NXT-MSC Controller - Controller Setup Guide

NXT-MSC Controller - Controller Setup Guide

1.0 Introduction

This document explains how to access and change the NXT Mercury-Powered settings via Doors.NET Design Mode or using an older version of Mozilla Firefox web browser. It also explains how to factory reset the controller, import the controller into the Doors.NET and how to upgrade the controller's firmware.

2.0 Factory Reset the Controller

Before setting up the NXT-MSC controller (if the controller is new or is being re-deployed from a different installation), you will need to perform a factory reset on the controller. 
  1. Ensure the J3 jumper is across both pins.
  2. Press the white S1 button - the D MODE LED will go solid green.
  3. While the D MODE LED is still green, down power the controller.
  4. Press and hold the white S1 button and apply the power.
  5. The following LEDs will be flashing in an alternating sequence (Reset + ULED2 + ULED4) then DMODE + ULED4.
  6. Continue to hold down the S1 button for approximately 20 seconds.
  7. Release the S1 button and the all LEDs will initially go off.
  8. You will see various LEDs go on and off for a few seconds then only the Reset LED will be flashing on and off.
  9. The controller's ram is now reset. The 4 green LEDs to the right of the J3 jumper should also now be on.
  10. The controller will either be set to a DHCP address or it will automatically be set to a static address in the range of 169.254.99.X (if it does not receive a DHCP address within 1 minute).


3.0 Scan for the Controller

This section assumes you already have the Doors.NET software installed and licensed and that you also have the MSC gateway setup and online. It also assumes you know the MAC address of the controller (found on a white sticker in the lower-right corner of the controller PCB).


Note: If the MSC controller is factory reset it will be configured to receive a DHCP address. If a DHCP address is not assigned within 1 minute the controller will then assign itself with a static IP address, in the range of 169.254.x.x.

  1. Log into Doors.NET - the default user name is (admin) and the default password is (admin).
  2. Go to Setup >> Hardware Setup >> All - to display the hardware tree.
  3. The MSC gateway will be listed at the top of the hardware tree. Select the gateway and verify it is online.
  4. With the MSC gateway still selected, click the Scan icon.
  5. The MSC gateway will then scan the local area network for MSC controllers.
  6. If there are multiple controllers look for the MAC address that matches the one you have noted down.

    Controllers Listed

4.0 Import the Controller 

Note: When importing a controller, ensure you still have the MSC gateway selected on the hardware tree.
  1. Select the controller on the scan grid.
  2. Click on the IMPORT button.
  3. Click YES to the prompt that appears.
  4. Click OK to the notification that the controller has been successfully imported.
  5. Close the scan window and you will see the new controller is added to the hardware tree.


5.0 Controller Internal Configuration

Once you have imported the controller into Doors.NET you will be able to access the controller's internal configuration (after enabling Design Mode and then selecting the controller on the hardware tree).

5.1 Access the Controller's Internal Configuration

  1. Click the Design Mode icon to enable Design Mode.

  2. When in Design Mode you will see 'Design Mode' stated in the title bar.
  3. Right-click the controller on the hardware tree and from the list of options, select 'Controller Internal Configuration'.

  4. The internal configuration window will appear and the controller will be selected from the list on the left.

5.2 Configure the Controller with a Static IP Address

You should set the controller with a static IP address so there is no chance of the IP address changing in the future.
  1. From the web page (options) drop-down list, select Network.
  2. Click the refresh icon and the controller's network settings will appear on the right of the window.
  3. Change the network method to static and, if required, change the controller's configured IP address.

  4. Click the save icon.
  5. Finally, click the APPLY and REBOOT button to commit the change to the controller.
  6. Click YES to the prompt that appears.

    5.3  Additional Controller Network Settings

    1. Controller Type - Specifies the specific controller model.
    2. Host Name - Displays the controller's unique MAC address.
    3. IP Address - Displays the controller's current, programmed IP address.
    4. Subnet Mask - Displays the controller's programmed subnet mask.
    5. Default Gateway - Displays the IP address of the controller's network gateway device.


    5.4 Host Communications - Primary Settings

    1. Connection Type - This should be set to the default of IP Server.
    2. Comm Address - This setting does not apply to the NXT-MSC controller.
    3. Port Number - By default the TCP/IP communication port number is 3001.
    4. Use IPv6 Only - Configures the controller to only use it's IPv6 IP address for communication.
    5. Enable Peer Certification - Configures the controller communications to authenticate with a peer SSL certificate.
    6. Network - Allows you to enable encrypted communications between the controller and the MSC gateway (TLS Required) - for further details refer to the NXT-MSC Controller Encryption document.
    7. Authorized IP Address - Configures the controller to only communicate with a host that has an authorized IP address.

    5.4 Web Connection Settings

    1. Diagnostic Logging - Enables Diagnostic logging for the controller. When enabled, a log file will be generated on the host PC which can assist with controller troubleshooting.
    2. Disable Default User - Disables the default (admin) user name for the controller.
    3. Door Forced Filter - Enables the filtering of door forced events for this controller.
    4. Gratuitous ARP - Enables Gratuitous ARP for the controller - this option allows the controller to announce IP address or MAC changes to the network.
    5. SNMP - Enables/disables the SNMP setting for the controller.
    6. Web Server - Enables/disables web server access to the controller (via a web browser).
    7. Zeroconf Discovery - Enables/disables access to the controller using the ZeroConfig Discovery utility.

    5.5 Auto-Save Settings

    The Auto Save page configures Auto Save behavior and determines how the controller reacts on startup if host configuration changes have been lost.
    1. Auto-save - Enables/disables the auto-save setting. When enabled, it configures the controller to automatically save settings for configuration changes. When disabled, all configuration changes are not automatically saved.

    2. Delay before Save - specifies how much time to wait after a host configuration change before starting the save. The timer can be specified between 30 seconds and 30 minutes.

    3. Restore - Enables/disables the option to restore the controller's configuration from the last known saved setting. If no, then all settings will be cleared and a forced download will be required from the host.

    6.0 Zero Config Utility

    The Zero Config utility allows you to perform a scan for NXT-MSC controllers (to view their MAC addresses and programmed IP addresses) - even if you do not have Doors.NET installed. For example, if you have a laptop but you don't currently have physical access to the Doors.NET host PC.

    Note: The Zero Config utility can be downloaded from the kerisys.com website but you will need to be registered on the site as you will need to be logged in to download the utility.

    6.1 Download the Zero Config Utility

    1. Visit www.kerisys.com.
    2. Click the MEMBER LOGIN button.
    3. Enter your registered e-mail and password.
    4. Click the LOGIN button.
    5. Click the Supporting Software tile.
    6. From the Download Area on the right click on ZeroConfig browser.
    7. Click on Download on the right-hand side.
    8. The ZeroConf zip file will download to the host PC.
    9. Unzip the contents of the file.
    10. Click the ZeroConf application file and the browser will open.

     6.2 Scan for NXT-MSC Controllers

    1. Click the ZeroConf application file and the browser will open.
    2. Click the SCAN button in the upper left.
    3. All the NXT-MSC controllers on the network will appear.
    4. The grid will display the controller's programmed MAC address, IP address and controller version (whether it's a 2-door or 4-door controller).

    7.0 Accessing the Controller via Mozilla Firefox

    The NXT-MSC controller web manager is inaccessible by the latest versions of most browsers due to its older TLS version and ciphers. To access the NXT-MSC controller via Firefox you have to change the minimum TLS version (this can be done with Firefox version 82.0.3 or lower).

    Note: To find your installed version of Firefox, open the browser and click the main menu icon in the upper-right (three horizontal lines), select Help >> About. A dialogue box will appear displaying the exact version.
    1. Open Firefox and type "about:config" into the address line.
    2. Click Accept the Risk and Continue button.
    3. Click Show All to list the editable settings.
    4. Type "tls" into the Search preference name field. You will see several TLS related settings.
    5. Click the edit icon on the right of security.tls.version.fallback-limit, change the field to "2", and press enter. 
    6. Repeat step 5 for security.tls.version.min.
    7. Close and restart Firefox, then navigate to the IP address of the EP1502 using HTTPS. You will receive a warning the first time. Click Advanced…
    8. Click Accept the Risk and Continue.
    9. You should now have access to the login page.

    8.0 Enhanced Controller Authentication

    To use the default user name (admin) and the default password (password), you will be required to press the white S1 button on the controller twice. This will enable the default user account for a period of 5 minutes. If you add a new user, once you have logged into the controller, this step will not be required in the future.

    9.0 Add a New Controller User Name and Password

    1. Once you have logged into the controller, click the USERS link on the menu on the left. Users may be added, edited and deleted from this web page.
    2. Click the NEW USER button.
    3. Enter a new user name and password (you will also have to re-enter the password).
    4. Then click the SAVE button.
    5. Next time you log in to the controller, if you use this new user name and password you will not be prompted to press the controller's S1 button. Once a new user name and password have been added, the default user credentials are removed.

    10.0 Controller Settings and Options

    See sections 5.2 - 5.5 for all NXT-MSC controller settings and options which can also be changed when configuring the controller via a web browser.

    11.0 Controller Encryption

    Doors.NET™ has the ability to encrypt the data between the Application Server and the Gateways/Clients and also between the Gateway and the Controllers. It is important to note that these are independent of each other and can be different encryption algorithms and bit strength.

    Encryption capabilities are implemented in two areas: Network socket communications between the Application Server and all incoming connections and the Gateway communications to each controller connected to that Gateway.

    11.1 Encryption Options

    The encryption options for the network sockets are:

    • No Encryption
    • RC2
    • DES
    • TripleDES (128 or 192 bit keys)
    • AES/Rijndael (128,192 or 256 bit keys) - Please contact Keri Systems directly if this option is required.

    11.3 Data Security Between the Controllers and the Gateway

    Data security for connections between the controllers and the Gateway is provided by the full implementation of the Federal Information Processing Standard, FIPS-197, utilizing the Advanced Encryption Standard (AES), also known as Rijandael, a symmetric encryption algorithm. FIPS-197 supersedes the aging Data Encryption Standard (DES) defined in FIPS-46-3. The common notation AES followed by a numeric suffix indicates the particular key size used in the implementation. AES-128 indicates the use of a 128-bit key and is the algorithm/bit strength supported between the controller and the Gateway. A thorough description of the AES algorithm can be found in NIST-197.

    11.4 Configuring Encryption on the Controller

    Enabling the data security feature ensures that panels can only connect to the correct gateway. If other SCP gateways are present on the system, panels with data security enabled will not connect to them.

    To set up encryption on the controller:

    1. Add the panel to the gateway in the normal way.
    2. Ensure that the panel is on-line.
    3. Select the controller entry in the hardware tree.
    4. The panel properties, navigate to “Communication Settings” and set “ Password Required” to “Yes”. Enter your chosen password in the “Password” field and save the changes. The MSC Gateway will send the password settings to the panel automatically.
    5. Browse into the panel using a web browser of the “Scan Network” feature of Doors.Net.
    6. Navigate to the “Host Comm” page.
    7. In the “Data Security field select either “ TLS Required” or “TLS if Available” Click on “Accept” to save the entry, then navigate to “Apply Settings” to reboot the panel.
    8. “Accept” to save the entry, then navigate to “Apply Settings” to reboot the panel.

    11.5 Enable Encryption on the Communication Channel

    The final step is to enable encryption on the controller's communication channel.

    1. In Doors.NET, go to Setup >> Hardware Setup >> All.
    2. Locate the Communication Channels node.
    3. Select the controller's specific communication channel.
    4. Ensure Advanced View is enabled for the channel properties.
    5. Locate the TLS Required entry.
    6. Ensure TLS Required is set to True.

    7. Save the channel settings.
    8. Return to the panel properties page in Doors.Net – hardware. In the “Misc\Communications” field you will see the panel as “Online (Encrypted).

    12.0 Modifying the RTE Input Settings

    If you are not using Request-to-Exit (RTE) inputs you will notice that the lock relays will activate when the controller has a memory reset. The reason is because by default, the RTE inputs are set to Normally-Closed. When the controller does a Power-On-Self-Test it checks the status of the inputs and if the circuits are open then the RTE function will activate. To prevent this from happening you should do the following on each reader:
    1. Expand the controller and then the controllers bus.
    2. Highlight one of the controller's readers.
    3. In the reader properties located on the right, locate the REX 1 Properties.
    4. In the Circuit Type field change the setting from Unsupervised, Normally-Closed to Unsupervised, Normally-Open.
    5. Then save the reader properties.
    6. The next time the controller has a memory reset the lock relays will remain inactive.


    13.0 NXT-MSC Controller Firmware Upgrade

    When you run the installer you will see a notification if the MSC controller firmware needs upgrading.

    You will also see a notification in live events when a new controller is added to the system.

    Perform the following steps to upgrade the MSC controller firmware.

    Note: It takes approximately 2 minutes to upgrade the controller firmware but there is minimal system downtime because the controller will continue to function throughout most of the upgrade process. There is just a few seconds at the end of the process where the controller will not be functioning, during which time the controller will go offline then back online again.

    1. If a firmware upgrade is required, the required revision is listed in the Status Messages grid.
    2. Highlight the controller in the hardware tree.
    3. Click on the Firmware Upgrade icon on the toolbar ribbon.
    4. Windows Explorer automatically opens a window where the new firmware revision resides.
    5. Select the correct .CRC file and click Open.
    6. A notification message appears stating that the controller will go offline momentarily. Click YES and the new firmware file will be sent.
    7. Go to live events and you will see a Firmware Upgrade Has Started message.
    8. Within approximately 2 minutes you will then see a Firmware Upgrade has Completed message (followed by numerous messages that are generated as the controller performs a self test).
    9. Go to the Controllers grid and you will see that the new firmware version will be shown.

    Your MSC controller is now ready for use.

    14.0 Export/Import Controller Settings

    Controller settings such as; strike time, auto-unlock time schedule, reader type, filters and device type settings, DDA timings, door sense and RTE configurations, Anti-Passback settings, Device and Filter settings or video camera assignment can all be exported to a template file. That file can then be imported for use on other controllers of the same type with the same connected hardware. Again, this potentially can save a considerable amount of system programming time.

    14.1 Export the Controller Settings

    1. Highlight an NXT-MSC controller in the hardware tree.
    2. Configure the controller with its desired settings; settings that you wish to be replicated on other controllers. Controller settings you might want to copy across could be; Reader Manufacture Model, Auto Unlock Time Schedule, door sense and RTE settings, Device Type and Filter assignments.
    3. Close the Hardware Setup screen.
    4. Enable Design Mode (click the Design Mode icon ).
    5. Click Setup >> Hardware Setup >> All.
    6. Right-click the configured controller and select 'Save Template'.
    7. The ExportLinkages subfolder in the DoorsNET directory is where you should save the controller template. It will automatically open up to this location.
    8. Give the template a name and click save.


    14.2 Export the Controller Settings

    1. While still in Design Mode, right-click another MSC controller that you wish to assign the settings to >> select 'Apply Template'.
    2. The ExportedLinkages subfolder will again be opened automatically, so select the template that was recently saved, then click open.
    3. You will see a task verification message - click YES to this.

      Note: You must ensure any 4x4 or GIOX modules have also been added to the same bus(es) of the un-configured controller BEFORE applying the template. Otherwise an error will occur and the template settings will not be copied across.

    4. The controller template will then be applied to the second controller.
    5. You will see another window stating which controller settings were altered.
    6. Expand the properties of the second NXT-MSC controller. You should notice that the settings exactly replicate the first controller.


    15.0 MSC Controller LED Definitions

    • D23 - Thermal Fuse LED - Should be off - If LED D23 is green then the power wires are reversed if LED D23 is red then the controller is drawing too much current.
    • D25 - Power LED - Should be solid green.
    • a (D21) - 10/100 status LED - Should be solid red
    • b (D22) - Link status LED - Should be solid green
    • c (D23) - Network activity LED - Should be flickering red
    • d (D48) - Controller heartbeat LED - Should be flickering red
    • e (D49) - Gateway communications LED - Should be slowly flickering green
    • f  (D50) - Bus 1 communication LED - Should be solid red
    • g (D51) - Bus 2 communication LED - Should be solid green
    • h (D52) - Bus 3 communication LED - Should be solid red
    • i  (D52) - Bus 4 communication LED - Should be solid green
    • j  (D1)   - Bus 1 activity LED - Should be flickering green
    • k (D6)   - Bus 2 activity LED - Should be flickering green
    • l  (D11) - Bus 3 activity LED - Should be flickering green
    • m (D16) - Bus 4 activity LED- Should be flickering green


    Note: The bus communication LEDs will be off when there is no reader or peripheral (i.e RIM, 4x4 or GIOX) connected to the bus.

    Note: The bus activity LEDs will all be solid green when the MSC controller has been factory reset and is awaiting configuration.

    • n (D3) - Lock relay 1 status LED - Should be solid red when lock relay is energized
    • o (D8) - Lock relay 2 status LED - Should be solid red when lock relay is energized
    • p (D13) - Lock relay 3 status LED - Should be solid red when lock relay is energized
    • q (D18) - Lock relay 4 status LED - Should be solid red when lock relay is energized
    • t  (D54) - Bus 1 over current LED - Should be off
    • u (D55) - Bus 2 over current LED - Should be off
    • v (D56) - Bus 3 over current LED - Should be off
    • w (D57) - Bus 4 over current LED - Should be off

    Note: If LED t, u, v, or w is red, that individual bus is drawing too much current and the bus is shut down to protect

    the controller. When this condition is corrected, the LED will turn off and the bus will be activated.


    Note: PCBs at revision F or greater have the RS-485 Bus Over Current LEDs (t, u, v, and w). PCB revisions earlier

    than revision F do NOT have these LEDs.

    16.0 Further Controller Setup Information

    Now that the controller is added to the software you are ready to start configuring other aspects of the Doors.NET system, such as; setting up access groups and time schedules and adding cardholders. All these subjects and many more are covered in the comprehensive help file which is included with Doors.NET.

    The quickest and easiest way to access the help file is to press the F1 key while on any of these screens. If you are on the cardholders screen for example (Home >> Cardholders) and then press F1, the help file will automatically open up on the cardholders section.

    P/N: 02349-001 Rev B

      • Related Articles

      • NXT-MSC Controller - Setup an Airlock/Mantrap

        1.0 Introduction The airlock features is available on NXT-MSC or Mercury SCP controllers when Area Control is enabled on the license. This is so that you can set up two or more areas as 'airlock' areas. Anti-passback is not required for airlocks to ...
      • How do I Setup an NXT-MSC Controller?

        How do I setup an NXT-MSC 2-door or 4-door controller in the Doors.NET software? An NXT Mercury-powered (NXT-MSC) controller is added to Doors.NET via an Ethernet connection and there are two options; either the controller obtains its IP address ...
      • NXT-MSC - Controller Encryption

        1.0 Introduction The ability to encrypt the communications path is needed when that path includes a network that is shared and carries other data. In the case of a serial connection, physical access to the communication wires is required and ...
      • NXT-MSC Controller - Setup Anti-Passback

        1.0 Introduction The Anti Passback (APB) feature provides one-way card access into and out of a secure area. It prevents a cardholder from using their card and then passing that card back to someone in order for them to gain unauthorized access. ...
      • NXT-MSC - Controller Internal Configuration

        Effective from Doors.NET v4.0.3 it is now possible to make various controller configuration changes within Doors.NET rather than via a web browser. This section explains how to access the controller internal configuration and which configuration ...