[Camera Support]: Onvif not working in 0.16-beta3, works in 0.15.1 with same camera

[rstanislav]

Checklist

• I have updated to the latest available Frigate version.
• I have cleared the cache of my browser.
• I have tried a different browser to see if it is related to my browser.
• I have tried reproducing the issue in incognito mode to rule out problems with any third party extensions or plugins I have installed.

Describe the problem you are having

Camera: hikvison DS-2DE3A404IWG-E(from recommended Frigate list) with 5.8.0 firmware, ntp time is set and sync on server and camera, ignore_time_mismatch: True is added to config, time inside docker container is also correct, ONVIF device manager is connects successfully, but frigate fails to connect with 'Unable to get Onvif media profiles for camera: cam5: The action requested requires authorization and the sender is not authorized'. On v0.15.1 it works without any problems.

Steps to reproduce

--

Version

0.16-beta3

In which browser(s) are you experiencing the issue with?

No response

Frigate config file

--

docker-compose file or Docker CLI command

--

Relevant Frigate log output

frigate  | 2025-06-15 22:48:39.368321674  [2025-06-15 22:48:39] frigate.ptz.onvif              DEBUG   : Onvif capabilities for cam5: ('http://192.168.122.35/onvif/PTZ', '/usr/local/lib/python3.11/dist-packages/onvif/wsdl/ptz.wsdl', '{http://www.onvif.org/ver20/ptz/wsdl}PTZBinding')
frigate  | 2025-06-15 22:48:39.368450124  [2025-06-15 22:48:39] zeep.transports                DEBUG   : HTTP Post to http://192.168.122.35/onvif/Media:
frigate  | 2025-06-15 22:48:39.368462664  b'<?xml version=\'1.0\' encoding=\'utf-8\'?>\n<soap-env:Envelope xmlns:soap-env="http://www.w3.org/2003/05/soap-envelope" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:wsa="http://www.w3.org/2005/08/addressing"><soap-env:Header><wsa:Action>http://www.onvif.org/ver10/media/wsdl/GetProfiles</wsa:Action><wsa:MessageID>urn:uuid:4faa5e1b-3555-4ba2-b1e1-a49876d8014a</wsa:MessageID><wsa:To>http://192.168.122.35/onvif/Media</wsa:To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken><wsse:Username>admin</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">redacted</wsse:Password></wsse:UsernameToken></wsse:Security></soap-env:Header><soap-env:Body><ns0:GetProfiles xmlns:ns0="http://www.onvif.org/ver10/media/wsdl"/></soap-env:Body></soap-env:Envelope>'
frigate  | 2025-06-15 22:48:39.368586824  [2025-06-15 22:48:39] httpcore.connection            DEBUG   : connect_tcp.started host='192.168.122.35' port=80 local_address=None timeout=30 socket_options=None
frigate  | 2025-06-15 22:48:39.368710654  [2025-06-15 22:48:39] httpcore.connection            DEBUG   : connect_tcp.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7b513892c050>
frigate  | 2025-06-15 22:48:39.368830565  [2025-06-15 22:48:39] httpcore.http11                DEBUG   : send_request_headers.started request=<Request [b'POST']>
frigate  | 2025-06-15 22:48:39.368951635  [2025-06-15 22:48:39] httpcore.http11                DEBUG   : send_request_headers.complete
frigate  | 2025-06-15 22:48:39.369069315  [2025-06-15 22:48:39] httpcore.http11                DEBUG   : send_request_body.started request=<Request [b'POST']>
frigate  | 2025-06-15 22:48:39.369204765  [2025-06-15 22:48:39] httpcore.http11                DEBUG   : send_request_body.complete
frigate  | 2025-06-15 22:48:39.369323715  [2025-06-15 22:48:39] httpcore.http11                DEBUG   : receive_response_headers.started request=<Request [b'POST']>
frigate  | 2025-06-15 22:48:39.369468106  [2025-06-15 22:48:39] httpcore.http11                DEBUG   : receive_response_headers.complete return_value=(b'HTTP/1.1', 400, b'Bad Request', [(b'Date', b'Sun, 15 Jun 2025 22:48:41 GMT'), (b'X-Content-Type-Options', b'nosniff'), (b'X-Frame-Options', b'SAMEORIGIN'), (b'X-XSS-Protection', b'1; mode=block'), (b'Cache-Control', b'no-cache'), (b'Content-Length', b'2371'), (b'Connection', b'keep-alive'), (b'Keep-Alive', b'timeout=8, max=99'), (b'Content-Type', b'application/soap+xml; charset=utf-8')])
frigate  | 2025-06-15 22:48:39.369589756  [2025-06-15 22:48:39] httpcore.http11                DEBUG   : receive_response_body.started request=<Request [b'POST']>
frigate  | 2025-06-15 22:48:39.369711966  [2025-06-15 22:48:39] httpcore.http11                DEBUG   : receive_response_body.complete
frigate  | 2025-06-15 22:48:39.369832436  [2025-06-15 22:48:39] httpcore.http11                DEBUG   : response_closed.started
frigate  | 2025-06-15 22:48:39.369954756  [2025-06-15 22:48:39] httpcore.http11                DEBUG   : response_closed.complete
frigate  | 2025-06-15 22:48:39.370084736  [2025-06-15 22:48:39] zeep.transports                DEBUG   : HTTP Response from http://192.168.122.35/onvif/Media (status: 400):
frigate  | 2025-06-15 22:48:39.370119717  b'<?xml version="1.0" encoding="UTF-8"?>\r\n<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:soapenc="http://www.w3.org/2003/05/soap-encoding" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" xmlns:trt="http://www.onvif.org/ver10/media/wsdl" xmlns:timg="http://www.onvif.org/ver20/imaging/wsdl" xmlns:tev="http://www.onvif.org/ver10/events/wsdl" xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl" xmlns:tan="http://www.onvif.org/ver20/analytics/wsdl" xmlns:tst="http://www.onvif.org/ver10/storage/wsdl" xmlns:ter="http://www.onvif.org/ver10/error" xmlns:dn="http://www.onvif.org/ver10/network/wsdl" xmlns:tns1="http://www.onvif.org/ver10/topics" xmlns:tmd="http://www.onvif.org/ver10/deviceIO/wsdl" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl" xmlns:wsoap12="http://schemas.xmlsoap.org/wsdl/soap12" xmlns:http="http://schemas.xmlsoap.org/wsdl/http" xmlns:d="http://schemas.xmlsoap.org/ws/2005/04/discovery" xmlns:wsadis="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wstop="http://docs.oasis-open.org/wsn/t-1" xmlns:wsrf-bf="http://docs.oasis-open.org/wsrf/bf-2" xmlns:wsntw="http://docs.oasis-open.org/wsn/bw-2" xmlns:wsrf-rw="http://docs.oasis-open.org/wsrf/rw-2" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsrf-r="http://docs.oasis-open.org/wsrf/r-2" xmlns:trc="http://www.onvif.org/ver10/recording/wsdl" xmlns:tse="http://www.onvif.org/ver10/search/wsdl" xmlns:trp="http://www.onvif.org/ver10/replay/wsdl" xmlns:tnshik="http://www.hikvision.com/2011/event/topics" xmlns:hikwsd="http://www.onvifext.com/onvif/ext/ver10/wsdl" xmlns:hikxsd="http://www.onvifext.com/onvif/ext/ver10/schema" xmlns:tas="http://www.onvif.org/ver10/advancedsecurity/wsdl" xmlns:tr2="http://www.onvif.org/ver20/media/wsdl" xmlns:axt="http://www.onvif.org/ver20/analytics"><env:Body><env:Fault><env:Code><env:Value>env:Sender</env:Value>\r\n<env:Subcode><env:Value>ter:NotAuthorized</env:Value>\r\n</env:Subcode>\r\n</env:Code>\r\n<env:Reason><env:Text xml:lang="en">The action requested requires authorization and the sender is not authorized</env:Text>\r\n</env:Reason>\r\n</env:Fault>\r\n</env:Body>\r\n</env:Envelope>\r\n'
frigate  | 2025-06-15 22:48:39.370218337  [2025-06-15 22:48:39] frigate.ptz.onvif              ERROR   : Unable to get Onvif media profiles for camera: cam5: The action requested requires authorization and the sender is not authorized
frigate  | 2025-06-15 22:48:39.370338097  [2025-06-15 22:48:39] frigate.ptz.autotrack          WARNING : Disabling autotracking for cam5: Unable to initialize onvif

Relevant go2rtc log output

--

Operating system

Debian

Install method

Docker Compose

Network connection

Wired

Camera make and model

Hikvison DS-2DE3A404IWG-E

Screenshots of the Frigate UI's System metrics pages

--

Any other information that may be helpful

No response

[hawkeye217]

Frigate 0.16 updated the ONVIF Python package to onvif-zeep-async. An authorization error points to something on the camera's end, so this is not likely to be a Frigate bug.

Hikvision users have reported that setting ignore_time_mismatch: True in your onvif section of your config has resolved this issue.

Does your camera have a configuration for basic or digest authentication? Do you have any special characters in your password?

[rstanislav]

Well, it works in 0.15.1, i have tried to switch back and forth between versions(0.15<->0.16) multiple times to confirm that this is not a 'glitch', i have set ignore_time_mismatch: True in onvif config, camera has both basic and digest auth. i tried both(multiple times), no special characters in password, only letters and numbers.

Also i tested onvif using free windows app - onvif device manager, it connects without any problems and shows profile list , same as frigate 0.15.1

[hawkeye217]

The logs are showing that your camera itself is refusing the connection with a 400 error.

You can see what Frigate is doing in the code here, which mimics what Home Assistant does:

frigate/frigate/ptz/onvif.py

Line 93 in 2d586ee

self.cams[cam_name] = {

You could also try setting tls_insecure: true in your onvif config in case there is an issue with your camera's security certificate.

[rstanislav]

Sorry for repeating, but i have tls_insecure: true and ignore_time_mismatch: True in config:

onvif:
      ignore_time_mismatch: True
      # Required: host of the camera being connected to.
      # NOTE: HTTP is assumed by default; HTTPS is supported if you specify the scheme, ex: "https://0.0.0.0".
      host: 192.168.122.35
      # Optional: ONVIF port for device (default: shown below).
      port: 80
      # Optional: username for login.
      # NOTE: Some devices require admin to access ONVIF.
      user: "admin"
      # Optional: password for login.
      password: "----"
      # Optional: Skip TLS verification from the ONVIF server (default: shown below)
      tls_insecure: true

I'm not touching frigate config, not changing anything, i just change:
image: ghcr.io/blakeblackshear/frigate:stable-tensorrt
to

image: ghcr.io/blakeblackshear/frigate:0.16.0-beta3-tensorrt
In docker compose
And its no longer able to connect, i have checked it again, i did test it atleast 20 time now, on 0.15.1 it works, on 0.16-beta3 - it does not.

When i change it back to frigate:stable-tensorrt it starts working

I have attached 2 debug logs: from 0.15.1 (working onvif) and 0.16.beta3(not working onvif)
From what i understand - profile get specific command is failing, at same time onvif/device_service request is working in 0.16

0-15-1-working.txt
0-16-beta3-not-working.txt

[hawkeye217]

For some users, the old version of onvif-zeep was not working, and they said their camera worked fine in Home Assistant. So, we upgraded 0.16 to the package that Home Assistant used.

[NickM-27]

Hikvision cameras have settings for the auth mode used, I had to change from digest to use the API in automations

[NickM-27]

[cocus]

camera ui looks almost exactly like in this image:

I have tried everything that listed in that thread, time in synced using ntp, DST is off, this could be bigger problem if future, because camera has modern firmware, hikvision slowly moving all new cameras to this version(i have ~40 hikvision cameras, added new 5 recently(4 non ptz and 1 ptz) and new ones all have +- same web ui). Will try to report this error to onvif-zeep-async maintainers.

I have the exact same problem. Older fw like the one shown by NickM-27 work fine. However, a new camera, with this similar UI (as the one shown by @rstanislav have this problem. Tried all combinations of configurations, different users, etc, nothing works. Everything results in the same The action requested requires authorization and the sender is not authorized.

Not sure what to do next.

[hawkeye217]

This is most likely a digest authentication issue, as @NickM-27 indicated.

[cocus]

Well, but I tried both "digest" and "digest&ws-username token", same issue on both. Same with tls insecure true/false. Same with the time flag set true/false. What else can I do? El mié., 10 de diciembre de 2025 20:57, Josh Hawkins < ***@***.***> escribió:

…

This is most likely a digest authentication issue, as @NickM-27 <https://github.com/NickM-27> indicated. — Reply to this email directly, view it on GitHub <#18731 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAD73TR3K35RFXESQJTACCD4BCXNDAVCNFSM6AAAAAB7LUSK32VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTKMRSGUYTMMA> . You are receiving this because you commented.Message ID: ***@***.*** com>

[hawkeye217]

Does it work if you disable authentication? That would confirm the issue.

I'm not sure what else can be done. Myself nor any of the other devs have the specific camera in question, so we can't reproduce the issue. We've not had any other reports of users with issues that were unable to be resolved through at least one of the means described in this discussion.

[cocus]

I haven't figured a way to get access to onvif without any authentication. the webgui let me enable it without any users on the list (as seen on the above image), but that only means you can't use onvif at all. Does the 19.12 version reported by the webgui means something? I think this is just a hikvision thing, on the newer firmwares El mié., 10 de diciembre de 2025 21:26, Josh Hawkins < ***@***.***> escribió:

…

Does it work if you disable authentication? That would confirm the issue. I'm not sure what else can be done. Myself nor any of the other devs have the specific camera in question, so we can't reproduce the issue. We've not had any other reports of users with issues that were unable to be resolved through at least one of the means described in this discussion. — Reply to this email directly, view it on GitHub <#18731 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAD73TWH442K76LKZD2AZBT4BC22VAVCNFSM6AAAAAB7LUSK32VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTKMRSGUZTGMY> . You are receiving this because you commented.Message ID: ***@***.*** com>

[hawkeye217]

Some users have reported that for some Hikvision cameras, you need to create a separate ONVIF user. Standard admin credentials that you use to log into the camera's firmware will not work for ONVIF.

[cocus]

Yes, the users shown in that list from that picture are just for onvif. I've tried with a regular user as well as an administrator, and the same thing happens. I've set the debug option for ptz on frigate, but I only see the url that the code access, but not its contents. Maybe there's something else I could turn on for debugging purposes? El mié., 10 de diciembre de 2025 23:59, Josh Hawkins < ***@***.***> escribió:

…

Some users have reported that for some Hikvision cameras, you need to create a separate ONVIF user. Standard admin credentials that you use to log into the camera's firmware will not work for ONVIF. — Reply to this email directly, view it on GitHub <#18731 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAD73TRYZKY7I3SPJOZ7US34BDMYBAVCNFSM6AAAAAB7LUSK32VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTKMRSGYYTKMA> . You are receiving this because you commented.Message ID: ***@***.*** com>

[rstanislav]

@cocus Frigate’s developers couldn’t care less about this issue. Their stance is that it’s “not a Frigate problem” but a “third-party library” problem - never mind that Frigate relies on that library. And since Home Assistant uses the same library, they seem to feel entirely absolved of responsibility.
I shared detailed information and full debug logs a while back explaining exactly why this happens. In short: during authentication, the library claims it will use the plain password, yet it sends a hashed one instead, which of course causes onvif authentication to fail. The library’s authors on GitHub clearly aren’t interested either; they haven’t even responded to the issue that’s been sitting there for almost a year.

As I mentioned on Reddit: it’s embarrassing. I honestly didn’t expect this kind of behavior as Frigate+ user.

[hawkeye217]

@cocus Frigate’s developers couldn’t care less about this issue.

As I mentioned on Reddit: it’s embarrassing. I honestly didn’t expect this kind of behavior as Frigate+ user.

Just curious - with what information we have provided and what you have deduced about the issue, what is the course of action you are expecting us as the Frigate developers to take?

Since we have plenty of evidence that this is an upstream issue, the standard way to approach this in the open source world is to have the upstream maintainers address their package's issue.

[rstanislav]

@cocus Frigate’s developers couldn’t care less about this issue.
As I mentioned on Reddit: it’s embarrassing. I honestly didn’t expect this kind of behavior as Frigate+ user.

Just curious - with what information we have provided and what you have deduced about the issue, what is the course of action you are expecting us as the Frigate developers to take?

Since we have plenty of evidence that this is an upstream issue, the standard way to approach this in the open source world is to have the upstream maintainers address their package's issue.

If updating or replacing the ONVIF library breaks functionality that previously worked, this is likely an issue on Frigate’s side - especially given that many users purchase hardware (and spend real money) based on Frigate’s compatibility list. In such cases, rolling back the changes may be the most appropriate course of action, particularly since the author of the library in question appears entirely indifferent to the problem despite an opened issues. This would be understandable if the issue were limited to Hikvision cameras, but based on the information I have, the root cause is a severe violation of the ONVIF protocol implementation within the library, specifically at the authentication stage.

[hawkeye217]

I want to address the idea that “if updating the ONVIF library breaks functionality that previously worked, it must be a Frigate issue.” That’s not accurate. As you know, Frigate doesn’t implement ONVIF ourselves, we rely entirely on upstream libraries. When an upstream ONVIF implementation changes behavior, becomes stricter, introduces bugs, or handles authentication differently, those changes come from the library, not from Frigate’s code. This is normal in open-source software: consumers of a library inherit its strengths and weaknesses, and protocol-level issues have to be fixed upstream, not in every project that uses it.

As for why we upgraded: the old ONVIF package was generating a large volume of reports from users whose cameras worked in Home Assistant but failed in Frigate. That strongly indicated the old library had significant gaps or non-compliant behavior that we could not fix locally. Moving to the newer, widely used library (the same one HA uses) resolved ONVIF functionality for many more users than it affected.

I fully understand that this update caused issues for you and the other user in this thread, but rolling back would simply re-break ONVIF for a much larger portion of the community. So this is not a reasonable course of action. We’ll continue to investigate reproducible regressions on our side, but protocol violations or authentication issues inside the upstream library are not something Frigate can realistically maintain or patch long-term, especially if the ones writing and maintaining those patches don't have the problematic hardware to test with.

[hawkeye217]

I'll also say that If you’ve pinpointed the root cause in onvif-zeep-async's authentication handling, that’s extremely valuable information. If the maintainers of the upstream package are unresponsive, the best next step would be to dig into the code yourself and submit a PR directly. That way, the fix benefits the entire ecosystem - Frigate, Home Assistant, and every other project relying on it.

And this is really the beauty of open source: users who run into real-world problems often become the very contributors who help resolve them. Your findings could meaningfully improve the experience for a lot of people.

[hawkeye217]

TL;DR: I don't see evidence of a bug in Frigate or onvif-zeep-async.

On further investigation, I do not believe what you have reported as a bug is actually a bug.

Tracing the code, onvif-zeep-async uses zeep as the underlying library. zeep has a class, UsernameToken, which has a use_digest parameter:

https://github.com/mvantellingen/python-zeep/blob/a345e0207db4ed22b811841dbc264c1afb5165ff/src/zeep/wsse/username.py#L63

onvif-zeep-async implements UsernameDigestTokenDtDiff, which derives from UsernameToken, specifically adding a time offset parameter that can be adjusted, which allows authentication on cameras without being time synchronized.

https://github.com/openvideolibs/python-onvif-zeep-async/blob/a8da9e9500203f517d75332f8b3d94badfe2d663/onvif/client.py#L78

The UsernameDigestTokenDtDiff constructor just passes arguments to UsernameToken, which includes use_digest.

https://github.com/openvideolibs/python-onvif-zeep-async/blob/a8da9e9500203f517d75332f8b3d94badfe2d663/onvif/client.py#L321

In onvif-zeep-async, the use_digest parameter is specified in the ONVIFService and ONVIFCamera constructor as encrypt:

https://github.com/openvideolibs/python-onvif-zeep-async/blob/a8da9e9500203f517d75332f8b3d94badfe2d663/onvif/client.py#L280

https://github.com/openvideolibs/python-onvif-zeep-async/blob/a8da9e9500203f517d75332f8b3d94badfe2d663/onvif/client.py#L437

Frigate sets this in its code based on your config variable, tls_insecure:

frigate/frigate/ptz/onvif.py

Line 104 in 1de7519

encrypt=not cam.onvif.tls_insecure,

So, if you set tls_insecure to false, encrypt will end up being true, which will use encryption/digest auth in zeep, which is responsible for generating the username token.

The logs you posted here and in your report at openvideolibs/python-onvif-zeep-async#122 are indicative of setting tls_insecure to true, which, as the variable name indicates, is inherently insecure. Passwords are sent with basic auth (plain text) as opposed to encrypted with digest auth.

So, while tls_insecure as true has helped other users in the past, it appears that what you've raised is not a bug, but a misconfiguration - you need to set tls_insecure as false to use digest auth with your camera.

I'd suggest also trying to set ignore_time_mismatch as true, as we've had other Hikvision users report that it has fixed their issues. This is confirmed by users in the Home Assistant thread as well.

Finally, Hikvision users have also reported needing to use a separate ONVIF user and that the admin credentials to log into the camera's firmware will not work for ONVIF.

That's about all the debugging I can do without the hardware to reproduce. If you find more, please let us know.

[cocus]

Well, I'm not a Frigate+ user, and I certainly can't expect an open source team to fix problems for my setup, but it's true that if the core library has a bug, it might be cool to fix that bug. Then again, I haven't used that library myself to know exactly what's going on, so if you have and know where's the issue, it might be possible to spin up a PR against it. If the owners don't like it, well, it's not the end of the world, in theory we could just patch the library inside the frigate docker ourselves every single time there's a frigate update. Would be cumbersome, but well, I prefer that. So that's the thing, what can I change on the config to enable much more verbosity from the ptz? then, I could try to reproduce the issue using just the library, and then see what's going on. If you have done that, and might have some tips, I'll take them. El jue., 11 de diciembre de 2025 00:25, Stanislav ***@***.***> escribió:

…

@cocus <https://github.com/cocus> Frigate’s developers couldn’t care less about this issue. Their stance is that it’s “not a Frigate problem” but a “third-party library” problem - never mind that Frigate relies on that library. And since Home Assistant uses the same library, they seem to feel entirely absolved of responsibility. I shared detailed information and full debug logs a while back explaining exactly why this happens. In short: during authentication, the library claims it will use the plain password, yet it sends a hashed one instead, which of course causes authentication to fail. The library’s authors on GitHub clearly aren’t interested either; they haven’t even responded to the issue that’s been sitting there for almost a year. As I mentioned on Reddit: it’s embarrassing. I honestly didn’t expect this kind of behavior as Frigate+ user. — Reply to this email directly, view it on GitHub <#18731 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAD73TQTP6UZOKVIUJI5LB34BDPZJAVCNFSM6AAAAAB7LUSK32VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTKMRSGYZDMNI> . You are receiving this because you were mentioned.Message ID: ***@***.*** com>

[rstanislav]

When I created the first issue a long time ago, the Frigate developers said they wouldn’t accept any fixes (PRs) because Frigate’s rules don’t allow changes aimed at addressing problems with specific devices. And since the author of the ONVIF library also isn’t interested in fixing it, things don’t look very promising. Especially considering response from Frigate earlier - basically, “if something breaks when using a new onvif library, we should just remove that camera from the compatibility list.”

[hawkeye217]

@cocus If you haven't seen the thread on the Home Assistant repo where users have reported similar issues and solved them, you might want to see if any of those work for you: home-assistant/core#119107

[cocus]

Thanks for following up. The HA ONVIF integration and Frigate use the same underlying package, so it doesn't surprise me that you see similar messages.

Frigate actually allows configuration of both the digest auth and time mismatch features, but if you've tried every possible combination, I'm not sure what to say at this point, especially because I don't have the problematic hardware to test with. The issue is not with Frigate, but is pointing to something with the way the Hikvision firmware interacts with the underlying zeep library.

Oh, HOLD ON! I just used another user and password, and it now works. I was using "onvif" as a username.

I changed my password but still used the same "onvif" user and it now works!.
It seems my old password wasn't good, although the webgui didn't tell me it was bad (it has a check for length, etc).

The original password didn't have any exclamation marks, but it did have upper/lowercase and numbers. New password has lowercase only and a single exclamation mark, and it works.

I've tried with the combo "homeassistant" as user and "homeassistan!" as password (note the typo, this is due to the webgui not letting me use the username string in the password), and that works.

So for others having this issue, you might want to test that password and see if it works for you!

[hawkeye217]

Great!

Can you describe the combination of Frigate config settings that works for you?

[cocus]

Great!

Can you describe the combination of Frigate config settings that works for you?

Sure, I have the following on frigate (using the test password to show, I'm using something different):

  hikvision-wifi:
    enabled: true
    onvif:
      tls_insecure: false
      host: 192.168.x.x
      port: 80
      user: homeassistant
      password: homeassistan!

On the camera side:

[hawkeye217]

Thanks so much. This should help other users in the future.

[phyzical]

wth.... i feel like its wrong.. but yeah the fix for me was to create a new user......

i tried removing and readding the first user i made, even tried using the password above and failed still

its like something gets it in a bad state like the user is tied to the auth mode and even removing it it under the hood stores it in memory/cache/db or something on the camera

tldr if you made it here just try a new user after you have tried changing all the other suggestions above 😆

edit: worth noting when i removed the old user the new user no longer worked... readding the old user again made the new user work again there is deffs dragons in this camera

[V4ler1an]

I recently upgraded from Frigate 14 to 16 and also found my ONVIF PTZ no longer worked in the Home Assistant advanced camera card. I tried several user accounts along with 'tls_insecure: true' and 'ignore_time_mismatch: true', no luck. What worked for me was switching to an admin user. Previously a standard user had worked. Reolink TrackMix PoE on latest firmware (v3.0.0.5428_2509171972).