Admin page keeps refreshing...time off after 6.10.5 hotfix

---

Sandshark wrote:So what else are you wanting them to do (other than just be quicker about releasing the fix)?

---

They should have stopped pushing the update through their update servers when this problem first surfaced.

(Actually they should have run it to ground when the release was still in beta).

one weird thing I have noticed tonight is that by using RAIDar and accessing the admin by that the web page stays up and I can browse the NAS, also when I went to have a look at the SSH tab basically it states that you can be denied support if you enable this...

so I can verify that my data is ok, just can't use the NAS, I get creating a bootable usb and rolling back but surely after a month of complaints from users they should have a fix by now or provide an option via the update to rollback... give us some sort of message of the day stating that some users or all are impacted, give us something, again these ReadyNAS arent cheap by the time you throw some cash at the disks etc, as always doesnt matter what product it is, its the support when something goes wrong that end users remember and basically influence their NEXT purchase....

[EDIT] What I wrote below worked ONCE.  It has NOT worked since.  But I still think that the solution I suggested at the end of my post would solve the problem permanently.

Folks,

It finally occured to me to investgate the errors thrown by the browser.  At least in my case, the admin page was failing because a site loaded with a insecure protocol (http) was calling for something from a secure site (https).

I changed the url I was using to use the https protocal.  The browser warned me that I was attempting to load a secure page that had an invalild certificate, but I just went ahead and allowed it to load.

Bingo!  I am able to get to every page and I have not been booted out for over 10 minutes.

I think that Netgear has to simply install a legitmate certificate and redirect all http traffic to use the https protocol.  Both of these are child's play.

Your mileage may vary.

---

jrfinkel wrote:

I changed the url I was using to use the https protocal.  The browser warned me that I was attempting to load a secure page that had an invalild certificate, but I just went ahead and allowed it to load.

---

Good catch.  There is a setting to enable http admin access, but it is disabled on all my ReadyNAS.  So this is not something I would have found.  It'd be useful to know if others are also using http.

It is a bit unclear to me why the problem only occurs after people change the admin password though.

---

jrfinkel wrote:

I think that Netgear has to simply install a legitmate certificate and redirect all http traffic to use the https protocol.  Both of these are child's play.

 

---

On traffic redirection to https:  Netgear actually does this on older ReadyNAS, and it is starting to cause problems (because the security protocol they were built to use is being retired).  So I'd rather they not hard-wire redirection to https.  There already is a setting to disable http admin, and I'd rather it be used instead. I'm not sure if that is enabled by default or not (IMO it should be disabled by default).

Anyway, I'd rather they fix the problem by making http access to the admin page work properly, not by requiring https to get there.  If rumors here about Netgear abandoning the NAS business are correct, I want "vanilla" http access to be possible, just to make sure I can always get into the web interface down the road.

On installation of a "legitimate" cert: Installation might be simple, but it isn't possible for them to get that certificate. A Netgear certificate certifies that the NAS (more specifically, the NAS web server) is owned/administered by Netgear.  It isn't, it's owned/administered by you.  

Other than self signed, there are three cert types:

1. Domain Validated:  the owner validates that they own the site through a DNS record that is attached to the website domain.
2. Organization Validated: The owner validates that they own both the domain and an organization named in the DNS record.  (e.g., "I am Amazon, Inc and I own the domain amazon.com).
3. Extended Validation:  Like Organization Validated, but there are more steps needed to prove ownership. Likely Amazon.com is actually EV.

All three are linked to a domain name, and in this situation there is no domain being used to reach the NAS web ui.  So Netgear can't obtain a cert from a certificate authority (what you are calling "legitimate").

I guess there is one possibility here - Netgear could change the firmware so that the only way to get admin access was through ReadyCloud.com.  But that would totally disable your ability to reach the NAS admin interface if Netgear ever exits the business or shuts down ReadyCloud.  It would also require all NAS owners to allow internet access to the NAS. And if anyone was able to hack ReadyCloud they'd be able to get admin access to every ReadyNAS.  AFAIC, that is not an acceptable path.

@DrDDP2 wrote:

Really?  So the solution is to abandon the latest update and just stick with the prior release going forward? 

 

If incompatible, then it seems poor to automatically upgrade to a version that brakes the http auth process...

 

Maybe I'll just grit my teeth and perform the factory update.

 

---

You aren't talking to Netgear here, just other users. All we can find are workarounds, not real fixes.  The downgrade isn't the same as the factory default - no data is lost. 

jrfinkel has found another workaround, which is to uncheck Enable HTTP admin in system->settings->services->HTTP.

---

jrfinkel wrote:

I think that Netgear has to simply install a legitmate certificate and redirect all http traffic to use the https protocol.  Both of these are child's play.

Actually, it's not child's play.  There is no mechanism to issue a "legitimate certificate" for a device that is exclusively on a local IP address and URL, so there is nothing that can be installed.  And therein the problem lies.  There is no process for a browser to verify the identification validity of a device that is strictly local and the ability to simply ignore that is being depreciated.

I have no idea who can solve this problem, but it is certainly not Netgear.  It affects a much larger target group.

Using ReadyCloud to always access the NAS does get around the use of a browser for admin access, and that may ultimately have to be the solution.

ok interesting about the move away from the domestic market... another kick, anyway while we wait can we plan our migration away from Netgear... do we know if there is proprietary code basically meaning that we can't simply unplug our exisiting disks and move them into another manufacturer? or we simply start finding other options to move our data to the cloud and maybe back down again...

any suggestions on another domestic / SMB grade NAS? hearing good things about Synology.

Also I get that the Netgear NAS may go EOS but EOL may still be a few years away but its the Support which is the concern as we have seen.

The ReadyNAS firmware is based on a Debian distribution with stuff not needed stripped out and some things needed added, some newer packages backported etc.

It uses mdadm RAID with BTRFS on top. Assuming the RAID and volume are fine this can easily be read using an ordinary x86 Linux machine.

However different NAS manufacturers do their OS, RAID, volumes etc. a little differently to each other so simply migrating disks across wouldn't work.

hi, thanks yeah I thought that would be the case, in the interim I think its time to get the data off and then reformat the disk with the new vendor etc

---

homer51502001 wrote:

 

Also I get that the Netgear NAS may go EOS but EOL may still be a few years away

---

True, and I still do have ReadyNAS in service that are EOL.  I am ok with managing the security risks (in particular, not connecting them to the internet), but I do need to make sure that I can connect to the admin web ui.

---

homer51502001 wrote:

ok interesting about the move away from the domestic market... another kick, anyway while we wait can we plan our migration away from Netgear... do we know if there is proprietary code basically meaning that we can't simply unplug our exisiting disks and move them into another manufacturer? or we simply start finding other options to move our data to the cloud and maybe back down again...

To be clear - Netgear hasn't announced anything.  But they have been silent on ReadyNAS for quite a while (no new platforms introduced over the past couple of years)  Plus the home and small enterprise NAS market is shrinking (as cloud storage become both increasingly dominant and less expensive). So I personally think it is very possible, but not confirmed

OS-6 is on the disks, and that of course includes Netgear's proprietary ReadyNAS software.  The file system itself is BTRFS and it uses mdadm for RAID.  The array can be mounted on any modern linux systems (unless you are using disk encryption).  But that doesn't mean you can directly migrate to another vendor's NAS.

I don't own either Synology or QNAP, so I don't have any personal experience with either product.  I would be concerned about Synology's recent shift towards requiring Synology branded disks in their NAS.

Sandshark  wrote:

I have no idea who can solve this problem, but it is certainly not Netgear.  It affects a much larger target group.

 

Using ReadyCloud to always access the NAS does get around the use of a browser for admin access, and that may ultimately have to be the solution.

---

If you mean allowing https to access the NAS w/o the security warnings, then I'd agree.  But that's not a problem I want Netgear to solve.

It looks like the problem here is that http access to the admin ui no longer works, and that is something that Netgear certainly can fix.

---

StephenB wrote:

...

On installation of a "legitimate" cert: Installation might be simple, but it isn't possible for them to get that certificate. A Netgear certificate certifies that the NAS (more specifically, the NAS web server) is owned/administered by Netgear.  It isn't, it's owned/administered by you.  

...

Excellent points. Thanks.