Jump to content

Trouble with initial setup - Error Domain = Code=8 "(null)"


Recommended Posts

Hi @lhranch,

App Transport Security (ATS) is disabled by iOS for local loads (1), so this appears to be something out of the control of the app.  My best guess is it has something to do with the private DNS causing iOS to flag the connection as not local.   I do wish I had a better answer as this situation will be very difficult to debug without being on site.  If your ISY has not been connected to our portal service in the past please try the free, no credit card needed trial, if you would like to verify functionality before you purchase an SSL CERT.

While it is possible for the apps to disable ATS it would make all connections less secure and we would have to meet the exception requirements (2) during app review which we likely do not meet.

 

 

 

(1) https://developer.apple.com/documentation/bundleresources/information_property_list/nsapptransportsecurity/nsallowslocalnetworking " ATS doesn’t block local loads by default in newer versions of the OS"

(2) https://developer.apple.com/documentation/security/preventing_insecure_network_connections#3138036 

"The app must connect to a server managed by another entity that doesn’t support secure connections."  Portals provided by UDI and Third parties support secure connections, and UDI controls the firmware. So, this does not apply.  Apple has also mentioned this will be removed in the future.

"The app must support connecting to devices that cannot be upgraded to use secure connections, and that must be accessed using public host names.".  ISY firmware does support secure connections, so this exception does not apply.

Link to comment

I can understand iOS being confused by the symbolic URL...

I'm not going to attempt to use the portal service. For privacy reasons, I'm simply not a fan of cloud services of that type.

If I erase that URL on the app and use the magnifying glass to search for the ISY, I get the same error about "Could not connect to local network... if UD Mobile does not have permission to access the local network," It says to try again if it really does have permission, but nothing ever changes. 

I turned off cell data on my phone, then did a packet sniff of my cell phone's MAC address from my shop wireless access point. I started UD Mobile, went to the Local Connection Settings (the Local IP address had been erased) and hit the magnifying glass. When I got the error message, I hit Retry three times, then stopped the trace. I got nothing on there but a single ARP for the gateway router -- maybe from your app, maybe not, but due to the timing, I suspect it was. (The first packet was an unrelated keepalive to my cell provider, because I run WiFi calling.) It does look like UD Mobile isn't even trying to find the ISY, as if it believes it genuinely does not have permission. But Settings still says it does.

826896898_ScreenShot2021-05-30at12_46_24PM.thumb.jpg.bcf243bafd32f0e75fb8f5321acea1c9.jpg

Then I used a fully numeric address for the local address... and this time the app connected, and populated the screens. 

I bopped around for a bit, but the UI looked much more primitive than MobiLinc, wordier, and less compartmentalized (devices and scenes in the same list), and I didn't seem to have any capabilities that I didn't already have there (e.g., editing the programs). Between that and the fact that I can already access my ISY remotely without all the certificate hassle, I don't see myself preferentially switching to UD Monitor.

Thanks for all your help.  If you'd still like my help debugging this "no access to network" problem, I'll be happy to do more tests at your direction. Keep in mind that there are pretty good free iPhone screen sharing apps if you need to approximate "being on site."

Link to comment

Hi @lhranch,

Thanks for the feedback and WireShark capture.  I'm glad it is now working.

SSDP search failure may be a setting on the router (such as disabled UPnP) or iOS itself however it is difficult to debug.  The iOS local network permission is not handled as most other permissions in iOS.  iOS does not allow the app to check if ther permission was granted or throw an error when not granted, the call simply fails with no exit code.  The permissions grant view should be shown when an app attempts to do an SSDP search (first time only)  although there are documented iOS bugs with local network permissions view not being show.  iOS does not notify the app that it is in the process of requesting permission,  permission granted or permission rejected.  Due to the app not being able to acquire the permission state it will always asks the user to try again.  I do not see an SSPD protocol in the wireShark capture so it is either not sent (iOS) or not broadcasted because of a router setting.

 

We do plan on further integrations and UI improvements in the future. Our initial goals are allow control of all nodes with an emphasis on Node Servers as this feature is currently missing from apps provided by our third party partners.  We will be adding more Admin features, UI Improvements, and Portal integrations (Alexa/Google/etc) as time passes.

  • Like 1
Link to comment
Guest
This topic is now closed to further replies.

×
×
  • Create New...