diff --git a/synology_dsm_upgrade_api.yml b/synology_dsm_upgrade_api.yml
index 33bea30..8ca9ab7 100644
--- a/synology_dsm_upgrade_api.yml
+++ b/synology_dsm_upgrade_api.yml
@@ -7,18 +7,20 @@
     # --- Connexion DSM ---
     syno_scheme: "https"
     syno_port: 5001
-    syno_verify_ssl: false   # mets true si tu as un certificat OK
-    syno_user: "{{ vault_syno_user | default(omit) }}"
-    syno_pass: "{{ vault_syno_pass | default(omit) }}"
-    syno_session: "DSM"      # session DSM (souvent OK)
+    syno_verify_ssl: false   # true si certificat OK
+    syno_user: "{{ vault_syno_user }}"
+    syno_pass: "{{ vault_syno_pass }}"
+    syno_session: "DSM"
 
     # --- Upgrade API ---
-    # Les méthodes peuvent varier: ajuste si besoin (après tests)
     upgrade_check_method: "check"   # parfois: "status" / "get"
     upgrade_start_method: "start"
 
     # --- Sécurité ---
-    refuse_if_no_upgrade_api: true  # si true: on échoue si SYNO.Core.Upgrade absent
+    refuse_if_no_upgrade_api: true
+
+    # --- Réseau ---
+    uri_timeout: 60
 
   tasks:
     - name: Construire base_url
@@ -26,7 +28,7 @@
         base_url: "{{ syno_scheme }}://{{ inventory_hostname }}:{{ syno_port }}"
 
     # 1) Découverte des APIs (paths & versions) via SYNO.API.Info
-    # IMPORTANT: Semaphore utilise souvent ansible.legacy.uri => pas de url_parameters, donc URL en 1 ligne
+    # IMPORTANT: Semaphore peut utiliser ansible.legacy.uri => pas de url_parameters.
     - name: Discover SYNO.API.Auth & SYNO.Core.Upgrade via SYNO.API.Info
       ansible.builtin.uri:
         url: "{{ base_url }}/webapi/entry.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth,SYNO.Core.Upgrade"
@@ -34,6 +36,7 @@
         return_content: true
         validate_certs: "{{ syno_verify_ssl }}"
         status_code: 200
+        timeout: "{{ uri_timeout }}"
       register: api_info
       failed_when: api_info.json.success is not defined or api_info.json.success != true
 
@@ -53,51 +56,53 @@
 
     - name: Définir chemins et versions max
       ansible.builtin.set_fact:
+        # Certains DSM exposent Auth via entry.cgi, d'autres via auth.cgi.
+        # On respecte la discovery, mais on garde des valeurs par défaut sûres.
         auth_path: "{{ auth_info.path | default('auth.cgi') }}"
-        auth_ver: "{{ auth_info.maxVersion | default(7) }}"
         upgrade_path: "{{ upgrade_info.path | default('entry.cgi') }}"
         upgrade_ver: "{{ upgrade_info.maxVersion | default(1) }}"
 
     # 2) Login -> SID
-    - name: Login DSM API (SYNO.API.Auth)
-      ansible.builtin.uri:
-        url: "{{ base_url }}/webapi/{{ auth_path }}"
-        method: GET
-        validate_certs: "{{ syno_verify_ssl }}"
-        return_content: true
-        status_code: 200
-        # NOTE: pas de url_parameters (legacy). On passe les paramètres en query_string.
-        # Ansible uri accepte "body" pour POST, mais ici DSM Auth marche en GET.
-        # On encode en query directement:
-      register: login
-      failed_when: login.json.success != true
-      vars:
-        _login_url: >-
-          {{ base_url }}/webapi/{{ auth_path }}
-          ?api=SYNO.API.Auth
-          &version={{ auth_ver }}
-          &method=login
-          &account={{ syno_user | urlencode }}
-          &passwd={{ syno_pass | urlencode }}
-          &session={{ syno_session | urlencode }}
-          &format=sid
-      # surcharge url avec la version 1-ligne sans espaces
-      # (on ne peut pas mettre des espaces: donc on met une seule ligne ci-dessous)
-    - name: Login DSM API (SYNO.API.Auth) - URL finale
-      ansible.builtin.uri:
-        url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version={{ auth_ver }}&method=login&account={{ syno_user | urlencode }}&passwd={{ syno_pass | urlencode }}&session={{ syno_session | urlencode }}&format=sid"
-        method: GET
-        validate_certs: "{{ syno_verify_ssl }}"
-        return_content: true
-        status_code: 200
-      register: login
-      failed_when: login.json.success != true
+    # Fix: le maxVersion retourné peut casser le login (erreur 101).
+    # On tente d'abord une version stable (6), puis fallback (2).
+    - name: Login DSM API (SYNO.API.Auth) - try v6 then v2
+      block:
+        - name: Login v6
+          ansible.builtin.uri:
+            url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version=6&method=login&account={{ syno_user | urlencode }}&passwd={{ syno_pass | urlencode }}&session={{ syno_session | urlencode }}&format=sid"
+            method: GET
+            validate_certs: "{{ syno_verify_ssl }}"
+            return_content: true
+            status_code: 200
+            timeout: "{{ uri_timeout }}"
+          register: login_v6
+          failed_when: login_v6.json.success != true
+
+        - name: Set login result from v6
+          ansible.builtin.set_fact:
+            login: "{{ login_v6 }}"
+
+      rescue:
+        - name: Login v2 (fallback)
+          ansible.builtin.uri:
+            url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version=2&method=login&account={{ syno_user | urlencode }}&passwd={{ syno_pass | urlencode }}&session={{ syno_session | urlencode }}&format=sid"
+            method: GET
+            validate_certs: "{{ syno_verify_ssl }}"
+            return_content: true
+            status_code: 200
+            timeout: "{{ uri_timeout }}"
+          register: login_v2
+          failed_when: login_v2.json.success != true
+
+        - name: Set login result from v2
+          ansible.builtin.set_fact:
+            login: "{{ login_v2 }}"
 
     - name: Enregistrer SID
       ansible.builtin.set_fact:
         sid: "{{ login.json.data.sid }}"
 
-    # 3) (Optionnel) Check update (si la méthode existe)
+    # 3) (Optionnel) Check update (best effort)
     - name: Check DSM update readiness (best effort)
       ansible.builtin.uri:
         url: "{{ base_url }}/webapi/{{ upgrade_path }}?api=SYNO.Core.Upgrade&version={{ upgrade_ver }}&method={{ upgrade_check_method }}&_sid={{ sid }}"
@@ -105,6 +110,7 @@
         validate_certs: "{{ syno_verify_ssl }}"
         return_content: true
         status_code: 200
+        timeout: "{{ uri_timeout }}"
       register: upgrade_check
       failed_when: false
 
@@ -112,7 +118,7 @@
       ansible.builtin.debug:
         var: upgrade_check.json
 
-    # 4) Start upgrade (l'update est supposée déjà téléchargée / prête)
+    # 4) Start upgrade
     - name: Start DSM upgrade (SYNO.Core.Upgrade)
       ansible.builtin.uri:
         url: "{{ base_url }}/webapi/{{ upgrade_path }}?api=SYNO.Core.Upgrade&version={{ upgrade_ver }}&method={{ upgrade_start_method }}&_sid={{ sid }}"
@@ -120,6 +126,7 @@
         validate_certs: "{{ syno_verify_ssl }}"
         return_content: true
         status_code: 200
+        timeout: "{{ uri_timeout }}"
       register: upgrade_start
 
     - name: Fail si start a échoué
@@ -136,10 +143,11 @@
     # 5) Logout
     - name: Logout DSM API
       ansible.builtin.uri:
-        url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version={{ auth_ver }}&method=logout&session={{ syno_session | urlencode }}&_sid={{ sid }}"
+        url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version=2&method=logout&session={{ syno_session | urlencode }}&_sid={{ sid }}"
         method: GET
         validate_certs: "{{ syno_verify_ssl }}"
         return_content: true
         status_code: 200
+        timeout: "{{ uri_timeout }}"
       register: logout
       failed_when: false