Hello,
since ~1 week, i have wifi problems with my MT hap ac^2.

All devices get irregular disconnects and no device is able to reconnect to the access point any more. Ethernet connection is still possible.

I'm using Firware 6.42.2 - but I have the same issue with the latest RC version.

The first time it happened the Log showed the following messages:
Since I read about some NTP issues, I switched to a different NTP server. The unicast key problem seems to be gone since then.
With my hap lite, i didn't have any issues like that for more than 2 years.

However, the group key exchange remains.
Update interval is 5 minutes. Using WPA with AES. WPA Passwort consists of letters and numbers only.

A group update interval of 5 minutes is rather low. What happens if you set it to an hour?

Hey!
I made the changes you suggested. Exact 25 hours after I made the changes and restarted the router, all clients disconnect again and can't reconnect.

Any more ideas?

Do you have any Virtual AP interface binded to any physical interface ?

yes i do - i have a virtual AP on 2.4 ghz which is used for the guest network

I checked my other devices, I see the same problem on a hap lite, cap ac and the already mentioned hap ac^2.

The following firmwares were tested on all of those devices so far:
- 6.40.8
- 6.42.2
- 6.42.3

Does this problem happens also on the RouterOS v6.43rc version?
It happens on both 2.4ghz and 5ghz wifi?
Only disable/enable helps?
Could you make support output file at that time and send it to support@mikrotik.com

Since i have these issues, i tried out every new RC version. It didn't help.

Enabling/Disabling helps, but not always. When i couldn't reconnect at all any more i just switched between firmwares to get it going again.

Support output file was sent to support last week. I'm waiting for a response.

I am unsure if it happens only on 2.4ghz or also on 5ghz. I will check and provide this information in 2-3 days, when I am at home again.


I also noticed group exchange timeouts on an hap lite, after updating it. Before, i didn't have any kind of such messages in the log.

6 days ago they just asked me if i already tried out the RC versions, which was already mentioned in the ticket itself.

since that time, i didn't get any response from the support.

Hello,

Thank you for writing to MikroTik Support.
This is an automated reply.

We will try to help you as soon as possible (reply might take up to 3 business days).

3 business days....

Every day I am getting more and more fed up with MT. The last 2 months were a pain. Let's see how long my patience will last.

Hello, we replied to your ticket within three business days stating a question about whether the issue is still relevant in the latest RC version at the time, but never got back a reply from you. Since 6.42.2 there have been quite a few improvements for hAP ac^2 and we hope that your issue is fixed within these releases. If it is not, please reply to the ticket you submitted.

I answered two times on the ticket:
- 1st time: 25.05.2018 at 11:54

Hello,
it does not appear on 6.41.4 or 60.40.8.

However, running the 60.40.8 isn't a real alternative to me, since the wireless performance of the device isn't as good as with the current or RC firmware.

Regards

- 2nd time: 28.05.2018 at 19:20

Hello,
after some more testing, i have to correct myself:

The issue appears on the following firmware Versions: 6.40.8, 6.42.2, 6.42.3.

More testing is going on here, on multiple devices.


Did you already make investigations in my support file?

Regards

I didn't get any error message from the mailservers or your ticket system. Messages to other people also arrived. So I assume they got delivered successfully.

I have reported the same issue on other thread. But I can add here that I have same issues on cAP ac as well. My firmware is 6.42.3. The WiFi will drop and if you check the log, it was “ group key timeout”. And my iPhone goes to LTE until you notice it. It won’t automatically reconnect to WiFi until you manually do it.

Hello, we replied to your ticket within three business days stating a question about whether the issue is still relevant in the latest RC version at the time, but never got back a reply from you. Since 6.42.2 there have been quite a few improvements for hAP ac^2 and we hope that your issue is fixed within these releases. If it is not, please reply to the ticket you submitted.

I just dropped a reminder by Email two minutes ago, that I still didn't get any response 1.5 weeks after the last message.

If my messages really don't appear in your ticket system, something is wrong with it. However, I don't believe that you didn't receive the Emails. I feel that's how Mikrotik support looks like these days. I expected something else. Won't buy any products any more, irregardless of how this issue will be solved or not solved from now on. Maybe even leaving some warnings for potential future customers on Amazon etc.

Thats's a message I received from support:

i see that this device is passing VLANs through, what is the lease time on DHCP server?
Does disconnects happen on intervals at half of lease time?
Can You increase it for a test?

My lease time was 3 days. I increased it to 5 days and didn't see any improvement.
brg3466, can you test this as well and share your experience?

Disconnects do not happen on a reproducable intervall - that means a NO to question no. 2 of the support.

it seams that I have the same isue:
Time Jun/07/2018 22:50:36
Buffer memory
Topics
wireless
info
Message 5C:CF:7F:B1:44:7C@wlan1: disconnected, group key exchange timeout

any help?

I used to have lease time for 5 minutes and later I changed to 1hr, but no improvement on the disconnection issues. I changed to 1 day the other day but the disconnection still happened.
My firmware is 6.42.3. My wireless setting is very simple , CCR1009 + 3 cAP ac and the CAPsMAN is on CCR1009. I tried to make static address on dhcp server for my apple stuff, iphone, ipad, etc , but it doesn't work. From time to time, the iphone lost connection due to the " group key exchange timeout" and couldn't connect to wifi automatically, I need to do it manually.

After I changed the DHCP Lease Time and told them that this did not have any positive or negative effect at all, they wrote me a new Email few hours ago.

They ask now if i collected some more information which would help them to understand the problem. Unfortunately I am not able to deliver more information, since I have absolutely no clue where else to look at. I already did change every potential relevant setting I can imagine.

They also didn't loose a single word about the support file I send them. It would be really nice to know if they find any "bad" setting in there. That's what I asked them now.

I don't have the feeling they even had a look at the file I send to them. All these one line responses just give me the feeling they just write back to me, to have an update in the ticket...

Let's see what there answer regarding my support file will be. They had enough time to look at it, to take that into account. I'm doing well with 6.41.4 now on my devices. All up-to-date versions of current / RC / bugfix channels are pure cancer when i have them on my devices.

What is your group key update time interval? What happens when you change it to 1hour?
Oh. You already did it...it helps to me always...
I have no other idea.

@Kerbia. do you get stable wifi under 6.41.4 ? If so, I probably want to switch back as well. The drop of Wifi due to this 'groupkey timeout" really bothered me. Hope that Mikrotik can do something about it and fix it.

Yeah, 6.41.4 runs stable for me. However, there is still the kinda weak throughput with this firmware. But at least it is quite stable.



Ping: Lenovo Y510 Notebook --> Mikrotik hap ac ^2 (6.42.3) With 6.41.4 Firmware I have no timeouts, and the ping is between <1 and 1 ms.

Everything can be reproduced on cap ac.

Also: I believe more and more and this happens only at 2.4ghz.

@brg3466, Did you see any disconnects / group exchange timeouts on 5ghz?
Also: What wireless protocoll is selected in your settings? - Is it "any"?

Small impression of the router log, while having a phone connected (or disconnected!).

Having fun in the last 6 minutes:

Hi I've got multiple clients with Capsman setups which display similar behaviour with different hardware.
RB2011RM + wAP AC + Capsman
RB3011 + wAP AC + Capsman
RB2011UiAS-2HnD-IN + Capsman
RB2011UiAS-2HnD-IN + cAP 2n + Capsman
In all situations one or more AP's show groupkey timeouts for 90+% of the clients and the clients give a verification error.
Other AP's seem to keep running fine in the same capsman setup.
This happened out of the blue starting a few weeks ago, it happens with multiple routerOS firmware versions including 6.42.3, 6.42.1 and 6.41.x.
Sometimes it can be resolved by rebooting the hardware and in other situations it resolved itself after a few hours.
I'm starting to think that the issue is related to a firmware/software update of client hardware which is incompatible with the mikrotik Wi-Fi implementation and it can take out an AP.
The screenshot shows one situation where this error occured last week.
I've seen this both on 2.4GHz and 5GHz.

What I have to note is that all sites where this has accured so fare are using lots of streaming devices.
Sonos, Chromecast, Apple TV, Heos, LG and Samsung smartphones and tablets.

Last email to support was sent on June 16th. Again no response yet. Not even a "sorry, it might take a bit longer" notification.

6.42.4 tests are going on. First impression is that exchange key problems got less but wifi has ping spikes. I even tested that on a location, where there is no other 2.4 ghz wifi around.

After two weeks still no new response from the "support".

I don's see any such emails in our system, we usually respond in a few work days. Tell me the ticket number that was assigned and I will check where the email was lost.

Try the following:
- On hap ac2:

--delete everything. reset with no defaults.
--use 6.42.5 firmware
Reenable CAPSMAN afterwards and set group key update time to 5 minutes, i.e.: 00:05:00 on CAPSMAN controller

I don's see any such emails in our system, we usually respond in a few work days. Tell me the ticket number that was assigned and I will check where the email was lost.

Ticket#2018052222003846

Last Email was sent at June 16, 10.59 am CET
I'm sending 50-100 Emails every day. It's interesting that they all arrive, except the ones that are for you guys...

I have three devices set up with CAPsMAN (one of course is the "manager"). The devices are 951G-2HnD devices. I was having similar issues, but I recently updated my RouterOS and RouterBOARD firmware on the devices to 6.42.5, and I'm not receiving any more messages like "disconnected, group key timeout". The maximum number of clients on my setup so for has been 37; ranging from Android devices to iOS devices to Desktops and Laptop. On prior versions I was getting "disconnected, group key timeout" all the time.

Here are my CAPsMAN settings:
For the full configuration, you can see my post here: https://www.reddit.com/r/mikrotik/comme ... accepting/

I hope this is helpful B-)

I do hope that the new firmware can solve this annoying issues. Since months ago, I was trying different configurations to fight this " group key timeout" issue but failed. I will go update the firmware the first thing when I am back home today and see if it happens again. Have to say, it is really a headache !

I don's see any such emails in our system, we usually respond in a few work days. Tell me the ticket number that was assigned and I will check where the email was lost.

If this statement would have been true, how is it possible that I received a poor one line response today (after 3.5 weeks - not 3 days!) where they suggest using b/g/n and a different frequency.
That's not the kind of question anyone wants to hear after numerous responses and almost 2 months after the intial email.

If your companys support has some capacity problems atm, just be honest and stop lying.

6.42.5 is running fine now with my original settings. thank god, however all trust is gone after seeing this clown-fiesta with the support.

However, thanks for that detailled impression of the after sale service. My next order will be placed at UBNT.

I upgraded to 6.42.6 and it ran smoothly until this morning. I found my iPhone was using LTE....

I checked the log and it was again the 'group key time out".



( I don't know how to insert the screen shot , didn't find the button in the toolbar)

@Kerbia, I sent the suport.rif file together with the screenshot to support @mikrotik.com , let's see if they can receive it and reply.

Just some update, the support asked me to try to set the CAPsMAN data rates to default. ( because I set the basic rates at 6M).

Anyone who has experienced the group-key time out with the default data rates ?

anyone who can tell me how to upload photo ? I found a button 'insert image' but cannot upload the photos.

I have some interesting photos shows that both registration table and the log indicate that my iPhone connected to the AP but the iPhone home screen only shows LTE.

@Kerbia, I sent the suport.rif file together with the screenshot to support @mikrotik.com , let's see if they can receive it and reply.

Advice:

1.) Read
2.) Post

Not the other way around.

Support didn't help at all. They're lying about not receiving Emails, but then answer to them after weeks of waiting.

6.42.6 --> say hello to group exchange timeouts again.

don't update from 6.42.5..

Have the same issue with samsung smart tv .
today i update to rc version and in dhcp tick add arp for leases
now i am testing and its look good no dc can watch my netflix ...

6.42.6 --> say hello to group exchange timeouts again.

don't update from 6.42.5..

Same behaviour with 6.42.7
I am using 922UAGS-5HPacT and some mobile users can not login at all because of group exchange timeout.

I resolved my issue by changing wireless basic and supported rates. I do not understand how these 2 things relates to each other but it helped me
I am back to 6.42.7. Everything works fine.

@opkky can you elaborate a bit ? You change basic rate and support rate to what level ?

I am still suffering from this issue.

Thank you !

6.42.7 runs quite fine - but webserver is broken there.

6.43.2 intense group key exchange problem as usual. it's 4 months since this issue has not been fixed. i just plugged in my mikrotik for a week of testing, not using them anywhere in any productive environment.