ReadyNAS Duo v2 certificate and general settings issues
Hi,
I've had my ReadyNAS Duo v2 on RAIDiator 5.3.13 for many years now, and it's nearly always been problem-free. I mostly use it as a music server for my Squeezebox players, so it's kinda valuable, given their server software doesn't run on many other NAS devices.
However, the other day, I needed to power it down, and that's where my problems started.
It didn't reappear on my network (it had a static IP address on my 192.168.1.x subnet), but RAIDar found it at 192.168.168.168. My DHCP server *was* running, so no idea why it didn't work even if the static IP address had been lost. I tried talking to it using Chrome, but wasn't able to connect to it (despite forcing my PC to a static IP address of 192.168.168.5).
I rebooted to a memory test, but don't actually know what the result means. After about an hour, the power LED stopped flashing, and only the LED for disk 1 was left flashing,. Disk 2 LED was off. That scenario doesn't seem to match any of the info I managed to find. I also dismantled the unit, cleaned out the dust, and replaced the CR2032 battery, just in case...
Next step, rebooted to restore the OS. That seemed successful, and the NAS worked with DHCP this time, and I got a sensible IP address so I could connect to it...except it seems to have generated a certificate for the default 192.168.168.168 IP address, so I'm getting invalid certificate errors. It also looks like the clock got screwed up at some point, since the certificate expiiry date is 2038 also created in the future), but I've corrected the clock, now,.
Now, I think I should be able to fix the certificate issue, by clicking on the 'HTTPS' button on the OIverview page, right? Except that nothing I seem to change on that page is sticking. I can speficy the new IP address (manually assigned from my router, now), but the 'SSL Key Host' resets back to 192.168.168.168 again. Also, any attempt to assign a static IP address for the machine also reverts back to dynamic. Changes on this page don't seem to actually be made, although other seetings made on the 'Settings' page seem to be working/changing as expected.
So....anyone know what's going on? What would have screwed up the IP settings and clock after a power cycle? Flat battery? And why don't the changes I make to the the Ethernet address on the Overview details, stick?
Do I need to do a full factory reset? Will that destroy data on the HDD? I don't mind setting it up again, but I obviously would rather not lose my data. Can I do a trick like remove a RAID disk, factory restore, and then swap disks to get it to rebuild the RAID from the good data?
Cheers! I'm sure the ReadyNAS isn't quite ready for the trash just yet...
Re: ReadyNAS Duo v2 certificate and general settings issues
Since the SSH certificate is self-signed, it's always going to create an error. Some browsers have a way to set them to always ignore it on a specific address, which may be what you did. But that's now set for the old IP address. It is usually better to reserve an IP address in your router rather than use a static IP in the NAS, which I suggest you do. You can always reserve the address you used to use.
The certificate expiration date should be in the future, though I don't know how far in the future it normally is set. So I'm not sure why you think that's an error.
But as to why nothing you edit in the SSL host entry doesn't stay, I can't say. Perhaps try re-installing the OS once more time after you have reserved the desired address in the router.
Re: ReadyNAS Duo v2 certificate and general settings issues
Thanks for the response.
Yes, I am aware of most of what you say. I am expecting a warning about the certificate, but Chrome seems really insistent that the certificate is invalid, and doesn't seem to want to just let me accept/save/ignore it. I had to switch to Safari to actually be able to ignore the problem.
Yes, the expiry date should be in the future, but I thought the certificate shouid only be valid for a few years, not 17 years. I think the NAS had corrupted the date and set the year to around 2030 when it created the certificate, hence the extended expiry date, but I don't actually see a creation date.
I'm assuming Chrome's insistence that it can't accept the certitifate is because either the dates are 'impossible', or that the IP address just doesn't match. Both are issues that should really be resolved.
Yes, I am now (and am happy to) reserve the required IP address in the router. No problem with that. I agree it's a better solutiuon, but my previous router (when I set the static IP address) didn't support that (that I'm aware of). Trying to configure the ReadyNAS to use a static IP address now was just an exercise in trying to get the certificate to work properly, and that's when I realised it wasn't actually making the change.
But yes, I will try to reinstlal the OS again, and see how I get on. And I guess if that doesn't make any difference, then a full factory reset may be the best option. Just trying the least destructive fixes first...
Yes, I am aware of most of what you say. I am expecting a warning about the certificate, but Chrome seems really insistent that the certificate is invalid, and doesn't seem to want to just let me accept/save/ignore it.
Normally there is an "advanced" control on the warning page - if you click on that, you can connect. Chrome will remember that for a while, but you will need to navigate through the warning from time to time.
Re: ReadyNAS Duo v2 certificate and general settings issues
I do, but it doesn't help. I have a link to Learn more (links to Chrome certificate help page) and buttons to 'Reload' and 'Show Advanced' (changes to 'Hide Advanced'). The advanced secion simpy states:
192.168.1.82 normally uses encryption to protect your information. When Google Chrome tried to connect to 192.168.1.82 this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be 192.168.1.82, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
You cannot visit 192.168.1.82 at the moment because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
There is no link to save/import/accept/ignore the cerrtificate.
Cllicikng on the 'Niot Secure' warning on the URL line, I'm able to view the certificate details, I notice it says:
Not Valid Before: Friday, 10 January 2031 at 22:25:51 Greenwich Mean Time
Not Valid After: Monday, 18 January 2038 at 22:25:51 Greenwich Mean Time
There is a section in that Certificate Details view labelled 'Trust', which I have tried setting to 'Always Trust', but it doesn't make any difference. I just seems like the certificate is sufficiently invalid/corrupt that Chrome is just refusing to do anything with it.
Re: ReadyNAS Duo v2 certificate and general settings issues
I'd already reinstalled the OS once after it failed to boot up properly when it was power-cycled.
A bit of a breakthrough, though...it looks like the problems I was having are due to the way Chrome works with the ReadyNAS....on a Mac. I switched to using the same (latest) version of Chrome on a PC, and everything works as expected; all changes to IP address, etc, are remembered, etc. I still get the same error about the certificate, but when I click ok the 'Advanced' section, instead of being told it just couldn't show that page, it gave me the option to 'visit the site' anyway - exasctly what I (and previous replies) were expecting.
So lesson learnt - don't assume the same browaser version works the same way with the NAS, from different platforms.
Re: ReadyNAS Duo v2 certificate and general settings issues
Never say never, but I'm pretty sure I've not changed anything relevant. I've looked through the security settings, and can't see anything that would allow me to allow (or block) access to the ReadyNAS, without dropping from 'Standard Protection' to 'No Protection'...which I really don't want to do. The PC was also set to the same protection level.
Anyway, I've spent too much time on this already. and it's revealed that the ReadyNAS is really rather outdated. Time to investigate updating to a Synology NAS, which seems to support a more recent/semi-supported version of Logitech Media Server. Maybe the ReadyNAS has had its day, after all.
