System details:
Hassio running on a RPi. Version 98.5 (can’t upgrade, but that’s a different story)
DuckDNS setup allowing access from the internet
SSL implemented according to DuckDNS recommended implementation
SSH and Web Terminal installed
For several months I used a Windows laptop to access the Lovelace UI, along with android phones and tablets. The laptop will no longer connect, only showing the unable to connect, retry screen. Pressing retry repeatedly doesn’t allow access.
Each attempt adds a message into the home-assistant.log about invalid authentication as per the post title.
I can’t remember the events that caused the laptop to no longer be able to connect, but it was around the time I tried and failed to update Hassio. All other devices connect fine, apart from a google chrome security message about the certificate on first access, and having to find the advanced option and proceed anyway.
Things I’ve tried (unsuccessfully)
finding cookies on the PC related to Hassio or the ip adddress etc and deleting them.
accessing the local ip address 192.168.1.200:8123 and from the internet with duckDNS
changing the ip address for the offending laptop on my local network
adding ip_ban_enabled: false to the configuration file
looked for ip_bans.yaml and have no such file
added auth providers section the configuration and succeeded in having no browser access at all from any device - this section now removed
I’m assuming there is something (cookie?) lodged on the laptop that is causing it to be rejected. Anybody know where such an item may be ?
Please be gentle, I’m a mechanical engineer with some appreciation of microcontroller and PLC programming, Networks etc are all a bit of a mystery, and seem to be a pain !
Hmm… thats an interesting thought. AV is running. I’ll check on that.
winsock reset meant it asked for the password again, but still didnt allow access beyond the unable to connect / retry screen. Hassio is refusing according to the log entries, but I dont know why.
Dumb question but are you sure you are using the correct username & password?
In incognito mode there should be no saved credentials at all and should take to the HA login screen every time if you are using the correct IP:port of the HA machine.
Since DuckDNS url is connecting, can you go to your router and see which ip & port it is being forwarded to? maybe you are using a incorrect ip &/ port.
Also, did you had ssh setup earlier? when you get the correct IP address, try the ssh thru program called putty. Once you get there we could further instruct
Thanks @finity, I can connect with chrome from every other device I’ve tried, using the same user and password. That includes Windows and Android devices.
Every new start of incognito mode does bring the login screen afresh, and each time entering the user and password combo brings the unable to connect screen.
Each attempted connection is logged in the HA log file, so the IP is trying to connect to the right place. The reported IP that was refused access in the HA log is different if I type the local 192.168.1.200:8123/lovelace address in the browser when at home vs. duckDNS, but neither allow access.
hi @manju-rn, The PC that wont connect using a browser will connect using puTTY and WinCSP when on my home network using 192.168.1.200, port 22. I haven’t tried that through duckdns, but had assumed it wouldnt work ?
Right now I dont know if whatever is causing HA to refuse the connection is on the HA end or the PC end. If I had to guess, I’d be pointing to somthing on the PC (a cookie ?), but I dont know how HA connections work. I’m reluctant to remove all cookies etc on the PC, as that will begin the crazy time of pressing the ‘i forgot my password’ button on every site I use.
As far as I know the incognito mode on the browser doesn’t store cookies. that’s the point of incognito mode.
as a test, you could try to create a new HA user with a different password and try to log in from the PC with that user to see if there is something else on that PC blocking things.
If it works with the new user then I would still go back to thinking it’s problem with the login credentials on the old user. In that case it might be easier to just re-create the old user on HA and making a note of the credentials to be sure you are using the correct ones.
and as a side note (but potentially relevant) there was another user here a few days ago that couldn’t log on because they were trying to use the “name” on the account that they could see on the user page instead of the “username” they set up for that user. are you sure that’s not the case here?
hi @finity, exactly the same user and password combo will allow access from other devices, both windows and android. I’ve just experimented on my phone with incognito in chrome. It is strange that chrome in both regular and incognito fail to log in, as does Edge.
I’ll try out adding another user. - nope, that didnt change things.
Trouble is, I’ve little code experience in PC languages. At work, in robotics and automation I would look in the logs for the recorded error, and then track back through the code to find a set of conditions that could result in that message being logged. Its just that in HA I have no idea where to start !
I’ll check on router model tonight. Other than the necessary forwarding for HA and a limited number of fixed IPs it is running in stock format.
I cant help but wonder why every other device i try is fine with a variety of browsers, using the same local ip or duckdns access from work wifi or 4G, and the same user/password combo. There cant be a fundamental problem with my network hardware, user setup or basic HA config or the other devices wouldn’t connect so reliably? Only one device has an issue, so the logic points to something with that device?