I have few communication issues that I cannot find out what the cause is. I initially had few KNX devices, and added more. Few weeks after setting all up (and having all working well), I changed the GA for one channel on one actuator. After this, suddenly the other channels stopped responding on commands from HA. Also, the status was not updated to them if I switched on/off the channels via push buttons.
I have verified that all GA:s are still associated with the IP interface’s channel HA uses. I tried to do full downloads on the actuators without any change. I changed the GA:s that didn’t work on one actuator from unsecured to KNX Secure, downloaded all and imported the knxkeys to HA. After this all but one (7/8) of the channels came back to life from HA. The last one can be controlled with ETS, but not with HA. On one other actuator, 2 out of 24 channels do not work from HA, but work from ETS/push buttons.
The first two lines are commands from HA, the later ones commands from ETS with a reply. In my eyes the commands look OK, but the responses are missing.
At the same time, I also lost temperature and humidity values from one push button. The thing is that HA periodically requests the values, and the device replies. However, HA doesn’t see them (no reaction and no entry in the HA knx group monitor).
I have a Weinzierl 732 IP interface and the channel HA uses has 419 associations.
Any ideas where to start? I don’t really know if this is a HA issue or a IP interface issue. However, as I can send the commands via ETS and it works, I suspect HA slightly more.
The telegrams from HA are DataSecure (blue), while the ones to the same GA from ETS are plain. (Response GA is DataSecure again).
Again, HA sends DataSecure but the device sends plain. The telegram from the device isn’t an answer to the GroupValueRead since it is not a GroupValueResponse.
It seems your knxkeys file is outdated. It has keys for group addresses that aren’t DataSecure.
There is no mixed plain-and-secure communication for one GA. So HA discards plain telegrams for GAs that should be secure and the device can’t decrypt secure telegrams from HA (and thus discards them).
I tried once again to export the keyring and to import it to HA (Settings, Integrations, KNX, Configure, Import a .knx file). However the same continues without change.
How is HA handling the knx key file? Is it merging changes compared to the existing one, or deleting all old and using only the new? Trying to understand where the issue occur. The interesting thing is that two of the lights that won’t work are on a non-secure actuator.
How is the knx key file encoded? It contains rows with “Group Address” and “Key”. However, the group address is 4 numbers and I cannot directly see how it correlates to the “normal” GA:s. My thinking is to check if the error originates from ETS (key for non-secure GA) or if it occurs in HA. All GA:s have initially been secure (ETS6 default), but later on changed to non-secure.
Yes. It was caused by a bug in a specific ETS version. We contacted KNXA via a ticket at my.knx.org and they did repair the project file.
Hi Matthias,
Unfortunately, your project was not persisted correctly due to an error in ETS. As a result, in some cases group addresses with the security status Off received a security key. This problem is fixed with the current ETS 6.1.1. version. This also caused this error during the keyring export. We have repaired your project by switching the security from Off to Auto and back again for the group addresses in question. Unfortunately, ETS then indicates that the corresponding devices need to be reloaded.
Mhh okay thanks for your quick reply. I have the newest version of ETS installed but I ran into the same error…. Working since days on it but i don’t get it. I think I turn of completely Secure.
After my file was corrected (by KNX association) the corrected GA:s work fine. However, there are “ghost”-GA:s that I did not specifically mention that still have the issue. I thought of asking them for support to rectify it, but it seems challenging as I cannot know without testing which GA:s have the issue.
What works for me now with the latest ETS version is to create a new GA, turn off and turn on security on it. Load to IP Interface/router and key export to HA. After that I can get additional secure GA:s set up.
Oh boy that costs me a few days so figure out my working solution. I was really doubting myself. From what I read here, it seems to be a major problem in the ETS.
This setup works now for me:
Secure Devices that are have secured GAs and non secured GAs will not work correctly.
Secure Devices with ONLY secured GAs - no problem.
For now, I turned off secure for devices with both GAs. Not the point, but at least it works now.
I Hope the ETS guys will fix these completely, otherwise I have to setup a hole new project to get secure working?
I don’t think it depends on devices using both. GA keys are not device dependent.
Anyway, be sure to file a ticket so the ETS people will be reminded that there is a problem. DataSecure via keyfile isn’t very widely used so they may not have it on their radar even.
).