*** Official Ubiquiti Discussion Thread ***

[alex24]

I just had a nightmare trying to get my UAP-AC-LR to factory reset. It’s ceiling mounted and getting it down is an PITA due to how the mount is designed. They should have a reset on the injectors. After the IP getting changed due to other issues on the network, I SSH’d in and ran the script but it just doesn’t ever reset. Just reboots back to the same settings. Not sure why. It’s never worked tbh. Set-inform doesn’t either. Once I reinstalled the controller from scratch it could see the AP and tried to adopt it finally but it gets stuck in an adoption loop. So then I remembered the UniFi iOS app, which was the ONLY thing that could adopt the AP.

I also have a UAP-AC-Lite and all SSH commands work and it can be readopted etc no issues. Both devices on latest firmware. Go figure.

I’m wondering if the setup could be better. Maybe option 43 is a good idea since I’m running my controller in a container on a Linux host and I’m also not sure if the unifi DNS would work out the box. I did have inform override set though, with an IP accessible to the controllers.

As great as the APs are, this whole area could be improved somehow.

 

[the-evaluator]

What command did you issue in your SSH session to factory reset it?

 

[Steveocee]

Would you not have to be running a UniFi router under the control of the controller to do that?

No not at all. It's an available option on most DHCP servers and passes a hex code to client devices. UniFi equipment looks for option 43 and then will use the supplied IP (in hex format) for it's inform.

Really neat way of doing it.

 

[Sin_Chase]

And how would it pass the information it received to the controller? Sorry if I’m being dim but I can’t see the mechanism by which the switch or access point gets adopted to the controller.

Option 43 would tell the device where to look for its inform.

The device would instigate adoption against the controller and everything would go from there.

AP - Hello DHCP, give me an address please

DHCP - Yo AP! Take 10.1.1.100, also take this Option 43 HEX Value

AP - Cheers. Oh, Opt 43 is giving me Vendor Specific Information, an address for me to inform at! (Controller at 10.1.1.253). Hey Controller, adopt me please.

Controller - Hello AP, let me look into that adoption for you.

Naturally you would have a different Inform Address for a Cloud Based controller but ultimately the same broad process.

 

[alex24]

What command did you issue in your SSH session to factory reset it?

syswrapper.sh restore-default

Also tried:

sudo syswrapper.sh restore-default

Also tried:

syswrapper.sh set-default

In each case I never saw any confirmation - the SSH session just closes and then I typically couldn't SSH back into the AP (connection refused) until I manually power cycle it (after waiting some time).

 

[doodah]

I'm about to go all in with Unifi (obviously not their access stuff), I hope this isn't a sign of things to come.

 

[the-evaluator]

syswrapper.sh restore-default

Also tried:

sudo syswrapper.sh restore-default

Also tried:

syswrapper.sh set-default

In each case I never saw any confirmation - the SSH session just closes and then I typically couldn't SSH back into the AP (connection refused) until I manually power cycle it (after waiting some time).

I've seen that happen before, I did some testing at the time and it was isolated to a couple of specific firmware versions, though I forget which.

 

[Jamauk]

I'm about to go all in with Unifi (obviously not their access stuff), I hope this isn't a sign of things to come.

I've no idea what is happening with Unifi right now. That video seems to be based around the lifespan of their products. Whilst I haven't had need or reason to upgrade a home network setup and so I haven't properly researched any of the new Unifi products. A quick look on the Ubiquiti Store Europe it doesn't look as though there have been many new products released recently.

I spoke with someone recently where I work who deals with the digital technology. I suggested Ubiquiti and he pointed out that they have a lot of features that they are looking for, however they are just too expensive to justify a complete change across the business, even as a gradual roll out, by the time they have changed one of the 1000+ locations, the older products would no longer be supported and the changes would start from the beginning.

He pointed out that the only way it would be reasonably justifiable would be if the controller software could at least adopt other switches or access points from other brands, even if they didn't allow full functionality it would make controlling of VLANS or just seeing if a switch is online or not. He didn't go into detail, but I very much doubt other brands would allow this with their controller software.

 

[lmfy2k]

syswrapper.sh restore-default

Also tried:

sudo syswrapper.sh restore-default

Also tried:

syswrapper.sh set-default

In each case I never saw any confirmation - the SSH session just closes and then I typically couldn't SSH back into the AP (connection refused) until I manually power cycle it (after waiting some time).

I’ve had one ac-lr that was a pain to adopt to our cloud controller. Did everything and couldn’t do it.

What worked though was adding to the UniFi iOS app. In the end we just marked it as faulty. Wasn’t worth any more time faffing around with it and gave it to a staff member to use at home.

 

[alex24]

I've seen that happen before, I did some testing at the time and it was isolated to a couple of specific firmware versions, though I forget which.

Seems to happen on all firmware versions I’ve had on this specific AP. Not the first time I’ve had that problem. Only thing I haven’t done is forced a reflash of the firmware int he recovery mode, which maybe could help. I think to get into that mode I’ll need physical access to the AP, so may have to wait until I paint the ceiling next time I redecorate

I’ve had one ac-lr that was a pain to adopt to our cloud controller. Did everything and couldn’t do it.

What worked though was adding to the UniFi iOS app. In the end we just marked it as faulty. Wasn’t worth any more time faffing around with it and gave it to a staff member to use at home.

Sounds exactly like the issues I’ve had. Once adopted though, it’s been a great AP. Blue light has faded a bit but I think that’s a common issue.

 

[WJA96]

I've no idea what is happening with Unifi right now. That video seems to be based around the lifespan of their products. Whilst I haven't had need or reason to upgrade a home network setup and so I haven't properly researched any of the new Unifi products. A quick look on the Ubiquiti Store Europe it doesn't look as though there have been many new products released recently.

I spoke with someone recently where I work who deals with the digital technology. I suggested Ubiquiti and he pointed out that they have a lot of features that they are looking for, however they are just too expensive to justify a complete change across the business, even as a gradual roll out, by the time they have changed one of the 1000+ locations, the older products would no longer be supported and the changes would start from the beginning.

He pointed out that the only way it would be reasonably justifiable would be if the controller software could at least adopt other switches or access points from other brands, even if they didn't allow full functionality it would make controlling of VLANS or just seeing if a switch is online or not. He didn't go into detail, but I very much doubt other brands would allow this with their controller software.

So this is technically true, but also a bit FUD. The actual access control works just fine for free with an unlimited number of users. That was never altered and they won't alter it. What you now need to pay for (for more than 5 users) is the extra bits that let you run your time and attendance software from the access controller, or your fire register. You always had to pay for more than 50 users and now it's 5. If you previously had 50 you still have 50 but new users are 5 freebies and then you pay.

What he says about Unifi Video is absolutely true. They totally messed up loads of people when they just switched off support for the old Unifi Video. I think they offered $200 against a new Protect controller when you abandoned Video for Protect but it put a lot of people off them. They have a history of launching products (often REALLY expensive products) and then just ditching them. Ever heard of the USG-XG-8? That was a beast of a router. Except it was launched a bit prematurely and it never really worked properly. £1500+VAT and they just stopped supporting it. I was swearing that day. And there are plenty of other products/projects that they started off and then ditched.

I do sometimes think that Robert Pera needs something and just tells the Alpha team to rustle a few up. Need access points for your Basketball team's sports stadium? That'll be the Unifi UWB-XG! Want a car charger for your Lucid Air? Sure, no problem Boss - Here's your Unifi EV Station! etc. etc.

 

[Caged]

I just want a VyOS-based router appliance that is ARM-based so it can do modern VPN protocols with support from the vendor, with routing performance somewhere between 1 and 10Gbps and the interfaces to match. I don't want to nurse a six-year old MIPS box and I don't want a router that needs to be configured with an app over Bluetooth. The UISP range is a joke and their PON stuff is really expensive compared to the big players.

Ultimately I don't want to buy products off the corporate equivalent of a kid with ADHD.

Edit: lol at UID costing around the same as Azure AD Premium, nobody is making that decision

 

[WJA96]

I just want a VyOS-based router appliance that is ARM-based so it can do modern VPN protocols with support from the vendor, with routing performance somewhere between 1 and 10Gbps and the interfaces to match. I don't want to nurse a six-year old MIPS box and I don't want a router that needs to be configured with an app over Bluetooth. The UISP range is a joke and their PON stuff is really expensive compared to the big players.

Why VyOS particularly?

 

[Caged]

The CLI is sensible. Mikrotik is really bad, and things like OpenWrt and the *sense of the world aren't really CLI driven options, it's a Linux/BSD box with some configuration scripts.

I'm not totally wed to VyOS but my understanding is it's what the EdgeRouter stuff was built off. I have an ER-4 that's been going for years, there's not really anything in the UI range that can replace it.

 

[WJA96]

Even the current UnifiOS is branched from Vyatta. Although Chris Buechler said it was a ground-up rewrite they didn't change an awful lot because I don't think they really knew anything else. It was more of a tidy-up from what I was told. So they basically delivered the same functionality but with tidier code. Which given the guy's six and a half-figure salary is pretty epic if you can get away with it.

 

[BlizzardX]

I've got an interesting problem that I'm struggling to solve. My entire network stack is Unifi (UDM Pro > Gen 2 24 port POE switch > Gen 1 24 port switch | U6 LR | IWHD > multiple outlets (TVs, homelab, PCs etc.). I have an Active Directory setup from my Server 2016 essentials which does the AD duties including DHCP and DNS with the unifi DNS disabled.

I use kaspersky kids to give some control over access times to the kids PCs as well as software and youtube etc. but I've hit an issue with the internal DNS. My sons PC, which is hardwired in to the network, has no problems with DNS and operates fine but my daughters PC, connected via WiFI 6 (U6 LR), has problems. After a few days Kaspersky kids stops communicating with their servers due to DNS failures. running ipconfig commands release/renew and then flushdns followed by a restart clears the DNS issue and we get a flurry of updates via email/Kaspersky mobile app until the issue happens again. The only other method to resolve this is to uninstall and then reinstall the app.... it is also only affecting the windows PC as tablets / phones are fine and never lose communication.

Kaspersky support indicated during a long problem solving call with them that the logs showed the commands getting stuck and unable to route out via DNS but the PC still operates fine for everything else.

The only thing different to the other PCs are that they are connected to the Unifi APs and when wired in the symptoms clear themselves automatically hence posting in this thread... Is there anything within the unifi wifi ecosystem that could cause DNS issues to manifest themselves?

 

[the-evaluator]

I've got an interesting problem that I'm struggling to solve. My entire network stack is Unifi (UDM Pro > Gen 2 24 port POE switch > Gen 1 24 port switch | U6 LR | IWHD > multiple outlets (TVs, homelab, PCs etc.). I have an Active Directory setup from my Server 2016 essentials which does the AD duties including DHCP and DNS with the unifi DNS disabled.

I use kaspersky kids to give some control over access times to the kids PCs as well as software and youtube etc. but I've hit an issue with the internal DNS. My sons PC, which is hardwired in to the network, has no problems with DNS and operates fine but my daughters PC, connected via WiFI 6 (U6 LR), has problems. After a few days Kaspersky kids stops communicating with their servers due to DNS failures. running ipconfig commands release/renew and then flushdns followed by a restart clears the DNS issue and we get a flurry of updates via email/Kaspersky mobile app until the issue happens again. The only other method to resolve this is to uninstall and then reinstall the app.... it is also only affecting the windows PC as tablets / phones are fine and never lose communication.

Kaspersky support indicated during a long problem solving call with them that the logs showed the commands getting stuck and unable to route out via DNS but the PC still operates fine for everything else.

The only thing different to the other PCs are that they are connected to the Unifi APs and when wired in the symptoms clear themselves automatically hence posting in this thread... Is there anything within the unifi wifi ecosystem that could cause DNS issues to manifest themselves?

If you're having to restart the PC to get things working again then save the bother doing the ipconfig stuff, that'll all happen as a part of a reboot.

I can't think of much on the UniFi side that would cause this. It's possible to restrict client access to DNS servers using firewall rules on the UDMP but I don't think that's the issue here or it'd never work.

Are the kids PC's in a separate VLAN?

How are those PC's getting their DNS servers? Static IP addressing? Static DNS? DHCP?

When the problem is there, can the problematic devices ping things on the internal network? Try to ping the UDMP. Can they ping things on the internet by IP? Try to ping 8.8.8.8.

From a problematic device, can you ping the Kasperspy DNS servers when things are working? Can you ping them when things aren't working? What happens if you try to do a DNS query whilst the problem is there from a powershell window / command prompt. What error do you get? Try to query another DNS server (try 8.8.8.8), do queries resolve?

If you temporarily set one problematic device to use the same DNS servers as the rest of your network does the problem occur or is it isolated to Kaspersky DNS?

 

[BlizzardX]

If you're having to restart the PC to get things working again then save the bother doing the ipconfig stuff, that'll all happen as a part of a reboot.

I can't think of much on the UniFi side that would cause this. It's possible to restrict client access to DNS servers using firewall rules on the UDMP but I don't think that's the issue here or it'd never work.

Are the kids PC's in a separate VLAN?

How are those PC's getting their DNS servers? Static IP addressing? Static DNS? DHCP?

When the problem is there, can the problematic devices ping things on the internal network? Try to ping the UDMP. Can they ping things on the internet by IP? Try to ping 8.8.8.8.

From a problematic device, can you ping the Kasperspy DNS servers when things are working? Can you ping them when things aren't working? What happens if you try to do a DNS query whilst the problem is there from a powershell window / command prompt. What error do you get? Try to query another DNS server (try 8.8.8.8), do queries resolve?

If you temporarily set one problematic device to use the same DNS servers as the rest of your network does the problem occur or is it isolated to Kaspersky DNS?

Surprisingly, the issue doesn't resolve itself with a reboot. The PC is shutdown daily and it doesn't clear unless I use those commands followed by a reboot. I forgot that this laptop also has the same issue but it doesn't come up as the kids don't use it but the software is installed just incase. No VLANS just straight shared IP range currently with all PCs apart from the homelab and AD servers being served by DHCP/DNS from the AD servers.

As this laptop isn't connecting either, I did some tests and it can resolve the DNS name for the kaspersky server in the dns resolver but it wouldn't reverse lookup the two IPs that came up. releasing and renewing the IP address on the laptop allowed it to sync the settings (unblocked the flow to the Kaspersky server) but again it won't resolve the IP address and it won't via google dns either... it just says a non-existant domain using nslookup. I'm not sure how this could be part of the problem though as its only affecting those PCs connected via the Wifi network and not wired in via one of the switches.

 

[ChrisD.]

If you take the problematic wireless computers and use a cable, does the problem go away?

 

[BlizzardX]

If you take the problematic wireless computers and use a cable, does the problem go away?

That I cannot answer yet, I haven't tried and they're both currently connecting fine. It normally only works for a few days and then bogs itself up again and refuses to connect/work. When it does, I'll try this laptop in the USB-C dock with ethernet in my office and I'll shift my daighers pc to my sons room to use his connection that's the easiest method.. it should work ok as the wired PC never has any trouble but its a good test.