I recently have issues adding new z-wave devices in secure authentication mode using the Z-Wave JS UI. In between when this was working and when it was not, I did change from a Supervised install to an HA OS install, utilizing a full backup. Not sure if that’s relevant. I am using a Nortek HUSBZB-1 USB stick.
I have three identical devices (Inovelli VZW-31 switch): two were added previously and show “Highest Security: S2 Authenticated”, and one I just added, which shows “Highest Security: None”. I have tried including and excluding several times, all with the same result. During inclusion, I expect to see a setup screen where I can input the PIN on the switch, and I do believe I see it for a small fraction of a second, before the UI switches to an error, which reads:
“The device could not be added. ‘dsk’ option is only supported with inclusion_strategy=SECURITY_S2”
Inclusion will continue for a minute or two, though, according to the logs, showing this error before completing inclusion unauthenticated:
2025-01-07T22:02:22.456Z CNTRLR « [Node 055] Ignoring KEXSet because the DSK has not been verified yet
2025-01-07T22:02:31.796Z CNTRLR [Node 055] Security S2 bootstrapping failed: User rejected the DSK, entered an
invalid PIN or the interaction timed out.
2025-01-07T22:02:31.805Z DRIVER one or more queues busy
2025-01-07T22:02:31.815Z DRIVER » [Node 055] [REQ] [SendData]
│ transmit options: 0x25
│ callback id: 31
└─[Security2CCKEXFail]
reason: BootstrappingCanceled
I have not changed any settings in the Z-Wave JS add-on configuration or the Z-Wave integration configuration.
The two other devices that did include in S2 Authenticated mode still operate just fine, as does the rest of the network. And, I can control this new switch in Unauthenticated mode just fine as well. And I know I don’t need a wall switch to have security enabled necessarily, but I want to know if something is wrong with my set up in case I add a security-critical device later. I’ve also read that proximity of the device to the controller can matter for secure inclusion, but the device is right above (second floor) the controller (first floor closet), and one of the identical devices that securely included is much farther away.
Any ideas? I am on 2025.1.1. I have tried looking around for known issues like this, to no avail. Could switching install types have caused loss/change of authentication keys? If so, how could the existing securely included switches still be working?