Schlage BE469ZP zwave Secure inclusion failed - OpenHAB 3.3

Hello I’m just getting into OpenHAB.

I’m running a linux install of openhab with a HomeSeer SmartStick+ G2 Z-Wave Plus stick.

The issue I’m having is that I’m unable to get the Schlage BE469ZP to connect securely. When I scan for z-wave devices I’m able to see it but when I connect the lock displays X on the panel (indicating the enrollment has failed).

Checking the logs this is what I see:

FO ] [hab.event.ThingStatusInfoChangedEvent] - Thing 'zwave:device:8011bf4f80:node25' changed from UNINITIALIZED to INITIALIZING
02:43:27.695 [INFO ] [hab.event.ThingStatusInfoChangedEvent] - Thing 'zwave:device:8011bf4f80:node25' changed from INITIALIZING to OFFLINE (BRIDGE_OFFLINE): Controller is offline
02:43:27.700 [INFO ] [hab.event.ThingStatusInfoChangedEvent] - Thing 'zwave:device:8011bf4f80:node25' changed from OFFLINE (BRIDGE_OFFLINE): Controller is offline to ONLINE
02:43:30.281 [WARN ] [l.serialmessage.ZWaveCommandProcessor] - SerialMessage class null is not implemented!
02:43:30.282 [WARN ] [l.serialmessage.ZWaveCommandProcessor] - SerialMessage class null is not implemented!
02:43:30.282 [WARN ] [ave.internal.protocol.ZWaveController] - TODO: Implement processing of Request Message = -- (0xa8)
02:43:45.331 [INFO ] [ialization.ZWaveNodeInitStageAdvancer] - NODE 25: SECURITY_INC State=FAILED, Reason=GET_SCHEME
02:43:45.332 [WARN ] [zwave.discovery.ZWaveDiscoveryService] - NODE 25: Device discovery could not resolve to a thingType! Manufacturer data not known.
02:43:45.385 [WARN ] [l.serialmessage.ZWaveCommandProcessor] - SerialMessage class null is not implemented!
02:43:45.386 [WARN ] [l.serialmessage.ZWaveCommandProcessor] - SerialMessage class null is not implemented!
02:43:45.386 [WARN ] [ave.internal.protocol.ZWaveController] - TODO: Implement processing of Request Message = -- (0xa8)
02:44:08.867 [INFO ] [hab.event.ThingStatusInfoChangedEvent] - Thing 'zwave:device:8011bf4f80:node25' changed from ONLINE to OFFLINE (COMMUNICATION_ERROR): Node is not communicating with controller
02:44:08.875 [INFO ] [hab.event.ThingStatusInfoChangedEvent] - Thing 'zwave:device:8011bf4f80:node25' changed from OFFLINE (COMMUNICATION_ERROR): Node is not communicating with controller to ONLINE

So it looks like I’m able to connect but not securely. I have looked through the community posts and saw that enrollment must take place within 15 seconds. I have tried this multiple times doing a factory reset between each attempt.

I’m at a loss as to where to go from here, any suggestions?

A few things I had forgot to mention:

  • The door lock is currently not installed in the door, I had read that proximity may be an issue. So I now have the door lock next to the server, and within a foot while trying to include it.
  • I’m running ubuntu on a VM via proxmox. The USB zwave device is passed through and seems to function correctly

Welcome to the community!

Others will have to comment on the error messages, as I’m out of my depth. For what it’s worth, I had to get my Z-Wave controller within a couple of feet of my Schlage Connect in order for secure inclusion to work. I did this by putting my Raspberry Pi on a USB battery pack so that I could hold it right next to the lock.

Thank you for the reply rpwong.

While researching this problem I did come across that proximity could be an issue. I should have mentioned; right now the deadbolt is not installed in the door. I have been trying to include it while holding it closer than 1 foot away.

So an update:

I downloaded Simplicity Studio to use their Z-Wave PC Controller. I was able to add the lock with only a minor hiccough - I had to type in the DSK Code that was included with the lock. There does not seem to be a way to enter this in OpenHAB.

Once I included it on the PC I moved the z-wave stick over to the OpenHAB server and was able to include it - however now I have a different issue.

21:34:58.006 [INFO ] [ialization.ZWaveNodeInitStageAdvancer] - NODE 8: SECURITY_INC State=FAILED, Reason=SECURE_PING
21:34:58.008 [WARN ] [zwave.discovery.ZWaveDiscoveryService] - NODE 8: Device discovery could not resolve to a thingType! Manufacturer data not known.

So now the security failure reason is SECURE_PING. I’m assuming this has something to do with AES Key?

I’m not sure what the issue might be. I included 2 of these locks into my network without issue (on an earlier snapshot version of 3.3). I didn’t need to locate the locks near my Z-Wave stick (Aeotec Gen 5 stick); I did the inclusion with the locks installed in the doors, which are on the other end of the house from my openHAB system.

Having included the lock with the PC Controller, then moving the stick over to openHAB, are you sure key is entered correctly into the Serial Controller thing in openHAB, and that it matches the key that was used during inclusion using the PC Controller?

OH doesn’t support the S2 security protocol so you shouldn’t need the DSK. If you include the device using S2 (which it sounds like you have) it will not work with OH.

It is unlikely to work if you include it using other software since the security key will be unknown. This will be why it’s failing the ping.

I read that shortly after I posted… I redid it again via the PC with a know key using S0. When on OpenHAB I’m still getting the ping error.

I’m really just grasping at straws here

This comment confuses me a bit. Is your OH server a PC or are you still trying to include using the PC controller. The zstick needs to be in the OH server. The security key is an advanced setting on the UI controller page. (I don’t use mine, so it is safe to share)

Just want to make sure we are all on the same page


Just so we’re on the same page - this is the process I went through.

I have proxmox server and installed a new ubuntu VM, I have the z-wave stick in that server and passed it through to the VM no problem. (please forgive me - I’m new to OpenHAB so I may mess up some terminology)

  • Installed openhab 3.3
  • installed the zwave bindings
  • added the zwave controller as a thing
  • scanned for the lock - found a zwave node and added that as a thing
  • openhab reported it as a unknown device and secure inclusion failed due to " SECURITY_INC State=FAILED, Reason=GET_SCHEME"

I repeated those steps countless times which lead to my original post

I was concerned that the issue was with the stick. So i installed the Z-wave PC software on my windows machine. I was able to include and operate the lock but I included it with S2 security which I found out OpenHAB doesn’t support. So I factory reset the lock and included it using S0 security, it was able to connect and function properly.

At this point, I removed the zwave stick from the windows computer and plugged it into the server. I changed the network key on the zwave bridge thing on OpenHAB to match the one I used on the windows device.

I then readded the lock (not using the enroll button on the lock but just by scanning it in OpenHAB [I assume that it looks at the device configuration on the stick?]). I was able to get the door lock to connect, however now I’m receiving this error “NODE 10: SECURITY_INC State=FAILED, Reason=SECURE_PING”

So long story short - I’m not sure what to do now. Because when I try to follow the correct process to add it to OpenHAB I get the failure reason as “GET_SCHEME”. And when trying to do it the weird workaround way it still fails but with “SECURE_PING”

I’m starting to think that possibly that “GET_SCHEME” reason might be due to it not being in the database? It does say this lock is supported, but could it be possible that because I’m in Canada it’s reporting a different model number?

I’m also in Canada (Victoria, BC), but my lock is an older BE469. I’m pretty sure that others in Canada have added the BE469ZP, but it’s quite possible that something minor has changed and it needs to be added to the database as a new version.

When you added it, it should have generated an XML file that you can look at to compare the device ID fields with the database. If yours is different, you can submit a new version. Here are the detailed instructions.

When you search the database, the manufacturer is Allegion (Schlage’s parent company). Easiest thing is to search for “BE469”.


Seems a little odd to me that there’s no “First approval” timestamp, and the “Last approval” timestamp was in March. So maybe something did change recently?

No - the inclusion doesn’t have anything to do with the database. The database is not queried until after device information is known.

I’m pretty sure that it’s not reporting ANY numbers as the secure inclusion has not completed so the binding can’t communicate with the device.

Ah, so we’re not even getting that far. I thought the XML might have been generated when it was included without security.

I didn’t know that it had been included without security, but if that’s the case, then normally the device will not divulge any information about itself. So an XML might get generated, but it’s unlikely to have much information. Sometimes the device might report the device IDs without security, but often it won’t.

Reading again, I think I was the one who was mistaken. :wink:

Thanks for the detailed description. The reason I asked is this line in the Zwave documentation.

Secure inclusion works in much the same way as non-secure inclusion other than the hard requirement to start inclusion from the binding.

My top line recommendation is to try to include the device from the OH server while the zwave is in debug mode. (The steps for Debug are at the bottom of the zwave documentation under the heading “When things do not go as planned. Also at the very last line there is a link to a Zwave Debug log viewer). I’m expecting to capture additional information as to why 'Get_Scheme” is failing. Since others have apparently included this lock with the binding something should be found.

Prior to this attempt, use the PC controller to ensure there are no remnants of prior attempts on the zstick (Check failed/remove failed) and that the lock is factory reset. Once on the Scan page, start Debug, start Scan and perform the lock inclusion protocol. Stop Debug after about 20 seconds. In the log viewer it should look something like this (Except no Node is awake message & something more on Security.

Edit: make sure the security key is 16 bytes

1 Like