Device randomly loses security / network key and no longer able to add securely

I’ve been using Z-Wave JS to MQTT for a number of months now and it’s been working pretty well. A month or two ago one of my two Linear / Nortek NGD00Z-4 garage door openers became unresponsive. I had too much other stuff going on to work on it and decided today was the day to fix it. It was still showing connected to the controller and active so I tried to re-interview it. During the re-interview I got a message at the top of the control panel that read “Driver: Node 070 supports Security S2, but no network key was configured. Continuing interview non-securely.” Node 070 was the opener in question at the time but I’m pretty sure it doesn’t support S2 as it’s a bit older and the other controller connects with S0_Legacy. Here’s what I’ve done so far:

Seeing this message I looked to see my key was listed in the control panel and it was. So I tested other secure devices (door locks and the other garage door opener which is the same kind). They all work fine so I concluded my key was fine.

Next I tried inclusion both with pressing the openers button and not. This gave me no updates during inclusion.

I put the HA controller in exclusion and pressed the button on the NGD00Z-4 and it immediately responded that it was removed. So far so good.

I tried then to re-add via inclusion again, not forcing security and it gave me the same device I had before i.e. a non-secure connection. So I tried inclusion again and this time clicked force security and it would not add anything new.

I rebooted my RPi machine just to be safe.

I excluded again and tried adding again this time with force security but it would never find anything to add. So I followed the the factory reset instructions and tried again. Same results, it will add fine with a non secure connection but will no longer add securely. Is there anything else I can try? One last note I gave the system a few minutes in between these steps to learn to play nicely with each other this was not a rapid fire try one right after another.

Here’s a screenshot from the control panel showing both devices mainly just to prove I’m not crazy :wink:

I can’t help you but I do have the exact same issue. I am new to HA so I never had it working. I first tried to set it up around a week ago and it didn’t work then. Still doesn’t now. I did supply logs so they can hopefully figure this out.

Try going into the control panel and set up your network key in the other fields:

  • S2 Unauthenticated: Like S2 Authenticated, but without verification that the correct device is included (skip DSK verification step)
  • S2 Authenticated: Security systems, sensors, lighting, etc.
  • S2 AccessControl (highest): Used for Door locks, garage doors, etc.
  • S0 Legacy (lowest): The previous networkKey setting, used for S0 security

(Taken from Setup (

It seems like a bug though, as the device should use secure inclusion. Is the device near the controller during the secure inclusion?

I’ll second Rick’s suggestion about network keys in other fields. I was having a hell of a time trying to pair a Schlage lock with S2 until I had the “S2 Access Control” key set at the very least. Probably wouldn’t hurt to set the others, too.

The add-on will complain if those keys are the same value, but you can use the two-arrow icon to the right of each entry to generate a new one.

(That said, my paired lock isn’t giving me any status updates, but I’m wondering if that might be related to this issue about the Supervision CC.)

Thanks for the suggestions, I did add keys in the other 3 sections as you suggested followed by an exclusion. I then first tried to do a force security inclusion and the opener beeped like it joined but then the control panel popped up a box saying it found nothing new. Unchecking the force box allowed the opener to add again unsecured via normal inclusion.

My Home Assistant hub is located right on the other wall of the garage, aside from a couple of ZWave light switches both these garage openers are some of the closest ZWave devices I have to the hub. The obstinate one here is maybe 15-16 ft away, only maybe 2 feet further than the other working one. I guess I could try uninstalling it and bring it inside ~3 feet away and see how that goes.

A side note for others running into similar issues, if the NGD00Z-4 looses connection/link with the tilt switch on the door it won’t work either. I followed the manufacturers steps to re-pair the tilt switch just incase. You do that by pressing and holding the button on the NGD00Z-4 for 7 or 8 seconds till it beeps. Then either cycle the garage door open and closed or while holding the tilt switch and keeping the tamper button inside it pressed tilt the switch into an open position and closed again. The NGD00Z-4 will beep once to signal it is paired.

If it’s older s0 security, that type of security usually uses “whisper” pairing. You will need the device immediately next to the zstick for initial secure pairing. Some have said they literally needed to ducktape the device to their hub to get it to pair.

The “whisper” is only to exchange the secure keys. It should work fine in its final location once you can get it to pair securely for the first time. You’ll probably want to do a “heal node” when you move it back to update the zwave routing to the new location.

I had an issue with an s2 included switch that wasn’t sending central scene commands (for double and triple tap). I would avoid s2 security and either use s0 for a lock or no security for anything else until they get this issue resolved. It’s nice to see the developers are making progress for s2 security but it’s useless if all the commands can’t make it through and be properly deserialized.

1 Like


I went down to uninstall the controller from my garage door opener in order to move it closer to try pairing. Before disconnecting anything I put ZWave in to exclusion and pushed the button on the controller like normal. It beeped like it has in the past when removed but I got a different message in my ZWave control panel. Instead of Node ## was removed it said successfully added?! I made sure I was in exclusion and went to the bottom of my list of devices, sure enough it was still there. But wait it now says S0_Legacy for security like the other one and I was all gigity gigity. Sadly though it remains the same in as before in functionality, no barrier information etc both in the control panel and in my HA entities. I restarted HA, gave it some time and checked again still no dice. So I tried exclusion again, this time it was successful. Restarted HA and re-added the controller yet again. It added just as before except it shows S0_Legacy for security but continues to act as an insecure add and not adding any functionality.

I guess it’s something, and it feels like forward progress even if it’s not. I’ll try again in an hour or so on my lunch break.

Definitely agreed: knowing what I know now, I’d have left it alone until the deserialization work is done. (Looks like there’s a PR in progress for it, thankfully.)

Woot this is solved! I don’t pretend to know why with the behind the scenes under the covers hocus pocus magic happening with programming here. It’s pretty clear that adding this via the ZWave JS to MQTT control panel wasn’t working for me. I tried one last ditch effort before moving next to the HA RPi I’m using inside. I did exclusion again via the control panel, gave it a couple minutes and used the add node from the Z-Wave JS integration panel. Just clicked configure, add node, use secure inclusion and then start. It found it, polled it and added it in about 30 seconds. The opener was secure and was a full device again. After manually tilting the door open and closed the button cover worked first time out the gate.

Again not sure what is different behind the scenes with adding nodes between the two methods but one works for me an one just would not. Hopefully my trials will help someone else down the road running into the same issue. Thanks everyone for the suggestions and help.

Here are some quick screenshots of the steps I took for those more visually motivated.



1 Like

There’s probably still bugs to workout in the secure inclusion process in the zwavejs2mqtt control panel. The control panel sits on top of the zwavejs server. The ui from the integrations page you posted in Home assistant bypasses the control panel and interacts directly with the zwavejs server. Security is definitely a “work in progress” for zwavejs as mentioned in the linked github issue above, so hopefullythis is ironed out in a future release. Glad you were able to find a workaround

Ok so strange but mine is fixed as well. I actually tried to do the inclusion process with zwave js first (probably 15 times) and could not get it to add securely (and therefore I couldn’t control it). I then installed and configured zwavejs2mqtt and as you have said - could not get it to work. Now I saw your post and did the same inclusion process on zwave js that I had done 15 times before and it now works! Same version number for zwave js as before…I just don’t get it but IT WORKS!

Update on this - the PR to fix s2 deserialization was merged - and is working now in zwave js 8.3.0 . It was just pulled into zwavejs2mqtt today version 5.6.0 and I can confirm in the docker version its working- my s2 included Jasco and Inovelli switches are sending the central scene notifications now with the fix.

Hopefully this fix gets pulled into the zwavejs and zwavejs2mqtt Home Assistant addons soon.