Re: after upgrading GS324T to 1.0.0.41 I can't login anymore

---

@tessus wrote:

Thus I thought maybe the firmware upgrade reset the password (since the upgrade fixes a few security vulnerabilities), but I tried all of Netgear's standard passwords, but to no avail.

---

Nothing the like. Since some much earlier firmware releases from about 2019 there was just changing the default password was enforced. However, you had ben able to login before for the update.

Tried to use the [log in] button instead pf pressing the <enter> key? 

Thanks for your reply. Yes, I tried the login button, but I did not try the enter key.

I am currently locked out and I have to wait 5 minutes.... I'll let you know then.

Nope, the <enter> key does not work either. I am really puzzled by this. Never had any issues like this one.

---

@tessus wrote:

Nope, the <enter> key does not work either. I am really puzzled by this. Never had any issues like this one.

---

Thank you for trying. The issue I had in mind was more the other way round.

Dropping the browser cache might help, too.

What browser make and version, what base OS?

I tried Firefox and Safari. I also cleared the cache. It did not help. I'm using macOS 10.14.6, but I am not sure what the OS has to do with it. I could log in 2 hours ago (before the upgrade).

I don't want to be ungrateful, but the upgrade messed something up. It either changed the password to an arbitrary value or maybe restricted the access to a specific IP address. But I am not using the default network that Netgear uses upon factory reset, so that's that.

I am not sure, whether Netgear devs are reading this, but they should have done better QA. The update locked me out of my switch. At least I can still use my network, but I do need access to my switch....

Is there a way to tell the switch to boot into the other image? If this is not possible without logging in, this dual image feature is pretty much useless.....

I have now tried another browser (Chrome) and 2 other operating systems. I have also tried from the management network (VLAN1) but I still get the same error message.

I have to say that my trust in Netgear just went down quite a bit. If I can't be sure that a firmware upgrade won't destroy my switch, I'd have to buy the same equipment twice and run tests which should have been run by Netgear in the first place.

I hope that someone from Netgear reads this and provides a solution. How do I get access to my switch again?

The only theory I have right now is that the password was hashed as md5 in 1.0.0.38. In 1.0.0.41 the password is hashed with SHA1/SHA2 or whatever (without fallback), and thus can't read the md5 hash and verification fails.

This is the only logical explanation for what is happening. But without access to the source code or a signal from the firmware devs, I am out of luck. I suspect I will have to do a factory reset. However, if I am correct about the password hash problem, I will never be able to upgrade to 1.0.0.41.

Somebody really has to look into this.

@schumaku you seem to have contacts at Netgear. Please ping them about this issue.

Already informed Netgear. Was not difficult as you have done everything I could consider, too - great job!

To avoid a worst case scenario, if you are not in a hurry for the switch login, I would wait with the factory reset. Otherwise it would be difficult to restore the backup or reconfigure the switch.

Thanks for pinging Netgear.

I can wait. Currently I don't have to make changes to my VLANs or other parts of the network. It just makes me nervous that I cannot login. It feels weird being locked out from my own hardware.

Just to clarify your last sentence. I do have a backup from right before I upgraded. So after a factory reset, I'd only have to boot into image 1.0.0.38 and restore the backup. That would give me access to my switch and it would be correctly configured. Or am I missing something?

Still I think there should be an endpoint I could hit (without having to login) to activate the other image upon next reboot. 

If I had a second device, I could run additional tests, but I am afraid I need my network up and running.... Maybe I should buy a second one anyway. If the HW fails, my network would be down until I get a new switch. Such a scenario is unacceptable in my book. It's just that the price of this switch went up by CAD$ 120, which is a lot considering I paid CAD$ 200. But what are $120 compared to a broken network.....

---

@tessus wrote:

Thanks for pinging Netgear.

---

This is all I can do because you have done most of the possible troubleshooting with different browsers, systems. This makes it trustworthy to chime Netgear in-

---

@tessus wrote:

Just to clarify your last sentence. I do have a backup from right before I upgraded. So after a factory reset, I'd only have to boot into image 1.0.0.38 and restore the backup. That would give me access to my switch and it would be correctly configured. Or am I missing something?....

---

Usually, the switch backups taken from the earlier or recent version can be deployed to the current firmware. Release notes show if this should not be possible.

---

@tessus wrote:

Still I think there should be an endpoint I could hit (without having to login) to activate the other image upon next reboot. 

---

The dual image is primary for the case the current one has some functionality issues or as an alternate if a switch is not booting.

Lack of an OOB access, being a dedicated management Ethernet, being a serial console are compared expensive features, this not available in this extreme low cost switch class.

---

@tessus wrote:

It's just that the price of this switch went up by CAD$ 120, which is a lot considering I paid CAD$ 200.

---

Netgear and many other brands had to change the pricing recently, because chip and component availability, and the complete production line became critical in C19 times.

The June 1st 2022 price change by Netgear is never that much as you show here. Gold digger market over there in Canada?

This is the street price development in CHF (roughly 1:1 USD) from the last three month from a big retailer here in Switzerland. just the June 1st jump comes from Netgear's price update of around 20%.:

Being 6 USD per GbE port or new about 6.65 USD/port is certainly no robbery with lifetime warranty five year warranty for the first buyer.

---

@schumaku wrote:

 

The dual image is primary for the case the current one has some functionality issues or as an alternate if a switch is not booting.

Still not sure how I would switch the image, if there are functionality issues (say one can't login) or when the switch is not booting.

---

@schumaku wrote:

Gold digger market over there in Canada?

---

Well, Canada has become extremely expensive over the past 10 years. I can't buy from Netgear, but only online stores and resellers. And the price is set at CAD$ 319.99 (that's without tax, btw - all prices in US and Canada are without tax, so in Ontario I have to pay 13% on top). So this switch is CHF 272 at the current conversion rate. You don't want to know what a pint of beer costs. 😉

Wow, taking off VAT it would be 162 CHF or 215 CAD - darn, 320 CAD ex tax is still a ridiculous difference. You don't talk of a GS324TP here? That would make some sense.

Nope, that one would be CAD $449.99 (without tax). Trust me, Canada is expensive.

50-60% of all Canadians are $200 away from bankruptcy, but our politicians are too invested (they get tons of money from these companies) keeping monopolies up (like telco sector - we only have 2 infras and you probably read in the news that half of Canada (including banks and first responders) was offline for about 22h because of an outage). But that's off-topic. Sorry for my rant. 

Have you made contact with NG support yet? 

@tessus wrote:

I upgraded the firmware of my GS324T to 1.0.0.41 (from the previous 1.0.0.38), but now I can't login anymore.

I always get the message Login failure.

 

The strange thing is that the switch seems to be running ok, since I can reach all my VLANs.

 

Thus I thought maybe the firmware upgrade reset the password (since the upgrade fixes a few security vulnerabilities), but I tried all of Netgear's standard passwords, but to no avail.

 

Any idea what might be going on?

---

@tessus,

Let us try this.  Kindly try to disconnect your GS324T switch from your existing network.  Then connect a PC directly to a port that belongs to the Management VLAN and try to access its web-GUI.  

Regards,

DaneA

NETGEAR Community Team

Thanks, I will try this in the evening. I am working from home and I can't disconnect the switch from the network at the moment.

How am I supposed to do that anyway? Unplug all the cables? In that case I will have to label all cables and tape them to the desk.... This can take a while.

Disconnect only the uplink, and probably the devices which might go wrong if associating with a wrong VLAN should be sufficient.

Hmm, the firmware 1.0.0.41 was just removed from the web site. Shall I get nervous?

I still have a few more hours to work.

---

@DaneA wrote:

@tessus,

 

Let us try this.  Kindly try to disconnect your GS324T switch from your existing network.  Then connect a PC directly to a port that belongs to the Management VLAN and try to access its web-GUI.  

---

 Unfortunately it didn't work. Same error.

@tessus 

I have a similar problem: After I noticed Netgear pulled the 1.0.041 update, I rolled the switch back to 1.0.0.38 and was initially locked out.  In my case, the password had been reset to the default "password".  I was able to get in, change the password and carry on.

---

@wvisser wrote:

@tessus 

I have a similar problem: After I noticed Netgear pulled the 1.0.041 update, I rolled the switch back to 1.0.0.38 and was initially locked out.  In my case, the password had been reset to the default "password".  I was able to get in, change the password and carry on.

 

---

You are lucky then. I am stuck with no way to login.

@DaneA not sure, if you've read my previous reply. I was not able to login with your suggested method.

I saw that the firmware has been removed from the web site. Have you been able to reproduce my problem? Are there any other things to try or do I have to factory reset my switch?

As mentioned previously, it would be great, if one were able to change the image at the next reboot without having to login. Otherwise, can you please explain in what situation the dual image capability can actually help? If something is not working, it's already too late to change the image, and as you can see from my specific problem, I can't even login to change the image....

I do understand that resetting the password could be part of a firmware upgrade, but it should be mentioned in the upgrade notes and apart from that, something else is going on here. I either hit a race condition where the password was only partly reset, or the password was changed to a random value, or the verification/hash algorithm has a problem.

The only good thing is that my switch is actually running with the correct config, so my network is still up and running.

Thanks for looking into this!