Customer Knowledge Base
Customer Knowledge Base
Breadcrumbs

MAC36NL – Platform Access Recovery (Without Platform Credentials)

image-20260106-130337.png

Overview

If platform credentials for a MAC36NL (or any controller from the iSMA MAC36 family) have been lost, there are only two possible recovery paths:

  1. Factory Restore (destructive – wipes the controller), or

  2. Provisioning‑based Recovery (non‑destructive – very limited conditions where it works).

Because MAC36 controllers do not have a hardware or software mechanism to reset platform credentials alone, the choice of recovery path has major operational consequences, especially on business‑critical sites.

This guide explains:

  • What the factory reset does

  • Why factory reset is often unacceptable

  • What non‑destructive recovery is possible

  • The exact conditions required for Provisioning‑based platform recovery

  • Limitations and support boundaries

1. Factory Default Restore (Destructive Reset)

A MAC36 controller includes a “Restore Controller to Factory Default” function. This is the only official method to clear forgotten platform credentials.

What the Factory Reset Does

Performing the factory reset restores:

  • Platform user reset:
    Removes all platform users and recreates the default user:
    Username: tridium
    Password: niagara

  • IP configuration reset:
    Restores factory network settings:
    IP: 192.168.1.123

  • Module cleanup:
    Deletes all non‑core modules and leaves only the JAR version used during commissioning.

  • Station removal:
    Deletes the running station.

  • Passphrase reset:
    Deletes the passphrase (used for station security).

Effectively, the controller becomes a blank, commissioning‑ready device.

2. Why Factory Reset May Be Unacceptable

In many real‑world sites, especially hotels, healthcare, commercial offices, or other 24/7 operations, the MAC36 may be running all local heating/AC plant or other critical BMS functions.

A factory reset would result in:

  • Loss of all logic

  • Loss of IO configuration

  • Loss of integrations

  • Extended plant downtime

  • Loss of business continuity

  • Costly re‑engineering

Therefore, a destructive reset is not a viable option for many customers.

When installing MAC36 controllers on high‑criticality sites, Forest Rock strongly recommends including a Supervisor as part of the installation.

Why:

  • Supervisors maintain backups

  • Provisioning can manage credentials

  • Supervisors are required for non‑destructive recovery (see below)

  • Provides a maintainable long‑term upgrade path

This can prevent total controller loss if credentials are misplaced by future contractors.

**4. Non‑Destructive Platform Credential Recovery

(Works Only in Very Specific Conditions)**

Important:

MAC36 controllers cannot reset their own platform credentials without knowing the platform credentials.

There is one exception, using Niagara’s Provisioning mechanism.

This recovery method works only if all of the following conditions are true:

  1. The MAC36 is connected to a Supervisor via Niagara Network (FOX).

  2. The previous contractor configured BOTH:

    • Station connection

    • AND the Platform connection
      (including approving the certificate and storing authenticated credentials)

  3. You have a station user account with permissions:

    • Super User

    • Or a user with full access to Services and Drivers

  4. The Supervisor has the required Niagara services installed:

    • provisioningNiagara module

    • ProvisioningNwExt component

    • BatchJobService under Services

If all four conditions are met, you can create a provisioning batch job that:

  • Adds a new platform user to the MAC36

  • Without resetting or affecting the running station

This is the only non-destructive method available.

Example Workflow (High-Level)

  1. On the Supervisor, open Provisioning.

  2. Ensure ProvisioningNwExt is present.

  3. Ensure BatchJobService is added under Services.

  4. Create a Batch Job targeting the MAC36.

  5. Configure the job to Add New Platform User.

  6. Execute the job and verify platform access on the controller.

A demonstration video below, No Sound, is typically referenced by iSMA, showing this job configuration.

5. If the Supervisor Platform Connection Was Not Previously Configured

If the platform connection was not set up by the previous contractor:

  • The Supervisor cannot authenticate to the platform

  • Provisioning cannot modify platform users

  • You cannot add a new platform user

  • You cannot recover the credentials

  • The only remaining option is the Factory Default Restore

There are no back doors, no hidden passwords, and no override procedures.

6. Summary

Method

Data Loss

Requirements

Suitable When

Factory Reset

Total – wipes station, modules, network settings

Physical access

Only when downtime is acceptable and configuration can be reloaded

Provisioning‑Based Recovery

None

Supervisor with previously authenticated platform connection

Only when Supervisor was correctly configured by previous contractor

No Other Options

If neither condition above is met

7. Support Boundary

Forest Rock Support can advise on:

  • Confirming whether the controller is eligible for provisioning recovery

  • Guiding through provisioning job setup

  • Reviewing Niagara logs from the Supervisor

We cannot:

  • Recover platform credentials without the required Supervisor setup

  • Bypass, decrypt or override platform security

  • Reconstruct lost stations without backups

Other Resources & Customer Survey:

💬 Don't miss out! Follow the Forest Rock News channel on WhatsApp Click Here!
💬 We’d also love your feedback! Please take a moment to complete our quick Customer Survey
It only takes a minute and helps us serve you better!

image-20260224-141120.png

IoT Devices for BMS, Automation & Smart Connectivity | Forest Rock