Aircoookie
Cannot update WLED on Quinled dig-uno, OTA permanently locked
What happened?
I'm trying to update my Quinled Dig-Uno from version 0.15.0 to 0.15.2. Initially through HA, since that's what prompted me to update. However, HA cannot update the device and the report stays.
So instead I went to the web UI for this device and tried updating the device from there. This also fails with the message Please unlock OTA in security settings!
And that is where it gets weird. When I do go to settings -> Security & updates the Lock wireless (OTA) software update checkbox is checked, so I uncheck it and save the page.
Then I go back to the main screen and on the Info tab, try the update WLED button again. And here I get the exact same message. Please unlock OTA in security settings!
It seems that the lock setting for OTA updates is not saved and is permanently on. The Manual OTA Update button on the security page has the same problem and won't work, because this lock cannot be removed.
Apart from flashing the thing over USB, is there any way to unlock this OTA update feature so that I can update the device?
To Reproduce Bug
- Attempt update, either from the info screen or the settings -> security screen
- OTA lock is in place so update will fail
- disable the lock in security screen and save
- Attempt the update again: lock has been restored or was never removed, so updating still fails.
Expected Behavior
Once OTA lock checkbox is cleared and the page is saved, the lock state is actually updated and software updating can commence.
Install Method
Binary from WLED.me
What version of WLED?
0.15.0
Which microcontroller/board are you seeing the problem on?
ESP32
Relevant log/trace output
I don't know where to get these from.
Anything else?
No response
Code of Conduct
- [x] I agree to follow this project's Code of Conduct
The same is for ESP8266-based Atomtech controller.
Installed version: WLED 0.15.2 (2508020)
"ESP02"
(Processor: ESP8266)
Please can you also confirm you are trying to do the update from the same network as the WLED device, check the IP address of your laptop/phone/pc and the WLED device are the same for the first 3 groups of numbers
can you please provide your config.json file?
Please find attached. wled_cfg_WLED.json
I tried to update directly using Home Assistant and iPhone app with no success. All within my local network, WLED device has a static IP assigned via DHCP.
Maybe this issue is associated with relay issue, idk. Haven't tried yet to disable the relay and perform OTA.
And here is mine. All in airquotes "sensitive" information was redacted, but it's all there otherwise.
I can also confirm that I'm NOT trying to do the update from the same network as the device: the WLED device is in a separate IoT network and does not have access to the internet itself. However, the devices that are controlling it (my PC and the HA VM) can access the IoT network without issues.
The subnets are by design not the same, and there are firewall rules and routing rules to connect the networks where appropriate.
And that is where it gets weird. When I do go to
settings -> Security & updatestheLock wireless (OTA) software updatecheckbox is checked, so I uncheck it and save the page.
@DutchessNicole If the Lock wireless (OTA) software update box is checked, the correct password must be entered in the password box to save unchecking it. Unfortunately, if the correct password is not entered, the UI provides no helpful feedback - it just says "saved" anyways and ignores the attempt to change the security settings. (I'd class that as a bug for sure - definitely something we can work on.)
I'm inferring that you weren't expecting the lock to be enabled, and consequently don't have a password to put in. The default OTA password is "wledota"; maybe try that. If that doesn't work, unfortunately recovering a lost password is (intentionally) rather difficult. If this is the case, you may need to back up your config and presets and factory reset your device to unstick it. (If you try that, I also suggest editing the config backup to set { "ota": { "lock": false } } to avoid having the backup restore cause the same problem.)
As far as the "lock OTA" box being unexpectedly set - maybe it was ticked accidentally, maybe some bad config was pushed at some point, maybe some other bug -- hard to know. :(
(Re the subnet questions: 0.16 (the current development branch/nightlies) adds a security feature where, by default, WLED will no longer accept OTAs from other subnets, as a weak but cheap defense for those devices exposed when they shouldn't be. This feature can be disabled via the security settings - you'll probably want to adjust if or when you update to that version.)
Thank you for the response. I was indeed not expecting the firmware update lock to be enabled and didn't have a password set for it.
It seems that the default password you mentioned was indeed set on it, so that probably happened during the installation when it was still to be shipped to me.
Once the update hits I will disable the network lock as well. My network is locked down enough that I don't need these features enabled.
Other than that, the update has now successfully completed, I'm on 0.15.3 which is what I wanted to get to, so this issue is done as far as the updating not working is concerned.
I would love to see some sort of error message handling the case where a password is expected and none is given, as that is what caused me this confusion in the first place.
Well, this is definitely not my case, because after trying to perform the manual update via PC browser I got this:
@dimmas375 It looks like you're using the ESP02 build, which is for an ESP8266 with only 2MB of flash. It might not be possible to OTA update those devices as the firmware may be too big to store both the new and old versions in the available flash. IIRC there was some feature in the platform that allowed using compression to mitigate this to some degree; I'll double-check what the state of that is.