10-11-2018 11:37 AM
2 days ago we updated our 67 UniFi servers from 5.8.30 to 5.9.29
Since then we've had several complaints that devices disconnected since the upgrade.
Several of my own sites have disconnected devices as well.
Wondering if this happened to others too, and what can be done to prevent this in the future?
10-11-2018 12:20 PM
10-11-2018 08:03 PM
I have a site where the USG is now stuck in Adopting. And my Switch it totally missing. It does not show offline, it is just gone. it is up because it powers all APs and the Cloudkey.
What is very strange. Everything is up.
10-11-2018 08:15 PM
It seems the device disconnects happened a few days afterwards tho
I would expect better from a “stable” release
10-12-2018 01:19 PM
The USG that was in a repeat Adopting came back fine. I am still missing a switch. As stated above, it is online and working. It is just not in the Dashboards. What is even stranger, the CLIENT does not show Swtich / Port. It shows the LAN connection on USG.
10-12-2018 01:24 PM
10-12-2018 01:27 PM
I would do a sweep of the settings in the controller for those sites and see if anything has changed. I know sometimes if I upgrade, my inWall AP decides to put its wifi back to "enabled" when I don't want them to be.
The controller has a mind of its own sometimes so it working for a while and then not, isn't a weird thing.
10-16-2018 10:43 AM
I upgraded a controller to 5.9.29, but also updated java v8 from 151 to 191, all devices were disconnected.
Uninstalling 191 en reinstalling 151 fixed it. This is obviously only a workaround, but something is not right
11-05-2018 11:22 AM
I've found that the sites I'm having this issue with are all running Sophos XG firewalls.
It may be a security setting and I'm able to currently able to bypass it with a firewall rule (at the top, LAN/any to WAN/controller, no restrictions, not user based, NAT and logging on). Some of our firewalls had this rule already in place due to communication issues with ScreenConnect (which we also host) clients disconnecting every 5 minutes.
It's worth pointing out that we were working just fine on 5.6.22 before upgrading to 5.9.29 and had to add the exception ONLY after upgrading. I don't know what has changed in the communications but something is being detected as malicious traffic (still investigating).
Some devices would show online for a while. One site had no APs connected but the switch online until the firmware was updated. After adding the firewall rule into the Sophos XG we now have the entire site connected.
11-05-2018 11:54 AM
Found another way to fix it on the Sophos XG. Have to create a custom IPS exception for Signature 40146 (browser exploit). However, since this would expose all the Windows computers I'm trying to protect I've decided a special controller access rule still works best for my customers.
From the log viewer:
controller WAN address
device LAN address
BROWSER-IE Microsoft Edge malformed response information disclosure attempt