Authentication problem TR-064 Fritzbox

When i updated from the version Openhab 3.0.2 to 3.1.0 the binding is not working.
The configuration parameters are ok (ip, username dslf-config, password) but i get the message:
Thing ‘tr064:fritzbox:Fritzbox7590’ changed from UNKNOWN to OFFLINE (COMMUNICATION_ERROR): com.sun.xml.messaging.saaj.SOAPExceptionImpl: Unable to create envelope from given source:

Thing ‘tr064:fritzbox:Fritzbox7590’ changed from OFFLINE (COMMUNICATION_ERROR): HTTP-Response-Code 500 (Internal Server Error), SOAP-Fault: 401 () to UNKNOWN

Any idea how to solve the problem? Thanks in advance.

Maybe the Fritzbox was updated? For me the login has changed with firmware 7.27 and is no longer called admin.

The Fritzbox has the version 07.27, i never used admin for login with TR064, i used the default login dslf-config and my password for login.

I think this is no longer possible. Try adding a user, set a a password and allow app access for that user.

I tried creating a new username and giving permisions but still not working
SAAJ0511: Unable to create envelope from given source

Enable TRACE logging, show what is sent and received.

@wolf did you solve the issue? I’m urrently facing the same issue on a newly installed Openhab v3.1.0

Enable TRACE logging, show what is sent and received.

I ran now an update of Fritz OS to the latest version and now it works. I thought the update was already done before

Hi, same issue here. OH 3.2.0, Fritzbox 7590 with SW v7.29 (= lastest version), tried the Fritzbox-generated username and pwd, and a new one - same error message. Any further ideas? BR Alex

I found the solution: you need to use the name with which the Fritzbox is reachable in the browser instead of the IP address. If you dont know it, got to Fritzbox settings/Home Network/Fritzbox Name and set a name. I used “”. Entered the same in OH settings of the TR64 thing and it worked immediately.

I thought I had fixed that. I‘m pretty sure I use the IP with my 6591 / FritzOS 7.29 (using Vodafone/Unitymedia).

Resurrecting this thread as i had a similar problem.

At least from my sight, the CN/SANs in the certificate is responsible for which names are possible. The Fritzbox is generating a certificate without IP, only the names it knows it has. There is always and fritz.nas contained in the certificate on my 7590. Additionally, the names from Myfritz and from DynDNS are contained as SAN. In my case i could solve it by setting a /etc/hosts-entry for my external configured DynDNS-name to the internal ip address (using a different VPN-gateway inside the Fritzbox-network) and setting the external name as host in the bridge.

More technical: SOAP-SSL-Handshake is failing if the name is not correct (even if the validation is disabled, as the Fritzbox certificate is self signed). This seems to lead to SAAJ0511. And the binding doesn’t seem to to use unencrypted Port 49000.