Can't access hEX (pretty urgent)

I’ve gone and done it now.

I have a hEX at a location 100 miles away.

I was fiddling (remotely) and issues a reboot command. Now it is unreachable.

Luckily, it is not the primary router. It essentially is only a Wireguard device. But, it’s still pretty important.

I can remote into both the main router (Ubiquiti UDM) as well as a Windows PC on the LAN.

The main router does not show a connection from the hEX.

An IP scan from the Windows PC does not show the hEX.

Running Winbox from the PC does not show it in Neighbors.

Wireshark from the PC does not show any packets from the hEX’s IP or MAC address.

I have someone completely non-technical onsite and walked him through power cycling the hEX (twice).

I can see the ethernet port LED flashing on the hEX.

I loaded Netinstall on the PC and it did not find it.

Is there anything else I can do?

Thanks!

100 miles ? I’ve had it once with an SXT serving cAP AC and cAP mini over 900km away. No remote connection anymore, nobody onsite.
Small problem.
Luckily just the week before I was going towards that location so no major problems caused.

Netinstall should be done

1. putting Hex in netinstall mode (quite simple, press reset right after power on and keep pressing until it appears)
2. PC connected to ether1
3. NO other network interfaces active on that PC

I suppose there are no other Tiks on the network segment, ideally one with container possibility ?
There exists a container for netinstall …

Best case, that other Tik might see it in Romon Discovery (but then Winbox should see it too) ?

Is one of the ports off the bridge… Then the remote person could plug in a laptop and access the router that way…

I’ve got you all beat. Had the same experience with a router 11265.4 kilometers away from my location. Fortunately I had someone at the location who was able to reset the router and do a simple config so that I could connect and finalize the configuration. Unfortunately it was someone who is not technically inclined so a 15 minute task took 1.5 hours as I walked them through every step.

Moral of the story - never mess with something that’s working at a remote location unless you have a way to recover. My option nearly cost me my sanity as well as connectivity.

Problem is the person on-site is 100% non-technical. For example, the hEX has 2 wires connected to it now: Power and a single Ethernet cable. Took 3 minutes while on a video call, to get him to pull the correct (power) cable.

The PC is wired to another port on the UDM, and if I change the IP of that machine, I will lose access to it and be unable to continue with the Netinstall.

I do have other tiks on the LAN and no can see the hEX as a neighbor or via Romon.

Ugh.

I don’t recall if I left a port off of the bridge.

Regardless, plugging a cable from a port on the hEX to a laptop and running anything is way above the skill level of the person onsite.

A lesson that, for some reason, after decades, I still haven’t learned.

Buy a new hEX, configure it correctly, and ship it there.

Might effectively be the cheapest and fastest option.

Not really, with winbox on the PC, any one can act as your dummy typer.
Just going in remotely after and change the off bridge subnet to something different and change the login username and password.

The problem is if I set up the pc with a direct cable (or even through the UDM acting as a switch) it will require changing the ip settings on the pc and that would eliminate my remote access to the pc.

Time to hit the drawing table then as well to prevent this from happening again.

Maybe 2 x HEX in VRRP configuration, or a cold spare already configured and ready to go. Given what Hex cost, I’d lose no sleep over costs. Can’t say the same for having redundant CCR2004s though I’d do that if the application was critical enough.

Well, you already said you did not see the router in winbox or netinstall so no need trying IP. Apparently something is catastrophically wrong and the easiest is to replace it.
When you want to know what happened, have them return the current one after they received and installed the new device you send them.

I like the idea of having a second hex configured the same, and one can have the op at the other end unplug the old (power and cables) plug in the new and should be good to go…

I mean, to do a netinstall, I believe I need to have the connected pc be on 192.168.88.x

I don’t know how to do that and continue to have remote control of that pc.

I wonder if adding a second ip address to that pc (windows) would work.

I ordered a new hEX and just got it.

I have a recent export (.rsc) and am trying to use it, but I’m getting a lot of error messages that some commands fail because of existing config.

Is there a straightforward way to import a .rsc to a new MT device without any concern for overwriting the default config?

Assuming the original Hex is configured correctly and securely, why would you be worried about overwriting the default config of the new router? Were I in your place I would reset the new router and remove the default configuration. Then I’d run the .rsc commands in a terminal window. You’d save time and should have an exact mirror of the original Hex as of the date of the backup.

Not really. If export was “verbose”, then you could reset the new one to empty config, then importing it wouldn’t clash with config already present. If export is not “verbose”, then some things may be different (or missing). Not many, but still …

Well, after several attempts and realizing that a netinstall using at least a newer version of routeros and not adding the default config I was able to simply copy and paste the saved rsc.

Thanks for all the help everyone.