Avalon 1366 – Pool Authentication Failed

Open the pool's official documentation in a browser. Find the 'How to connect your miner' or 'Stratum settings' page. Read the worker username and password format requirements literally — every word, every example. Verify the stratum URL and port match the pool's current settings (pools occasionally change endpoints; old configs go stale). Prepare your worker string in a text editor with your real BTC address or account name before touching the miner UI.

Open the 1366's web UI → Configuration → Pools. Clear all three pool slots. In Pool 1, type the stratum URL, the worker username, and the password by hand — do not copy-paste. Double-check every character; base58 and bech32 BTC addresses are case-sensitive and unforgiving on typos. Save. Reboot the miner. Watch the dashboard for the pool to flip from `Dead` to `Alive` within 30-60 seconds.

Log into your pool account (or for Solo CKPool / Public-Pool, navigate to the worker-status page using your BTC address). Confirm your 1366's worker name appears in the worker list with a recent connect timestamp. If it doesn't appear at all, the pool never received a valid authorisation attempt — re-check Step 1. If it appears with `auth-failed` status, the pool received the credentials and rejected them — escalate to Tier 2.

Sanity-test with Solo CKPool: replace Pool 1's settings temporarily with `stratum+tcp://solo.ckpool.org:3333`, your full BTC address (`bc1q…` / `1…` / `3…`) as username, any password (or blank). Save and reboot. Solo CKPool is the most permissive stratum endpoint on the network — if your 1366 can't authorise here, the issue is on the miner side, not the original pool. If Solo CKPool authorises in seconds and the original pool still won't, the original pool's worker format or your credentials are the problem.

Configure failover. Once you have at least one working pool, set Pool 2 and Pool 3 to known-good failovers (Solo CKPool + Public-Pool is the Mining Hacker default — both free, both pleb-friendly, neither requires an account). Failover means a `POOL_AUTH` failure on Pool 1 sends shares to Pool 2 instead of stopping mining entirely. Set this up once and you'll never lose a hashing hour to a single pool's auth issue again.

SSH into the 1366 controller (`ssh root@<miner-ip>` per the user manual; if SSH disabled, use the web UI's log download). Run `cat /var/log/avalon-cgminer.log | grep -iE 'auth|stratum|reject|invalid|denied' | tail -100`. The pool's exact reject message is in this log. Save the matching lines to a file. Re-read Root Cause section if you don't recognise the reject text — it tells you which of the four cause clusters you're in.

Query `cgminer-api` `pools` for forensic detail. `telnet <miner-ip> 4028` then paste `{"command":"pools"}`. Record the full response: `Status`, `Priority`, `Stratum Active`, `Pool Calls`, `Pool Attempts`, `Pool Got Works`, `Pool Rejected`, `Last Share Difficulty`, `Last Share Time`. A pool with `Pool Calls > 100` but `Pool Got Works = 0` is failing at authorise, not at subscribe. A pool with `Pool Attempts > Pool Calls` is failing TCP connect — check URL/port and your network.

Re-enter credentials via cgminer-api `addpool` if the web UI is misbehaving. Some 1366 firmware builds have UI bugs where saving an empty password (required for Braiins) silently writes `null` or refuses to save. Workaround: `{"command":"addpool","parameter":"stratum+tcp://stratum.braiins.com:3333,youraccount.worker1,"}` — note the trailing comma with no password. Then `{"command":"switchpool","parameter":"N"}` to make it primary, `{"command":"removepool","parameter":"M"}` to clear the broken slot, and `{"command":"save"}` to persist to flash.

Test from a different network. If the cgminer log shows the connection being dropped mid-handshake with no clean reject text, your IP may be rate-limited or geo-blocked by the pool. Tether the 1366 to a phone hotspot or move it to a different ISP for 30 minutes and re-test. If authorisation succeeds on a different IP, your home IP is the problem — file a ticket with the pool's support, switch pools, or wait out the rate-limit window (usually 1-24 hours).

Cross-check credentials on a different miner. If you have a Bitaxe, Antminer, Whatsminer, or another Avalon on the same network, configure those credentials there. If they authorise on the other miner but not the 1366, the 1366's firmware or config is the variable. If they fail on every miner, the credentials or the pool side is the variable. This bisection saves an hour of guessing on the 1366 specifically.

Roll back MM firmware to the last known-good build. Query `{"command":"version"}` on port 4028 to record current build. If you have a previous MM firmware image you've successfully flashed before, download it from Canaan's firmware portal or `avalonminer.org/firmware-document/`. Verify the SHA. Flash via AUC3 using D-Central's Avalonminer firmware upgrade guide. Do NOT interrupt the flash. Soak-test 1 hour. Re-attempt pool authorisation. If pool now authorises, the latest build had a stratum regression — pin the rollback build, refuse the upgrade until an authoritative source confirms the regression is fixed.

Run a stratum capture from a separate host on the same LAN. Install `tcpdump` or Wireshark on a Linux box / Mac on the same subnet. Capture port 3333 (or your pool's stratum port) traffic from the 1366's IP for 60 seconds during a `mining.authorize` attempt. Look at the JSON-RPC frames in the clear (stratum v1 is unencrypted). The exact bytes the 1366 sent and the exact bytes the pool sent back are visible — ground truth for every authorisation issue. A trailing `n` you couldn't see in the UI shows up here. A pool error code like `-2 Invalid worker` or `-25 Account suspended` shows up here.

Test against a pool that publishes per-rejection diagnostics. Solo CKPool, Public-Pool, and OCEAN return verbose reject reasons. Many large pools (F2Pool, AntPool, ViaBTC) just return `false` with no detail. If you're stuck on a pool that doesn't tell you why you were rejected, configure the same credentials on Public-Pool — its rejection messages name the field and the issue specifically. Use Public-Pool as your diagnostic pool, then transfer the fix back to the original pool.

Verify the worker name doesn't violate undocumented pool-side rules. Some pools have unwritten worker-name constraints — maximum length, no special characters, must start with a letter, must be unique per account. If you've checked credentials and format and the pool still rejects, try a worker name that's clearly safe: 6-12 lowercase letters, no numbers, no special characters. If that authorises, walk the issue back to find what was wrong with the original name.

Check for a pool-side worker quota or plan limit. Free pool tiers (some Braiins / F2Pool / AntPool plans) limit the number of active workers per account. If you've added a new 1366 to an account that's at its plan limit, the new worker rejects on `mining.authorize`. Pool-side: log into the account, count active workers, upgrade plan or remove inactive workers. Shows up as `Account quota exceeded` in the cgminer log when the pool publishes the reason; otherwise as a silent reject when the pool just returns `false`.

Stop DIY and ship to D-Central when you've verified credentials manually against the pool's docs, tested successfully on Solo CKPool, captured the stratum exchange and the JSON-RPC frames look clean, rolled back firmware to a known-good build with no change, and the 1366 still rejects on the pool you actually want to use across multiple credential variations. The 1366's stratum stack itself is suspected — MM hardware-level corruption affecting the network stack, or a deeply broken NVS that firmware tools can't fully reset. Book a D-Central ASIC Repair slot. Bench-test under controlled stratum, reflash from clean MM images, replace MM / AUC3 modules from stocked inventory if hardware is the variable. Turnaround 3-7 business days, Canadian workshop, ships Canada / US / international.

Ship safely. Pack the MM control board and AUC3 in anti-static bags. Double-box with at least 5 cm of foam on every side. Include a note with the worker string you've been trying (BTC address can be redacted), the pool URL, the cgminer log lines showing the reject, and the firmware build string. Saves us 30-60 minutes of diagnostic time, which saves you bench cost.