UniTerm® Cloud Troubleshooting Steps

Requirements:

  1. The device must be an Ingenico Telium 2 series device running RBA v23 or an Ingenico Tetra series device running UPP v6.8x+.
  2. The device must be configured to connect via ethernet or wifi, and have an ip address with internet access.
  3. The terminal must be pre-loaded with the appropriate enablement file. The enablement file loads TLS certificates onto the device as well as the appropriate configuration for the host and port to be used by the device. This enablement file is typically loaded by the Key Injection Facility or device distributor prior to sending it out to the customer. It is important to note that the TLS certificates in the enablement file are different for production and test. The appropriate enablement file can always be generated for the given device via https://www.transafe.com/devices by selecting the device from the list and choosing the appropriate configuration options and downloading the generated configuration. Loading the configuration manually is out of scope for this guide as it should be done prior to a customer receiving the device.
  4. The internet connection used must not restrict access to the respective TranSafe UniTerm Cloud address and port.
    • Production:
      • Ingenico Telium2 (RBA):
        rba.uniterm.transafe.com:443 (recommended)
        uniterm.transafe.com:6000 (legacy)
      • Ingenico Tetra (UPP):
        upp.uniterm.transafe.com:443 (recommended)
        uniterm.transafe.com:6001 (legacy)
    • Test:
      • Ingenico Telium2 (RBA):
        rba.uniterm.test.transafe.com:443 (recommended)
        uniterm.test.transafe.com:6000 (legacy)
      • Ingenico Tetra (UPP):
        upp.uniterm.test.transafe.com:443 (recommended)
        uniterm.test.transafe.com:6001 (legacy)
  5. The Injected Serial Number of the device must be known, or if there was no injected serial number, the Hardware serial number (8 characters) must be known.
  6. The user has a working profile #, user, and password for testing

Testing:

The easiest way to test to see if a device is associated and in working order is to use the TranSafe Portal (fka VT/Virtual Terminal/Merchant Center). Please log into the appropriate portal.

Production: https://portal.transafe.com Test: https://portal.test.transafe.com

Once logged in, go to Company->Devices. Please note that there is NO automatic association of devices to the portal. You must manually register the device in the portal by knowing the type of device and the serial number. Please ensure the device is powered on and connected to the network before continuing.

Choose 'Add Device', Choose the appropriate device type, and enter the serial number from requirement (e). Enter a name for your reference and submit. If this succeeds, then the device is accessible and in good working order. If it does not, then you must follow the troubleshooting steps.

If the device is already listed, then it can be tested by clicking the pancake menu next to the device entry and selecting "Device Information". If this returns an error such as "Could not open device: Client not connected", that means the device is not currently connected to the UniTerm Cloud and troubleshooting steps must be performed.

Troubleshooting:

Below is a list of troubleshooting steps and fact gathering. If one of the below steps uncovers an issue and it is able to be corrected, it is suggested to re-attempt testing prior to going onto the next troubleshooting step.

  1. Is the device a supported Ingenico Telium2 or Tetra device? (Requirement a)

  2. Does the user have an appropriate login to the TranSafe Portal? (Requirement f)

    • Have the user log into the portal. If the user is unable to log in, separately troubleshoot this issue. Make sure to take note upon successful login if the user is logged into Test or Production.

  3. When the device is first powered on, does it boot up and go to a "This Lane is Closed" or a screen with a "Monetra" or "TranSafe" logo? (Requirement a, c)

    • If not, it is possible the firmware was not appropriately loded on the device, especially if an error message is displayed. It is recommended to attempt to access the configuration menus as the below troubleshooting steps, but if that fails, the terminal must be sent back as it was not appropriate loaded.

  4. Is the firmware on the device a recent enough version? (Requirement a)

    • UPP
      • Press 0000 on the idle screen to access the information screen
      • Firmware version will be at the top
      • Press cancel to exit this screen
    • RBA
      • Reboot the device
      • Wait for the copyright screen
        • You may have to use the arrows to scroll the screen
      • It will show the firmware version as "Version"

  5. If the device is to be connected via Ethernet, was the appropriate ethernet cable supplied for the device? (Requirement b)

    • Some devices may ship with USB cables instead. A compatible powered ethernet cable must be supplied.

  6. If the device is to be connected via Wifi, is it associated properly with the wifi network? (Requirement b)

    • UPP
      • Verifying wich network is connected
        • Press 0001 on the idle screen to access the configuration menu
        • Choose "WIFI Parameters" . If this option is missing, then the device does not support wifi (it is missing wifi hardware).
        • Choose "My Networks", a list of configured networks will be displayed
        • If a network is connected the entry will say "Connected" under the name
      • To configure Wifi
        • Press 0001 on the idle screen to access the configuration menu
        • Choose "WIFI Parameters"
        • Enable if it is an option
        • Once enabled the menu entry will change to "Disable"
        • Choose "Scan Networks"
        • Choose network
        • Enter WIFI password
        • Reboot device
    • RBA
      • Reboot the device
      • Press 2634 + enter on the copyright screen to access the configuration menu
      • Choose "TDA"
      • Choose "Configuration"
      • Choose "Communication"
      • Choose "WIFI Settings"
      • Choose "Power" to enable if not enabled
      • Scan to connect to a network

  7. Does the device have an IP address? (Requirement b)

    • UPP
      • Press 0000 on the idle screen to access the information screen
        • "Communication Type" should show as an Ethernet type
        • If not ethernet the device is not connected to the internet
      • Look at "IP Address" to determine if an ipaddress is assigned
      • "Mode" will show if the device is configured for DHCP or Static addressing
    • RBA
      • Reboot the device
      • Wait for the copyright screen
        • You may have to use the arrows to scroll the screen
      • The communication type should show Ethernet
      • The IP address will be shown at the bottom of the screen

  8. Does the device have internet access? (Requirement b)

    • UPP
      • Press 0000 on the idle screen to access the information screen
        • Look at "Connection Status". If "ACTIVE" the device should be connected to the network
      • Press 0001 on the idle screen to access the configuration menu
        • Choose "Ethernet Parameters"
        • Choose "Ping URL"
        • Enter a public URL, such as google.com, which will respond to pings
        • Note that this check internet access and uses PING/ICMP to do so. It will not tell you if a firewall is blocking the port UniTerm uses for device connections.
    • RBA
      • There is no way to know if the device can egress to the internet as it does not have the ping feature

  9. Did the device come preconfigured to connect to the appropriate UniTerm server (appropriate being determined based on if they are using Production vs Test credentials). If not, do NOT attempt to reconfigure via the menus (it won't work since you can't configure TLS certificates via the menus), it must be sent back to the supplier to be configured properly! (Requirement c)

    • UPP
      • Press 0000 on the idle screen to access the information screen
      • "HOST IP Address" will show the configured host if set to connect to UniTerm Cloud
      • "SSLMode" should be set to TLSv1_2
      • "Host Port" should be set to the appropriate port.
    • RBA
      • Reboot the device
      • Wait for the copyright screen
        • You may have to use the arrows to scroll the screen
      • The communication type should show Ethernet
      • The configured host will show at the bottom
      • "SSLMode" should be set to TLSv1_2
      • "Host Port" should be set to the appropriate port.

  10. Was the appropriate serial # injected into the device? If not, have you recorded the appropriate 8 character hardware serial number? Is this serial number what is being used for testing? (Requirement e)

    • UPP
      • Press 0000 on the idle screen to access the information screen
      • Look for "Serial No:" (This can wrap lines!)
      • The next line will say "Manufacture" or "Injected" followed by the serial number
        • If "Injected" then a serial number was injected and this number is what needs to be used for device access
        • If "Manufacture" then a serial number was not injected and the device internal serial number is in use. This is what needs to be used for device access
        • There are multiple serial numbers printed on the back of the device, none of which are relevant. Only the serial number found as described above can be used.
    • RBA
      • Reboot the device
      • Wait for the copyright screen
        • You may have to use the arrows to scroll the screen
      • Look for "Manufacture" or "Injected" "Serial No" (This can wrap lines!)
        • If "Injected" then a serial number was injected and this number is what needs to be used for device access
        • If "Manufacture" then a serial number was not injected and the device internal serial number is in use. This is what needs to be used for device access
        • There are multiple serial numbers printed on the back of the device, none of which are relevant. Only the serial number found as described above can be used.
  11. Does the customer's firewall prevent access to the UniTerm Cloud servers (Requirement d)?
    • If troubleshooting has gotten this far, the most likely cause of failure is a firewall blocking access. In order to test this, the user must connect a machine to the same network as the device.
      1. Verify ip address is in the same subnet as the device:
        • Windows: From command line, run: ipconfig
        • MacOS: From terminal line, run: ifconfig
        • Linux: From command line, run: ip a
      2. Verify the connection can be established to the appropriate UniTerm Cloud host and port (provided in Requirement d)
        • Windows: Download the "ncat" command line utility from: http://nmap.org/dist/ncat-portable-5.59BETA1.zip then extract it. It may be necessary to allow access to this tool via your Virus Scanner as some may classify it as a tool used by Hackers and disallow access. Run it via the command line using:
          ncat -v -i 1 host port
          e.g.
          ncat -v -i 1 upp.uniterm.transafe.com 443
        • Mac/Linux: NetCat should already be installed on most systems, if not, install it, then run it via the command line:
          nc -v host port < /dev/null
          e.g.
          nc -v upp.uniterm.transafe.com 443 < /dev/null
    • If firewall testing fails, then the user must contact their network administrator to allow connectivity through their firewall.

Escalating:

If the troubleshooting steps are unsuccessful, and you believe escalating the request to TranSafe Support may be able to resolve the issue, please provide the relevant information obtained from each Troubleshooting step above, along with supporting evidence where possible (pictures of device screens, screenshots). It is also necessary to obtain the public IPv4 address the device is connecting from. If that is not known, then a computer connected to the same network as the payment device can go to https://www.whatismyip.com to obtain the appropriate address.

Once the information is collected an email can be sent to support@transafe.com.