EDDI technical installation and troubleshooting guidance
Guidance to support the technical installation of the Emergency Department Digital Integration (EDDI) product.
EDDI Service is no longer available
The EDDI (Emergency Department Digital Integration) service is no longer available and will be decommissioned.
This means that any referral information should have been copied into local systems in accordance with existing practices.
If you have not already implemented, or are in the process of implementing NHS Booking and Referral Standard, please contact your software supplier for further information and support.
It is recognised that in some areas BaRS will not be implemented by 30 June 2024, and that services will need to temporarily revert to their previous processes.
Introduction
To ensure optimal performance when using EDDI, it is important that users have the correct IT infrastructure in place. The purpose of this guidance is to provide a consolidated set of instructions/guidelines relating to installation and troubleshooting.
This document contains the following:
- pre-deployment checklist - a checklist to ensure your organisation has considered each item prior to accessing EDDI
- desktop setup - a detailed guide on how to configure desktop PCs for use with EDDI
- connection troubleshooting - a section to identify and correct problems with the local configuration settings that may be preventing connectivity to EDDI
Checklist
This checklist is intended as a quick guide to ensure your PCs are configured correctly to access EDDI.
- Do your PCs run Windows 10? (see step one)
- Do your PCs meet the minimum hardware requirements? (see step two)
- Are you using a compatible browser? (see the Warranted Environments Specification linked in step 2. Your browser needs to be compatible with NHS Identity Agent)
- Do you have the NHS Identity Agent installed? (see step 3)
- Check that your browser and PC is configured correctly to access another smartcard authenticated national service, such as Summary Care Record or the NHS e-Referral Service (not mandatory).
- Can you successfully navigate to https://eddi.nhs.uk? If you see an EDDI screen, this test has been successful (even if you cannot sign in at this stage). If you cannot reach this site, it may also be necessary for the local IT support team to check firewall rules and allow *.eddi.nhs.uk
- Do all the appropriate users have smartcards with the correct roles assigned?
Desktop setup: requirements and configuration
To successfully use the EDDI application, the following installation and configuration steps should be followed:
Step 1: Sign in to a Windows PC
The EDDI application should only be run on a Windows PC with the latest supported operating system (currently Windows 10). EDDI may work on earlier versions of Windows (e.g. Windows 7), but these do not meet the minimum security and support requirements, specified by NHS Digital.
To set up EDDI, you will need an account on the PC that has local administrator privileges. This may require assistance from your IT support team. To access and use, EDDI needs only a standard PC user account with N3/HSCN network access.
Step 2: Ensure PC meets minimum hardware requirements
The EDDI application is a web based application that does not have a minimum specification hardware requirement, over and above that of the Windows operating system on which it is running. The more memory (RAM) that a system has, the more applications/data it can load at the same time. Additional memory may therefore be required if running multiple applications on the same PC.
Users of the EDDI application should work with their local IT providers and support staff to ensure their memory is adequate, especially if experiencing any slow response times.
The EDDI application is dependent on an N3/HSCN (Health and Social Care Network) connection.
Computer systems which access NHS Digital services must meet certain technical standards. The Warranted Environment Specification (WES) defines the client environments that we support.
Users should work with their suppliers to ensure that the N3/HSCN network provision is optimised for their needs, as this will vary between different sites.
Step 3: Install NHS Identity Agent
All information relating the Identity Agent installation process is available on the NHS Digital website.
Read more about the installation process for Identity Agent.
This step includes installing the following software:
- Java RunTime 7 or 8 32-bit
- 32-bit or 64-bit Gemalto Classic Client
- .Net Framework 3.5.1 or above
- Smartcard drivers for your Smartcard reader (see documentation for specifics)
- NHS Digital Identity Agent v2.3 or later
For any IA Client issues/questions that cannot be resolved via these sources, please contact the NHS Digital Deployment Issue Resolution Team at [email protected].
Browser requirements
The following browsers may be used to access EDDI:
- Chrome v45 or later
- Microsoft Edge v79 or later
Depending on which browser you use, the installation will be different. Please refer to the relevant section below for the appropriate browser configuration.
Chrome and Microsoft Edge
Configuration for Google Chrome and Microsoft Edge are the same.
Microsoft Edge v79 and later uses the Chromium engine open-source software. In order to use Chrome or Edge for EDDI, the NHS Digital Credential Management Application is the preferred solution
Credential Management Application (CMA)
NHS Credential Management Application (CMA) is a stand-alone, desktop application that works alongside all versions of the NHS Identity Agent for smartcard authentications.
Download the latest version of the NHS Credential Management installation file (N3/HSCN connection required to access this link). Supporting guides for installation and configuration are also available from this link. As detailed in the installation guides, this can be deployed as a silent install over a large estate, making deployment quick and simple. In order to test that your installation and configuration of the NHS Credential Management application is correct, we recommend you use the NHS CIS2 Smartcard Checker Tool .
Further information on the Credential Management Application is available.
Alternative option
If the recommended action provided above is not suitable for your users or organisation you can use Google Chrome or Microsoft Edge with plug-ins now, however we must advise that we believe that this is a more time-consuming approach for IT teams to set up and is not supported on a case-by-case basis by NHS Digital.
Appendix A - Connection and installation troubleshooting
To identify the cause of problems experienced trying to access EDDI, please complete checks 1and 2 below.
If any of the checkpoints fail, follow the guidance within the relevant subheading to resolve the problem. If you run through all the checks and have ruled out all potential local issues and are still unable to access EDDI, please call the National Service Desk.
Check 1: Insert a smartcard and expect to be prompted for a passcode
After inserting a smartcard, the Identity Agent software should immediately become active.
After a few seconds you should be presented with a prompt to enter your passcode, which will look similar to one of the following (depending on which version of Identity Agent is installed):
Result: Nothing happens
If nothing happens after you insert a smartcard, check the following:
Check the card has been inserted correctly
Most card readers require the card to be inserted with the picture facing up and visible when inserted. One exception is the Fujitsu Siemens card reader keyboard which requires the card to be inserted facing down.
Check the physical connections to the PC
The cable should be securely connected to the smart card reader and at the other end a USB port in the PC. If using a USB hub, check that there is power (if required) and that the hub in turn is connected to the PC.
Check the USB port is working
When a USB device is plugged in, the PC should check for valid drivers, test the port with a USB drive or other device. If the port is not functioning check within device manager to ensure it is installed.
Check the network availability
Test that the PC has Internet access and can access NHS web sites such as https://nww.ebs.ncrs.nhs.uk/browsercheck
If not speak to the local IT administrator to get valid IP details for the PC. Ensure network availability is available before proceeding.
Check the Identity Agent software is active
If you have HSCIC Identity Agent v2 (or later) installed, then the icon in the system tray will look as follows:
By right clicking on the icon, you will be able to get the Status of the Identity Agent or to Exit (quit the application), as shown below:
If you had quit the Identity Agent application, it can be started via the Windows Start button by navigating to the Identity Agent icon:
Result: Identity Agent brings up an error
When the card is inserted, a message box appears saying you cannot connect to the server (see below):
Check the authentication page
Open a browser window and go to https://gas.national.ncrs.nhs.uk/login/authactivate.
You should see an XML page similar to the example below:
If not, check the local network settings to ensure there is connectivity to the URL above.
Further troubleshooting information on this issue can be found in the Identity Agent documentation (HSCN/N3 access required).
Check 2: Does the EDDI page appear?
The EDDI landing page can vary depending on a person’s user profile.
If the user is able to access multiple organisations and/or locations, then EDDI displays a list of possible choices for the user to select from:
Alternatively, if the user has only one org/location but multiple roles, EDDI displays a list of roles for the user to choose from:
If the user has only one location and role, but multiple services, EDDI displays a list of services:
If the user has only one org/location and role, the system will automatically log in to the user's homepage with the ‘Daily view’ screen displayed:
Result: A blank screen is displayed
Ensure ‘Enable Meta Refresh’ is set
Ensure that the ‘Allow Meta Refresh’ variable in the trusted sites’ security settings is set to “enable”. This should be set to “enable” if the Trusted sites’ security level is set to the default (Low) level.
Check network availability
Test that the PC has Internet access and can access NHS web sites such as https://nww.ebs.ncrs.nhs.uk/browsercheck
Check that the ActiveX control is installed
EDDI uses an ActiveX control as the primary mechanism for logon in Internet Explorer.
When the Internet Explorer Add-on window pops up, check that the Name (of the ActiveX control) is IdentityAgent.dll and that the Publisher is BJSS Ltd. Click on the Install button to install the ActiveX control. Note that administrator privileges are required to complete this installation.
Check Chrome Extension is installed
If using Google Chrome browser, ensure that the Chrome Extension has been installed.
Check if the PC is running through a proxy server
Some proxy servers can be configured to deny access to JavaScripts. Check the internet settings to see if a proxy server is being used and if so ensure that the EDDI website has been set up as an exclusion, either explicitly (as in the screenshot on the left) or by use of wildcards (*.nhs.uk)
Local support may be preventing users bypassing the proxy server. If in doubt, please contact your local administrator.
Check that Windows updates are installed
It is possible the Windows hotfixes are not up to the required level.
Go to http://windowsupdate.microsoft.com to download all the latest critical updates.
Register mshtml.dll
It is possible that the version of mshtml.dll on the machine does not match its COM interface registry entries, which results in the Checking Authentication page hanging. Re-registering this DLL may resolve this login issue.
To re-register the DLL, type the following line into the command prompt:
“regsvr32 c:\windows\system32\mshtml.dll”
Local administrator privileges are required to successfully execute this command.
Check the environment settings
Check the Environment variable by right-clicking "My Computer" or “Computer” or “This PC” (depending on the Windows version on your PC), then select "System Properties" or “Properties”, then “Advanced System Settings” (if running Windows 7 or Windows 10), then "Environment Variables".
Ensure the "Path" contains C:\Program Files\Gemalto\Classic Client\bin
If the Path does not contain the above directory, reinstall the card reader software.
Check the TicketApiDll.dll file
Check that the TicketApiDll.dll file is present.
Complete a search within Windows Explorer to ascertain if there are any other files with the name TicketApiDll.dll. If multiple files are found, ensure they are of the same size and have the same version. If not, delete any older files found with caution.
Some GP system suppliers deploy a version of the TicketApiDll.dll file to the network drive. If present the version of this file should be checked.
Check the version of the TicketApiDll.dll file
If you have installed the new HSCIC Identity Agent (v2.0 or later), then the TicketApiDll.dll version will be 1.0.1.0 or later. Earlier versions of the TicketApiDll.dll file are not compatible with the ActiveX control and are no longer supported.
If you have a different or unsupported version, then the recommended approach is to reinstall the Identity Agent to ensure the correct versions are installed rather than deleting or replacing manually.
Check the JAR file
Search for the file name GATicket.jar on the local drive and ensure there is a copy of the file within C:\Program Files\Java\<latest JRE directory>\lib\applet or
C:\Program Files (x86)\HSCIC\Identity Agent directory, and that all other instances are removed.
Check the EDDI roles
It is necessary for EDDI to synchronise with the Spine Directory Service (SDS) to pick up any new users. This synchronisation can take up to an hour. Therefore, a user will need to allow for this period to elapse after their RA Manager has issued their smart card, prior to logging on for the first time. In addition, the user's details will only be picked up from SDS if they have a valid role profile.
A legitimate role profile consists of:
- an applicable organisation
- a valid EDDI role
If this error is displayed, the user should go back to their RA Manager to verify their EDDI role.
Check the Chrome Extension is enabled (Chrome/Edge)
Some policies can disable browser extensions. Navigate to the extension page on the browser, either: chrome://extensions or edge://extensions
Verify it is installed and enabled as such:
Last edited: 6 June 2024 9:52 am