3 weeks ago
I've been searching for similar topics, but couldn't find anyone matching my question, so here it goes..
I was wondering a couple of things regarding the UNMS key and the relation to the UNMS URL / hostname. Say you would need to change your hostname on your UNMS server and thus the URL (wss://) to the UNMS also would change. How would you proceed to get the new wss-URL on to your remote devices? Do you need to login to each single unit and set the new wss-URL? Is it possible to do this through the UNMS -> Terminal or will the connection break while updating the key / wss-URL?
If you change your hostname and get a new wss-URL, is that also a new UNMS key?
I just updated my hostname and got a new wss-URL. So far I have not updated anything on my devices connected to my UNMS server and so far everything continue to work. But something tells me that a reboot of the clients or server might get things to a state where the clients wouldn't connect to the UNMS server anymore, or..?
So far the UNMS server is reachable through the old hostname/URL, but the old URL will stop working eventually.
3 weeks ago
@miscmedia Hello Fredrik. I would like to bring this article to your attention, as I believe there is useful info regarding your questions about generic UNMS key and how it works. The best practice is to have a single FQDN pointed at a single IP where your UNMS is listening. That way you can have that FQDN in the generic UNMS key and when the IP address of your server changes, you just make the appropriate adjustment in DNS records. If you put an IP address in the UNMS key and it changes, you need to rewrite UNMS key in all your devices. Please note that we have some plans to make server migration easier in the future.
3 weeks ago
Hi @UBNT-Radek !
Thank you for your reply. I’ve read the article, which is great and provide good understanding on how the key works.
What I’m missing from the article and would like to know is what happens if you need to change the FQDN and what actions do you need to take in order to keep all your clients connected to the UNMS server?
i just tried to enter the new UNMS wss-URL to one of my clients and the client could not connect to the UNMS server. I had to change back to the old wss-URL. So please guide me how to proceed after changing the FQDN of my UNMS server.
2 weeks ago
@miscmedia Hello Fredrik. First of all, I have to say that unfortunately, if you change the FQDN of your UNMS server then you have to rewrite the UNMS key in all devices you want to connect. There is a way how to do that by bulk with Device discovery tool. You need to discover all devices in their subnet and then the tool will automatically rewrite the correct UNMS key into the device.
I just tried to enter the new UNMS wss-URL to one of my clients and the client could not connect to the UNMS server.
If you only changed the hostname (blue) part of the UNMS key, then this should work. If you changed the AES part (yellow) of the UNMS key as well, then the device connection was correctly rejected. If the first is the case you can replicate the situation and then send me support info from both the UNMS and the device and I will try to find out what happened there. Please, send the files to my email radek.skrivan(at)ubnt.com and include URL of this thread in the message.
2 weeks ago - last edited 2 weeks ago
Thanks for feedback @UBNT-Radek
The part that has changed in my wss-URL is th FQDN the AES key is still the same (the yellow part - https://help.ubnt.com/hc/en-us/articles/115015772548-UNMS-The-UNMS-Key-and-the-Device-Registration-P...). On the end of the URL I also have "+allowSelfSignedCertificate" probably since the first certificate I used was self signed by the UNMS server. Now I'm using the Let's Encrypt function inside UNMS and have a valid cert for my FQDN.
When I changed the FQDN on my UNMS server I did through th GUI @ Settings -> UNMS -> Server settings -> UNMS Hostname/IP. Then I hit "Apply changes". After that I copied the wss-URL from "Connection".
So you say it should work if I enter the new wss-URL with the new FQDN on my connected devices (since the AES key hasn't changed)? I'll give it another shot, and if it still fail I'll send you the support info via mail.
2 weeks ago
@miscmedia Hello Fredrik. The process you described should be all right. Please give it a try and if it fails, contact me via email. I will need support info from both UNSM and the device where you tried to change the target address. Please, send those files to the email radek.skrivan(at)ubnt.com, and include your forum name and URL of this thread in the message. In case the files are too big, please use a file sharing service such as Google Drive.
Friday - last edited Friday
Here is an update regarding my question.
This is what did work when I tried to update the UNMS key on my devices (set service unms connection).
- On a new device which has never been connected to the UNMS service it works fine.
- On a already connected device using SSH I can use "delete service unms connection wss://old.url.." followed by "set service unms connection wss://new.url.." followed by commit ; save. Then I had do reset the UNMS key in the UNMS webUI (@UNMS server: edgerouter -> Settings -> UNMS -> Troubleshooting -> Reset UNMS key).
What I did try initially and what didn't work was when I tried to use the terminal function from UNMS web ui (UNMS server: edgerouter -> terminal). When I try to change the UNMS URL I get disconnected and the device disconnects from UNMS server. Only way to bring it back online is to the same commands via SSH / local console and then reset the UNMS key as per above described.
Friday - last edited Friday
I would like to add a guide on how to deal with the same situation using UNMS.
After changing UNMS IP/Hostname.
1. Create backup for your device
2. Download backup FOR OTHER DEVICES, save file
3. UPLOAD just downloaded file back to UNMS.
4. RESTORE uploaded backup.
After these four steps, your device will contain UNMS Generic Key with a new IP/Hostname.
5. RESET UNMS KEY