OScam no cw: reasons and solutions for decoding problems
If you are looking for an OScam: no cw solution — it means the server is running, the client is connected, the ECM request is sent, but the channel does not open. The line in the log looks harmless, but it may hide a dozen different reasons: from a typo incaid to a dead source on the other end. Let's break it down step by step — from analyzing the log to real changes in the config.
What does "no cw" mean in OScam logs
ECM (Entitlement Control Message) is an encrypted packet from the tuner that goes to the reader in search of a control word (CW, control word). If the reader received the ECM, sent it to the source, but the response came back empty — the log showsno cw. Not "no card", not "rejected" — just an empty response.
This is important:no cw means that the chain to the source is working, but the source itself either cannot or does not want to give the word.
Decoding the log line: ECM, caid, provid, time
A typical line inoscam.log looks like this:
2026/06/30 14:22:11 c (ecm) username: no cw (ecm time: 312 ms, hop: 1, caid: 0500, provid: 032830, srvid: 06A4)
What to read here:
caid: 0500— conditional access system (Viaccess, Irdeto, Nagra, etc.)provid: 032830— provider identifier within the systemsrvid: 06A4— service/channel IDecm time: 312 ms— response waiting timehop: 1— how many servers the request passed through
Ifecm time is present and non-zero — the request reached the source and returned. Just without CW. If the time is zero or there is no ECM line at all — the problem is local, at the filtering level.
How "no cw" differs from "rejected", "not found", "timeout"
not found orcard not found — there is no reader that is being taken to serve this caid/provid. This is a different branch of diagnostics.
rejected — the reader was found, but explicitly refused: wrong subscription, block byservices, mismatchident.timeout — source did not respond in time. Andno cw — responded, but empty. Three different scenarios, three different fixes.
Where to look: oscam.log, web interface (port 8888), reader status
WebIF by default hangs on port 8888 — openhttp://<ip>:8888. The tabReaders shows ECM statistics for each reader: how many successful, how manyno cw, average response time. The tabServices — filtering by channels.
For detailed logging: inoscam.conf we raiseloghistorysize = 4096, and for dumping the CWs themselves we addcwlogdir = /var/log/oscam/cw/ in the section[global]. After this, it is visible not only the fact ofno cw, but also what exactly comes in the response.
Step-by-step diagnosis of the no cw reason
The algorithm is simple: first, we find out if the ECM is going at all — and if so, at what stage the CW is lost. This narrows down the suspects from ten to one or two.
Checking the caid/provid match in oscam.server and oscam.user
Open/etc/oscam/oscam.server and look at the section[reader]. There should be a parametercaid with the required value. Then we look at/etc/oscam/oscam.user — the user must have this caid in thecaid parameter as well, otherwise the server simply won't let him access the required reader.
Common mistake: inoscam.server it is specifiedcaid = 0500, but in the ECM log it comes withcaid = 0D05. These are different systems — Viaccess vs Nagra. The tuner sometimes signals the same channel under different caids (simulcrypt), and OScam may request the wrong one.
Checking ident and reading blocks (chid, services)
Theident parameter inoscam.server specifies which provid the reader serves. If it saysident = 0500:032830, but the request comes withprovid = 032840 — the reader silently ignores the ECM. In the log, this appears asno cw or the absence of an ECM line.
The same goes forservices andchid: if the reader has a block specifiedservices = !HBO,!MTV — specific channels are filtered out at the filtering level before being sent to the source. This can be checked through WebIF → Readers → specific reader → Services.
Analyzing response time and hop in the logs
If we see in the logecm time: 280 ms, hop: 2 and at the same timeno cw — the request went through two servers and returned empty. The problem is on the side of the source or the intermediate hop. Ifecm time: 0 ms or there is no ECM line at all for the specific reader — OScam did not send a request there, meaning local filtering is interfering.
Withhop> 1 withno cw it is temporarily worth settingcccmaxhops = 1 inoscam.server for diagnostics — if the source works only through retransmission, this will confirm the hypothesis.
Checking ECM length and non-standard packets
Some providers use non-standard ECM packets longer than the usual ~184 bytes. Some reader implementations cut them off or reject them without an explicit error, returning an empty response. Incwlogdir this is visible: ECM came, went, but CW is not in the dump.
After the provider changes the keys, modified ECM structures may appear — then the source returns an empty response until it updates the keys through EMM/AU. This is one of the cases where the problem is not in the config at all.
Configuring reader and protocols to eliminate no cw
Most of the fixable reasons are concentrated here. The section[reader] inoscam.server is the main place for edits.
[reader] parameters for cccam: protocol, device, cccversion
The minimally correct section for CCcam-reader:
[reader]
Parametercccversion is not decorative. If the source expects version 2.2.1, and you send 2.3.0, the handshake may go through, but CW will be incorrect. Try 2.0.11 or 2.1.4 if stableno cw on a specific source.
Parameters newcamd/cs378x and ports
For newcamd, the port is specified individually in the source config (usually something in the range of 10000–15000). For cs378x/camd35, the protocol works over TCP or UDP, the port is similarly set on the source side. Section:
[reader]
Parameterkey (newcamd DES key) must match what is specified on the server side. A key mismatch results inno cw or a connection drop without a clear error.
Options lb_weight, lb_force_fallback and distributed cache
Loadbalance inoscam.conf section[loadbalance] affects which reader will receive the ECM request. Whenlb_mode = 1 (weight mode) OScam prefers the reader with the best statistics. But if the statistics are not accumulated or the reader was temporarily unresponsive — the server may choose a poor source.
The parameterlb_force_fallback = 1 forces OScam to try the next reader if the first returnedno cw. Without it, whenlb_mode != 0 the server may get stuck on a dead source. Also useful islb_nbest_percaid = 0500:2 — to keep at least 2 active readers for the given caid.
Correct cccmaxhops and reshare for multi-level shares
cccmaxhops = 0 means "only local cards,"cccmaxhops = 1 — one level of sharing. In a deep chain of servers, sometimes 2–3 are needed, but each hop adds latency and risk of timeout. It should be increased cautiously, checkingecm time in the logs.
reshare = 1 in the reader section allows OScam to distribute the received CW to its clients further. Ifreshare = 0, CW is used only locally. With an incorrect value — clients lower in the chain receiveno cw.
When the problem is on the source side, not the config
Some cases where OScam is needed: no cw solution, cannot be fixed by editing configs at all. ECM goes out, time is normal — for example, 200–350 ms — but CW is consistently empty specifically for that caid. The local config has nothing to do with it.
Signs of a non-working subscription or expired card on the source
If the source's subscription for a specific package of channels has expired — the card is physically present, the connection is established, ECM is received, but decryption is impossible. The response is empty. In WebIF → Readers, we look at the column% OK: if there are 0% successful CW on the specific reader for the needed caid with normal response time — the card on the source does not work for this package.
After the provider changes the keys, the card requires updating via EMM. Ifau (auto-update) is not enabled —au = 1 in the section[reader] — the card becomes outdated and stops providing CW on the updated channels.
Hop > 1 and loss of cw on intermediate servers
Athop: 2 andno cw the intermediate server could receive CW but not pass it further — for example, due to a reshare error or limitations on the relay side. Diagnosing from the outside is difficult: the only way is to try to connect to the source directly, bypassing the intermediate node, and compare the result.
Unstable source: intermittent no cw and idle disconnect
Intermittentno cw — for example, only during prime time from 19:00 to 23:00 — a classic symptom of an overloaded source. At other times, the channel opens normally, but during peak hours, the source fails to process the ECM queue and returns empty responses.
Another pattern:no cw appears after 10–15 minutes of inactivity. This is an idle disconnect — the source breaks the inactive connection, OScam does not notice the break immediately, and the first ECMs after the pause go nowhere. It can be fixed with the parameterkeepalive = 1 in the section[reader] and editingreconnecttimeout.
How to objectively assess the quality of the source based on logs
WebIF → Readers → a specific reader shows three key metrics: the percentage of successful CW (% OK), average response time (avg time) and the number of reconnects. A good source: % OK above 95%, avg time consistently in the range of 150–400 ms, reconnect close to zero over the observation period.
If reconnects increase — the source is unstable or breaks the connection due to idle. If % OK is low with normal time — the card is non-functional under the required caid. These are objective data; no words about the "stability" of the source can replace these numbers from the log.
Frequent configuration errors causing no cw
Most cases where OScam is required: no cw solutions boil down to elementary errors in the configs. Let's break down the most common ones.
Incorrect permissions and paths: oscam.server, oscam.user, oscam.conf
OScam reads configs from the directory specified at startup with the key-c. Usually, this is/etc/oscam/, on some images —/var/keys/ or/usr/keys/. If the fileoscam.server is not located there — the reader simply will not load, and the log will showno reader found or quietno cw.
Access rights: config files must be readable by the user under which oscam is running. With the commandls -la /etc/oscam/ we check the owner and permissions.chmod 640 + correctchown resolve.
Group conflict between reader and user
This is one of the most non-obvious errors. Inoscam.server the reader hasgroup = 1, while inoscam.user the client hasgroup = 2. The result: the reader physically exists, there is a connection to the source, but OScam does not provide this client access to the reader — and returnsno cw.
Rule: the values ofgroup for the reader and user must overlap. If the reader hasgroup = 1,2, and the user hasgroup = 1 — everything works. Check through WebIF → Users → specific user → Readers: you can see which readers are available to the user.
Errors in caid/ident, extra spaces, and case sensitivity
OScam is sensitive to format.caid = 0500 andcaid= 0500 with a space before the value — are not the same in some versions. An extra space inident = 0500:032830 (after the last digit) can break parsing.
Hex values are especially insidious:0D05 and0d05 OScam usually perceives the same, butD05 without a leading zero — it's already a different caid. Always use a four-digit format with leading zeros.
Firewall and NAT issues for network readers
The network reader does not start silently: in the log at startup we seereader my_reader: connected orfailed to connect. But if the firewall blocks packets after the connection is established — ECM goes out, but the response does not return. A classic for NAT with asymmetric routing.
Check:iptables -L -n | grep PORT andnetstat -an | grep PORT. For CCcam, the port is usually 12000 (set on source), for newcamd — individual, check in the source config. Temporarily disable the firewall and check — ifno cw disappears, the reason lies in iptables/NAT rules.
After any changes in the configs — restart or reload via WebIF → Restart, otherwise the changes will not apply. And always check the log at startup: if the reader did not load — there will be an error in the first lines.
What is the difference between "no cw" and "card not found" in OScam?
no cw — ECM reached the reader and went to the source, but the control word returned empty. The chain works, the problem is at the decryption level.card not found — OScam did not find the reader at all that is supposed to service this caid/provid: either there is no suitable reader, or the groups do not match. These are different branches of diagnostics — you should start by reading the exact line of the log.
Why does one channel give no cw, while others work?
Most often, there is no local card on the source for the specific provid of this channel, or the channel is cut by the blockservices/chid inoscam.server. Another option — the channel uses a different caid (simulcrypt), and OScam requests the wrong one. We look atsrvid andprovid in the log line for this channel and compare with what is allowed on the reader.
Does loadbalance affect the appearance of no cw?
Yes, and quite significantly. Whenlb_mode = 1 orlb_mode = 2 OScam selects a reader based on statistics, and if a bad reader has accumulated a "good" history, it will receive requests even when there are real problems. Enablelb_force_fallback = 1 and setlb_nbest_percaid for the required caid, so that the server automatically switches to a working source.
How to understand that the problem is with the source, not with my config?
The sign is clear: ECM goes to the reader (there is a line in the log), time is normal — let's say, 250–350 ms — butno cw is stable on a specific caid with the correctcaid/ident/group. In WebIF → Readers we see % OK = 0% on this caid. This is an empty response from the remote source, the config has nothing to do with it.
What ports and protocols to check when there is no cw on a network reader?
First of all:device = host,port inoscam.server — is the IP and port correct? Then check the match ofprotocol (cccam/newcamd/cs378x) with what the source is listening to. Check if the port is open:telnet host port ornc -zv host port. For CCcam —cccversion must match or be compatible. For newcamd — the correct DESkey is required.
Does increasing cccmaxhops help with no cw?
Sometimes yes — if the required card is only available through retransmission, and withcccmaxhops = 1 it is not visible. But increasing hops directly increases latency: each additional hop adds 100–300 ms, and with a timeout limit, the decoder may not keep up. Increase in increments of 1, monitoringecm time in the logs. Above 3 — is almost never needed.
In summary: OScam: no cw solution starts with a precise reading of the log line —caid,provid,ecm time,hop. These four fields immediately divide the problem into "local filtering," "source does not respond," and "source responds empty." Each scenario is treated differently, and mixing them into one "check everything" is a waste of time. Use WebIF, look at % OK by reader, and the problem becomes obvious in 5-10 minutes.
Practical checklist for smooth viewing
Even the best CCCam or OSCam line needs two or three simple preparations. Update your receiver firmware, reset the ECM cache once a week and keep 15–20% free space on the USB stick or internal flash so that the reader can store keys without delays.
When tuning a dish, aim for MER/BER reserve: a two‑degree offset or a loose F‑connector often causes the “freezing” that users blame on cardsharing. Keep a short patch cord to test alternative routers, and save two profiles in OSCam — one for TCP, one for UDP — so you can switch instantly if your ISP starts filtering a protocol.
Utgard.tv monitors each hub 24/7, but you can speed up diagnostics by keeping a short log of your receiver actions. Note the time when you changed the channel, which CAID was active and whether you used Wi‑Fi or Ethernet. This tiny “journal” helps engineers reproduce your environment in the lab and return with a solution in minutes instead of hours.
- Keep two line slots enabled: if the first server hits a maintenance window, the second one instantly takes over without re-entering credentials.
- Run a monthly speed and latency test. Stable 1–2 Mbps with ping <80 ms is enough for SD/HD, but if jitter exceeds 20 ms, switch the router to wired mode.
- Save the Utgard.tv status page and Telegram bot @utgard_tv_bot to bookmarks — they publish maintenance notices before SEMrush or uptime monitors raise alerts.