Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 24
Registered: ‎10-07-2015

Can't get new AP to adpot

I have a new UAP AC Pro installing into an existing site wth 25 other access points already enabled, all of which have worked immediately.

 

I'm issuign the command in the mca-cli

 

set-inform http://ip.of.my.server:8080/inform

 

The new AP can ping the controller no problem.

 

The new AP never shows in the controller for adoption.  I've upgraded the controller just in case (it is now version 5.5.20).   The software is running on a Windows server.

 

I've spent the last 3 hours trying factory resets of the UAP-AC-PRO, update firmware, all kinds of things.   Any possible pointers I'm missing?

 

SuperUser
Posts: 4,757
Registered: ‎01-05-2012
Kudos: 1273
Solutions: 595

Re: Can't get new AP to adpot

If, from an already adopted AP, via SSH, you issue

info

What is the output ?

Cheers,

jonatha

New Member
Posts: 24
Registered: ‎10-07-2015

Re: Can't get new AP to adpot

Shown below, I removed a little bit of information just to be safe but the real information is correct.

 

Model: UAP-Pro
Version: 3.7.8.5016
MAC Address: xx:xx:xx:xx:xx:x
IP Address: 10.2.11.100
Hostname: UBNT
Uptime: 23698 seconds

Status: Connected (http://x.x.x.x:8080/inform)

New Member
Posts: 24
Registered: ‎10-07-2015

Re: Can't get new AP to adpot

[ Edited ]

If I run info right after I set it up:

 


Model: UAP-AC-Pro-Gen2
Version: 3.8.3.6587
MAC Address: f0:9f:c2:a3:69:24
IP Address: 10.2.51.51
Hostname: UBNT
Uptime: 2539 seconds

Status: Timeout (http://x.x.x.x:8080/inform)

 

 

 

Member
Posts: 156
Registered: ‎03-31-2017
Kudos: 37
Solutions: 11

Re: Can't get new AP to adpot

the Pro is on a different subnet and showing timeout while trying to connected to the unifi server. A quick guess would be a firewall or ACL rule somewhere in your routing that is eating port 8080
New Member
Posts: 24
Registered: ‎10-07-2015

Re: Can't get new AP to adpot

I thought of that but it's a VPN tunnel and any/any is permitted.  I'm going to do some port scanning etc.

 

New Member
Posts: 24
Registered: ‎10-07-2015

Re: Can't get new AP to adpot

[ Edited ]

So scanning from my PC on the same subnet as the AP to the server, 8080 is open.

 

80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2000/tcp open cisco-sccp
3389/tcp open ms-wbt-server
5060/tcp open sip
8080/tcp open http-proxy
8443/tcp open https-alt
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown

 

And if I telnet from the access point:

BZ.v3.8.3# telnet x.x.x.x 8080
Connection closed by foreign host

 

I get a closed connection, not a time out.

 

And on the firewall at the remote datacenter where the controller is installed I see the traffic as permitted on port 8080, so it's reaching the controller, and the controller server has firewall services disabled (and at any rate the port scan indicates that also).

 

SuperUser
Posts: 4,757
Registered: ‎01-05-2012
Kudos: 1273
Solutions: 595

Re: Can't get new AP to adpot

If, from remote location, in a browser, you type
http://ip.of.controller:8080
Are you redirect to https://ip.of.controller:8443 ?

What about the logs on the controller ?
This is the only one remote AP which you are trying to connect over VPN ? I remember, some time ago, some problems with the MTU on the VPN's tunnels between APs and controller ....
Cheers,
jonatha

Highlighted
New Member
Posts: 24
Registered: ‎10-07-2015

Re: Can't get new AP to adpot

[ Edited ]

Yes, redirect works just fine.

Yes, this is one remote AP that won't connect over VPN but all the other AP's in the other 24 offices are fine and are also connected over VPN.    I will fool a little bit with MTU values.

SuperUser
Posts: 4,757
Registered: ‎01-05-2012
Kudos: 1273
Solutions: 595

Re: Can't get new AP to adpot

Two years ago, there, I've forced a really low MTU value on the ppp interfaces, but just for see the behavior ....

Cheers,

jonatha

Member
Posts: 156
Registered: ‎03-31-2017
Kudos: 37
Solutions: 11

Re: Can't get new AP to adpot

I just noticed in your config post from yesterday there is no port on your inform URL on the status line.

New Member
Posts: 24
Registered: ‎10-07-2015

Re: Can't get new AP to adpot

Sorry I omitted that by mistake in the post, but it was there. I will fix it.
Established Member
Posts: 1,530
Registered: ‎04-21-2015
Kudos: 209
Solutions: 79

Re: Can't get new AP to adpot

Hey,

 

 

l think it is time to check 3-way handshake deeper, to see which  parameters are negotiated:

 

syn,

syn,ack

ack

 

1) run set-inform command

2) tcpdump -w 01.pcap port 8080

 

pcap.JPG

 

3) Copy pcap from AP using WinSCP or similar program (or any tftp method):

 

WIN.JPG

 

4) View the file:

 

3 way.JPG

Thanks,
Myky
--------------------------------------------------------------------------------------------------------------------------------------------------
Don`t blame the device as it`s always doing what you have asked it to do, this is not always the same as what you want.
New Member
Posts: 24
Registered: ‎10-07-2015

Re: Can't get new AP to adpot

Thanks; what I'm going to do is setup a test environment because I can't wait any longer on this.   I have setup the AP with a local controller on my laptop (worked fine).    I have another of these exact configurations in my office for testing, so I'll just order an extra UAP Pro and try to duplicate.   Config on firewall, type of firewall, everything is exactly the same so it should be a good test.

Reply