Jump to content
C4 Forums | Control4

Director is unable to authenticate Composer HE

Zuhair

By Zuhair
in General Control4 Discussion

Recommended Posts


  • Replies 440
  • Created
  • Last Reply
Cbell Enthusiast

Cbell

Posted
Posted

I'm experiencing the same issue. I thought it was related to the security patch but the patch is only necessary for pre 2.10.2. This is day two for me. Hopefully there is a resolution soon

 

Link to comment
Share on other sites
Pounce Mentor

Pounce

Posted
Posted
2 hours ago, Clifford Musante said:

It's really hard to understand how they can't simply change one of the bits of embedded information in the certificate, and get the app working again.

They may be installing client side certs. In that case not installing the client cert or installing the wrong client cert would prevent auth at the server. That's different than what most people understand how SSL works when they visit websites.

It's likely the "patch" included a cert. Just guessing.

2 hours ago, Clifford Musante said:

Certificates are not usually embedded into the app

Well, yes they can be and its not uncommon. That's why we have client side certs and server certs.

Link to comment
Share on other sites
msgreenf Grand Master

msgreenf

Posted
Posted
2 hours ago, pwb said:

Relatively new to this. Are you saying I can program a button somewhere else (like on a six button pad) to activate/deactivate the programming that runs the bedroom switch?

yup! Exactly.  That would be WAY more efficient.

So the way that would work is you would use a variable in your programming.  When Variable true, turn light on.

Toggle variable on button press

When variable true, change the LED color.

Link to comment
Share on other sites
msgreenf Grand Master

msgreenf

Posted
Posted
7 minutes ago, Pounce said:

They may be installing client side certs. In that case not installing the client cert or installing the wrong client cert would prevent auth at the server. That's different than what most people understand how SSL works when they visit websites.

It's likely the "patch" included a cert. Just guessing.

Well, yes they can be and its not uncommon. That's why we have client side certs and server certs.

they are embedded in apps all the time.  IN fact EVERY iOS, Mac OS and Android app all have certs embedded in them....

Link to comment
Share on other sites
Destroyer of Worlds Enthusiast

Destroyer of Worlds

Posted
Posted

Can confirm this is widespread which many might say "no duh" to.

Manifests as Director seeing your local EA on your IP # and when you hit Connect:

"Director is unable to authenticate Composer HE" ...then...

"Could not connect to Director at [IP Address]."

Also, trying to go remote your EA from control4.com owner login it will stall out.

So we're effectively able to use our systems but not program or make a change to anything like a lighting level, music level done in programming prior.  Nor can we scan for music on demand.

In football parlance, the ball is on the field.

Link to comment
Share on other sites
RyanE Veteran

RyanE

Posted
Posted
4 hours ago, Clifford Musante said:

1) Their responses make it look like it affects only a subset of us, but other information seems to be contradictory to me.

...

2) Certificates are not usually embedded into the app...

...

3) For them to say that it's a certificate problem, but that they have no idea how long it will take in order to resolve the problem is incoherent and inconsistent.

...

4) It's really hard to understand how they can't simply change one of the bits of embedded information in the certificate, and get the app working again.

1) It affects *all* ComposerHE applications, all versions.  When I say it only affects a subset, it's the subset of HE users.  Pro users are not affected.  HE uses a different certificate from Pro, but it's based on the same certificate chain as Pro, and the certificate 'up the chain' for both expired.

2) Client certificates are frequently embedded into apps (or into Drivers in the case where Control4 is connecting to customer equipment).  This is not unusual across all industries, not just automation.

3) I can certainly say I have no idea how long it will take to resolve the issue, because I'm not working on the issue.

4) The client certificate (and *all* certificates, typically) is cryptographically signed in a way that you can't "simply change one of the bits of embedded information", without having the certificate fingerprint change, which is kind of the whole point.  i.e. if someone could modify the certificate, and still have the certificate accepted, it's not doing it's job.

Yes, this was a big miss from Control4's side of things, and I apologize.  As soon as a resolution is available, it'll be posted here, as well as made available to dealers.

Thanks.

RyanE

 

Link to comment
Share on other sites
JasonC Explorer

JasonC

Posted
Posted

Just got my license for HE today... and having issues logging in.  Glad I found this thread as it has stopped me pulling my hair out for the next few hours!  I'll keep watching for a fix.

 

Regards,

 

Jason

 

Link to comment
Share on other sites
Zuhair Rising Star

Zuhair

Posted
  • Author
Posted
1) It affects *all* ComposerHE applications, all versions.  When I say it only affects a subset, it's the subset of HE users.  Pro users are not affected.  HE uses a different certificate from Pro, but it's based on the same certificate chain as Pro, and the certificate 'up the chain' for both expired.
2) Client certificates are frequently embedded into apps (or into Drivers in the case where Control4 is connecting to customer equipment).  This is not unusual across all industries, not just automation.
3) I can certainly say I have no idea how long it will take to resolve the issue, because I'm not working on the issue.
4) The client certificate (and *all* certificates, typically) is cryptographically signed in a way that you can't "simply change one of the bits of embedded information", without having the certificate fingerprint change, which is kind of the whole point.  i.e. if someone could modify the certificate, and still have the certificate accepted, it's not doing it's job.
Yes, this was a big miss from Control4's side of things, and I apologize.  As soon as a resolution is available, it'll be posted here, as well as made available to dealers.
Thanks.
RyanE
 


If this fix requires a dealer to implement, who will pay the cost?
@RyanE




Sent from my iPhone using Tapatalk
Link to comment
Share on other sites
Noghar Newbie

Noghar

Posted
Posted

I had been pulling my hair out until I found this forum discussion. It was annoying as I had wanted to make some adjustments to my system but was locked out.  Fortunately my dealer came round and showed me the new When>Then programming section on the user website under Accounts.  Using that I've been able to make a lot of useful adjustments while waiting for the Composer HE license issue to get sorted out.  It's not as powerful as Composer HE but it's pretty good as a stopgap. 

Link to comment
Share on other sites
Ijl_bitsa Newbie

Ijl_bitsa

Posted
Posted
On 6/13/2018 at 8:51 AM, RyanE said:

1) It affects *all* ComposerHE applications, all versions.  When I say it only affects a subset, it's the subset of HE users.  Pro users are not affected.  HE uses a different certificate from Pro, but it's based on the same certificate chain as Pro, and the certificate 'up the chain' for both expired.

2) Client certificates are frequently embedded into apps (or into Drivers in the case where Control4 is connecting to customer equipment).  This is not unusual across all industries, not just automation.

3) I can certainly say I have no idea how long it will take to resolve the issue, because I'm not working on the issue.

4) The client certificate (and *all* certificates, typically) is cryptographically signed in a way that you can't "simply change one of the bits of embedded information", without having the certificate fingerprint change, which is kind of the whole point.  i.e. if someone could modify the certificate, and still have the certificate accepted, it's not doing it's job.

Yes, this was a big miss from Control4's side of things, and I apologize.  As soon as a resolution is available, it'll be posted here, as well as made available to dealers.

Thanks.

RyanE

 

Any update as to a fix on this ?  Days flying by now...

How hard can this be ?  I would have expected a fix within a couple of days, 4-5 days and counting right now.

Any ETA ?

Thanks

Link to comment
Share on other sites
Zuhair Rising Star

Zuhair

Posted
  • Author
Posted
DO YOU HAVE ANY IDEA HOW LONG IT WILL TAKE TO FIX THIS ISSUE?!?!?!?!?


Maybe last weekend of November!
Just kidding, I'm with you on the same boat!


Sent from my iPhone using Tapatalk
Link to comment
Share on other sites
mujtaba.khokhar Experienced

mujtaba.khokhar

Posted
Posted

I rang Control4 yesterday as my customers are also struggling they said should be fixed ASAP but theres no actual ETA, if anyone needs me to log in via composer pro and amend a few things like lights turning on and off, or anything quick i'd be happy to do so. Just PM me. :) 

Link to comment
Share on other sites
Clifford Musante Apprentice

Clifford Musante

Posted
Posted

To the folks at Control4.  If you read all of these posts, you'll see that the customers that purchased a license for Composer HE use it on a regular basis, and without it, we're unable to perform simple tasks and customizations.  While you may think that, simply because we don't rely on this tool for our livelihood, that allowing this to go on for days is acceptable.  It is not.  And now, you can see a groundswell of comments that indicate an overall lack of faith in C4 to test their product, identify and repair the defect, and clearly articulate the nature of the problem.

It seems to me that Control4 now has to do several things to restore our faith.

1) We need this fixed now

2) We need to fully understand the problem, so that we can believe that you were truly working as hard as you can, in order to fix the problem.  Simply telling us that it is a certificate problem is not acceptable.

3) We need some form of restitution for this problem.  Please understand, all of us have spent hours trying to follow your suggestions to fix the product, only to learn that it was a known bug, and none of these procedures would have worked to resolve the problem.  I personally spent at least 3 hours trying to install, reinstall, patch, update, and repatch.  When none of this worked, I also asked my local Control4 dealer to look into the problem, which wasted more time, and cost me real money.  In addition to the wasted time and money that I've referenced, we have also paid for the product, and as such, we expect it to work.  I suggest that you provide a no-cost extension for 1 year of the Control4 license for everyone one of us that is experiencing this problem.  That good-faith effort does not cover our costs, and loss of our ability to manage our systems, but it might go a ways toward restoring faith in the product and the company.

Ryan is trying to keep us updated, but as I read his responses, I can see that the explanation is still only scratching the surface of what is going wrong.  Ryan, please pass on to management that some of us have extensive expertise with the security model for systems like this, and others have extensive experience with app development, and how certificates might be embedded, or located in a separate store. 

While it is true that apps for IOS and Android often have a certificate embedded, that is not true for apps that run on a PC.  It is true that an app developer can choose to deploy a certificate like this, it's not by any means a best practice.  In fact, as I said in a prior post, the best practice is to provide a separate certificate, so that the authentication of an individual is separate from the security of the app itself.  Also remember, when an authentication certificate is embedded in the IOS or android app, when the app is updated/upgraded, we're forced to re-authenticate.  I know of no one who thinks that this is a good idea, but it's become one of the annoying aspects of programming for IOS, and using our iPhones as tools to manage our homes and our systems.

The case we're looking at here is completely different.  We're looking at a Windows App, which can easily be coded to use a credential store to manage the certificates.  The installation would take additional steps, but it seems that it would have made it easier to resolve the problem, and would allow upgrades of the app to have no affect on the authentication itself.

In any case, most of use discovered the problem because we attempted to use HE, only to discover that it is not working.  As a result, you can assume that everyone that has posted to this thread is unable to perform work, which they need to get done.  This work may be critical, or it may be of a lower priority, but by not providing a working app, we're unable to make the changes we need to make, and our only choice would be to pay a local Control4 dealer to make the changes for us, which completely defeats the purpose of buying HE in the first place.

So, please make sure that C4 management sees this thread and understands that they have managed to cause a disruption to, and alienate a good number of their most devoted customers.  Significant damage has been done to the relationship with your customers, and now we want this problem resolved, and the issue of reputation addressed.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept