Affected Products / Versions: Third-party products that utiliseDante Application Library for Windows v1.2.0 and earlier
Publication Date: 7 December 2022
A security vulnerability (CVE-2021-23748) in mDNSResponder.exe contained in Dante Application Library for Windows v1.2.0 and earlier has been published.
This vulnerability only affects products that utilise Dante Application Library for Windows and does not affect any other Dante hardware or software products that include mDNSResponder.exe.
mDNSResponder.exe v1.3.1 and earlier is vulnerable to a DLL side loading attack. This executable is a component built specifically for Dante Application Library for Windows v1.2.0 and earlier
This could allow a local attacker with access to the PC running Dante Application Library the ability to execute arbitrary code. It is not possible to remotely exploit this vulnerability.
An updated mDNSResponder.exe v1.3.2 has been released to all affected third parties as part of Dante Application Library for Windows v1.2.1; and as a standalone security patch for Dante Application Library for Windows v1.2.0 and earlier
If you believe you are running software that utilises Dante Application Library for Windows, please contact the third-party vendor for a software update.
CVE-2022-23748 – https://nvd.nist.gov/vuln/detail/CVE-2022-23748
All Dante devices in a given domain lock directly or indirectly to one single Grand Leader clock device.
In the case of domains for which all devices reside on the same IP subnet, the standard Dante method of multicast PTP clocking is used. One clock Leader device is automatically elected or manually specified, which broadcasts the clock signal via multicast PTP, and all other devices follow their own clocks to that Leader device.
In the case of domains that span subnets, one Grand Leader clock device is automatically elected (or manually specified) for the domain, and one boundary clock device will be automatically elected for each subnet (identified as the ‘unicast clocking’ device in the DDM clocking settings). Usually, the Grand Leader will also act as the unicast Leader for its own subnet.
The Grand Leader transmits the PTP clock signal via multicast to the follower devices in its own subnet, as is the case for traditional Dante networks. The elected unicast clock in the Grand Leader’s subnet transmits the clock signal via unicast PTP, through the router, to the unicast clock in the adjoining subnet, which in turn transmits multicast PTP to the other devices in that subnet.
The same model applies to any other subnets in the domain. This system enables synchronous Dante networks that span multiple subnets.
In a Windows multi-user environment, Dante Controller 4.7.0 can crash with the message ‘Child process exited with code 1’.
This issue has been fixed within Dante Controller 220.127.116.11, which can be downloaded from Dante Controller 18.104.22.168
It has come to our attention that some DDM customers are experiencing issues with the operation of the product (enrolled devices show as offline) following the recent Security Update for Microsoft Windows (KB5015807).
This issue only affects DDM customers who:
- Are running DDM on Hyper-V on Microsoft Windows
- Have security updates automatically applied; or have manually applied this update.
The suggested temporary workaround is to roll back this update or prevent the update from being installed.
We are investigating this issue and will provide more information as it becomes available. We understand the importance of keeping servers up to date with security patches over time.
The release of DVS 22.214.171.124 should resolve this issue, which can be downloaded from DVS 126.96.36.199
If the issue persists, try a full DVS reinstall through Library/Application Support/Audinate/DVS/Uninstall DVS, then restart the machine, install DVS again, then restart the machine and try running DVS.
Affected Products / Versions: None known at this time.
Publication Date: 21 December 2021
Summary: Audinate products and services have no known exposure to the Apache Log4j security vulnerability (CVE-2021-44228) at this time. This FAQ will be updated if this situation changes.
Details: There have been recent concerns regarding the widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j, a Java logging framework. Audinate has looked for and not identified the use of the Log4j library in any of our public products and services. Our investigation continues, but Audinate products and services have no known direct exposure to this vulnerability at this point in time.
Beyond Audinate’s core products and services, Audinate utilises software products & cloud services from a range of third parties across our business. We will continue to systematically evaluate these for exposure and take remediation action as appropriate.
Remediation: None necessary at this time. This FAQ will be updated if this situation changes.
Some common causes for this problem are:
- The devices are running legacy (pre-4.0) firmware. These devices will not be auto-discovered, they must be manually enrolled via IP address. Note that legacy devices cannot route audio between subnets.
- The devices are in a different subnet to the DDM server, but you do not have DNS running on the network, or your DNS service is not correctly configured
- The devices are on the same subnet as the DDM server, but you do not have the Dante Discovery Service enabled (or DNS running)
If after correcting all problems related to the above conditions your devices are still not showing up in DDM, try enrolling them using their IP addresses. If this fails, contact your IT administrator.
You need to make sure that you are logged into the Dante Domain Manager (DDM) Server. To log in:
- In Dante Controller, click the Domain Configuration button.
- In the DDM User Login box, click DDM Server Connection.
- If you have a DNS-enabled network, choose ‘Auto Discovery’ and click OK. Otherwise, choose ‘Manual’ and enter the DDM server host name (e.g. ddm.local) or enter the DDM IP address, and the port number. This will be 8443, unless your network administrator has configured the network to use a different port. Then click ‘Use This Server’.
- In the DDM User Login tab, enter your DDM username and password and click ‘Connect’.
- Once connected, the DDM User Login tab will close automatically and you will be able to choose the domain you wish to view from the Domain drop-down menu at the top-right of the screen.
Possible errors during DDM connection:
‘Connection Refused: Incorrect Domain address or it may not be running’
If the Dante Domain Manager is running, ensure that the name and IP address of the DDM server are correct in the DDM Server Connection tab, and the Server port number is set to 8443.
- Verify host record is correct and DDM Server can reach the DNS Server by accessing DDM via a web browser using its FQDN
- The Network Diagnostics tool tells you if DDM can ping the DNS server. This can report a FAIL if the server has ICMP requests turned off (Windows Server does by default). This also will not tell you if the host record is set up correctly.
- Verify SRV records have been set up and are correct i.e. are using the domain(s) devices/controllers are getting via DHCP, DDM server FQDN is correct, ports/services are correct.
- The Network Diagnostics tool can help to verify this.
- If the domain search path set in the DHCP server has multiple entries be sure the first entry is used in the SRV/TXT records as devices only use the first entry.
- If devices are in a different DNS Domain than the DDM server this will report a FAIL in the Network Diagnostics tool but does not mean they are set up incorrectly.
- Verify the undiscovered device(s) Dante firmware is version 4.0+.
- If the undiscovered device(s) Dante firmware version is pre 4.0 (and 4.0+ firmware is not available from the manufacturer), you’ll need to associate the device with a domain using manual enrollment by IP address.
- Allow association with pre 4.0 firmware devices must be enabled the DDM’s Network & Security Settings and on a per domain basis prior to enrolling legacy (pre 4.0 Dante firmware) devices into a domain.
- Since legacy devices are manually associated with domains via their IP address, changes to their IP address will break the association, and they must be associated again.
- If everything appears to be set up correctly, you’ll need to get a packet capture of DNS traffic on the network. Note: Because this is unicast traffic between a device and the DNS server port mirroring is required.
- Devices send queries and the DNS server responds with the SRV record and DDM Server’s IP Address.
- There is a known issue where some devices are sending the proper DNS query and then sending a corrupted query that the DNS server responds with “No such name” thus making the device undiscoverable. Current work around is to enroll devices exhibiting this behavior manually via IP.
- If a device is not sending queries, Domain Credentials need to be cleared in Dante Controller.
In some macOS and switch configurations, IGMP snooping can interfere with PTP traffic to the computer’s network interface. This can prevent DVS achieving PTP sync with the network, which in turn prevents reliable audio transmission.
The easiest solution is to ‘Forward All’ multicast to the Mac. In effect, that disables IGMP snooping for that port. However, assuming the Mac has a Gigabit port, you should be fine.
This example is for a Cisco SG300 network switch. Your switch configuration may be different, please contact the switch manufacturer or your network admin for assistance with this configuration.
This issue may also be due to the Mac’s built-in Ethernet port blocking communication from the leader clock. To confirm this as the issue, connect a Dante enabled hardware device directly to the computer so the switch is bypassed. If the issue is still present with a direct connection, try a USB to Ethernet adapter in place of the built-in Ethernet port, which should resolve the problem.
A Dante Virtual Soundcard License can only be activated a limited number of times, and this activation limit has been exceeded.
Please be aware that the license for this software is for use on a single machine only (like a physical sound card license). The license agreement you acknowledged when you activated Dante Virtual Soundcard does not allow you to use the same license ID on multiple machines. In order to use Dante Virtual Soundcard on a second machine, you will need to purchase an additional license.
Reinstalling Dante Virtual Soundcard on a machine that it was previously installed on should not require an additional activation, and should be possible without limit.
If you believe this message is in error, please fill out this form, with the following:
- Affected Product: Dante Virtual Soundcard
- License ID: enter the license ID you are trying to use
- Case Reason: Licensing & Registration
- Subject: Can’t reinstall Dante Virtual Soundcard
- Description: Describe your situation
This symptom indicates that the Dante services cannot communicate with the Dante-enabled devices on the network. This may be caused by port blockage due to protection software, a network configuration issue, or by the failure of a background service.
- Make sure that no third-party firewalls or Internet protection products are active on the computer. Dante software will automatically adjust the built-in Windows firewall. Should the firewall need manual configuration, refer to this FAQ Firewall Configuration Example
- If you have multiple network interfaces (NICs) on the computer, disable any that are not being used by Dante.
- Check the Services application (Start Menu > Control Panel > Administrative Tools > Services) to see that the Dante Control and Monitoring service (ConMon) is running. Restart this service if necessary.
- If the machine has multiple network interfaces, disable any that aren’t required. You can also try setting the interface that Dante is using to the highest priority in the order. See macOS: Set Service Order
- Ensure that the Multicast IP addresses specified within Ports & Multicast IP addresses are not being blocked by the network configuration.
Initial things to try:
- Check that the Dante Virtual Soundcard is turned on.
- Check that the network interface being used by Dante Virtual Soundcard is the correct one.
- Check the IP address settings of Dante Virtual Soundcard and ensure that the machine is in the same IP range as the Dante Controller.
macOS: If the machine has multiple network interfaces enabled, you may need to set the interface that Dante is using to the highest priority interface on the Mac. See the following tutorial for instructions macOS: Set Service Order