Persistent “Login attempt failed” Sonos Notifications in Home Assistant

Harsh_Tone · June 30, 2025, 6:14pm

Overview:
Many Home Assistant users who serve local media to Sonos speakers will see repeated persistent notifications like:

Login attempt failed
Login attempt or request with invalid authentication from sonoszp.lan (192.168.86.x). See the log for details.

These notifications are generated by HA’s HTTP ban system whenever Sonos polls a /media/local/... URL without a valid auth token. They clutter the notification tray, flood the logs hourly, and—despite not affecting playback—become a persistent nuisance.

Symptoms

Persistent notification with ID http_login every time a Sonos device requests a media URL without a valid token
Hourly log spam from homeassistant.components.http.ban and occasional “Updating sonos switch took longer than…” warnings
Devices continue to function, but the UI and logs remain cluttered

Steps Tried (so far, none fully suppressed the notices)

Disable IP banning

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.86.0/24
    - 172.17.0.0/16
  ip_ban_enabled: false

2.Expected:* No more ban-related notifications.
3.Result:* Notifications continued to appear.
4. Event-based automation to auto-dismiss http_login notices

- id: suppress_sonos_http_login
  alias: Suppress Sonos HTTP Login Failures
  trigger:
    - platform: event
      event_type: persistent_notification_created
      event_data:
        notification_id: http_login
  condition:
    - condition: template
      value_template: >
        {{ 'sonoszp.lan' in trigger.event.data.message }}
  action:
    - service: persistent_notification.dismiss
      data:
        notification_id: http_login

5.Expected:* Notifications get dismissed immediately.
6.Result:* Still seeing the “Login attempt failed” banner.
7. Silence the logger for HTTP bans

logger:
  default: warning
  logs:
    homeassistant.components.http.ban: critical

8.Expected:* No more ERROR-level ban messages in log.
9.Result:* Log entries persist.

Current Status & Next Steps

Despite trying all three approaches—disabling IP bans, catching and dismissing the notification by event, and raising the logger threshold—the Sonos-triggered http_login persistent notifications and log entries remain.

Call for input:

Has anyone found a reliably working method to suppress these Sonos HTTP-login notifications?
Could this indicate a change in HA’s notification or banning behavior in recent builds?

Your insights or confirmation of a bug would be greatly appreciated!

nic.echevarria · July 7, 2025, 9:01pm

Please, community i need help, too. I have tried everything I could find on any forum/reddit and no luck. These notifications are killing me.

Harsh_Tone · July 19, 2025, 4:19pm

This worked for me recently.

In your yaml.config add the ip address of the sonos speaker giving you the alert as a trusted proxy

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - XXX.XXX.XX.X/XX
    - XXX.XX.X.X/XX

and then add a logger suppression warning

logger:
  default: warning
  logs:
    homeassistant.components.sonos: error
    homeassistant.components.media_player.sonos: error
    custom_components.sonos_cloud: error
    soco: error
    aiohttp.client: error
    urllib3.connectionpool: error

This has worked for me in successfully suppressing the alerts. If it doesn’t work, try talking to Grok or ChatGPT about it with specific log errors and stuff. That’s how I got here.