You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.

DW Cloud System is Unreachable or Offline

DW Cloud System is Unreachable or Offline


Affected Roles:  All Users

Related Digital Watchdog VMS Apps:  DW Spectrum IPVMS

Complexity:  Medium

Software Version:  Version 5.0 and newer

Last Edit:  September 21, 2022


DW Cloud Remote Connection

DW Cloud is a major component of DW Spectrum IPVMS and extends the functionality of DW Spectrum Systems over the Internet. DW Cloud allows users to remotely access their DW Spectrum System from an external network without port forwarding. Users can connect with their DW Spectrum Systems using any of the DW Spectrum Client platforms (desktop, mobile, Web Admin, DW Cloud Web Portal).

A DW Cloud-connected System can be accessed using a direct IP address, STUN, or through the DW Cloud mediator. While a system is connected to DW Cloud, the DW Spectrum Client will show the connection status with the Server. However, when the Client shows that the System is “Offline” or “Unreachable” through DW Cloud, there is likely an explainable cause.

System Unreachable or Offline

What does it mean when the Client shows that a DW Cloud System is “unreachable” or “offline”?

  • Offline – the DW Spectrum System is not able to communicate with the DW Cloud and access to the System is unavailable. This may be due to the Server being stopped, Server access becoming completely cut off, or your Client device does not have Internet access.
  • Unreachable – the DW Spectrum System is online and in an operating status but is unable to be reached by your Client connection through DW Cloud due to unforeseen reasons.

Common DW Cloud System Connection Issues

Firewall Configuration & Network Restrictions

While DW Cloud does not require extra configuration to work in a general networking environment, other than Internet access, but sometimes a required service can become blocked by an enterprise/local network firewall.

This is likely to occur when a company is blocking outgoing and incoming connections to any URL that was not granted specific permission, preventing the necessary communication between the DW Cloud Mediator and DW Cloud Relay (see the DW Cloud Overview article for more details), leading to connection loss.


To guarantee connectivity to DW Cloud-based services, add DW Cloud and DW Spectrum related end-points to your Firewall Pass List.

Self-signed Certificates

Locations that have strict network policies may limit the incoming and outgoing traffic. In these cases, devices are typically required to remain within the enterprise network and to use a recognized SSL certificate to access the enterprise network.

By default, DW Spectrum IPVMS uses self-signed certificates. Sometimes this may lead to the System becoming unable to be accessed from outside of an enterprise network as a self-signed certificate, while securely encrypted, is not from a paid certified source.

Alternatively, if you have upgraded the System from an older version of DW Spectrum (v4.2 or older), the self-signed certificate may have expired and be preventing HTTPS connections from being successfully established.


If the issue is due to a self-signed certificate expiring, delete the old self-signed certificate and restart the DW Spectrum Server. This will allow the system to generate a new self-signed certificate as a replacement.

For more information, read the DW Spectrum IPVMS SSL Certificate Management article.

DST Root CA X3 Expiration (September 2021)

If you are using a Windows OS (e.g. Windows 10/11/server/IOT, etc.), there is a possibility that you may encounter an issue where the root CA certificate has expired. This may create issues with your System establishing connections with AWS correctly. While it does not affect daily Internet browsing, it can be an issue when trying to access services that force the use of secure connections (HTTPS).

If you update your System to DW Spectrum 5.0, and it unexpectedly becomes unreachable via DW Cloud connection, it is likely that the DW Spectrum Server is experiencing a certificate verification issue. The DW Spectrum Server program relies on the OS to provide a list of trusted root certificates. If you’re using an older Windows version without the latest updates, it is likely the OS could be missing the new root certificate (ISRG Root X1) and requires that it be added to the System. 

In rare cases, you might encounter some unexpected issues while both the “ISRG Root X1” and “DST Root CA X3” root certificates are presented in the system, so you may need to delete the expired “DST Root CA X3” certificate from your OS.

For more information, read the DW Cloud and Server Connection Issues After Upgrading to 5.0 article.