¿ªÔÆÌåÓý

ctrl + shift + ? for shortcuts
© 2025 Groups.io
  1. Crestron
  2. Topics

Authorization for Connections

 

This is just a heads up to everyone.
I just got off of a 2 hour session with TB regarding secure user connections to the processor.
Here's the rundown:
  • CP4 processor running the latest firmware
  • TSW-1070 running the latest firmware
  • TSR-310s running 2.001.0078.001 firmware
  • Everything setup using SSL and all cloud junk turned off.
  • User setup in the system for local Crestron devices as a "connects" user.
TSW-1070 connects perfectly using setcsauthentication.
TSR -310s can't connect at all and are added to the blocked user list.
CP4 logs the error regarding the remotes.

Added a new user just for the TSRs to connect to and increased the authorization level from connects to user.? Still no connections.
Upgraded the firmware of one TSR to the version released this morning.? Cleared everything out, rebooted, and added it all back in ... still no connection.
TB support told me that mobile device users for projects that are hosted on the processor are now required to be authorization level of operators.
So, he said why not try that "just for kicks", although this shouldn't be the case for "non-hosted" projects.
Added a new user for the TSRs with operator user level, cleared out the remotes and blocked users, rebooted everything, and added csauthentication and IP Table entries.
Woohoo!!!? TSR with the latest firmware (2.001.0095.001) connects!? TSR with the last version fails to connect.

This is all getting quite ridiculous!
TB couldn't explain why the TSW connected fine with a lower user level but the TSRs wouldn't.
Yet another mystery related to new firmware combinations!
So, when in doubt, set the authentication for device connections to an operator.

Good luck!
Brian
 

So glad I'm close to retirement age...
 
Edited

"TB couldn't explain why"?
...er, 'cause they didn't test it?...

Seriously though, thanks for the update, Brian!!
 

¿ªÔÆÌåÓý

This is one example of why I have the utmost respect for members of this group. Taking the time to document this issue and share it with the rest of us is very cool of you Brian!

Ryan Cunningham?

On Jun 14, 2021, at 12:35 PM, Brian Matson <bmatson@...> wrote:

?This is just a heads up to everyone.
I just got off of a 2 hour session with TB regarding secure user connections to the processor.
Here's the rundown:
  • CP4 processor running the latest firmware
  • TSW-1070 running the latest firmware
  • TSR-310s running 2.001.0078.001 firmware
  • Everything setup using SSL and all cloud junk turned off.
  • User setup in the system for local Crestron devices as a "connects" user.
TSW-1070 connects perfectly using setcsauthentication.
TSR -310s can't connect at all and are added to the blocked user list.
CP4 logs the error regarding the remotes.

Added a new user just for the TSRs to connect to and increased the authorization level from connects to user.? Still no connections.
Upgraded the firmware of one TSR to the version released this morning.? Cleared everything out, rebooted, and added it all back in ... still no connection.
TB support told me that mobile device users for projects that are hosted on the processor are now required to be authorization level of operators.
So, he said why not try that "just for kicks", although this shouldn't be the case for "non-hosted" projects.
Added a new user for the TSRs with operator user level, cleared out the remotes and blocked users, rebooted everything, and added csauthentication and IP Table entries.
Woohoo!!!? TSR with the latest firmware (2.001.0095.001) connects!? TSR with the last version fails to connect.

This is all getting quite ridiculous!
TB couldn't explain why the TSW connected fine with a lower user level but the TSRs wouldn't.
Yet another mystery related to new firmware combinations!
So, when in doubt, set the authentication for device connections to an operator.

Good luck!
Brian

 

Glad I've already retired!
 

¿ªÔÆÌåÓý

Brian - "Time & Forehead Savior"

Thank you very much ??

Trey

-------- Original message --------
From: Brian Matson <bmatson@...>
Date: 6/14/21 2:35 PM (GMT-06:00)
Subject: [crestron] Authorization for Connections

This is just a heads up to everyone.
I just got off of a 2 hour session with TB regarding secure user connections to the processor.
Here's the rundown:
  • CP4 processor running the latest firmware
  • TSW-1070 running the latest firmware
  • TSR-310s running 2.001.0078.001 firmware
  • Everything setup using SSL and all cloud junk turned off.
  • User setup in the system for local Crestron devices as a "connects" user.
TSW-1070 connects perfectly using setcsauthentication.
TSR -310s can't connect at all and are added to the blocked user list.
CP4 logs the error regarding the remotes.

Added a new user just for the TSRs to connect to and increased the authorization level from connects to user.? Still no connections.
Upgraded the firmware of one TSR to the version released this morning.? Cleared everything out, rebooted, and added it all back in ... still no connection.
TB support told me that mobile device users for projects that are hosted on the processor are now required to be authorization level of operators.
So, he said why not try that "just for kicks", although this shouldn't be the case for "non-hosted" projects.
Added a new user for the TSRs with operator user level, cleared out the remotes and blocked users, rebooted everything, and added csauthentication and IP Table entries.
Woohoo!!!? TSR with the latest firmware (2.001.0095.001) connects!? TSR with the last version fails to connect.

This is all getting quite ridiculous!
TB couldn't explain why the TSW connected fine with a lower user level but the TSRs wouldn't.
Yet another mystery related to new firmware combinations!
So, when in doubt, set the authentication for device connections to an operator.

Good luck!
Brian

 

Great thanks for the info! Ive been in the habit for a while to set the Crestron App user credentials to Operator as in the past anything lower was just unreliable. But as for TSWs/TSRs I never setup the SETCSAUTHENTICATION and everything still works fine. As long as SECUREGATEWAYMODE is "default" the setcsauthentication is not necessary as it will use SCIP or CIP ports to communiate with the devices. I dont really see the need to turn it on especially in a resi settting and add more complication.?
 

I remember when doing Crestron was fun.? So glad I'm close to retirement age too.? Thanks Brian for the heads up.
 

Turns out this was a bug in the setcsconnection command itself.?

It was fixed in 2.001.0079.

Access level of user should be sufficient for hosted projects and connect should be sufficient for non-hosted.
 

I had tried upgrading one of the TSR remotes to the latest firmware (tsr-310_2.001.0095.001).
However, it still wouldn't connect.? It wasn't until I set the user level higher that it would connect.

As per TB support, user is no longer sufficient for hosted projects.
They said that this will be the case for all future updates, and at least operator level is required.
I'm used to setting all my Crestron devices at connects level and iOS devices at user, but they said the latest updates changed that for hosted projects.

It's just frustrating how much it seems that we end up being the beta testers for Crestron updates lately.
Isn't that what "Labs" is for???
 

Ahh, I neglected to say you will need to re-enter the CDS authentication credentials after updating the firmware.
 

"Isn't that what "Labs" is for???"

er, you mean 'WAS FOR', Brian...
 

Yes, yes, very true!

1 - 13 of 13