MikroTik hAP ax² brick?

Hardware MikroTik hardware general
1

Hi everyone,

I have a MikroTik hAP ax² that worked perfectly for over a year and then started acting strange.
First the Wi-Fi networks began disappearing, then even the wired part would stop responding. A reboot always fixed it temporarily.

One day it rebooted on its own, seemed to be running, but I could no longer connect to it at all.
After a hardware reset (holding the reset button), the device reset to factory defaults. It is now visible in Winbox by MAC address, but when I try to connect it hangs forever on the “Logging” stage. If I deliberately enter a wrong password, it correctly says “invalid username or password”, so the device is definitely responding.

What I have already tried:

  • Netinstall on Windows 10 and Windows 11 (antivirus and firewall completely disabled) — no luck.
  • Netinstall CLI on Ubuntu 24.04, 20.04 and Alpine — exactly the same behaviour on all three.
    I noticed that when I run netinstall-cli on Linux I never see the line “PXE server started” (or any mention of the TFTP server starting), only endless “Assigned 192.168.88.3 to 48:A9:8A:6E:89:17”.

Does anyone have any ideas or suggestions?
I would really appreciate any help. Thank you in advance!

IMG_5867.HEIC
IMG_5867.HEIC3024×4032 3.16 MB

2

Do you know what version you was on, when it's was working.
If that is like ver 6, you could try to use a old version of the netinstall from that version.
And do you connect the pc to the device ethernet port 1 (WAN) ?

1 Like
3

It’s a hap ax2. Only ROS 7 possible.

  • do not use “-a” param. “-i eno1” is enough. netinstall-cli will auto-assign IP
  • you need routeros + wifi-qcom packages
  • connect cable to eth1 of hap ax2
  • you need to unplug device from power, hold reset button, connect to power. hold reset-button until recognized by netinstall

This should work.

1 Like
4

Any strange issues may be related to power adapter. Check (replace) it first.
Other possibility—dead memory, then yeah, it is brick. But I did not hear about dead memory in MikroTiks.

1 Like
5

The last time I updated was to 7.13. I think it was the last one. The arm64 architecture only supported 7 routers, as far as I remember.

6

1)I tried without an address. The situation didn't change.

IMG_5870.HEIC
IMG_5870.HEIC3024×4032 3.17 MB

  1. I'll give it a try. I was thinking of flashing it later through a shell (Winbox or web)
  2. Of course I do that.
  3. Yes, I tried different times. I let go after 5 seconds after the ticker started, immediately, and after a minute. The result was the same.
7

Any strange issues may be related to power adapter. Check (replace) it first.
Other possibility—dead memory, then yeah, it is brick. But I did not hear about dead memory in MikroTiks.

I took one from 4011 right away for testing. Unfortunately, the problem remained.

8

Is the device directly connected to this NUC?

One more thing. When you hold the reset button before plugging power then backup bootloader is used. if you plug without holding reset, the regular bootloader is used. The principle of 15+ seconds holding the reset button (until usr led turns off) always applies.

see RouterBOOT - RouterOS - MikroTik Documentation

1 Like
9

Yes. Directly. Wi-Fi is disabled. I changed patch cords. I read the instructions with a switch in the middle, but I don't have a switch.

Let me try to describe my steps. I might be making a mistake at some point. First, I download and unzip NetInstallCLI and the same version of Routeros. Then, on the network interface, I assign the address 192.168.88.2 and mask 24. Then I run the command line as in the screenshots. The patch cord connects the Ethernet port of the nuke to port 1 of the Mikrotik. Then I hold down the reset button and apply power to the Mikrotik. I wait until the command line with requests (as in the screenshot) appears in the terminal and release it. I usually hold it down for about 35 seconds. I tried not releasing the reset button, but that didn't help either.

10

As Infabo hinted, you are using the backup bootloader only, though it seems functional, otherwise netinstall would not be able to assign the IP.

Try anyway also with the "main" one, it is selected by pressing the reset immediately after powering the device, see:

Chack the power supply, it is fairly common that they fail, and sometimes they fail in such a way that they seem functional (i.e. they do provide 24V but they cannot provide enough Amperes).

If nothing works check this:
https://tangentsoft.com/mikrotik/wiki?name=Run%20NetInstall%20in%20a%20VM

1 Like
11

I just decided to check if I was getting errors with another device. RB750. It flashed successfully.

IMG_5871.HEIC
IMG_5871.HEIC4032×3024 3.3 MB

I understand that devices consume different amounts of power, but I replaced the power supply with a known-good RB4011.

I'll try with the main bootloader. Thanks for the tip.

1 Like
12

The only time I had with devices not responding was after few years or RB951 we had to decomission it because even reboots/reflash wasn’t helping him. Had also one that the leds did not work properly and wifi would drop, but thats also after many years of excelent work.

Mikrotik states a time usage for those device on datasheet, its most of the time very high but some failures happens. Hope its not your case.

13

Have you tried with a different power supply that matches the voltage and Amps?

14

Do you like me, trying out a another firmware like OpenWRT and had to switch the RouterBoot from bootp to dhcp ?
This repeted messages reminds me of that.

And how to get the RoterBoot netinstall image, has being evolved to mutch easier method see how it's done with the netinstall python method in this page:

This is how I solved this:

1 Like
15

Of course. It was one of the first and easiest steps. Unfortunately, it didn't solve the problem.

16

Unfortunately, my knowledge is probably not enough to follow your instructions. I created a folder and copied two directories from git into it(dhtest + pynetinstall). According to the instructions from pynetinstall, I received various files, including:

18.17.31
18.17.31766×310 29.4 KB

there were no problems with this part:

sudo systemctl stop NetworkManager.service
sudo ip address flush eno1
sudo ip address add 192.168.88.1/24 dev eno1

but here an error was already waiting for me:

sudo ./netinstall-cli -a 127.0.0.2 netinstall-cli & sudo ./dhtest/dhtest -T 5 -o "arm64_boot" -i lo

but here an error was already waiting for me:

Screenshot from 2025-12-05 18-35-38
Screenshot from 2025-12-05 18-35-38786×443 88.4 KB

I understand that he doesn't like the executable file, but I can't figure out what else to give him. I know this is a pretty stupid question, but maybe you can correct me. Thank you.

17

Sorry for my bad english, and that may be more confuse for you.
Now you have extracted the RouterBoot Netinstall (the arm64 elf file) image with the python code from the netinstall.exe file.
You don't need to use the dhtest app.
That app was used before to extracting the code before the python method.

So now you have to use dnsmasq command to send the RouterBoot Netinstall image (the arm64 elf file) to the device and then run the netinstall with the same ip like you leased out with dnsmasq command.

So this netinstall-cli is sending stage 1 to the device, and the device is running that to get the stage 2 that is tha RouterOS from the netinstall-cli. The stage 1 is being running in the device that formatting and flashes the RouterOS into the nand.

I have being in contact with Mikrotik let them know that netinstall don't support dhcp ip lease, only bootp.

First this:

sudo systemctl stop NetworkManager.service
sudo ip address flush eno1
sudo ip address add 192.168.88.1/24 dev eno1
sudo dnsmasq --port=0 --no-daemon --interface=eno1 --dhcp-range="192.168.88.2,192.168.88.254,12h" --dhcp-leasefile=dnsmasq.leases --enable-tftp --dhcp-authoritative --bootp-dynamic --dhcp-boot=netinstall-7.20.5-id139-ARM64.elf --tftp-no-blocksize --tftp-root="$(pwd)" --log-dhcp --log-queries

You shuold see that the file is being send to the device, and after the file being sent you just press CTRL and C to stop dnsmasq command. Then run the regular netinstall-cli, and take a note what ip the device being leased out and then put that ip adress into the netinstall command.

sudo netinstall-cli -r -a 192.168.88.2 -i eno1 ./routeros-7.20.5-arm64.npk

After flashing, just change your ip (PC) again to 192.168.88.2 and change port from WAN to LAN, and then try to access the webfig http://192.168.88.1, so you can change the dhcp to bootp again.

sudo ip address flush eno1
sudo ip address add 192.168.88.2/24 dev eno1

Don't give up, and Happy Hacking :grinning_face:

1 Like
18

I'm not giving up, but it looks like the problem is deeper. I did everything as you advised, but the result remained the same.

Screenshot from 2025-12-05 20-21-27
Screenshot from 2025-12-05 20-21-271272×803 208 KB

Screenshot from 2025-12-05 20-34-57
Screenshot from 2025-12-05 20-34-571272×767 149 KB

What confuses me is that I don’t see the line about "PXE server..."

19

I like what I see.
But I don't see that the file is being sent in the log.
Like that log I get:

dnsmasq-tftp: sent /home/patrik/Projekt/mikrotik/netinstall.mips to 192.168.88.4

You could try to rename the file to like netinstall.arm64 , maybe the name is to long.
There also a linux command that can see if the file is a arm64 code, you can run that to check if the file is for arm64(aarch64).

file netinstall.arm64

And of cource change the dnsmasq line to reflect the new name.
I think you don't get the PXE Server line, you should get like you get with the device you succeeded to flash.

1 Like