This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
We found a fix. Delete the user's local state file located in C:\users\(username)\AppData\Local\Google\Chrome\User Data\Local State. After deleting it the issue went away. Let me know if that works for you. (...)
Thanks for nothing! This "tip" is really bad. All locally stored logins are deleted, but it doesn't help at all. You could also have warned us that everything would be lost if someone deleted this file.
For some reasons old bold, (and I admit not always wise) men are sometimes posting some comments worth reading before jumping the boat. That's why I said "One workaround without deleting the "Local State" file or using GPO to disable "RSAKeyUsageForLocalAnchorsEnabled" is to start Chrome with the field trial disabled..."
Yes, I'm doing my experiments on a virtual Linux environment, so calling chrome with some calling params was easier at that point.
I am having the same issue with a customers router as well. I have tried accessing the management interface from multiple computers using both EDGE, CHROME, and OPERA all at the latest version.
Will this problem be fixed as even after a factory reset it does not fix the issue? If not do I need to suggest to my customer to move to a different product?
I posted a reply earlier but for some reason it didn't show up, apologies if this winds up being a duplicate.
For me the only way I can access my router is with Firefox v123.0 (which, as of right now, is the lastest version: just in case I kept an archive of it and disabled auto updates). Oddly, I can access each individual satellite with any browser (not that you can make changes to the router from there).
The solutions to allow Edge/Chrome to bypass this using either a registry key or flag, while they will work for now, are not intended to be a long-term solution. According to Google:
"This policy is available for administrators to preview the behavior of a future release, which will enable this check by default. At that point, this policy will remain temporarily available for administrators that need more time to update." (emphasis mine).
@Architekt Thank you so much for you reply. This allowed me in. So are we waiting for a firmware Upgrade to fix this issue? Because this one version on one browser is not tenable.
@JBX_Industries I am not sure. The only I know is that my particular model is now listed as "End of Life" and there are zero firmware updates available anymore for it whatsoever. Haven't been since I've been on the latest version (4.3.2.100).
For whatever reason, I noticed they did push out a firmware update for the satellites of my model, with the same version number, but with "-signed" appended to it. Which is why I imagine I can connect to said satellites: my guess is they simply updated the satellite firmware with a signed cert that fixes the issue.
Sadly I do not see any -signed versions for my router itself. I just checked both via the router's "check for firmware updates" section, as well as directly downloading the firmware (and applying it) to my router.
It looks like we have the same router type. @Architekt is the most recent downloadable version on the website signed for the router? This is my other question I asked in these forums; Since the router is "End of Life" meaning for NETGEAR they no longer have it listed for sale, does that mean they will not be doing firmware upgrades for it or fixes for these kinds of issues? I am trying to understand if I need to suggest a new internet device for my customer or not.
@JBX_Industries If you have the exact same model as mine, it seems like there's a signed version for the router when I visit their page to manually download it for both the router and satellites. You can either google "orbi sxr80 firmware", should be the first link, or you can follow it directly here: https://kb.netgear.com/000065797/SXR80-SXS80-Firmware-Version-4-3-2-100
While the file there does indeed have the "signed" text now on it, I already applied it, rebooted, all that fun stuff, and it didn't resolve the issue for me.
I think I saw in another thread that EoL meant just that the products aren't for sale anymore and that they'll continue to push out security patches or I would assume fixes, but as I don't work for them I don't know any more.
As for whether you should suggest it to your customer or not, I can't decide that for you. From my personal experience, I've had amazing success and experiences with both consumer and business/enterprise switches from them (I have some that are over a decade old, been battered and bruised and placed in the worst conditions and they still operate at peak performance). But as for business grade wi-fi routers, I don't know where I'm going to go in the future.
Edit: Ignore the strikeout comment below. I misinterpreted it. It doesn't mean you can't locally access the router.
I'm not particularly fond of this note in the above link about the latest firmware:
"
Removes remote access for security reasons. Workaround: Consider becoming a NETGEAR Insight subscriber so that you can enjoy remote management with built-in security features like automated security alert notifications, two-factor authentication, Single Sign-On (SSO), and Multi Pre-Shared Key (MPSK)."
Had I realized I'd eventually at some point I'd be steered to a subscription to manage the router I wouldn't have bought it in the first place. But that's just me and my current financial position, I can't answer for anyone else.
So navigating to HKEY_LOCAL_MACHINE\SOFTWARE\Policies in regedit and there is no Google folder/path, ergo no chrome folder/path and under Microsoft no Edge folder/path. Manually adding them and the registry values to them also does not resolve the issue for me. Windows 11 23h2 here.
I tried the registry flag you mentioned for Edge (not Chrome), and while it works (I'll tell you how after this caveat), you'll notice that when you go into your Edge settings, some options will no longer be available to you. There will be a message at the top of the screen saying that your browser is managed by your organization, or something close to that. I'm not sure if this is a permanent fix either, given that as I mentioned above, Google has indicated that for the Chrome solution (and Edge is based on Chromium like Chrome), it's a temporary fix for now to allow admins to fix their certs. They didn't specify how long this would remain tenable. Now that the caveat is out of the way, should you wish to actually enable that registry setting for Edge specifically, here is how you'd do it:
Open regedit
go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft
Most likely, you will not see an Edge sub folder. That's because if you do, it means that your "organization" (aka you if it's your personal home machine) now will be in charge of setting certain browser settings (I elaborated a bit on that caveat above, I also don't know about all the possible other side effects managing it in this way has)
If you do NOT see the Edge subfolder, right-click on the Microsoft folder (it's actually called a key but whatever, the icon looks like a folder), and select New->Key (I'd suggest doing this with Edge closed). Proceed to step 5.
If you DO see the Edge subfolder (or you now see it because you made it in step 4), left click on the Edge subfolder. In the window on the right, right-click on any empty space, and select: New->DWORD (32-bit) Value and name it RSAKeyUsageForLocalAnchorsEnabled
It should already preselect the name so that you can change it. If not, you can simply right-click on the name of the value you just created and choose "rename"
The value by default should already be 0. If it isn't, simply double left-click the name, and change the value in the pop-up that appears to 0.
THIS WILL NOT WORK UNTIL YOU REBOOT THE COMPUTER.
As for doing this for Chrome, it's the same basic idea. Source regarding the actual key for Edge: https://stackoverflow.com/questions/77519169/err-ssl-key-usage-incompatible-error-google-chrome-this... you have to skip past the actual answer (it doesn't apply to us in this case) and it should be right under it. As of this writing it has 6 upvotes and begins with the text "The equivalent Edge registry setting...."
This is already an ongoing issue and there is a patch firmware that fixes this. Please download the beta firmware on the link provided below and load it to your router and satellite. You can use a firefox browser to login to your GUI and load the firmware provided. After loading the firmware, make sure to perform a full factory default on the router and test if you can use Chrome or Edge after.
@ReneD Can confirm this fixed this issue for me in Edge and Chrome!!!! For statistics purposes, here are the browser versions I tested it with successfully (all are up to date as of this post, just checked).
Edge: v122.0.2365.66
Chrome: v122.0.6261.95
Firefox: v123.0
Tested with both Windows 11 23H2 and an old laptop (that can't run Win 11) running Windows 10 whatever is the most up to date version.
All 3 browsers now act as they did previously, which is good you connect, you get that same warning about trust etc., click advance and proceed anyway (depends on your browser the exact sequence but I assume by now everyone in this thread knows about this), and boom in you go to the GUI!
I will list a general suggested method to upgrade, as my specific set up is most likely way more complex than other people. If you're curious, my personal set up is this:
ISP connects to commercial hardware firewall. This firewall also acts as the router.
I have a Netgear MS510TXM switch that connects via the 10Gbps SFP+ port to the above firewall's 10Gbps SFP+ port. This is the central switch for everything on my network and numerous other ethernet cables connect here (PC, gaming devices, NAS, media server, other switches, etc)
The Orbi SXK80, in AP mode, has its WAN port (the leftmost one, i.e. the one you'd just connect right to your ISP if you ran it in router mode) connected to the above switch.
All 3 of my SXS80 satellites connect directly to the above SXK80 router via ethernet backhaul.
Take note of my specific product: these instructions only apply to my experience with my SXK80 and my three SXS80 satellites (2 that came bundled, 1 I bought lateron). Also, be aware that I took an ultra paranoid approach to this given the firmware was described as being beta.
General suggestions:
BACKUP YOUR CURRENT SETTINGS: This will probably differ for each model, but for the SXK80, click on Advanced->Administration->Backup Settings and click the "BACK UP" button at the top where it says "Save a copy of current settings". Make sure this is on hand somewhere not requiring net access. Just put it on your desktop.
If you are rushing through this, you need to make sure you did step 1, unless you like to start everything from scratch and do things the hard way.
As per instructions, INSTALL THE FIRMWARE ON EACH SATELLITE FIRST. I did each one at a time. Yes, that took a while, but I was paranoid and wanted to ensure nothing went wrong.
Once you've updated all your satellites, now you can update the router.
Yes, you do have to do a factory reset. As a test, I tried connecting w/out doing so and obviously it didn't work. Before you factory reset, please keep reading.
I unplugged every satellite, so that at this point only the router was powered on.
Now I did the factory reset. Follow the instructions for your model. If you don't know how, it's in the user manual. For my model it was towards the bottom at the appendix area. Just search for "factory".
For my model, after the front LED blinked white (indicates booting up) for a while, it turned solid white for a while (indicates factory reset in progress).
I directly connected my ethernet cable from my laptop to the router (not sure if this is required or you can just use wifi, but I wanted to be extra careful)
I am not sure once it's solid white how long you need to wait but I got bored after a few minutes and decided to try connecting to the router. My model's factory default IP address is 192.168.1.1 so I opened Firefox (again, being paranoid, decided to keep using same browser as before, possibly not necessary) and connected directly to it. I then got the standard fresh out the box "let's set up your Orbi!" walkthrough.
Follow the set-up instructions and you'll quickly be given a choice to start from scratch, or here's why you should have read step 1, restore your router configuration from a backup file. I selected this option and uploaded the config from step 1.
I waited until the router was all done, verified I could connect with Firefox, then verified I could connect using Edge and Chrome (which previously wouldn't): it worked.
Again, probably being overly paranoid, but I plugged back in each satellite one-by-one. By that I mean I waited until the front LED on each satellite remained on for the 3m the manual says it will do, and then it eventually turned off, indicating successful connection to the router.
Profit. Issue resolved in Edge and Chrome with no regedit or other workarounds needed.
@ReneD If you're curious, I have my router set to syslog everything to my NAS and got a bunch of warnings/errors the first time I powered on the first satellite (15 to be exact), after which point it seemed to reboot itself, gave me 3 more errors, and then fixed itself with no other errors at all. For the subsequent 2 other satellites, I simply got the same 3 errors instead of the initial 15. Once again, this didn't cause any problems: the satellites correctly fixed themself. If you want, I can send you the messages the syslog server sent me (just tell me the appropriate way to send them to you).
@ReneD Can confirm this worked. I posted a very detailed reply about what I did but for some reason said post got rejected and seems to be awaiting moderator approval after I edited it because an angry face emoji somehow accidentally appeared, I think due to how I ended my parenthesis.
Chrome and Edge will not access the Management Login on the SXR80. The only way in is by using Firefox and this concerns me if this stops. Firmware is up to date. recently windows and chrome updates are the reason this has stopped working.
There are no options to change setting from http to https or vice verse and to make matters worse I can not log a case with netgear without paying $$$$ for a contract for them to look at and fix an issue with their browser compatibility.
Any ideas welcome as nothing in the thread here works. 1 screen shot showing chrome (left) error) whilst Firefox (right) logged in.
Thanks for the information re Beta but is a Factory Default seriously required? We have 2 kits each with 1 Router and 6 Satellites and that's a lots of time and effort to repare and set them up again 😞
@ScubaSteve007 I mentioned a general guideline of steps after the firmware links. In my set up, I have 3 satellites. I only performed a factory reset on the router. I did not reset any of the satellites. I don't know if you have to do so, but every since I applied the patch I haven't had any wi-fi issues or issues connecting to the actual router.
That's why you back up your settings before you firmware reset and then simply upload those settings back to the router instead of starting to set up from scratch. I had zero loss of satellite information whatsoever, no pairing required. Again, it's critical to back up your settings and restore them. Also, again, in the detailed instructions, I mention that as a just-in-case, I took the paranoid approach and unplugged each satellite (after applying the patch and they restarted completely), then did the factory reset on the router. I literally didn't have to do anything after I uploaded the backed up config besides plug back in the satellites.
I have an SXR80 and two SXS80 satellites. System is working fine and I am very happy with it.
However, I have a weird problem. I am primarily using Windows 11 and Edge browser and today I find I cannot access the Orbi login pages over my lan. At first I get the usual "Your connection isn't private" warning, but then when proceding, I get the following error:
Hmmm… can't reach this page
It looks like the webpage athttps://192.168.55.51/might be having issues or it may have moved permanently to a new web address.
ERR_SSL_KEY_USAGE_INCOMPATIBLE
The strange thing is, I can still access the same IP/webpage using Firefox and it also works fine from my Mac with Safari! Also, I tried Chrome and that CANNOT access the Orbi either, with the same errors. So Safari and Firefox both work but both Chromium-based browsers do not!
I have tried the foilowing:
Cleared cache & cookies
ipconfig /flushdns
Tried Edge in Private Mode
Disabled all extensions
Does anyone have a clue what might be going on here? I am really stumped.
