Ubiquiti UAP can't phone home

Discussion in 'Networking, Telephony & Internet' started by cal0006, May 26, 2018.

  1. cal0006

    cal0006 Member

    Joined:
    Sep 4, 2006
    Messages:
    509
    Location:
    A Galaxy far, far away
    Hey guys, got a fleet of Ubiquiti Access Points and two of these are at a clients premises providing a WIFI network which is working fine.

    Unfortunately, the UAP's seem to be unable to phone home back to our controller which currently runs on a SBS VM in a data centre.

    I can see the the UAP's have IP's and as said, they work fine but are un-manageable at this point in time.

    For starters, the network has an active domain controller running SBS 2012 from memory.

    The main gateway is every technicians' best friend - a Telstra Netgear Genie router.

    The Telstra router is the main gateway to Telstra FTTP inter webs. The domain controller is also doing DHCP and also DNS I believe.

    I've tried adding "ubiquiti" under DNS and putting the UAP controller URL into the FQD field to no change.

    Now why can't the UAP's communicate with the controller? I can't ping the hostname but I can't do that from home either so that's not much help.

    I've tried countless reboots of the UAP's, but don't want to restart the DHCP service on the SBS as there's a good 200 devices on the network and this includes printers etc which probably don't have a static IP.
    I also haven't restarted the DNS server on the SBS server, unsure if this is likely to be of help.
    I also haven't restarted the Telstra router as my only opportunities have been remote and if it doesn't come back on I'm gonna have a bad time.

    I've add the necessary ports into the port-triggering settings of the Telstra, but can't help but wonder if the router needs a reboot for this to come into effect. I've also tried disabling port triggering to no change.

    I can ping 8.8.8.8 from the UAP via SSH and get a response so the UAP can access the outside internet.

    Any thoughts as to what I can try from here?

    Has anyone had issues with UAP's behind Telstra routers? As there's a few devices offline through the fleet of UAP's and I can't help but feel like these offline devices are all on Telstra connections.
     
  2. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,183
    Location:
    Melbourne
    the devices need to be able to access "unifi" so add that
    alternately, issue the set-inform command with the FQDN for your controller.
    ensure your ports are open for the controller
    what does "dmesg" on the AP show?
    can you ping "unifi" from the AP?

    restarting the DHCP Service won't harm your devices. (Unless you mean rebuild)
    restarting DNS also wqon't really hurt anything, for the ~90 seconds it takes


    can you use netcat on the UAP to connect to the Inform port on the controller? (You mentioned you can't ping the controller by name/ip address) so try
    nc 1.2.3.4 8880 (I may have forgotten the exact controller port at this moment, so double checkl)

    did the UAPs EVER talk to the controller?
     
  3. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,581
    Location:
    NSW
    is it possible these UAP's merely have the wrong DNS setup in them pointing to some ancient DNS Server that no longer exists? Also how do these sites connect to the SBS Box? Via VPN I Assume?
     
  4. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    942
    Location:
    BRISBANE
    cat /etc/resolv.conf on the UAP, also does busybox have nc? You should be able to use telnet at least.

    Any warnings in the controller about STUN being down?
     
  5. OP
    OP
    cal0006

    cal0006 Member

    Joined:
    Sep 4, 2006
    Messages:
    509
    Location:
    A Galaxy far, far away
    Originally UNIFI was not added but I have since added, with no change.

    I have also added the hostname URL for the controller and pointed it to the IP, no change.

    I have also tried pointing the UAP's to IP : PORT address for the controller versus the complete URL, no change.

    Haven't tried pinging unifi from the UAP but I did ping 8.8.8.8 and got a response.

    I'll try the netcat command and see if it responds.

    Possible, these particular UAP's have been onsite for years I believe, I think they're the earliest in the fleet, at least a couple of years old. Possible that they are pointing to an incorrect DNS. As far as I'm aware they've never ever phoned home once they were provisioned and configured locally in our workshop.

    The SBS controller or the domain controller? The DC is a physical on-prem server, the controller itself is hosted in a data centre.

    As above I will try netcat and see what happens.

    It doesn't alert to a STUN issue, simply shows as Disconnected with a last seen date of never.


    Man I love cleaning up other people's mess.
    "Why worry about it, it's working and thats the main thing?"
    What is the point of having managed infrastructure if you aren't properly managing it..
     
  6. OP
    OP
    cal0006

    cal0006 Member

    Joined:
    Sep 4, 2006
    Messages:
    509
    Location:
    A Galaxy far, far away
    Another interesting point is if I SSH into the UAP from the server and run the 'info' command, I don't get any info back? I would expect this to give me the IP info etc for the UAP...
     
  7. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    942
    Location:
    BRISBANE
  8. OP
    OP
    cal0006

    cal0006 Member

    Joined:
    Sep 4, 2006
    Messages:
    509
    Location:
    A Galaxy far, far away
  9. grrrr

    grrrr Member

    Joined:
    Jun 30, 2001
    Messages:
    971
    Location:
    Cornubia
    do you have the telstra air / fon wifi thing turned on?
     
  10. OP
    OP
    cal0006

    cal0006 Member

    Joined:
    Sep 4, 2006
    Messages:
    509
    Location:
    A Galaxy far, far away
    I don't believe its enabled.
     
  11. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,183
    Location:
    Melbourne
    ok so, netcat from one of mine:

    once you open up netcat and it just seems to give you nothing, mash some keys and press enter.
    It should then give you the 400 request, or anything in fact, to tell you that the controller is there.
    Dodgy test, but it confirms you have HTTP/S access.

    If it's still failing, then forget the device on the controller (do it one at a time)
    logon to the controller via ssh
    then re-issue set-inform:
    set-inform http://unifi.pornhub.com:8080/inform
    go to controller, adopt
    issue set-inform http://unifi.pornhub.com:8080/inform on the AP itself again

    if it still fails to inform correctly, then from ssh on the AP:
    sudo syswrapper.sh restore-defaults
    wait.
    logon using defaults via ssh (ubnt/ubnt)
    re-issue set-inform

    if it's still failing to inform correctly, check the local firmware on the AP itself.
    ensure the firmware is a supported version for your controller, upgrade it manually if need be.
     
  12. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    942
    Location:
    BRISBANE
    Honestly I've had an AP or two 'go dark' before and it took a hard reset with a paperclip before it started showing up again
     
  13. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,581
    Location:
    NSW
    First off log onto the AP.

    Then see what it says for the IP Address and make sure things like DNS/Gateway are right via the below command, and test for connectivity to the controller via ping
    ip addr

    Then make changes if needed then tell it to allow itself to be adopted by the controller:
    set-inform http://ip-of-controller:8080/inform

    Worst case scenario:

    Make sure you have the mac address of the UAP and that is all setup right to grab dhcp if needed (IE right vlan, port config, etc etc) and nuke config:
    syswrapper.sh restore-default

    Then try re-adopting via web interface on controller or sshing into UAP and re-doing:
    set-inform http://ip-of-controller:8080/inform
    then re-adopting via controller.
     
  14. OP
    OP
    cal0006

    cal0006 Member

    Joined:
    Sep 4, 2006
    Messages:
    509
    Location:
    A Galaxy far, far away
    Quality controller URL, nice.

    So I had some luck. something did not seem right with the AP at all. Power cycled it completely today while out there, no change.

    Still really weird that some of the SSH commands do nothing. INFO shows nothing, just goes to the next line after a few seconds, NC same thing.

    SSH'd into the UAP, one final time. Thought screw it, I'll factory reset it via SSH and hope to the wireless god's that it shows up in the Discovery app. Which it did.

    Hit the Adopt/inform option, entered the URL, applied, it appeared in the controller. Great success! Or so I thought. After hitting adopt and letting it do it's thing, eventually it changed back to disconnected. Thankfully the reset was still in effect/the adopt was not successful as it still showed up in the discovery tool.

    Ran the firmware update, then once again attempted a reconnection to the controller. Bam, adopted successfully. I would hazard a very confident guess that my initial triggered ports were all fine, there was no issue with the SBS DC machine or the local network. The god damn thing was too far out of date.

    TL;DR - some jerk has updated the controller at some point in time to a version that doesn't work with earlier UAP firmwares. Update fixed.

    Man, what a dick around. Luckily I know what the issue is so I'll need to go back and do the same for the second UAP which of course is now not accessible for some reason :Paranoid:
     
  15. OP
    OP
    cal0006

    cal0006 Member

    Joined:
    Sep 4, 2006
    Messages:
    509
    Location:
    A Galaxy far, far away
    So I have confirmed that the end issue was indeed the age of the UAP's firmware. Having just completed an audit of each and every device connected to the controller, there is a handful of devices running 3.4 firmware or earlier. Each of these devices shows as disconnected.

    Can anyone suggest how I can somehow get these devices updated, short of gaining remote access to a local PC, SSH'ing into each device, resetting to factory, running an update to a supported FW, and re-linking to the Controller? I'm all ears...
     
  16. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,581
    Location:
    NSW
    Not easily unfortunately... but given the IP's and the WAP's are known as are the passwords just follow:

    https://help.ubnt.com/hc/en-us/articles/204910064-UniFi-Changing-the-Firmware-of-a-UniFi-Device

    And after that:

    set-inform http://ip-of-controller:8080/inform

    Then web gui re-adopt.
     

Share This Page

Advertisement: