#Failed to store thread credential in keychain

When I try to send Thread credentials to iphone I get a "Failed to store thread credential in keychain. I have tried deleting and reloading thread add-on and companion app. Any suggestions?

What’s your border router? Are you nearby it?

You can only save credentials when iOS can find the border router nearby to ask for more information

I am using the add-on Open Border router and I am only a couple of feet away.

Same network? No complex VLAN setups?

What app version are you using?

I do have VLAN’s but both my phone and HA ate both on the same default lan. HA is the most up to date and app is 24.9.3.

Please export your logs and send to me (preferably after you try to send the credentials again)

Which log should I send you?

Companion app settings >> debugging >> export logs

Drop me a DM since it contains sensitive data

I see in your logs Failed to store thread credential in keychain: Thread network credentials does not match with any of the active thread networks around, so for some reason iOS can't find your border router nearby or the credentials are incorrect.

Is this related to what we were investigating @elfin pier ? I know resetting the OTBR can fix the issue but it will also make you lose all paired devices

I tried resetting the OTBR and it didn’t fix the issue.
One thing I should may mention not sure if it makes a difference. I had this running on my HA Blue I recently moved everything to a more powerful machine. The thread devices didn’t come back after the restore. I removed OTBR add on and the integrations and started fresh. I have tried an android device and iOS. Not sure if there’s a leftover file somewhere?

So it does not work for you on Android either? For me it does work on Android, it was a fresh install of the companion app on android, however, it never had been installed on Android previously.

Correct doesn’t work on either device. That’s what makes me think there is a some config file somewhere that needs to be deleted.

Ah, interesting. Since Bruno is looking into both of our bugs, I'll leave it to him.

Yes, this is the same issue as we're investigating

hm curious, your logs @oak spear show a different error message Failed to store thread credential in keychain: Can not store frozen credentials, I need to find out what is a "frozen credential", I never had this issue

Is there a particular low level status code or trigger that results in that english message?

Im checking the docs now and apparently it is just a generic Error object, I'll let you know if I find more

In case you want to dig as well: https://developer.apple.com/documentation/threadnetwork/thclient/storecredentials(forborderagent:activeoperationaldataset:completion:)

I see nothing there that mentions "frozen". 😦 My guess is this is coming from the error argument in the callback?

If so... I wonder...

I had been trying to, unsuccessfully, add another device to Apple Home. I wonder if it's plausible that Apple Home might be interferring?

Let me delete that "home" and try again...

Hmm, that did not change anything.

Whats you final goal if all works? just so I understand

I want to be able to use my phone to commission new devices to the Home Assistant network.

(The iPhone, that is.)

Ok, so tweaking Apple Home won't help, we need to find out why your credential is not saved.
Do you have apple border routers as well in your network? (HomePod/AppleTV)

No, the only border router I have at the moment is the ZBT-1 and the Open Thread Router. This is my first entry into Home Automation, and I got Home Assistant on the 27th.

I did just now notice this entry in the docs you've linked:

If a person changes the SSID of a Thread-capable Wi-Fi router, confirm that the credentials match the preferred network credentials. If not, read the preferred network credentials and store them in iCloud Keychain.

I have setup a particular network with a particular SSID for 2.4GHz, however, my phone has been configured to use multiple networks and could easily have changed to a different one without me noticing... Is that potentially a contributing factor?

Can you try again making sure your iPhone + home assistant are in the same network?

They are in the same network. However, the HA is plugged in physically - it is not using an SSID because it is not using wifi. I don't think HA Green has wifi?

however, it's possible that the SSID may have changed on the thread border router without me noticing...

I've just changed the phone's network, killed and restarted HA... (To clarify: HA Companion app, I'm not restarting the HA Green)

and noticing I now get a permission popup which I've accepted "this once", but still fails to store thread credentials.

Yeah, having it wired is not a problem, mine is as well, they just need to be configured to be on the same network/vlan, if you havent make advanced configurations in your router then this should be the default

Which popup exactly?

Then that's the case.

OK got it, btw, unrelated to that but if you use internal and external URLs based on SSID, you need to enable location permission always otherwise it may fail to detect which URL to use in background.

Please go to companion app settings >> debugging >> thread and send me a screenshot

I’ll set that now in settings.

As for that screen, that was entirely empty, let me grab it today (probably same)

My permissions are now as follows (previously location was not set to always)

Now try to send credentials to your phone once more and then if it fails, share the logs with me https://forms.gle/Uoqz127Phx4mMTpS6

Can i dm instead in discord? (Its easier)

sure

I forgot where to get those logs. (Thread device has “download logs” but they don’t do anything)

Companion app settings >> debugging >> export logs

Perfect

You should have those. Unfortunately i have to get going (our timezones are terrible! 😫), is this everything you need for today?

For now yes, I'll keep messaging here in case I have news

Have a good rest!

Perfect!

Thanks 🙂

@turbid jacinth and @oak spear even with this credentials failing to save, if you try to comission a NEW matter over thread device, what error do you get?

From memory, I would get the no thread bridge found "Thread Border Router Required", and commission would fail, let me see if I have any screenshots that I might have kept...

Looks like I didn't keep screenshots, I think the app responded with "Thread Border Router Required".

Would you like me to test? I do have one last thread device I have not yet commissioned...

(My memory is not great, if you'd like me to test this device that's fine, it just potentially means I don't have new devices moving forward for testing. 🙂 )

Sure, give it a try, but what you reported makes sense as well, if it fails you will still have 1 device not configured 😄

Just got an interesting popup, I might have seen it before but... Allow "Home Assistant" to find Bluetooth devices?" Used to scan for Improv devices", this is notable because it's telling me that there are more than 50 devices found.

Nah, this is unrelated, it was introduced to setup Improv-BLE devices

unfortunately :/

It's now setting up! Ah, but still failed.

oh :/ what do you see now?

Can you send me your logs again? DM of course

SUre thing.

Sent

Good news is that Apple can see your network:

threadScanResults: ["Network name: ha-thread-5daf"]

So if somehow we find a way to save those credentials it will succeed

In your case I still need an answer from Apple because thats the first time I see "frozen credentials" error

Great!

And yeah, forgot to mention that the phone is clearly interacting with the device as I add it. (It just fails as you saw)

I know because it's an Aqara Motion and Light sensor, and the blue blinking it has suddenly changes when doing this.

Probably the iPhone can put the device in pairing mode but then fails to proceed due to lack of BR

Looks like it.

Oh, the phone was on a 5GHz network just then, I forgot to change it. Same outcome, though.

Been paranoid lately in keeping the phone on 2.4GHz while doing the home assistant stuff.

Yeah, well, in your case I dont think your setup is the problem, we just need to find out what frozen credentials means. btw I will check your logs again, maybe the message has changed

Can you try to send your credentials again and share the logs with me once more?

Which Core version are you using?

Should be the latest: 2024.9.3 (The issue started when updating to it, along with the update to the OpenThreadBorderRouter.)

Taking a while to sync credentials. Oh, and different error.

Tried it again, back to the same error.

How do you know it started on this version? Was it working before? Because your keychain looks empty

It was working before, I have a bunch of thread devices I already commissioned.

I did struggle though, until we decided to use the testflight version.

(The testflight version gives a confirmation that you've successfully sync'ed, that the released version does not)

Meant to send the screenshots here, not in DM, but oh well. 🙂

Logs sent

Ok, sorry Im a bit confuse now. correct me if I am wrong:

• So before you were able to save credentials in keychains successfully using the testflight app version but not AppStore app version.
• Then you comissioned those thread devices using the HA app
• Then you updated Core(?) and it stopped working?

Correct. As for the first point I'm not sure, we were debugging several things and this was my first time. The app store version does not confirm that you are able to save credentials. The testflight version does confirm it, with a nice tick.
I then comissioned... 6 thread devices (or thereabouts), using the HA app.
I then updated core (and also openthreadborderrouter), and the next day noticed I can no-longer commission new devices.

Unlike @turbid jacinth here, it seems I can commission them anyway using an Android phone, so I'm being somewhat fussy and stubborn in wanting to use the iPhone as I normally do not use the android phone at all.

I do actually have another iPhone on the same system I could use to try commissioning them, actually, I could try that? (Different model and different iOS version)

(That one is my wife's)

That would be a nice test

I'll do that.

It's in french, so bear with me a bit. 😆

Oh, and using the app store version.

Looks different, I can't seem to sync using it.

(She's logged in as a different user, but still 'admin' in HA)

Mine's an iPhone 14 Pro, hers is an iPhone 7.

Let me check the conditions for thread, one sec

which iOS it is?

Wow, quite old: 15.8.3, I should upgrade it a bit later.

(Mine is 18.1, actually there's a pending update for 18.1 beta 5, I should install that tonight)

iOS 16.4 is the minimum... and it only works well on 17+ to be honest

I'll upgrade hers a bit later then.

in DM you sent me 2 screenshots with 2 different error messages? they both show up now when you tested?

The two screenshots were two different attempts I had tried just at that point. The first one was the first attempt today, and then when I hit "retry", I got the second one.

I now only get the second one.

(Also, to be clear, it's the "Send credentials to phone" I'm tapping on today)

Maybe there was a transient network error causing the first one to appear? 🤷‍♂️

Check the last matter over thread device you comissioned and send me a screenshot like this please

you can find it in the device page

The one I was able to successfully add using Android, or one of the ones I did previously? (I do not remember the previous one)

last one that succeeded via iOS

I don't know if those serial numbers are sensitive, actually. The IP addresses are not sensitive though, not in my case.

I dont think so, but feel free to delete now

Done. 🙂

Then its REALLY weird that you have nothing in your keychain... those devices were comissioned through the native matter comissioning flow? (the same one that is failing now)

They were indeed.

Ok, give it a try after you have updated to beta 5, I am also running beta 5 and it is working for me.
Just so we are sure the problem is not the beta

Might just update it now.

@turbid jacinth When you see this, please also drop me your device model and iOS version as well

No change on beta 5.

I must go for dinner now.

Enjoy!

@wet atlas

Just to give you an update. I was finally able to figure out why I couldn’t get my phone to update its credentials. I changed to a IOT ssd on my network, different vlan and it updated iOS credentials. So I went back to my UniFi settings and compared the two different wifi settings and noticed that “multicast and Broadcast Control” was selected. I unselected and now phone will receive the thread credentials. Now I can’t seem to add a thread device so it’s half way fixed.

I am using iPhone 13 Pro software 18

Please try to pair a device again recording your screen and after it fails, send me the logs

I had a new beta update come in today for the Companion app. This seems to have fixed the issue I was now able to pair my matter device.