Firmware updated and now shares won't mount

Answered

Comments

48 comments

  • Official comment
    Tony W.
    Product Support Manager

    UPDATE:

    Thank you for your patience - in speaking with our QA and Product Development team, we have discovered the root of the problem. BluOS 3.18.7 includes a Security patch that closes a Network Vulnerability used by many ransomware attacks. This vulnerability has been avoided by disabling Microsoft's NTLM authentication for file sharing. Microsoft themselves identified this in 2010 and completely removed it from Windows as early as 2016.

    It looks like NTLMv1 is still the only security authentication used in Apple Time Capsules. Apple has not provided a Time Capsule update since early 2019. Many older NAS devices and older ISP-provided routers are also using this authentication method.

    If you are experiencing this issue please review your NAS security settings and change your authentication method from NTLMv1 to something else. Check with your NAS manufacturer for a security update to your NAS firmware. If you are unsure how to do this, reach out to our Support Crew via Help, Send Support Request in the App and they will reach out via e-mail to point you in the right direction if you let them know the make and model of your NAS.

    Other possible workarounds include moving the USB drive attached to your router as a local USB stick until your ISP can update your router or your NAS has been secured.

    We do apologise for the inconvenience but thank you for your understanding.

  • Tony W.
    Product Support Manager

    Thank you Ian

    We do apologise for the inconvenience but we are investigating a possible issue here and with our QA team. It looks like older NAS devices are not reconnecting. Devices like this may be using an older version of the SMB protocol. 

    See if there is an update for your Time Capsule (but likely not given its age). We do hope to publish an update as soon as possible. Feel free to bookmark this thread for updates. 

    0
  • Blackbird

    Same here, no chance for updating the media server (which is on my internet router) - doing a firmware downgrade as a workaround would be fine so it won't hurt that much until the bug will be fixed.

    0
  • J Daun

    Same issue.  NAD M33, just updated BluOS to 3.18.7 and now unable to access shared drive (USB stick installed in TPLink router).  Spent an hour trying to get it mounted with no success, only to later find this thread.  I would be happy to downgrade firmware to prior version until issue is resolved.  Thanks.

    0
  • Adrian

    Same issue. I have a Node2i which is no longer able to map an SMB network share (a hard drive attached to an Airport Extreme). The Airport Extreme is running the latest version of the firmware (7.9.1). So the issue is not limited to old NAS devices.

    Can anybody please provide instructions to revert to previous firmware version? 

    0
  • Vagner Melo

    +1
    Same issue here, unable to mount my file share.

    Using my RPi4 + Volumio and hoping the Bluesound Crew fix this ASAP.

    0
  • Blackbird

    Not happy with this strategy as Blusound just prompts with "new firmware available" but I never saw any informations about expected changes or side effects.

    Using an USB drive is also not recommended by the Bluesound support - I know that because I had tons of problems (very slow start, slow thumbnail, dropouts) when doing so.

    So there should be a transition path to allow user to be prepared or a very quick firmware update which includes the possibility to choose the protocol authentication method within the configuration menu.

    2
  • Adrian

    I am not happy with the response from Blusound support. While I do appreciate their concern for security, please keep in mind that the Node2i is typically attached to a personal network and not exposed to attacks from untrusted networks such as the Internet. If some bad actor was able to compromise my personal network then I would have bigger worries than a bad actor encrypting my hard drive where my music resides. An offline backup of the music library can protect against a ransom attack.

    Now Bluesound has disabled the functionality that was the primary reason I purchased this device so I am not satisfied with the company response. I am also not happy that updates are provided without any disclosure of potential impacts to customers. This is not acceptable. 
    1
  • Vagner Melo

    Please Tony, don´t use all your efforts to fix the issue for Apple Time Capsules only.

    There is a lot of another storages in the market, help us..

     

    Me here, I´m using a TP-Link Archer C7 with CIFS version 1.0

     

    1
  • J Daun

    Someone please correct me if I'm wrong about this.  This has not been explicitly stated, but if I read between the lines, I imagine some of us with older NAS or older routers (older hardware that has not received updates in several years) will need to purchase new hardware to resolve this issue, unless BlueSound issues an update to resolve it.  I feel it is not acceptable to release a change like this without understanding AND warning users of such an impact.

    For what it's worth, I'm using a TP-Link Archer C50v2 router with a USB stick installed in it.  And an NAD M33.

    Note: I started a helpdesk ticket with BluOS support this morning because I'm unable to find any router settings that correspond to Tony's comments re: NTLMv1 authentication ... the response I received to that ticket has not been helpful.  They do not seem to have the latest info provided by Tony W, and they claim it would be impossible to rollback NAD M33 to a previous working firmware version (not sure if that also means there is no method to *install* a previous firmware version).

    1
  • Stefan Thiem

    Same here, having a DLINK 323, no more connection possible.....mounting share failed.......

    0
  • Blackbird

    I appreciate that Bluesound is aware of security issues. But then they should also have been aware that removing a protocol (without any information this will happen) will have an impact for many users.
    Most network vendors are implementing a possibility to choose if NTLMv1 or v2 should be used. I think this is the best option for Bluesound now.

    Anyhow the update strategy should be rechecked to avoid such an unpleasant situation.

    Update:
    Meanwhile the support asked me to do chances on my router (DHCP Reservation, IGMP Snooping, etc.)...
    Now I am getting a little bit nervous - because it shows the understanding of network protocols (all listed points have nothing to do with the NTLM issue, DHCP Reservation won't help to fix the non standard IP stack implementation of Bluesound, IGMP snooping is a mechanism for switches and not for routers and so on)...

    Now it's time for a statement if Bluesound...
    - will NOT reimplement compatibility to the NTLMv1 protocol suite?
    - will NOT provide a possibility to undo the firmware update?
    - accepts that the devices are UNUSABLE now for many users?

    0
  • Robin R

    Same problem here, after upgrade Node (new model) mounting a network share failes (to usb portable HDD into Asus RT-AC68 wireless router), BluOS won't connect the drive ("Mounting share failed"). 

    Don't like this at all, no information provided why it failed, connecting prior to upgrade was no problem. This was probably my most used function on the node.

    the solution/update statement provided in this topic doesn't give me any clue how to solve this, I would like to downgrade the node. I will file a Support request for this.

    1
  • ian nicholls

    So the official answer is "get a new NAS"?

    Can old firmware images be put on USB and manually loaded like an upgrade can? 

    0
  • Beedu

    This post prevented me from doing the update! My good long-serving QNAP NAS is working fine, but I'm afraid I would run into the NTLM issue as well!

    To do no more updates cannot be the solution! I'm expecting a firmware from Bluesound that fixes this bug.

    0
  • Tony W.
    Product Support Manager

    Hi Beedu

    Your QNAP will work fine as QNAP has also abandoned NTLMv1

    0
  • Blackbird

    Don't know the newest QNAP releases but remember that within their release notes (they do inform customers) you could read that NTLMv1 is not permitted by default, but still can be enabled by user configuration. Wouldn't that be an option for Bluesound?

    Bluesound doesn't see QNAP as a role model in other situations, e.g. allowing to define static IP addresses for their devices (instead of using DHCP which is also a security issue)...

    0
  • Jason Runyon

    Linksys EA9500 router, new M1 Mac Mini, SSD USB drive attached to router.  This "update" also broke my file sharing.  

     

    0
  • Beedu

    Thanks Tony for the hint regarding QNAP NAS. I installed the latest QNAP and Bluesound firmware. Bluesound's access to the NAS share works fine :-)

    1
  • Stefan Thiem

    Is my understanding correct that there will be no solution for this problem (e.g. my DLINK 323)? I didn't hear anything further from Bluesound.

    0
  • Steve

    I was told by customer support that for now they advise using a USB drive; and that the engineers are working on this as a "high-priority" issue and hope to provide a fix (when, who knows).  They also claim they don't keep copies of old firmware which must be BS--I guess they just don't want to provide them (maybe for good reasons).

    0
  • Tony W.
    Product Support Manager

    Just to clarify; like many organisations and developers - we have retired NTLMv1 for security reasons. We are looking at alternative options but there will be no reinstatement of it given its vulnerability.

    Please work with your NAS provider or router supplier about a similar security patch they should also offer.

    0
  • Jim Miller559

    Tony - the support agent I talked to said that I can no longer use a USB hard drive that is formatted MacOS?  I don't mind changing to a new router but the hard drive is a bigger deal.

    0
  • Blackbird

    Just to clarify why a user may feel not very happy actually:

    • many vendors do inform their customer/user if they will deprecate a protocol in the future
    • many of them do allow to let the user define security configuration for their own (NTLMv1 vs. v2, IGMP support, etc.)
    • all vendors I know have the possibility to install any existing firmware (Bluesound allow manually factory reseting their devices and installing the latest firmware only)
    • all devices (except Bluesound's) also allow to set statically IP addresses (which should be possible for security reasons and because of the IP standard), this could also be a workaround for a given problem where the the Bluesound's network state diagram get lost and DHCP never requests for an IP address (a bug which is seen from time to time especially when USB memory sticks are used)
    • not sure, but it looks like Bluesound is recommending now to use a directly connect USB memory stick as a workaround for the latest update (Bluesound's support asked me to move from USB stick to a NAS solution some months ago because of the massive problems when the Bluesound device tries to deal with sound files from the connected USB memory stick)
    0
  • Ray Jazz

    Not sure this is the same issue but after the last update last week, I’m having problems streaming Qobuz on my Node2. Before I never had any issues. But last Friday the music stopped after about 20 minutes, it would start again if I paused and then pressed play but the stop again after about 5 minutes. Anyway on Sunday until today it was fine but now the problem back again. I’m using an iPad Air as control. 

    0
  • Tony W.
    Product Support Manager

    Hi Ray

    Your issue is something else only affecting iOS users. Please see; https://support1.bluesound.com/hc/en-us/community/posts/5803990364567/comments/5912979998487

    0
  • Valerio

    @ Tony W.

     

    The message that I received from the BluOS support, after my inquiry to instruct on how to "change my authentication method from NTLMv1 to something else" (as per your original message), did not provide instructions but informed me that BluOS is working to release a firmware update to fix the issue.

    As my ticket was then marked as solved, I would appreciate if an official confirmation that an update is truly in the works could be communicated on this forum.

    Thanks

    0
  • Robin R

    @Beedu, I bought a new QNAP nas for this issue, made a NAS share and is working from laptop. However, Blueos doesn't find it, and will not connect manually (of course without any indication why, hate that). 

    Can you please share the settings from within QNAP so it works for Blusound (node)?

     

    0
  • Ray Jazz

    @ Tony W

    Thanks but my issue has nothing to do with playlists. I don’t use playlists. I hope my issue is not like other users, who had the same issue with Qobuz, last year, that never got resolved. I’m seriously considering buying a different streamer now,

    0
  • Mark Lerwill

    I had the same issue after the Node firmware upgrade - the mounting share failed message when trying to connect to a drive connected to my router (supplied by my ISP). There were no options in the router config for changing the security protocol for the USB drive, but I deselected the "allow anonymous login" option and the share mounted. Hopefully this may help someone with the same problem, as it took me ages to stumble across it. It is frustrating that there isn't an option to roll back the firmware upgrade.

    1

Please sign in to leave a comment.