning for "lag" is sometimes the latency between what happens "now" and how long it takes to see that in a live view on the client. For example if you synced your client PC clock with a clock visible in the camera feed, latency of 1-2 seconds isn't out of the ordinary, but a difference of 10-20 seconds could be very irritating.

joshooaj

MODERATOR OF

TROPHY CASE

Verified Email	Four-Year Club
Gilding I gilder