Introduction
Dante Domain Manager (DDM) is supplied as a server ‘appliance’, in the form of an ISO file containing both the application and the underlying Linux operating system. This is for user convenience and security reasons.
Dante Domain Manager has been supplied with the CentOS7 Linux distribution since it was initially launched. With CentOS7 going out of support in June 2024, we have replaced it with Rocky 9 as of DDM version 1.7.
As we are replacing the operating system as well as updating the DDM application in the 1.7 release, it is not possible to upgrade versions within a running installation, as is the case with normal application updates. Instead, it is necessary to install DDM 1.7 as a fresh installation, using the backup and restore function of DDM to maintain your working configuration.
Please follow this guide when upgrading to DDM 1.7 from any previous version.
Summary Upgrade Process – Standalone DDM Servers
-
Save existing configuration and make a note of settings
-
Install DDM 1.7 as a new instance, restoring configuration
-
Transfer license
-
Check network settings and TLS certificates
-
Ensure the new instance has the original DDM server IP address (DNS should now point to the new instance)
-
Test operation and device status.
Summary Upgrade Process – DDM HA Clusters
-
Save existing configuration and make a note of settings
-
Install DDM 1.7 as a new Node 1 instance, restoring configuration
-
Install DDM 1.7 as new Node 2 and Arbiter instances
-
Disband the old HA Cluster
-
Transfer licenses from Nodes 1 & 2
-
Check network settings and TLS certificates
-
Recreate a new HA cluster, using the original Virtual IP address (DNS should still point to this Virtual IP address)
-
Test operation and device status.
1. Prerequisites
-
- Please ensure your DDM Support & Maintenance is current. This is provided on an annual basis to customers holding DDM Perpetual Licenses (please note, customers holding a current DDM Subscription or Term License do not require additional Support & Maintenance).
- You can check this in the Dante Domain Manager web interface in ‘Settings: License Management: Software Updates’.
- If you need to renew your DDM Support & Maintenance please contact your authorized reseller directly, or contact Audinate sales for more information.
- Note: You will not be able to activate a newer version of Dante Domain Manager unless your Support & Maintenance is current.
- Please ensure you have Site Admin access to Dante Domain Manager, as well as access to the host server including the Virtual Machine host (if using a VM).
- Please be prepared to create a new Virtual Machine (or, a bare metal server) to install DDM 1.7 before you decommission your existing installation.
- DDM performance can be severely impacted if the minimum system requirements are not met. Please see the System Requirements for the Physical Host Machine section in the user guide.
- Please see the technical documentation for installation guides for Hyper-V and VMWare ESXi®.
- Please ensure your DDM Support & Maintenance is current. This is provided on an annual basis to customers holding DDM Perpetual Licenses (please note, customers holding a current DDM Subscription or Term License do not require additional Support & Maintenance).
2. Prepare
- Save a copy of your current configuration.
- Use the Dante Domain Manager web interface in ‘Settings: Updates & System Information: System Configuration’.
- The file can be kept on the machine you use to access the web interface of both the old and new DDM installations.
- Make a note of network settings.
- These settings may not be restored from your saved configuration.
- See the Dante Domain Manager web interface in ‘Settings: Network & Security: Network’.
- Also note the IP address of the node. Use ‘Settings: Network & Security: Network: Run Diagnostics’ to show this information.
- For HA systems, record the Virtual IP address, both nodes and the arbiter. See ‘Settings: High Availability’.
- Keep a copy of your TLS Private Key and Certificate.
- See ‘Settings: Network & Security: Security’.
- You may copy the TLS Private Key and Certificate from the web interface and store it securely on the machine you use to access the web interface of both the old and new DDM installations.
- Make a note of your DDM Product Key.
- You will need this to activate your new DDM 1.7 installation (after you have deactivated your existing version).
- The DDM reseller / integrator will have provided the product key when DDM was first purchased / installed.
- You can copy this from the old DDM web interface in ‘Settings: License Management: Product Key’.
- For some customers, it is also available in My Products on the Audinate website.
- For HA Clusters – make a note of the Virtual IP address.
Following steps 3, 4, 5 are for Standalone DDM Servers
3. Install DDM 1.7
-
Make a new VM according to the prerequisites (or, prepare a new bare metal server if preferred).
-
Load the DDM 1.7 ISO & run the new install (See DDM Support for VM-specific installation guides).
-
Run the DDM appliance menu on the new server and ensure the network is operational enough for you to access the web interface. If you are still running the old DDM, use a temporary IP address for now so you can access both versions.
-
Open the web interface, review and accept the EULA.
-
Choose ‘Restore configuration’ then upload the file you created earlier.
-
Log in with your previous Site Admin credentials (which are restored with the configuration).
4. Swap to the new DDM version
-
Deactivate your license in the old DDM. Use ‘Settings: License Management: Product Key: Deactivate’ in the old DDM web interface.
-
Keep a copy of the Product Key so you can activate your new version!
-
This is required before you can activate your DDM 1.7 installation using the same license.
-
Note that this may interrupt the operation of your DDM enrolled devices.
-
-
Use the product key to activate your new version in the web interface.
-
Re-install your TLS Private Key and Certificate (in the new web interface in ‘Settings: Network & Security: Security’).
-
Check your network settings and update if needed (in the new web interface in ‘Settings: Network & Security: Network’).
-
Configure your network to ensure that the new server has the same IP Address as the original DDM server.
-
Note: It is important that the IP Address of the new DDM installation matches the previous installation, as many Dante devices use IP address to find the Domain Manager.
-
If you are using DNS, it should now point to the new server at the original IP address.
-
-
Turn off the original DDM server and ensure it is not set to ‘Auto Start’.
5. Test
-
Check domains, devices and status in new DDM web interface. At this point, all devices should be connected to the new DDM instance and working normally.
-
Launch Dante Controller from DDM and check devices, routing and status.
-
You can use the ‘View in Dante Controller’ button from ‘Domains: [any domain]: Domain Details’ in the DDM web interface to easily launch Dante Controller logged in to DDM and with the domain selected.
-
Note, this feature requires Dante Controller v4.7 or later. Download the latest version.
-
Following steps 6, 7, 8 are for DDM HA Clusters
6. Install DDM 1.7 on all nodes
-
Make 3 new VMs (or bare metal servers) for the primary node, auxiliary node and arbiter according to the prerequisites.
-
Load the DDM 1.7 ISO & run the new install for each node (See DDM Support for VM-specific installation guides).
-
Run the DDM appliance menu on each new node and ensure that the network is operational enough for you to access the web interface.
-
Assuming you are still running the old DDM HA cluster, use new IP addresses for each node for now, so you can access both versions.
-
-
For the primary node:
-
Open the web interface, review and accept the EULA.
-
Choose ‘Restore Configuration’ then upload the file you created earlier.
-
Log in with your previous Site Admin credentials (which are restored with the configuration)
-
(Note – you will activate in the next step after de-activating the old primary node)
-
-
For the secondary and arbiter nodes:
-
Open the web interface, review and accept the EULA.
-
Choose ‘High Availability Redundant Node’ and ‘High Availability Arbiter’ respectively.
-
7. Swap to the new DDM HA cluster
-
Access the web GUI for the original active node.
-
Disband your HA cluster before de-activating. Go to ‘Settings: High Availability’, Click ‘Disband’
-
Note that this will likely interrupt the operation of your DDM enrolled devices.
-
-
Deactivate your license in the old DDM Primary node.
-
This is required before you can activate your new DDM 1.7 HA cluster using the same license.
-
Use ‘Settings: License Management: Product Key: Deactivate’.
-
Keep a copy of the Product Key so you can activate your new version!
-
-
Deactivate your license in the old DDM Auxiliary node.
-
Use the deactivate button on HA node screen.
-
-
Activate your new primary and auxiliary nodes using the original product key.
-
Note, the Arbiter node does not require activation.
-
-
At this point you should have 3 new working nodes: Primary, Auxiliary and Arbiter, ready to create your new cluster.
-
Check settings in the Primary node web interface:
-
Re-install your TLS Private Key and Certificate (in ‘Settings: Network & Security: Security’).
-
Check your network settings and update if needed (in ‘Settings: Network & Security: Network’).
-
-
Create the new HA cluster:
-
In the new Primary node, go to ‘Settings: High Availability’.
-
Add the IP addresses of the Primary, Secondary and Arbiter nodes.
-
IMPORTANT: use the same Virtual IP address as your old cluster. This is used by many Dante devices to connect to the DDM cluster.
-
Save the settings. This should allow the new HA cluster to be created.
-
Check that the cluster is working and all nodes show ‘healthy’.
-
-
If you are using DNS, it should now point to the new HA cluster at the original Virtual IP address.
-
Turn off the original DDM nodes and ensure they are not set to ‘Auto Start’.
8. Test
-
Check domains, devices and status in new DDM Web GUI, accessed by the HA Virtual IP address. At this point, all devices should be connected to the new DDM instance and working normally.
-
Launch Dante Controller from DDM and check devices, routing and status.
-
You can use the ‘View in Dante Controller’ button from ‘Domains: [any domain]: Domain Details’ in the DDM Web GUI to easily launch Dante Controller logged in to DDM and with the domain selected.
-
Note, this feature requires Dante Controller v4.7 or later. Download the latest version.
-
-
If required, test failover between HA nodes.
-
In ‘Settings: High Availability’, click ‘Change Active’
-
Check that the HA settings show the active node has switched, and all nodes are still healthy, after a minute or so.
-
Check that the devices have successfully reconnected.
-
Known issue: in some cases, devices will show ‘offline’ in DDM after switching active nodes, but still show in Dante Controller. Rebooting the devices will fix this.
-
-
Re-launch Dante Controller and check that devices are still working properly.
-
Switch back to the Primary node and check again.
-
If you update or install DVS 4.4 on MacOS 10.14 or before, the license field will not populate and there is no error message.
This version of DVS does not support 10.14 or previous, please update your MacOS version to 10.15 or above.
If your computer is unable to update the Operating System, the 4.3.1.1 version of DVS is available here DVS 4.3.1.1
Using the uninstall utility we provide in the download package, remove DVS.
Do not drag it to the trash, this will break our manager service.
Restart the computer, and uncheck the option to reopen windows after restart.
Install 4.3.1.1 and it will allow you to enter the license ID.
If you see following error message on your Mac after upgrading OSX, make sure that Dante Virtual Soundcard is allowed to run in the background.
How to check if its allowed to run in the background?
Go to System preferences -> General -> Login Items, and enable Dante Virtual Soundcard, and Audinate Pty applications.
What Is a Transferable DVS License?
From DVS 4.3 it is now possible to purchase or upgrade to a Transferable DVS license. With this license you can deactivate a license from one machine in order to move it to another.
Customers can now purchase either the Transferable License ($US79.99) or the Single Machine License ($US49.99); and also upgrade a Single Machine License to a Transferable License through an online transaction for $US29.99.
A bundle of DVS Transferable License and Dante Via is also available for US$99.99
Who is it for?
This is for customers who have purchased a new machine and wish to continue to use their existing DVS license. Customers who have the need to change the machine that DVS is used on will benefit from purchasing a Transferable DVS license instead of a Single Machine license.
It is also useful for customers who have multiple machines they swap between periodically and customers who create temporary deployments then wipe their machines after an event, for example.
How does the Transferable license work?
DVS Transferable License is purchased and activated in the same way as a Single Machine License.
DVS Transferable License can be moved between machines indefinitely, although each license is designed to work on a single machine at once (it must be deactivated before being used to activate a different machine).
Unlike the Single Machine License, which can operate offline indefinitely after it is activated, DVS Transferable must ‘phone home’ via the Internet at least every 30 days to keep working.
When used with a Transferable License, DVS 4.3+ will show additional information and controls in the ‘Licensing’ tab including:
- ‘De-activate’ button which releases the license activation so it can be used on a different machine
- Number of days until it needs to ‘Phone home’ with an active internet connection in order to keep operating
- ‘Refresh Now’ button which phones home straight away and resets the counter to a full 30 days, to prepare for a period of offline operation
When used with a Single Machine License, DVS 4.3+ will show an ‘Upgrade’ button which will direct customers to a check-out page where the upgrade for that license can be purchased.
What happens if DVS is deactivated; or is not able to phone home in time?
DVS will effectively ‘stop’; that is, it will not show up in Dante Controller or as a sound card.
If DVS has stopped because it was unable to phone home in time, allowing the machine to connect to the Internet and clicking ‘Refresh’ in the Licensing Tab’ will allow it to start again (assuming the license is still valid / not activated on another machine).
What if I need to run DVS on an offline machine for extended periods of time?
In this case we recommend the Single Machine License.
Can the Transferable License be used with earlier versions of DVS?
No, this is not recommended.
If activated with a Transferable License, DVS versions prior to 4.3 will generally start and run; however it:
- Will not show correct details in the Licensing tab
- Will still need to phone home, but will not show any timing information or warnings
- Will not offer the ability to ‘refresh’ the activation manually (thereby allowing a full 30 days operation offline)
- Will not show the option to de-activate the machine in order to transfer the license (although this can be still done in my.audinate)
Customers are encouraged to upgrade to DVS 4.3+ before purchasing or upgrading to DVS Transferable License.
Can the Transferable License be downgraded to a Single Machine License?
No. Once the license has been upgraded, it is not possible to go back to a Single Machine option.
How do I recover a Transferable License that’s on a lost or stolen computer?
If a computer is lost, stolen or erased, you can recover a Transferable License so you can use it on another machine. Please find your License in your account on Audinate.com and click “Recover”, then follow the prompts.
Dante Domain Manager is distributed as a software ‘appliance’ and is based on CentOS7 Linux distribution.
We are aware that CentOS7 is approaching End of Life (30 June 2024) and we are working on finding a replacement.
Some users have reported compatibility issues with newer server hardware (including Network Interface Cards) due to the lack of driver support in CentOS7, when running Dante Domain Manager as a bare metal install.
We strongly recommend installing DDM on top of a Type 1 virtualization platform such as VMWare ESXi® or Hyper-V to avoid this issue.
For Dante Domain Manager customers intending to use a bare metal install, please check for compatibility before specifying server hardware. Information can be found on the CentOS forums: https://forums.centos.org/viewforum.php?f=49
Affected Products / Versions: Third-party products that utiliseDante Application Library for Windows v1.2.0 and earlier
Publication Date: 7 December 2022
Summary:
A security vulnerability (CVE-2021-23748) in mDNSResponder.exe contained in Dante Application Library for Windows v1.2.0 and earlier has been published.
This vulnerability only affects products that utilise Dante Application Library for Windows and does not affect any other Dante hardware or software products that include mDNSResponder.exe.
Details:
mDNSResponder.exe v1.3.1 and earlier is vulnerable to a DLL side loading attack. This executable is a component built specifically for Dante Application Library for Windows v1.2.0 and earlier
This could allow a local attacker with access to the PC running Dante Application Library the ability to execute arbitrary code. It is not possible to remotely exploit this vulnerability.
Remediation:
An updated mDNSResponder.exe v1.3.2 has been released to all affected third parties as part of Dante Application Library for Windows v1.2.1; and as a standalone security patch for Dante Application Library for Windows v1.2.0 and earlier
If you believe you are running software that utilises Dante Application Library for Windows, please contact the third-party vendor for a software update.
References:
CVE-2022-23748 – https://nvd.nist.gov/vuln/detail/CVE-2022-23748
CAPEC-641 – https://capec.mitre.org/data/definitions/641.html
All Dante devices in a given domain lock directly or indirectly to one single Grand Leader clock device.
In the case of domains for which all devices reside on the same IP subnet, the standard Dante method of multicast PTP clocking is used. One clock Leader device is automatically elected or manually specified, which broadcasts the clock signal via multicast PTP, and all other devices follow their own clocks to that Leader device.
In the case of domains that span subnets, one Grand Leader clock device is automatically elected (or manually specified) for the domain, and one boundary clock device will be automatically elected for each subnet (identified as the ‘unicast clocking’ device in the DDM clocking settings). Usually, the Grand Leader will also act as the unicast Leader for its own subnet.
The Grand Leader transmits the PTP clock signal via multicast to the follower devices in its own subnet, as is the case for traditional Dante networks. The elected unicast clock in the Grand Leader’s subnet transmits the clock signal via unicast PTP, through the router, to the unicast clock in the adjoining subnet, which in turn transmits multicast PTP to the other devices in that subnet.
The same model applies to any other subnets in the domain. This system enables synchronous Dante networks that span multiple subnets.
In a Windows multi-user environment, Dante Controller 4.7.0 can crash with the message ‘Child process exited with code 1’.
This issue has been fixed within Dante Controller 4.7.1.1, which can be downloaded from Dante Controller 4.7.1.1
If you receive the error on 4.7.1.1 or later, delete LocalAppData%\Audinate\Interprocess folder, it will be recreated after turning on Dante Controller.
Any continued errors please submit a support case and we will look into the problem.
It has come to our attention that some DDM customers are experiencing issues with the operation of the product (enrolled devices show as offline) following the recent Security Update for Microsoft Windows (KB5015807).
This issue only affects DDM customers who:
- Are running DDM on Hyper-V on Microsoft Windows
- Have security updates automatically applied; or have manually applied this update.
The suggested temporary workaround is to roll back this update or prevent the update from being installed.
We are investigating this issue and will provide more information as it becomes available. We understand the importance of keeping servers up to date with security patches over time.
The release of DVS 4.2.4.1 should resolve this issue, which can be downloaded from DVS 4.2.4.1
If the issue persists, try a full DVS reinstall through Library/Application Support/Audinate/DVS/Uninstall DVS, then restart the machine, install DVS again, then restart the machine and try running DVS.
Note, DVS requires an active physical network connection to start. Please make sure you are connected to a network before contacting support about this issue.
Affected Products / Versions: None known at this time.
Publication Date: 21 December 2021
Summary: Audinate products and services have no known exposure to the Apache Log4j security vulnerability (CVE-2021-44228) at this time. This FAQ will be updated if this situation changes.
Details: There have been recent concerns regarding the widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j, a Java logging framework. Audinate has looked for and not identified the use of the Log4j library in any of our public products and services. Our investigation continues, but Audinate products and services have no known direct exposure to this vulnerability at this point in time.
Beyond Audinate’s core products and services, Audinate utilises software products & cloud services from a range of third parties across our business. We will continue to systematically evaluate these for exposure and take remediation action as appropriate.
Remediation: None necessary at this time. This FAQ will be updated if this situation changes.
Some common causes for this problem are:
- The devices are running legacy (pre-4.0) firmware. These devices will not be auto-discovered, they must be manually enrolled via IP address. Note that legacy devices cannot route audio between subnets.
- The devices are in a different subnet to the DDM server, but you do not have DNS running on the network, or your DNS service is not correctly configured
- The devices are on the same subnet as the DDM server, but you do not have the Dante Discovery Service enabled (or DNS running)
If after correcting all problems related to the above conditions your devices are still not showing up in DDM, try enrolling them using their IP addresses. If this fails, contact your IT administrator.
You need to make sure that you are logged into the Dante Domain Manager (DDM) Server. To log in:
- In Dante Controller, click the Domain Configuration button.
- In the DDM User Login box, click DDM Server Connection.
- If you have a DNS-enabled network, choose ‘Auto Discovery’ and click OK. Otherwise, choose ‘Manual’ and enter the DDM server host name (e.g. ddm.local) or enter the DDM IP address, and the port number. This will be 8443, unless your network administrator has configured the network to use a different port. Then click ‘Use This Server’.
- In the DDM User Login tab, enter your DDM username and password and click ‘Connect’.
- Once connected, the DDM User Login tab will close automatically and you will be able to choose the domain you wish to view from the Domain drop-down menu at the top-right of the screen.
Possible errors during DDM connection:
‘Connection Refused: Incorrect Domain address or it may not be running’
If the Dante Domain Manager is running, ensure that the name and IP address of the DDM server are correct in the DDM Server Connection tab, and the Server port number is set to 8443.
- Verify host record is correct and DDM Server can reach the DNS Server by accessing DDM via a web browser using its FQDN
- The Network Diagnostics tool tells you if DDM can ping the DNS server. This can report a FAIL if the server has ICMP requests turned off (Windows Server does by default). This also will not tell you if the host record is set up correctly.
- Verify SRV records have been set up and are correct i.e. are using the domain(s) devices/controllers are getting via DHCP, DDM server FQDN is correct, ports/services are correct.
- The Network Diagnostics tool can help to verify this.
- If the domain search path set in the DHCP server has multiple entries be sure the first entry is used in the SRV/TXT records as devices only use the first entry.
- If devices are in a different DNS Domain than the DDM server this will report a FAIL in the Network Diagnostics tool but does not mean they are set up incorrectly.
- Verify the undiscovered device(s) Dante firmware is version 4.0+.
- If the undiscovered device(s) Dante firmware version is pre 4.0 (and 4.0+ firmware is not available from the manufacturer), you’ll need to associate the device with a domain using manual enrollment by IP address.
- Allow association with pre 4.0 firmware devices must be enabled the DDM’s Network & Security Settings and on a per domain basis prior to enrolling legacy (pre 4.0 Dante firmware) devices into a domain.
- Since legacy devices are manually associated with domains via their IP address, changes to their IP address will break the association, and they must be associated again.
- If everything appears to be set up correctly, you’ll need to get a packet capture of DNS traffic on the network. Note: Because this is unicast traffic between a device and the DNS server port mirroring is required.
- Devices send queries and the DNS server responds with the SRV record and DDM Server’s IP Address.
- There is a known issue where some devices are sending the proper DNS query and then sending a corrupted query that the DNS server responds with “No such name” thus making the device undiscoverable. Current work around is to enroll devices exhibiting this behavior manually via IP.
- If a device is not sending queries, Domain Credentials need to be cleared in Dante Controller.
Switch Configuration
In some macOS and switch configurations, IGMP snooping can interfere with PTP traffic to the computer’s network interface. This can prevent DVS achieving PTP sync with the network, which in turn prevents reliable audio transmission.
The easiest solution is to ‘Forward All’ multicast to the Mac. In effect, that disables IGMP snooping for that port. However, assuming the Mac has a Gigabit port, you should be fine.
This example is for a Cisco SG300 network switch. Your switch configuration may be different, please contact the switch manufacturer or your network admin for assistance with this configuration.
Network Interface
This issue may also be due to the Mac’s built-in Ethernet port blocking communication from the leader clock. To confirm this as the issue, connect a Dante enabled hardware device directly to the computer so the switch is bypassed. If the issue is still present with a direct connection, try a USB to Ethernet adapter in place of the built-in Ethernet port, which should resolve the problem.
A Dante Virtual Soundcard License can only be activated a limited number of times, and this activation limit has been exceeded.
Please be aware that the license for this software is for use on a single machine only (like a physical sound card license). The license agreement you acknowledged when you activated Dante Virtual Soundcard does not allow you to use the same license ID on multiple machines. In order to use Dante Virtual Soundcard on a second machine, you will need to purchase an additional license.
Reinstalling Dante Virtual Soundcard on a machine that it was previously installed on should not require an additional activation, and should be possible without limit.
If you believe this message is in error, please fill out this form, with the following:
- Affected Product: Dante Virtual Soundcard
- License ID: enter the license ID you are trying to use
- Case Reason: Licensing & Registration
- Subject: Can’t reinstall Dante Virtual Soundcard
- Description: Describe your situation
This symptom indicates that the Dante services cannot communicate with the Dante-enabled devices on the network. This may be caused by port blockage due to protection software, a network configuration issue, or by the failure of a background service.
Windows PCs
- Make sure that no third-party firewalls or Internet protection products are active on the computer. Dante software will automatically adjust the built-in Windows firewall. Should the firewall need manual configuration, refer to this FAQ Firewall Configuration Example
- If you have multiple network interfaces (NICs) on the computer, disable any that are not being used by Dante.
- Check the Services application (Start Menu > Control Panel > Administrative Tools > Services) to see that the Dante Control and Monitoring service (ConMon) is running. Restart this service if necessary.
MacOS
- If the machine has multiple network interfaces, disable any that aren’t required. You can also try setting the interface that Dante is using to the highest priority in the order. See macOS: Set Service Order
Network
- Ensure that the Multicast IP addresses specified within Ports & Multicast IP addresses are not being blocked by the network configuration.
Initial things to try:
- Check that the Dante Virtual Soundcard is turned on.
- Check that the network interface being used by Dante Virtual Soundcard is the correct one.
- Check the IP address settings of Dante Virtual Soundcard and ensure that the machine is in the same IP range as the Dante Controller.
macOS: If the machine has multiple network interfaces enabled, you may need to set the interface that Dante is using to the highest priority interface on the Mac. See the following tutorial for instructions macOS: Set Service Order