Jump to content

Recommended Posts

Posted

Backlights of my v2.D KPL do not dim in this version. Broke in 3.3.10. Still Broke. Event trace from failure to dim in 4.0.4:

 

Wed 05/15/2013 01:47:03 PM : [All         ] Writing 1 bytes to devices

Wed 05/15/2013 01:47:03 PM : [F C1 DE 1   ] Memory : Write dbAddr=0x0264 [11] cmd1=0x2E cmd2=0x00

Wed 05/15/2013 01:47:03 PM : [iNST-TX-I1  ] 02 62 0F C1 DE 0F 2E 00

Wed 05/15/2013 01:47:03 PM : [iNST-ACK    ] 02 62 0F.C1.DE 0F 2E 00 06                 (00)

Wed 05/15/2013 01:47:03 PM : [iNST-SRX    ] 02 50 0F.C1.DE 13.24.AA 27 2E 00           (00)

Wed 05/15/2013 01:47:03 PM : [std-Direct Ack] 0F.C1.DE-->ISY/PLM Group=0, Max Hops=3, Hops Left=1

 

Event trace from failure to dim in 3.3.10:

 

Wed 05/15/2013 01:31:24 PM : [iNST-TX-I1  ] 02 62 0F C1 DE 0F 2E 00

Wed 05/15/2013 01:31:24 PM : [iNST-ACK    ] 02 62 0F.C1.DE 0F 2E 00 06                 (00)

Wed 05/15/2013 01:31:24 PM : [iNST-SRX    ] 02 50 0F.C1.DE 13.24.AA 2B 2E 00           (00)

Wed 05/15/2013 01:31:24 PM : [std-Direct Ack] 0F.C1.DE-->ISY/PLM Group=0, Max Hops=3, Hops Left=2

 

 

Event Trace from Success in 3.2.6 after rolling back to that firmware version.:

 

Wed 05/15/2013 02:39:20 PM : [All         ] Writing 2 bytes to devices

Wed 05/15/2013 02:39:20 PM : [F C1 DE 1   ] Memory : Write dbAddr=0x0264 [11] cmd1=0x2E cmd2=0x00

Wed 05/15/2013 02:39:20 PM : [iNST-TX-I1  ] 02 62 0F C1 DE 0F 28 02

Wed 05/15/2013 02:39:20 PM : [iNST-ACK    ] 02 62 0F.C1.DE 0F 28 02 06          SET-MSB(02)

Wed 05/15/2013 02:39:20 PM : [iNST-SRX    ] 02 50 0F.C1.DE 13.24.AA 2B 28 02    SET-MSB(02)

Wed 05/15/2013 02:39:20 PM : [standard-Direct Ack][0F.C1.DE-->ISY/PLM Group=0] Max Hops=3, Hops Left=2

Wed 05/15/2013 02:39:20 PM : [iNST-TX-I1  ] 02 62 0F C1 DE 0F 2B 64

Wed 05/15/2013 02:39:20 PM : [iNST-ACK    ] 02 62 0F.C1.DE 0F 2B 64 06          PEEK   (64)

Wed 05/15/2013 02:39:20 PM : [iNST-SRX    ] 02 50 0F.C1.DE 13.24.AA 2B 2B 7F    PEEK   (7F)

Wed 05/15/2013 02:39:20 PM : [standard-Direct Ack][0F.C1.DE-->ISY/PLM Group=0] Max Hops=3, Hops Left=2

Wed 05/15/2013 02:39:20 PM : [iNST-TX-I1  ] 02 62 0F C1 DE 0F 29 11

Wed 05/15/2013 02:39:20 PM : [iNST-ACK    ] 02 62 0F.C1.DE 0F 29 11 06          POKE   (11)

Wed 05/15/2013 02:39:21 PM : [iNST-SRX    ] 02 50 0F.C1.DE 13.24.AA 2B 29 11    POKE   (11)

Wed 05/15/2013 02:39:21 PM : [standard-Direct Ack][0F.C1.DE-->ISY/PLM Group=0] Max Hops=3, Hops Left=2

Wed 05/15/2013 02:39:21 PM : [iNST-TX-I1  ] 02 62 0F C1 DE 0F 24 00

Wed 05/15/2013 02:39:21 PM : [iNST-ACK    ] 02 62 0F.C1.DE 0F 24 00 06                 (00)

Wed 05/15/2013 02:39:21 PM : [iNST-SRX    ] 02 50 0F.C1.DE 13.24.AA 2B 24 00           (00)

Wed 05/15/2013 02:39:21 PM : [standard-Direct Ack][0F.C1.DE-->ISY/PLM Group=0] Max Hops=3, Hops Left=2

Wed 05/15/2013 02:39:21 PM : [F C1 DE 1   ] Memory : EPROM Refreshed

 

I did >Diagnostics>Query Insteon Engine in all cases.

Posted

I think I found the problem: There was a Java pop-up that said there was a problem with the certificate and asked me to "always trust websites with this certificate". I checked it. Then, I was able to log in without the SSL error.

Could you confirm that checking it is the correct action, vs. fixing a certificate problem? ...Since the dashboard and SnapSwitch both login VIA SSL without problem, I'm concluding there is no problem with the certificate.

Posted

Sorry if this has already been discussed somewhere...

Since upgrading to 4.X.X (and may be timed with various Windows Updates as well) I have to do multiple logins to the admin console.

When I login everything looks ok but within a couple seconds the login pops back up again for re-entry. This will happen 1-3 times every time open a new browser admin console in IE.

 

Anyone else seeing this?

I don't see anything in the error log to help.

Posted
Sorry if this has already been discussed somewhere...

Since upgrading to 4.X.X (and may be timed with various Windows Updates as well) I have to do multiple logins to the admin console.

When I login everything looks ok but within a couple seconds the login pops back up again for re-entry. This will happen 1-3 times every time open a new browser admin console in IE.

 

Anyone else seeing this?

I don't see anything in the error log to help.

Yep. See this all the time. Not sure why, but been seeing it for quite a few versions.

 

Personally, I chalk it up to Java. I hate it, I really do...

Posted
Sorry if this has already been discussed somewhere...

Since upgrading to 4.X.X (and may be timed with various Windows Updates as well) I have to do multiple logins to the admin console.

When I login everything looks ok but within a couple seconds the login pops back up again for re-entry. This will happen 1-3 times every time open a new browser admin console in IE.

 

Anyone else seeing this?

I don't see anything in the error log to help.

Yep. See this all the time. Not sure why, but been seeing it for quite a few versions.

 

Personally, I chalk it up to Java. I hate it, I really do...

 

Ive been having this issue for a few versions as well. That and the status of anything dosent report anything (status is blank) until I log off and back on a couple times.

Posted

All-

 

I have been using the Admin.jnlp on both Windows XP and Windows 7 without any issue through the whole 4.x branch. Is there any reason you launch from IE each time instead of saving the JNLP shortcut?

 

To create the desktop shortcut:

 

Visit https:///admin/admin.jnlp

 

This will download and Admin.jnlp. Once downloaded, double click the admin.jnlp which will download the admin console to java cache, create a desktop shortcut and launch the console. From there on out, you can just use the desktop shortcut and not need the browser.

 

-Xathros

Posted
Is there any reason you launch from IE each time instead of saving the JNLP shortcut?

Yep. It's invalid when you update the ISY code, and a pain if you have multiple users on the same machine.

 

I should mention, I got multiple logins when I tried the download method anyway. The Argo didn't make it worthwhile since it did not make the experience any better.

 

Also, I launch from Chrome, not IE. I get the same multiple login issue with SSL or not. Been that way since 3.something. I've just grown to live with it - but the Java admin console of Cisco ASA firewalls don't do this, so I know it's not something broken in Java itself. It would be awesome to find out the cause and fix it though. Anything I can do? I'll try to get a wires hark capture of the non-SSL session connecting with multiple logins if you want.

 

Michael.

Posted

FWIW, I have been getting the multiple logins for months now as well. It's really annoying - especially when I have tweaked the columns to get the spacing I want and the thing makes me login again and lose the tweaks. For me I always have to login 3 times before the red bang (!) goes away from my controller status and lets me start monitoring/changing stuff. Always.

 

If it helps any, I pretty much *only* use Linux, and it hits me on both firefox and chrome. I thought it may have had something to do with my Ubuntu box getting a large buildup of cruft over several upgrades so I went as far as to install (fresh) Mint 14. Mint does a better job with multimedia (generally) so I expected things to get better but they didn't. I'm running Java version 1.7.0.21 on a 64-bit box (with 64-bit Java - not 32-bit). Installing Mint did however fix other issues I had in firefox with various plugins. I have over the last 2 months tried multiple versions of Sun Java, OpenJDK, and the iced-tea plugin and all versions had the multiple login issue.

 

I have in the past run the jnlp client on a Windows 7 (32bit) VM and not had the multiple logon issue, but I don't want to run the overhead of a VM just to use my admin console. I don't have any PCs that run only Windows (even my Kids and Wife are on Ubuntu).

 

BTW - for the poster that said they had to logout because the status didn't show up... I used to do that as well until I figured out that I could simply click and drag the vertical divider line to resize the left or right columns and it would refresh. I'm not sure when the last time that happened to me on the main screen, but it happens all the time on the Programs/Details screen. In fact it just did it again when I clicked over while writing this.

 

here is my ISY status:

 

Firmware/UI: 4.0.3 (haven't upgraded to the RC yet)

ISY994i Pro

Climate, Network, X10 modules

HTTP mode for admin console

 

Hopefully someone can pick up on a connection between everyone with these login issues. If you need any debugging info let me know - I'd love to see this fixed.

 

Thanks,

Bob

Posted
Hi Bob,

 

Thank you. Can you please try the https URL for ISY and let me know if it's any better?

 

With kind regards,

Michel

 

In my experience (don't know if this is intended or not), when you change between http and https urls on a particular machine you also need to clear the java cache. The cached version seems to 'remember' the original URL used and persist it for future sessions.

 

That would seem to be needed for clicking the shortcut icon to launch outside of the browser, but it sure would be nice if launched from inside the browser if the 'remembered' URL was updated.

 

I discovered this a while ago when testing the SSL proxy solution I'm playing with (which I personally thought was the cause of the login issue for me... I'm glad this came up in a way).

 

Anyway, in my case the multiple login issue happens with both SSL and plain text connections. 4.0.4 and latest Java on Windows 8 x64.

Posted

MWaverman,

 

You don't have to clear Java cache if the only thing you are doing is changing from http/https. As long as the jar files pointed to by the URLs are in the same level, everything should be OK.

 

With kind regards,

Michel

Posted
Hi Bob,

 

Thank you. Can you please try the https URL for ISY and let me know if it's any better?

 

With kind regards,

Michel

 

Michel,

I tried it this morning with HTTPS (I'm using port 444 if that matters) and it worked without making me login 3 times. Just to be sure I logged out and repeated it again and it worked then too. I wonder why there is a difference between HTTP and HTTPS? Same java....

 

I did however notice a different issue that comes up when using HTTPS. I logged in once with https://my.isy.ip:444/admin.jnlp (using Firefox in Linux).

That created my desktop jnlp icon, as well as launched my admin console. I logged into the console, then back out, and tried to re-launch using the newly-created jnlp icon. Once I double-clicked the icon it hung for a little bit, then started downloading the console and asked me to allow a new icon to be created on my desktop. If I click on the jnlp icon that was created using HTTP it does not ask to make a new icon - it just brings up the console as expected before making me log in 3 times. I can't say whether the HTTPS jnlp icon works or not because I haven't been able to actually use it without it being overwritten. It does however allow me to click on 'Cancel' when it asks me to allow the creation of the new icon, and the console starts up ok. I shouldn't have to do that every time though, right?

 

Thanks,

Bob

Posted
MWaverman,

 

You don't have to clear Java cache if the only thing you are doing is changing from http/https. As long as the jar files pointed to by the URLs are in the same level, everything should be OK.

 

With kind regards,

Michel

 

Thanks for the clarification. Last time I tried it I was on 3.something. With I changed from HTTPS to HTTP (to sniff the interaction with wireshark) the traffic from Java to the ISY was still using HTTPS. I had to clear my cache before the communication changed. This was when I was working with you on the host header issue. I guess that has already been fixed (or it was a local issue to my machine - always possible). Wen I looked at the .jnlp file with notepad, the full ISY URL was there, with the protocol.

 

Thanks.

Posted
Hi Bob,

 

Thank you. I am not sure why you are asked to install the icon multiple times. What you might want to try instead is:

1. Go to http://isy.universal-devices.com/99i/4.0.4/admin.jnlp

2. Make sure the icon is installed for this URL

3. Once done and when ISY Finder dialog comes up, click on the Add button

4. Enter the httpS URL for your ISY

 

With kind regards,

Michel

 

Michel,

Using the URL from above (in 1.) I did everything as written and got a new icon named "ISY994 Administrative Console". My old one was just "Admin Console".

 

I logged in (https) and it forced me to login the 3 times again. I then killed the window and tried the icon. It asked me for permission to again install the icon (like before) and then I logged in. Note - it did not create a duplicate icon - just overwrote the old one I had just created. Then it kicked me out again for the 3 times login.

 

I was able to go back to the older icon that used https and did not require the 3 logins, so that is good. BTW - I created that one with https://my.isy:444/admin.jnlp , and the new one with the /99i/4.0.4/admin.jnlp instead like you said. I guess there is some difference there, and the first one works for me (except for the creating the new icon thing every time).

 

I really should be saying "desktop shortcut" instead of "icon" but everyone knew what I was talking about.

 

While I was thinking about it I looked at both of my admin.jnlp files in my java cache, and they were fairly different. The first one (the one that works) included my uuid as an argument, while the second one did not. It of course also referenced my local IP, while the new one referenced http://www.universal-devices.com instead. I also noticed that the first one had the update check policy as "prompt-update" and shortcut-online as "false" while the second had "always" and "true" respectively. I don't know if that makes a difference but I thought I'd mention it as being interesting.

 

So - the https://my.isy.ip:444/admin.jnlp URL worked for me to eliminate the 3-times login issue, but it does require me to click OK or Cancel each time. The second URL doesn't work for me.

 

Here is a screenshot of the popup I get.

 

 

 

Hopefully this helps.

 

Thanks,

Bob

post-3855-140474159287_thumb.png

Posted

I just downloaded https://isy.domain.com:1234/admin.jnlp to my desktop (SSL on a custom port directly to the ISY).

 

I then ran it - it prompted me for the security setting (like above). I got an option to 'Always trust' - perhaps because I'm using a certificate from cacert - and they are in my clients trusted store. This created an icon on the desktop.

 

Anyway, ran the icon and the ISY Finder came up (listing 'http://isy.domain.com/desc' - no SSL) - and the admin console opened prompting for authentication. I authenticated - and it prompted again etc... Eventually - I got in. Note, the console was NOT using SSL - the communication was on port 80 and in the clear (confirmed with wireshark).

 

I then removed the entry from the ISY finder and manually added the https://isy.domain.com:1234 url. Closing everything out and reopening from the desktop shortcut - the console opened, prompted me (once) and I was in.

 

So - despite using HTTPS (and a custom port) to access and download admin.jnlp - ISY finder still tried to connect with a HTTP url (and gave me multiple prompts). When I manually fixed the URL in ISY finder to use the HTTPS url with the custom port - no multiple prompts.

 

Back to my original method - browser based.

 

http://isy.domain.com/admin opens the console. I get multiple logon prompts before I can work. (This is how I usually work on my internal network)

https://isy.domain.com:5228/admin opens the console - and only a single authentication prompt. (I will probably change to this!)

 

Definitely an issue on the HTTP listner or HTTP authentication in the Java client - that does not show up when using SSL. I'll work to sanitize a wireshark dump for you if it will help.

 

Michael.

Posted

Thank you all for the observations. The issue is not the listener but how ISY figures out whether or not the client is still there. With HTTP, the threshold is lower (number of not ack'ed packets). With https, the threshold is higher. The problem is that if we increase the http threshold, we'll run into sockets that may not close for 14 minutes.

 

For now, please use https.

 

With kind regards,

Michel

Posted
Hi io_guy,

 

Not much has changed in the networking section. Can you try https instead and let me know if you have the same issue?

 

With kind regards,

Michel

Michel, same issue with https.

Posted

Michel,

 

Found something. After my first authentication, here is the request for /services from the GUI to the ISY:

 

POST /services HTTP/1.1
Host: isy.domain.com:80
Authorization: Basic {REMOVED}
Content-Length: 173
Content-Type: text/xml; charset="utf-8"
SOAPACTION:"urn:udi-com:service:X_Insteon_Lighting_Service:1#Authenticate"

usernamepassword

 

Here is the response:

HTTP/1.1 200 OK
Content-Length: 207
Connection: Keep-Alive
WWW-Authenticate: Basic realm="/"
Content-Type: application/soap+xml; charset=UTF-8
Cache-Control: max-age=3600, must-revalidate
EXT: UCoS, UPnP/1.0, UDI/1.0
Last-Modified: Sun, 26 May 2013 12:32:15 GMT

<?xml version="1.0" encoding="UTF-8"?>200n/a

 

Note the 'Host:' header in the request. It's the host name of the ISY - as I typed into the browser.

 

Shortly in - I got a second authentication request. I captured the next request afterwards - also to /services:

 

POST /services HTTP/1.1
Host: 10.1.1.20:80
Authorization: Basic {REMOVED}
Content-Length: 173
Content-Type: text/xml; charset="utf-8"
SOAPACTION:"urn:udi-com:service:X_Insteon_Lighting_Service:1#Authenticate"

usernamepassword

 

And the response:

HTTP/1.1 200 OK
Content-Length: 207
Connection: Keep-Alive
WWW-Authenticate: Basic realm="/"
Content-Type: application/soap+xml; charset=UTF-8
Cache-Control: max-age=3600, must-revalidate
EXT: UCoS, UPnP/1.0, UDI/1.0
Last-Modified: Sun, 26 May 2013 12:32:15 GMT

<?xml version="1.0" encoding="UTF-8"?>200n/a

 

Note that the Host: header is NOW the IP address of the ISY.

 

For some reason - the Host: header has changed. This causes the realm of authentication to change - so the browser requests authentication again (it thinks it's talking to a different host). The realm is a combination of the Host header and the value specified for the URL of the Realm.

 

The GUI should ALWAYS use the Host: header of the URL - it should not switch to an IP address (unless the user first accessed thru the IP of course).

 

This capture was actually against 4.0.5 - just so everyone knows. The problem is there as well - du to the change of the Host: header after the console opens.

 

Michael.

Posted

The request IMMEDIATELY before the second authentication prompt - there is a request to /desc:

 

GET /desc HTTP/1.1
Host: isy.domain.com:80

 

HTTP/1.1 200 OK

Content-Length: 1539
Connection: Keep-Alive
WWW-Authenticate: Basic realm="/"
Content-Type: text/xml; charset=UTF-8
Cache-Control: no-cache
EXT: UCoS, UPnP/1.0, UDI/1.0
Last-Modified: Sun, 26 May 2013 12:32:15 GMT

<?xml version="1.0"?>10http://10.1.1.20urn:udi-com:device:X_Insteon_Lighting_Device:1HomeUniversal Devices Inc.http://www.universal-devices.comX_Insteon_Lighting_Device:1ISY 994i 10241100uuid:{removed}uuid:{removed}urn:udi-com:service:X_Insteon_Lighting_Service:1urn:udi-com:serviceId:uuid:{removed}/services.wsdl/services/eventingUDIELKWebServicesuuid:{removed}-UDIELKWebServices/elkServices.wsdl/security/elkUDISEPWebServicesuuid:{removed}-UDISEPWebServices/sepServices.wsdl/sepServicesUDIZWaveWebServicesuuid:{removed}-UDIZWaveWebServices/zwaveServices.wsdl/zwaveServices/

 

Could it be that when the GUI receives a response - it is switching over the using that URL instead of the one the user supplied in the original request? The request to /desc use the hostname as the Host: header. The next request - to /services - used the IP address. This causes a second authentication prompt to appear to the user.

 

You can repro in a broswer (new session) by visiting http://isy.domain.com/rest/config (URL of your ISY) - and authenticating. You'll see the config on the ISY.

Then (same session) - visit http://10.1.1.20/rest/config (IP of your ISY). You'll get prompted for authentication again before the config displays.

This is exactly what the Java GUI is doing - resulting in multiple authentication requests.

 

Further confirmation. If I access my ISY with the IP (http://10.1.1.20/admin) - I do NOT get multiple auth requests at all.

 

Michael.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...