Intro
This knowledge base article explains why users may be unable to log into a Station after upgrading to Niagara 4.14 or 4.15, and documents the correct procedure for modifying user encryption when creating a new Station or transferring an existing one after an upgrade. The procedure is identical for Jace 8000 and 9000 Or Supervisor even.
Watch the video Guide
Why You May Be Unable to Log Into a Station in Niagara 4.14 / 4.15
Starting with Niagara 4.14 and further enforced in 4.15, Tridium introduced changes to BOG file encryption and user credential handling. If the Station's encryption settings do not match the Workbench installation's passphrase, or if the encryption was not updated after upgrade, the Station will fail to unlock, preventing login.
Typical symptoms:
-
"Station Locked – Incorrect File Protection" when opening offline.
-
Unable to log in with
adminafter deploying to a controller. -
Station Copier completes successfully but the controller rejects credentials.
These issues result from the BOG/User encryption model that now requires consistent passphrase configuration during station creation or upgrade.
Part 1 – Creating a New Station in Niagara 4.15
When creating a new Station in Niagara Workbench 4.15:
-
Set the Encryption Method when prompted during Station creation.
-
Choose one of two approaches:
-
Use the Workbench installation passphrase (recommended for multi-engineer teams), or
-
Set a custom passphrase for this specific Station.
-
-
Document the passphrase securely.
If the passphrase is forgotten or not set correctly, the Station cannot be opened later.
Part 2 – Copying an Existing Station to a Controller After Upgrading to Niagara 4.15
When upgrading a Station to 4.15 and deploying it to a JACE/controller, the Station’s internal user encryption must be rebuilt. This must be done offline after the upgrade.
Follow these steps exactly:
Step-by-step Procedure
1. Upgrade the Station and open it Offline
-
Upgrade the Station to Niagara 4.15.
-
Go to User Home → open the offline Station.
-
Click the Passphrase Unlock icon at the top.
2. Decrypt all existing users
In the Passphrase dialog, select:
✅ "Force any password values that depend on the current file protection to be cleared"
This removes encrypted password values and prepares the Station for re-encryption.
3. Re-encrypt using a new admin user
Select:
✅ "Remove all users except for one superuser. The user will use the configured Password."
Then configure:
-
Username → (e.g.
admin) -
Password → (note: field is currently labelled Passphrase, but this is actually the login password)
This becomes the credential that will work once deployed to the controller.
4. Save & Deploy
-
Save the config.bog file.
-
Use Station Copier to transfer the Station to the JACE/controller.
-
Log in using the admin credentials created in Step 3.
You should now be able to successfully authenticate.
Summary Table
|
Task |
Required Action |
Result |
|
Create new Station |
Set passphrase during creation |
Station unlocks correctly later |
|
Upgrade to 4.15 |
Decrypt → Re-encrypt → Save |
Users work after deployment |
|
Copy Station to JACE |
Use Station Copier after re-encryption |
Admin login works |
PDF Downloads
StationPasswordNotWorkingafterN4.15upgrade.pdf
Niagara_4.15_StationCopy_ExternalSources.pdf
This article will be updated over time to reflect new suggestions and features with the JACE 9000 Hardware
Other Resources & Customer Survey:
💬 Don't miss out! Follow the Forest Rock News channel on WhatsApp Click Here!
💬 We’d also love your feedback! Please take a moment to complete our quick Customer Survey
It only takes a minute and helps us serve you better!
IoT Devices for BMS, Automation & Smart Connectivity | Forest Rock