Windows installation guide


This guide describes Mideye Server 5 installation, upgrade and uninstall procedures for Windows server. This document refers to the Pre-install checklist.


Before executing the Mideye Server 5 installation package you need the following:

  1. An updated Windows Server platform.
  2. An empty database on Microsoft SQL or MySQL dedicated to Mideye. This empty database must be created before executing the installation package.
  3. If Windows SQL Server 2008 or 2008R2 is being used follow the instructions below after a successful installation:
    1. Go to “C:\Program Files (x86)\Mideye Server 5\config”
    2. Edit file “application-prod.yml”
    3. Go to row “Jpa:”
    4. Change “org.hibernate.dialect.SQLServer2012Dialect” TO   “org.hibernate.dialect.SQLServer2008Dialect”
    5. Restart the server.

Administrator Account

In order to install Mideye Server 5, it is necessary to execute the installation package as a local administrator.

Obtaining the Installation Package

Mideye Server installation package can be downloaded here with username and password provided by Provide your phone number when asking for credentials since the download page is protected with two-factor authentication.


For required firewall openings, please refer to the Firewall section of the Pre-install checklist. During the initial server configuration, the communication between the Mideye Server and the secondary Mideye switch will be verified. This firewall opening must be completed before it is possible to proceed with the installation.

Installation Path

The Mideye Server default installation folder is C:\Program Files (x86)\Mideye Server 5, but this can be changed during the installation. In this document, all the paths referring to the Mideye Server’s installation directory are referred to as %installdir%.

Server installation

Execute the Mideye Server installation package as a local administrator and follow the instructions on the screen.

To proceed further, accept the license agreement.

Specify what TCP port the web service should be listening to. The default port is 443.

Mideye Server 5 comes with an auto-generated self-signed certificate for the web GUI. A custom certificate can be manually imported later using the web GUI.

Type the FQDN of the host

Specify the IP/hostname and TCP port of the Microsoft SQL Server. The default value is 1433. Next, enter the name of the created empty database dedicated to Mideye. If a Windows account is used to connect to the database, add the domain in the “Domain (Optional)” box. Enter the username and password.

Note that in Mideye Server 5.5.5 and previous releases there is a bug in the “Test Database Connection” function that might return an error when testing with a domain user. If the credentials are correctly entered, continue with the installation as normal. When the installation is complete, check that the database if populated with the tables and that the Mideye service is running.

If using any other database than Microsoft SQL Server, these configuration settings will not work. Instead, the database properties need to be manually entered in the configuration-prod.yml located in %installdir%\config after the server installation has succeeded. Open the file as an administrator and add the database URL manually. The syntax of the URL is explained in the file.

Configure the properties for the database connection

Select the installation directory and press “Next”.

Installation Directory

By clicking on “Install” the Mideye Server installation will start. The install procedure will extract the files from the installation package to the selected directory.

Start installation

The next window confirms that Mideye Server was successfully installed. The Mideye web interface IP or hostname can be reached from your favorite browser on the TCP port selected in the installation. If you can not access the GUI from a remote browser, you should install a browser of choice on the local Mideye server host. It is not recommended to use the Windows default browser.

Installation Confirmation

If a connection to the Mideye Server Web GUI fails, verify that the MideyeServer service is running on the Mideye Server. See the section Troubleshooting for further troubleshooting.

Initial server configuration

The first time browsing to Mideye Web GUI, two options will be presented:

Create a new clean Mideye Server 5

Selecting “New” will give the option to configure a new server, with no imported settings.

Import settings from Mideye Server 4

As an option, settings from an existing Mideye Server release 4 can be imported. See the section Import wizard for further details.

New installation

The following section will show a new installation of Mideye Server 5. Before proceeding, make sure to have the customer-specific TCP port available. Contact for further information.

Select installation type “New Installation”
Enter the Setup Challenge located in the mideyeserver.log

To protect the web interface from unauthorized access, a challenge from the Mideye Server logs must be fetched before proceeding. This challenge is located in %installdir%\log\mideyeserver.log and can only be accessed by local administrators.

Copy the challenge and paste into the Setup Challenge window
Create a strong password for the root user

Enter the customer-specific TCP port obtained from Mideye Support. The Web GUI will automatically try to connect to secondary public Mideye Service based on the TCP port provided, and the connection must be established before proceeding. DNS records are used for accessing this service (, and if no DNS is available on the Mideye Server the IP address can be added manually using the “Show advanced settings”. Replace the hostnames with the following IP addresses:

  • :

If no connection can be established, make sure that no firewalls are blocking the TCP-traffic between the Mideye Server and Mideye’s public secondary service. For further troubleshooting, contact

When the “Connection to Secondary Mideye Switch is valid” shows up with a green bar, select “Continue”.

Be advised, that during a new installation, the Mideye Server will only be able to contact The firewall opening to will first take place after traffic has been sent from the customers Mideye Server to This will take a few days to complete. During this time, the installation can be completed and traffic will be handled by

Enter the customer-specific TCP-port obtained from Mideye Support

The next step of the initial server configuration will add an LDAP profile for searching user accounts. This step is optional and by clicking “Skip,” this step can be ignored.

  • Give the LDAP profile a friendly name and choose “LDAP Server Type”. Add the IP or the hostname of the LDAP server and specify which port to use.
  • The Mideye server needs a service account with read permissions to the LDAP catalog. The account can be specified with DN or with UPN.
  • Check the LDAPS box if TLS protection should be used. Make sure to select the correct port if enabled. Click “Fetch certificate” to import the certificate.
  • Add the search base of the LDAP directory. This must be specified in DN-format.

Click “Test connection” to verify the settings, and try to find a user with the “Find User” button. As an option, user search can be restricted to certain groups by adding group names (DN format) in the Group(s) field.

Add an LDAP-server as an optional step

Final step is to add a RADIUS client. This step is optional and can also be done later.

  • Give the RADIUS client a friendly name.
  • Specify an IP or hostname of the client.
  • Add a shared secret for the RADIUS client.
Configure a RADIUS client

Review the configuration and click “Finish Setup”


Once the post-installation is done, simply login to the Web GUI using the root account. For further configuration of the Mideye Server, see the Reference Guide.

Import wizard

It is not possible to directly upgrade from Mideye Server 4 to Mideye Server 5, but there is an option to migrate configuration data with the import wizard. The import will also include the last 100 000 login statistics and accounting entries from the last year. It is recommended to keep a backup of the old R4 database if older statistics and accounting data must be retained.

Before proceeding, make sure you have the following information available:

  • IP or hostname of the old SQL-server
  • Name of the database
  • Credentials with read access to the database
  • Mideye Server 5 must be able to contact the Mideye Server 4 database
Select installation type “Import settings from Mideye Server 4”
Review the overview of the import wizard
Enter the setup challenge

To protect the web interface from unauthorized access, a challenge from the Mideye Server logs must be fetched before proceeding. This challenge is located in%installdir%\log\mideyeserver.log and can only be accessed by local administrators.

Database configuration

Select what kind of database that should be used to migrate the settings to Mideye Server 5.

  • Enter the IP or the hostname of the old Mideye Servers database
  • Enter the port used by the old database
  • Enter instance (if applicable)
  • Enter domain if Windows account is used
  • Enter Database name
  • Enter username and password

Click Continue to connect to the database.

Note that this wizard will only work with release 4.6.5 and above. If an older version is installed, upgrade to a newer version of Mideye Server 4 before proceeding.

Verify connection

Review configuration data that will be imported.

Review the summary and click “Done”

Progress bars will show the import status. The current version (5.0) might not show the bars in all web browsers. If that’s the case, make sure the migration is completed by viewing the log file %installdir%\log\mideyeserver.log before refreshing the page.


If a previous version of R5 is already installed, the installation package will give an option to upgrade the Mideye Server. Note that upgrade from releases prior to R5 will not work, please refer to the Import wizard section for instructions how to automatically import Server R4 settings.


Before proceeding with an upgrade, take a backup of the Mideye Server file system and the Mideye database. Some files containing customized settings may need to be replaced after the update.

Mideye Server file system

To take a backup of the Mideye Server, copy or compress the whole Mideye Server installation directory. The default directory is:

C:\Program Files (x86)\Mideye Server 5


To back up a database on Microsoft SQL Server, use SQL Server Management Studio. Right-click the database used by Mideye and choose “Tasks” followed by “Back up”.

To take a backup of the Mideye Server database on MySQL, run the following command:

# mysqldump -u[username] -p[password] [database name] > mideye_backup.sql

where [username]/[password] are the database login credentials.

Upgrade from Mideye Server 5.x

The installation package will automatically detect if a previous version of R5 is installed. To execute the installation/upgrade package, local administrator privileges are required. Upgrade involves a service re-start with an approximate downtime of 40 seconds.

In Mideye Server 5.7.2 there are two changes made to Mideye Server, TOTP with on-premise seeds and encryption of RADIUS shared secrets, that affects the database. See the release notes.
For an installation that consists of two or more Mideye Server that uses the same database special consideration needs to be taken when updating.

The first Mideye Server to update should be the cluster leader. It will encrypt the RADIUS shared secrets which makes the secondary Mideye Server unable to read them from the database and thus stop working. The keystore and the keystore password then needs to be copied from the cluster leader to the secondary Mideye Server(s). See the “Copy keystore and password” section in Cluster settings.


If the latest version of the Mideye Server is already installed, executing MideyeServer.exe will give you the option to remove it. Removing the Mideye Server keeps the database, configuration and log files intact. These can be removed manually.

Uninstall Mideye Server
Uninstall Mideye Server


Cluster settings

In case two or more Mideye Servers are configured to share the same database, only one of them should be configured to execute scheduled database cleanup (cluster leader). The cluster leader should be the first Mideye Server that is set up and connected to the database.

In the server(s) not intended to be cluster leaders, open \Mideye Server 5\config\application-prod.yml as an administrator. Navigate to the application section and add (or modify)

cluster-leader: false

See example below:

    switch-port: 20460
    log-path: C:\Program Files (x86)\Mideye Server 5\log
    # In case the Mideye server is running in a cluster with
    multiple instances against a clustered database
    # set this to false in the minion instances to prevent
    potential deadlocks for scheduled cleanup jobs.
    # The default value is true as this is the commonly used
    cluster-leader: false

Copy keystore and password

With Mideye Server 5.7.2 comes the introduction of encryption of shared secrets and TOTP with on-premise seeds.
When setting up an environment with two or more Mideye Servers that will use the same database, the first Mideye Server (the cluster leader) that connects to the database will encrypt the shared secrets and the TOTP seeds.
After installing the secondary Mideye Server(s) the keystore and the password to the keystore must be copied from the cluster leader to the secondary Mideye Server(s), so that they also can read the encrypted data from the database.

To copy the keystore:
The default path to the keystore is:
C:\Program Files (x86)\Mideye Server 5\config\keystore.pfx

Copy the file, move it over to the secondary Mideye Server(s) and replace the existing file there.

To copy the keystore password:
The password to the keystore is stored in:
C:\Program Files (x86)\Mideye Server 5\config\application-prod.yml

Search the file for “key-store-password”, put the same password in the corresponding file on the secondary Mideye Server(s). 

Modify database configuration

Open \Mideye Server 5\config\application-prod.yml as an administrator. Navigate to the database section (see example below) and modify according to the new database settings.

driver: net.sourceforge.jtds.jdbc.Driver
url: jdbc:jtds:sqlserver://localhost:1433/mideye;;prepareSQL=2;useNTLMv2=true

    username: "username"
    password: "password"

Other configuration changes

For further configuration of the Mideye Server, please refer to the
Reference_Guide .


A list of the most common problems are listed below. If the Mideye Server service fails to start after installation, look for error messages in the log file located in %installdir%\log\mideyeserver.log

Error message: ERROR [XNIO-2 task-19] HikariPool: HikariPool-2 - Exception during pool Login failed for user ''.

This error message is due to invalid credentials to the SQL database. Verify the configuration in %installdir%\config\configuration-prod.yml. Also, check the database log files. Manually start the Mideye Server service from Services.

Enable TCP/IP 1433/tcp on MS SQL Server Express

If the express version is used, TCP/IP is not enabled by default. This can be enabled from “SQL Server Configuration Manager”, submenu “SQL Server Network Configuration”. Once enabled, open properties for TCP/IP and add 1433 to ‘TCP Port’ at the bottom of the window (IPAll).

SQL Server Configuration Manager
SQL Server Configuration Manager

Support Contact

Phone: +46 (0)854514750