Community discussions

MikroTik App
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue May 22, 2018 1:59 pm

Hello,
since ~1 week, i have wifi problems with my MT hap ac^2.

All devices get irregular disconnects and no device is able to reconnect to the access point any more. Ethernet connection is still possible.

I'm using Firware 6.42.2 - but I have the same issue with the latest RC version.

The first time it happened the Log showed the following messages:
disconnected, group key exchange timeout
disconnected, unicast key exchange timeout
Since I read about some NTP issues, I switched to a different NTP server. The unicast key problem seems to be gone since then.
With my hap lite, i didn't have any issues like that for more than 2 years.

However, the group key exchange remains.
Update interval is 5 minutes. Using WPA with AES. WPA Passwort consists of letters and numbers only.
Last edited by Kerbia on Fri May 25, 2018 1:18 pm, edited 2 times in total.
 
aidan
newbie
Posts: 29
Joined: Thu Jun 25, 2015 12:48 am

Re: hap ac^2 - Disconnects and no Reconnect possible - Group Key Exchange

Tue May 22, 2018 3:26 pm

A group update interval of 5 minutes is rather low. What happens if you set it to an hour?
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Disconnects and no Reconnect possible - Group Key Exchange

Wed May 23, 2018 4:43 pm

Hey!
I made the changes you suggested. Exact 25 hours after I made the changes and restarted the router, all clients disconnect again and can't reconnect.

Any more ideas?
 
Sparxx
just joined
Posts: 13
Joined: Wed Mar 18, 2015 7:59 am

Re: hap ac^2 - Disconnects and no Reconnect possible - Group Key Exchange

Wed May 23, 2018 5:07 pm

Do you have any Virtual AP interface binded to any physical interface ?
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Disconnects and no Reconnect possible - Group Key Exchange

Wed May 23, 2018 5:19 pm

yes i do - i have a virtual AP on 2.4 ghz which is used for the guest network
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sat May 26, 2018 11:45 am

I checked my other devices, I see the same problem on a hap lite, cap ac and the already mentioned hap ac^2.

The following firmwares were tested on all of those devices so far:
- 6.40.8
- 6.42.2
- 6.42.3
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Mon May 28, 2018 10:38 am

Does this problem happens also on the RouterOS v6.43rc version?
It happens on both 2.4ghz and 5ghz wifi?
Only disable/enable helps?
Could you make support output file at that time and send it to support@mikrotik.com
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Mon May 28, 2018 8:14 pm

Since i have these issues, i tried out every new RC version. It didn't help.

Enabling/Disabling helps, but not always. When i couldn't reconnect at all any more i just switched between firmwares to get it going again.

Support output file was sent to support last week. I'm waiting for a response.

I am unsure if it happens only on 2.4ghz or also on 5ghz. I will check and provide this information in 2-3 days, when I am at home again.


I also noticed group exchange timeouts on an hap lite, after updating it. Before, i didn't have any kind of such messages in the log.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri Jun 01, 2018 2:57 am

6 days ago they just asked me if i already tried out the RC versions, which was already mentioned in the ticket itself.

since that time, i didn't get any response from the support.
Hello,

Thank you for writing to MikroTik Support.
This is an automated reply.

We will try to help you as soon as possible (reply might take up to 3 business days).
3 business days....

Every day I am getting more and more fed up with MT. The last 2 months were a pain. Let's see how long my patience will last.
 
Rudolfs
just joined
Posts: 16
Joined: Fri Jun 01, 2018 8:57 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri Jun 01, 2018 9:47 am

Hello, we replied to your ticket within three business days stating a question about whether the issue is still relevant in the latest RC version at the time, but never got back a reply from you. Since 6.42.2 there have been quite a few improvements for hAP ac^2 and we hope that your issue is fixed within these releases. If it is not, please reply to the ticket you submitted.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri Jun 01, 2018 1:30 pm

I answered two times on the ticket:
- 1st time: 25.05.2018 at 11:54
Hello,
it does not appear on 6.41.4 or 60.40.8.

However, running the 60.40.8 isn't a real alternative to me, since the wireless performance of the device isn't as good as with the current or RC firmware.

Regards

- 2nd time: 28.05.2018 at 19:20
Hello,
after some more testing, i have to correct myself:

The issue appears on the following firmware Versions: 6.40.8, 6.42.2, 6.42.3.

More testing is going on here, on multiple devices.


Did you already make investigations in my support file?

Regards
I didn't get any error message from the mailservers or your ticket system. Messages to other people also arrived. So I assume they got delivered successfully.
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sat Jun 02, 2018 8:47 pm

I have reported the same issue on other thread. But I can add here that I have same issues on cAP ac as well. My firmware is 6.42.3. The WiFi will drop and if you check the log, it was “ group key timeout”. And my iPhone goes to LTE until you notice it. It won’t automatically reconnect to WiFi until you manually do it.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Jun 05, 2018 2:18 am

Hello, we replied to your ticket within three business days stating a question about whether the issue is still relevant in the latest RC version at the time, but never got back a reply from you. Since 6.42.2 there have been quite a few improvements for hAP ac^2 and we hope that your issue is fixed within these releases. If it is not, please reply to the ticket you submitted.
I just dropped a reminder by Email two minutes ago, that I still didn't get any response 1.5 weeks after the last message.

If my messages really don't appear in your ticket system, something is wrong with it. However, I don't believe that you didn't receive the Emails. I feel that's how Mikrotik support looks like these days. I expected something else. Won't buy any products any more, irregardless of how this issue will be solved or not solved from now on. Maybe even leaving some warnings for potential future customers on Amazon etc.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Thu Jun 07, 2018 1:02 pm

Thats's a message I received from support:
i see that this device is passing VLANs through, what is the lease time on DHCP server?
Does disconnects happen on intervals at half of lease time?
Can You increase it for a test?
My lease time was 3 days. I increased it to 5 days and didn't see any improvement.
brg3466, can you test this as well and share your experience?

Disconnects do not happen on a reproducable intervall - that means a NO to question no. 2 of the support.
 
gm2066
just joined
Posts: 2
Joined: Wed May 23, 2018 10:49 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri Jun 08, 2018 12:05 am

it seams that I have the same isue:
Time Jun/07/2018 22:50:36
Buffer memory
Topics
wireless
info
Message 5C:CF:7F:B1:44:7C@wlan1: disconnected, group key exchange timeout

any help?
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Mon Jun 11, 2018 2:46 am

I used to have lease time for 5 minutes and later I changed to 1hr, but no improvement on the disconnection issues. I changed to 1 day the other day but the disconnection still happened.
My firmware is 6.42.3. My wireless setting is very simple , CCR1009 + 3 cAP ac and the CAPsMAN is on CCR1009. I tried to make static address on dhcp server for my apple stuff, iphone, ipad, etc , but it doesn't work. From time to time, the iphone lost connection due to the " group key exchange timeout" and couldn't connect to wifi automatically, I need to do it manually.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Jun 12, 2018 7:36 pm

After I changed the DHCP Lease Time and told them that this did not have any positive or negative effect at all, they wrote me a new Email few hours ago.

They ask now if i collected some more information which would help them to understand the problem. Unfortunately I am not able to deliver more information, since I have absolutely no clue where else to look at. I already did change every potential relevant setting I can imagine.

They also didn't loose a single word about the support file I send them. It would be really nice to know if they find any "bad" setting in there. That's what I asked them now.

I don't have the feeling they even had a look at the file I send to them. All these one line responses just give me the feeling they just write back to me, to have an update in the ticket...

Let's see what there answer regarding my support file will be. They had enough time to look at it, to take that into account. I'm doing well with 6.41.4 now on my devices. All up-to-date versions of current / RC / bugfix channels are pure cancer when i have them on my devices.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Jun 12, 2018 8:50 pm

What is your group key update time interval? What happens when you change it to 1hour?
Oh. You already did it...it helps to me always...
I have no other idea.
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Wed Jun 13, 2018 7:34 pm

@Kerbia. do you get stable wifi under 6.41.4 ? If so, I probably want to switch back as well. The drop of Wifi due to this 'groupkey timeout" really bothered me. Hope that Mikrotik can do something about it and fix it.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sat Jun 16, 2018 11:52 am

Yeah, 6.41.4 runs stable for me. However, there is still the kinda weak throughput with this firmware. But at least it is quite stable.



Ping: Lenovo Y510 Notebook --> Mikrotik hap ac ^2 (6.42.3)
mikrotik_2.png
With 6.41.4 Firmware I have no timeouts, and the ping is between <1 and 1 ms.

Everything can be reproduced on cap ac.

Also: I believe more and more and this happens only at 2.4ghz.

@brg3466, Did you see any disconnects / group exchange timeouts on 5ghz?
Also: What wireless protocoll is selected in your settings? - Is it "any"?
You do not have the required permissions to view the files attached to this post.
Last edited by Kerbia on Tue Jun 19, 2018 10:51 pm, edited 1 time in total.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sat Jun 16, 2018 12:02 pm

Small impression of the router log, while having a phone connected (or disconnected!).
You do not have the required permissions to view the files attached to this post.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sat Jun 16, 2018 12:13 pm

Having fun in the last 6 minutes:
You do not have the required permissions to view the files attached to this post.
 
sjoukes
just joined
Posts: 9
Joined: Wed Nov 01, 2017 5:44 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Wed Jun 20, 2018 12:29 pm

Hi I've got multiple clients with Capsman setups which display similar behaviour with different hardware.
RB2011RM + wAP AC + Capsman
RB3011 + wAP AC + Capsman
RB2011UiAS-2HnD-IN + Capsman
RB2011UiAS-2HnD-IN + cAP 2n + Capsman
In all situations one or more AP's show groupkey timeouts for 90+% of the clients and the clients give a verification error.
Other AP's seem to keep running fine in the same capsman setup.
This happened out of the blue starting a few weeks ago, it happens with multiple routerOS firmware versions including 6.42.3, 6.42.1 and 6.41.x.
Sometimes it can be resolved by rebooting the hardware and in other situations it resolved itself after a few hours.
I'm starting to think that the issue is related to a firmware/software update of client hardware which is incompatible with the mikrotik Wi-Fi implementation and it can take out an AP.
The screenshot shows one situation where this error occured last week.
I've seen this both on 2.4GHz and 5GHz.

What I have to note is that all sites where this has accured so fare are using lots of streaming devices.
Sonos, Chromecast, Apple TV, Heos, LG and Samsung smartphones and tablets.
You do not have the required permissions to view the files attached to this post.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Mon Jun 25, 2018 4:49 pm

Last email to support was sent on June 16th. Again no response yet. Not even a "sorry, it might take a bit longer" notification.

6.42.4 tests are going on. First impression is that exchange key problems got less but wifi has ping spikes. I even tested that on a location, where there is no other 2.4 ghz wifi around.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sun Jul 01, 2018 10:29 pm

After two weeks still no new response from the "support".
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Mon Jul 02, 2018 3:57 pm

I don's see any such emails in our system, we usually respond in a few work days. Tell me the ticket number that was assigned and I will check where the email was lost.
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Mon Jul 02, 2018 6:09 pm

Try the following:
- On hap ac2:

--delete everything. reset with no defaults.
--use 6.42.5 firmware
/interface wireless cap set enabled=no
/interface wireless set adaptive-noise-immunity=ap-and-client-mode wlan2
/interface wireless set adaptive-noise-immunity=ap-and-client-mode wlan1 
/interface wireless set amsdu-limit=4096 amsdu-threshold=4096 mode=ap-bridge wps-mode=disabled wlan2
/interface wireless set amsdu-limit=4096 amsdu-threshold=4096 mode=ap-bridge wps-mode=disabled wlan1
/interface wireless set wireless-protocol=802.11 wlan2
/interface wireless set wireless-protocol=802.11 wlan1 
/interface wireless set wmm-support=enabled wlan2
/interface wireless set wmm-support=enabled wlan1
Reenable CAPSMAN afterwards
...
/interface wireless cap set enabled=yes
and set group key update time to 5 minutes, i.e.: 00:05:00 on CAPSMAN controller
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Jul 03, 2018 1:09 pm

I don's see any such emails in our system, we usually respond in a few work days. Tell me the ticket number that was assigned and I will check where the email was lost.
Ticket#2018052222003846

Last Email was sent at June 16, 10.59 am CET
I'm sending 50-100 Emails every day. It's interesting that they all arrive, except the ones that are for you guys... :?
 
User avatar
aaronvonawesome
just joined
Posts: 10
Joined: Mon Jul 18, 2016 7:44 pm
Location: Columbus, OH

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Wed Jul 04, 2018 2:24 pm

I have three devices set up with CAPsMAN (one of course is the "manager"). The devices are 951G-2HnD devices. I was having similar issues, but I recently updated my RouterOS and RouterBOARD firmware on the devices to 6.42.5, and I'm not receiving any more messages like "disconnected, group key timeout". The maximum number of clients on my setup so for has been 37; ranging from Android devices to iOS devices to Desktops and Laptop. On prior versions I was getting "disconnected, group key timeout" all the time.

Here are my CAPsMAN settings:
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm group-key-update=5m name=My-Awesome-WiFi-Security passphrase=battle-of-wits
/caps-man configuration
add channel.tx-power=30 country="united states" datapath=datapath-awesome disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=any hw-protection-mode=rts-cts hw-retries=7 keepalive-frames=enabled max-sta-count=150 mode=ap multicast-helper=default name=config-awesome-WiFi rx-chains=0,1 security=My-Awesome-WiFi-Security ssid=vonAwesome tx-chains=0,1
For the full configuration, you can see my post here: https://www.reddit.com/r/mikrotik/comme ... accepting/

I hope this is helpful B-)
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Mon Jul 09, 2018 10:12 pm

I do hope that the new firmware can solve this annoying issues. Since months ago, I was trying different configurations to fight this " group key timeout" issue but failed. I will go update the firmware the first thing when I am back home today and see if it happens again. Have to say, it is really a headache !
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Jul 10, 2018 5:27 pm

I don's see any such emails in our system, we usually respond in a few work days. Tell me the ticket number that was assigned and I will check where the email was lost.

If this statement would have been true, how is it possible that I received a poor one line response today (after 3.5 weeks - not 3 days!) where they suggest using b/g/n and a different frequency.
That's not the kind of question anyone wants to hear after numerous responses and almost 2 months after the intial email.

If your companys support has some capacity problems atm, just be honest and stop lying.

6.42.5 is running fine now with my original settings. thank god, however all trust is gone after seeing this clown-fiesta with the support.

However, thanks for that detailled impression of the after sale service. My next order will be placed at UBNT.
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Jul 17, 2018 10:16 pm

I upgraded to 6.42.6 and it ran smoothly until this morning. I found my iPhone was using LTE....

I checked the log and it was again the 'group key time out".

Image

( I don't know how to insert the screen shot , didn't find the button in the toolbar)
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Jul 17, 2018 11:11 pm

@Kerbia, I sent the suport.rif file together with the screenshot to support @mikrotik.com , let's see if they can receive it and reply.
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri Jul 20, 2018 10:23 pm

Just some update, the support asked me to try to set the CAPsMAN data rates to default. ( because I set the basic rates at 6M).

Anyone who has experienced the group-key time out with the default data rates ?
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Jul 31, 2018 9:40 pm

anyone who can tell me how to upload photo ? I found a button 'insert image' but cannot upload the photos.

I have some interesting photos shows that both registration table and the log indicate that my iPhone connected to the AP but the iPhone home screen only shows LTE.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Thu Aug 02, 2018 2:56 pm

@Kerbia, I sent the suport.rif file together with the screenshot to support @mikrotik.com , let's see if they can receive it and reply.
Advice:

1.) Read
2.) Post

Not the other way around.

Support didn't help at all. They're lying about not receiving Emails, but then answer to them after weeks of waiting.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Aug 14, 2018 1:45 pm

6.42.6 --> say hello to group exchange timeouts again.

don't update from 6.42.5..
 
damboor
just joined
Posts: 1
Joined: Sun Aug 19, 2018 11:10 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sun Aug 19, 2018 11:14 pm

Have the same issue with samsung smart tv .
today i update to rc version and in dhcp tick add arp for leases
now i am testing and its look good no dc can watch my netflix ...
 
opkky
just joined
Posts: 4
Joined: Mon Jan 02, 2017 8:19 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Wed Aug 29, 2018 2:21 am

6.42.6 --> say hello to group exchange timeouts again.

don't update from 6.42.5..
Same behaviour with 6.42.7
I am using 922UAGS-5HPacT and some mobile users can not login at all because of group exchange timeout.

I resolved my issue by changing wireless basic and supported rates. I do not understand how these 2 things relates to each other but it helped me :-)
I am back to 6.42.7. Everything works fine.
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Thu Aug 30, 2018 8:04 am

@opkky can you elaborate a bit ? You change basic rate and support rate to what level ?

I am still suffering from this issue.

Thank you !
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Mon Sep 24, 2018 3:13 pm

6.42.7 runs quite fine - but webserver is broken there.

6.43.2 intense group key exchange problem as usual. it's 4 months since this issue has not been fixed. i just plugged in my mikrotik for a week of testing, not using them anywhere in any productive environment.
 
sjoukes
just joined
Posts: 9
Joined: Wed Nov 01, 2017 5:44 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sun Dec 30, 2018 5:26 pm

Anyone experiencing this issue please update to 6.43.8

I've been debugging this and comparing the Group Key Handshake (GTK update) between 6.43.7 and 6.43.8 during the weekend, since I have a lot of clients with the famous group-key timeout issue.
I came to the following conclusion: if you set the group-key-update timer to 1:00:00 (1 Hour) on versions 6.43.7 and older the group-key is updated every 36 seconds instead of 3600 ( I believe the minimum interval should be 5 minutes (300 seconds)).
After you apply the 6.43.8 update the Group Key Handshake is performed every 3600 seconds just like configured. I did not test any value lower than 1 hour, so I don't know what it did when set to 30 minutes or 5 minutes.
The GTK is shared on establishing a new connection to a Wi-Fi ap during the WPA(2) 4 way handshake. After that it is updated every configured interval with an advised minimum of 300 seconds via a 2 way handshake. You can imagen what happens when a client misses this update and is unable to communicate (unicast/multicast) after it expired. I did not fully read the 802.11 spec. I believe an expired key can be used up to 60 seconds after it expired after that a client needs to re-establish its connection, probably by performing a full 4 way handshake effectively losing its Wi-Fi connection.
Long story short, the Group Key Update feature is working now like it should and did not work before as expected and was probably causing a lot of issues on busy networks or on devices in battery save mode since it had a a lot of opportunities for missing an update of the GTK.
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sun Dec 30, 2018 10:43 pm

@sjoukes Thank you very much for the info ! Really appreciate you dig into it and had some conclusions. Yes, this GKT issue bother me for a long time and Mikrotik actually didn't explain anything about it, neither told us how to solve it. You really did a good job on it and hopefully 6.43.8 solved it. Will upgrade it right now and see the outcome.
Thank you again and happy new year of 2019 !
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sun Jan 06, 2019 3:33 pm

@sjoukes would you be so kind and let me have a look at your "fixed" settings where the group exchange timeout doesn't happen any more?

While running 6.42.9 I didn't have any issues the last months on a hap ac^2, while shit is driving my nuts on a cap ac.
Both access points are connected to the same router still.

I'm so disapointed of MT after I bought the new ARM devices whole router os on wifi devices is just sh***. While it was rock solid over all the last years.
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Wed Jan 09, 2019 7:44 pm

Okay, so with 6.43.8 it's still not fixed.

Group exchange timeouts happen exactly in the intervall that is set in the security profile. For me that's atm one hour.

Good job, Mikrotik. NOT!
 
sjoukes
just joined
Posts: 9
Joined: Wed Nov 01, 2017 5:44 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Thu Jan 10, 2019 10:05 am

@sjoukes would you be so kind and let me have a look at your "fixed" settings where the group exchange timeout doesn't happen any more?

While running 6.42.9 I didn't have any issues the last months on a hap ac^2, while shit is driving my nuts on a cap ac.
Both access points are connected to the same router still.

I'm so disapointed of MT after I bought the new ARM devices whole router os on wifi devices is just sh***. While it was rock solid over all the last years.
All my setups are based on Capsman implementations.

We use the following combinations:
RB2011RM + wAP AC + Capsman
RB3011 + wAP AC + Capsman
RB2011UiAS-2HnD-IN + Capsman
RB2011UiAS-2HnD-IN + cAP 2n + Capsman
RB2011UiAS-2HnD-IN + wAP AC + Capsman
hap ac^2 + Capsman
hap ac^2 + wAP AC + Capsman

After the upgrade to 6.43.8 I did not see any structural group key time-outs on updated clients.
I double checked our central monitoring system and I only see massive group key timeouts at clients with software below 6.43.8.
Some incidental group-key and 4-way handshake timeouts on 6.43.8. but they could all be caused by low signal strengt and or people walking in and out of buildings.
So all has been stable since the update.

I use the following basic setup ( I left out some parts like guest networks, VLAN tagging, multiple bridges etc.)
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes package-path=/firmware upgrade-policy=suggest-same-version

/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2462 name=2GHz-11 save-selected=yes skip-dfs-channels=no tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled name=5GHz save-selected=yes skip-dfs-channels=yes tx-power=25
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=2GHz-01 save-selected=yes skip-dfs-channels=no tx-power=20
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2437 name=2GHz-06 save-selected=yes tx-power=20

/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=Customername passphrase=CustomerPassword

#####
## Guest network disabled client-to-client forwarding
#####
/caps-man datapath
add bridge=Customerbridge client-to-client-forwarding=yes local-forwarding=no name=Customername

/caps-man configuration
add channel=2GHz-01 country=netherlands datapath=Customername  mode=ap name=2.4GHz-01 security=Customername ssid=Customername-2G 
add channel=2GHz-06 country=netherlands datapath=Customername  mode=ap name=2.4GHz-06 security=Customername ssid=Customername-2G
add channel=2GHz-11 country=netherlands datapath=Customername  mode=ap name=2.4GHz-11 security=Customername ssid=Customername-2G
add channel=5GHz country=netherlands datapath=Customername mode=ap name=5GHz-Only security=Customername ssid=Customername
#####
## Create a profile per MAC address with fixed 2.4GHz channel, 5GHz does not need this.
#####
/caps-man provisioning
add action=create-dynamic-enabled comment="Generic 5GHz" hw-supported-modes=ac master-configuration=5GHz name-format=prefix-identity name-prefix=5G
add action=create-dynamic-enabled comment="Generic 2.4GHz" hw-supported-modes=gn master-configuration=2.4GHz-06 name-format=prefix-identity name-prefix=2G
#####

##### Kick devices with low SNR in high density environments
##/caps-man access-list
##add action=accept disabled=yes signal-range=-80..120 ssid-regexp=""
##add action=reject disabled=yes signal-range=-120..-81 ssid-regexp=""
##### Apple support wmm / Wi-Fi Calling
##/ip firewall mangle add action=set-priority chain=postrouting comment="Set priority for WMM" new-priority=from-dscp-high-3-bits passthrough=yes
@Kerbia Would you please share your configration?
What type of clients are disconnecting and what is theire average signal strenght while this happens?
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri Jan 11, 2019 2:27 pm

It's multiple devices from different manufacturers.

Playstation4
Wireless Printer from HP
Various different kind of Samsung Smartphones
Iphone
etc.

Signal strenght across all devices is very good, since they're all located in the same small flat. Disconnect happens exactly when the exchange intervall is due.
 
sjoukes
just joined
Posts: 9
Joined: Wed Nov 01, 2017 5:44 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri Jan 11, 2019 2:43 pm

It's multiple devices from different manufacturers.

Playstation4
Wireless Printer from HP
Various different kind of Samsung Smartphones
Iphone
etc.

Signal strenght across all devices is very good, since they're all located in the same small flat. Disconnect happens exactly when the exchange intervall is due.
Does it happen on both 5Ghz and 2.4?
It would be interesting to have the RAW WiFi traffic captured from your network to see what is happening, but that is not simple to setup.
Are you willing to share your configuration?
 
ctaxegg
just joined
Posts: 1
Joined: Sat Mar 09, 2019 9:24 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sat Mar 09, 2019 9:48 pm

Having the same issue on RB2011UiAS-2HnD.
Version: 6.44 (stable)
Build-time: Feb/25/2019 14:11:04
All android devices lose connection 5 minutes after the screen is turned off. After disconnect devices can't reconnect automatically, I have to do it manually.
Group key update value set at 5 minutes by default. I'm using WPA2 PSK with AES encryption. DHCP lease time is 3 days. The problem is very annoying, are there any solutions?

PS: I've set group key update to 1 hour and devices no longer disconnect after 5 minutes. But after 1 hour the problem repeats, so that's only temporary solution. Need fix.

Log:
22:35:37 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected, signal strength -53
22:35:38 dhcp,info dhcp1 deassigned 192.168.1.102 from XX:XX:XX:XX:XX:XX
22:35:38 dhcp,info dhcp1 assigned 192.168.1.102 to XX:XX:XX:XX:XX:XX
22:37:12 wireless,info YY:YY:YY:YY:YY:YY@wlan1: connected, signal strength -57
22:37:12 dhcp,info dhcp1 deassigned 192.168.1.103 from YY:YY:YY:YY:YY:YY
22:37:12 dhcp,info dhcp1 assigned 192.168.1.103 to YY:YY:YY:YY:YY:YY
22:39:49 wireless,info YY:YY:YY:YY:YY:YY@wlan1: disconnected, group key exchange t
imeout
22:39:49 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exchange t
imeout
22:55:14 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected, signal strength -49
22:55:14 dhcp,info dhcp1 deassigned 192.168.1.102 from XX:XX:XX:XX:XX:XX
22:55:14 dhcp,info dhcp1 assigned 192.168.1.102 to XX:XX:XX:XX:XX:XX
22:59:49 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exchange t
imeout
23:13:34 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected, signal strength -51
23:13:34 dhcp,info dhcp1 deassigned 192.168.1.102 from XX:XX:XX:XX:XX:XX
23:13:34 dhcp,info dhcp1 assigned 192.168.1.102 to XX:XX:XX:XX:XX:XX
23:14:49 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exchange t
imeout
23:26:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected, signal strength -47
23:26:27 dhcp,info dhcp1 deassigned 192.168.1.102 from XX:XX:XX:XX:XX:XX
23:26:27 dhcp,info dhcp1 assigned 192.168.1.102 to XX:XX:XX:XX:XX:XX
23:29:49 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exchange t
imeout
23:29:59 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected, signal strength -46
23:30:00 dhcp,info dhcp1 deassigned 192.168.1.102 from XX:XX:XX:XX:XX:XX
23:30:00 dhcp,info dhcp1 assigned 192.168.1.102 to XX:XX:XX:XX:XX:XX
23:34:49 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exchange t
imeout
23:41:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected, signal strength -45
23:41:27 dhcp,info dhcp1 deassigned 192.168.1.102 from XX:XX:XX:XX:XX:XX
23:41:27 dhcp,info dhcp1 assigned 192.168.1.102 to XX:XX:XX:XX:XX:XX
23:44:49 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exchange t
imeout
23:44:53 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected, signal strength -45
23:44:53 dhcp,info dhcp1 deassigned 192.168.1.102 from XX:XX:XX:XX:XX:XX
23:44:53 dhcp,info dhcp1 assigned 192.168.1.102 to XX:XX:XX:XX:XX:XX
23:49:49 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exchange t
imeout
23:51:57 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected, signal strength -55
23:51:58 dhcp,info dhcp1 deassigned 192.168.1.102 from XX:XX:XX:XX:XX:XX
23:51:58 dhcp,info dhcp1 assigned 192.168.1.102 to XX:XX:XX:XX:XX:XX
23:54:49 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exchange t
imeout
mar/10 00:10:35 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected, signal strength
-49
mar/10 00:10:35 wireless,info YY:YY:YY:YY:YY:YY@wlan1: connected, signal strength
-56
mar/10 00:10:36 dhcp,info dhcp1 deassigned 192.168.1.103 from YY:YY:YY:YY:YY:YY
mar/10 00:10:36 dhcp,info dhcp1 assigned 192.168.1.103 to YY:YY:YY:YY:YY:YY
mar/10 00:10:37 dhcp,info dhcp1 deassigned 192.168.1.102 from XX:XX:XX:XX:XX:XX
mar/10 00:10:37 dhcp,info dhcp1 assigned 192.168.1.102 to XX:XX:XX:XX:XX:XX
mar/10 00:22:16 system,info,account user admin logged in from ZZ:ZZ:ZZ:ZZ:ZZ:ZZ vi
a winbox
mar/10 00:22:17 system,info,account user admin logged in via local
mar/10 00:24:49 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exc
hange timeout
mar/10 00:31:07 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected, signal strength
-40
mar/10 00:31:07 dhcp,info dhcp1 deassigned 192.168.1.102 from XX:XX:XX:XX:XX:XX
mar/10 00:31:07 dhcp,info dhcp1 assigned 192.168.1.102 to XX:XX:XX:XX:XX:XX
mar/10 00:34:49 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exc
hange timeout
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 222
Joined: Tue Jan 21, 2014 10:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sat Mar 23, 2019 8:05 am

This is a recurring issue I am having at least with Sonos speakers:
2019-03-23T06:48:46+01:00 router 5C - - - 5C:AA:FD:06:00:11@2.4Ghz-ap_1stfloor-1 disconnected, group key timeout
2019-03-23T06:48:46+01:00 router 5C - - - 5C:AA:FD:06:00:22@2.4Ghz-ap_1stfloor-1 disconnected, group key timeout
2019-03-23T06:55:36+01:00 router 5C - - - 5C:AA:FD:06:00:22@2.4Ghz-ap_1stfloor-1 connected, signal strength -36
2019-03-23T06:55:45+01:00 router 5C - - - 5C:AA:FD:06:00:11@2.4Ghz-ap_1stfloor-1 connected, signal strength -47
2019-03-23T06:55:51+01:00 router 5C - - - 5C:AA:FD:06:00:11@2.4Ghz-ap_1stfloor-1 disconnected, 4-way handshake timeout
2019-03-23T06:57:43+01:00 router 5C - - - 5C:AA:FD:06:00:11@2.4Ghz-ap_1stfloor-1 connected, signal strength -46
2019-03-23T06:58:46+01:00 router 5C - - - 5C:AA:FD:06:00:22@2.4Ghz-ap_1stfloor-1 disconnected, group key timeout
2019-03-23T06:58:47+01:00 router 5C - - - 5C:AA:FD:06:00:22@2.4Ghz-ap_1stfloor-1 connected, signal strength -36
 
Kerbia
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri Apr 05, 2019 1:58 pm

@Kerbia Would you please share your configration?
What type of clients are disconnecting and what is theire average signal strenght while this happens?
6.43.13 - Access Point Settings
I tried to do some finetuning for one Iphon XR that was basicly unusable. Still - the Group key exchange failures are around.
I hope you find something in the settings, because this drives me crazy since a year. I like RouterOs in general.
Every time a new update comes out plug in the hardware and give it a try again, before i can switch to any old devices lying around which are working flawlessly.
/interface bridge
add comment="Bridge - Hotspot / Gastnetz" name=bridge-vlan20
add comment="Bridge - Lokales Netzwerk" name=bridge-vlan40
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
/interface vlan
add comment="Hotspot / Gastnetz" interface=ether1 name=ether1-vlan20 vlan-id=20
add comment="Lokales Netzwerk" interface=ether1 name=ether1-vlan40 vlan-id=40
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" group-key-update=1h mode=\
    dynamic-keys name=EG24/EG50 supplicant-identity=""
add authentication-types=wpa2-psk group-key-update=1h mode=dynamic-keys name=\
    EG24-Gast supplicant-identity=AP-EG
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=2 band=2ghz-b/g/n comment=\
    "W-Lan - EG24" country=germany disabled=no frequency-mode=regulatory-domain \
    keepalive-frames=disabled mode=ap-bridge multicast-buffering=disabled name=\
    wlan2.4ghz-vlan40 preamble-mode=long security-profile=EG24/EG50 ssid=EG24 \
    wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
set [ find default-name=wlan2 ] antenna-gain=3 band=5ghz-a/n/ac comment=\
    "W-Lan - EG50" country=germany disabled=no frequency=5200 frequency-mode=\
    regulatory-domain keepalive-frames=disabled mode=ap-bridge \
    multicast-buffering=disabled name=wlan5.0ghz-vlan40 security-profile=\
    EG24/EG50 ssid=EG50 wireless-protocol=802.11 wmm-support=required wps-mode=\
    disabled
/interface wireless manual-tx-power-table
set wlan2.4ghz-vlan40 comment="W-Lan - EG24"
set wlan5.0ghz-vlan40 comment="W-Lan - EG50"
/interface wireless nstreme
set wlan2.4ghz-vlan40 comment="W-Lan - EG24"
set wlan5.0ghz-vlan40 comment="W-Lan - EG50"
/interface wireless
add comment="W-Lan - Hotspot / Gastnetz" disabled=no keepalive-frames=disabled \
    mac-address=CE:2D:E0:1E:C4:CE master-interface=wlan2.4ghz-vlan40 \
    multicast-buffering=disabled name=wlan2.4ghz-vlan20 security-profile=\
    EG24-Gast ssid=EG24-Gast wds-cost-range=0 wds-default-cost=0 wmm-support=\
    required wps-mode=disabled
/interface wireless manual-tx-power-table
set wlan2.4ghz-vlan20 comment="W-Lan - Hotspot / Gastnetz"
/interface wireless nstreme
set wlan2.4ghz-vlan20 comment="W-Lan - Hotspot / Gastnetz"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge-vlan40 interface=ether1-vlan40
add bridge=bridge-vlan40 interface=ether2
add bridge=bridge-vlan40 interface=wlan2.4ghz-vlan40
add bridge=bridge-vlan40 interface=wlan5.0ghz-vlan40
add bridge=bridge-vlan20 interface=ether1-vlan20
add bridge=bridge-vlan20 interface=wlan2.4ghz-vlan20
/ip neighbor discovery-settings
set discover-interface-list=none
/ip address
add address=10.40.0.4/24 interface=ether1-vlan40 network=10.40.0.0
/ip dns
set servers=192.168.0.1
/ip route
add distance=1 gateway=10.40.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/snmp
set trap-generators=temp-exception,temp-exception
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Berlin
/system identity
set name=AP-EG
/system ntp client
set enabled=yes primary-ntp=176.9.40.142 secondary-ntp=136.243.8.140
/system package update
set channel=long-term
/tool bandwidth-server
set enabled=no
/tool graphing interface
add interface=ether1-vlan20
add interface=ether1-vlan40
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 222
Joined: Tue Jan 21, 2014 10:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Thu May 02, 2019 10:31 am

That's a pretty weird issue (this one or something related to WiFi) cause everything is working fine but all of a sudden things start disconnecting one after the other.

Not sure how to find the root cause / contributing factor but my setup seems to be failing when Sonos speaker need to sync audio.
The TV is hook via a jack to one of the speaker and as soon as I turn on the TV (which is not connected to WiFi), signal must be reaching Sonos which syncs audio (even when jack source is not yet selected) and WiFi stars dropping connections of existing clients.

Need to give it some time and check it further but so far this is what I have been witnessing.

As the HAP AC^2 is hidden being the TV, I'm also wondering if the TV Itself could have a negative impact on WiFi / HAP...
 
User avatar
akey
just joined
Posts: 10
Joined: Mon Sep 23, 2019 3:13 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Oct 22, 2019 12:08 am

So is there any update on this issue?
I'm on v6.45.6 now on both my RBcAPGi-5acD2nD's and only just discovered this thread. I've struggled with this issue for good couple of months now and as I was getting nowhere I began thinking of switching to ubnt...
Only now changed the group key update setting to 6h from the default (not set) and was wondering if anyone can elaborate on implication of such a long timeout...?
What's your general recommendations for this setting?
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 222
Joined: Tue Jan 21, 2014 10:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Tue Oct 22, 2019 3:39 pm

I'm running 6.45.5 and just thought about this yesterday. Can't say when but it stopped being a problem for me.
At least the problem I described earlier disappeared. I still have a few "group key timeout" but way less and not all devices at the same time.
 
User avatar
flaviolopes
just joined
Posts: 2
Joined: Thu Oct 24, 2019 3:35 pm
Contact:

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Thu Oct 24, 2019 3:56 pm

SOLVED! :D

Hello @kerbia and ALL,

Fix this in "wireless Tables" > "Acess List" > and ADD bad MAC, mark off "authentication" and "forwarding", or
/interface wireless access-list add authentication=no forwarding=no interface=any signal-range=-120..120 time=01:00:00 mac-address=(YOUR BAD MAC)

Hopes this Helps, good Week! 8)
 
mIRCata
just joined
Posts: 7
Joined: Sun May 06, 2018 10:41 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Thu May 21, 2020 9:54 am

6.45.9 0 and I ahve this problem with some devices on my 5GHz network. Not with all devices.
08:49:06 wireless,debug wlan2: 24:31:54:03:23:B7 attempts to associate
08:49:06 wireless,debug wlan2: 24:31:54:03:23:B7 not in local ACL, by default accept
08:49:06 wireless,info 24:31:54:03:23:B7@wlan2: connected, signal strength -80
08:49:11 wireless,info 24:31:54:03:23:B7@wlan2: disconnected, unicast key exchange timeout
08:49:16 wireless,debug wlan2: 24:31:54:03:23:B7 attempts to associate
08:49:16 wireless,debug wlan2: 24:31:54:03:23:B7 not in local ACL, by default accept
08:49:16 wireless,info 24:31:54:03:23:B7@wlan2: connected, signal strength -81
08:49:21 wireless,info 24:31:54:03:23:B7@wlan2: disconnected, unicast key exchange timeout
08:49:22 wireless,debug wlan2: 24:31:54:03:23:B7 attempts to associate
08:49:22 wireless,debug wlan2: reject 24:31:54:03:23:B7, banned (last failure - unicast key exchange timeout)
08:49:26 wireless,debug wlan2: 24:31:54:03:23:B7 attempts to associate
08:49:26 wireless,debug wlan2: 24:31:54:03:23:B7 not in local ACL, by default accept
08:49:26 wireless,info 24:31:54:03:23:B7@wlan2: connected, signal strength -80
After few tries the device is connected. But this happens very often. Any ideas what to look for?
 
scyld
just joined
Posts: 3
Joined: Sat Mar 28, 2020 12:05 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri May 22, 2020 7:55 pm

Hello,

I had the same problem on my hAP ac². But currently I'm on 6.99 developer version. Maybe this will work for you guys.
The solution is to disable AES CCM in Wireless » Security Profile (default) » General. Uncheck the AES CCM for Unicast Ciphers and Group Ciphers.
Just leave the TKIP options.

HTH, Cheers
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 222
Joined: Tue Jan 21, 2014 10:03 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri May 22, 2020 8:51 pm

Don't do something you don't understand, Google is your friend: https://www.howtogeek.com/204697/wi-fi- ... p-or-both/
 
santyx32
Member Candidate
Member Candidate
Posts: 215
Joined: Fri Oct 25, 2019 2:17 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Sat May 23, 2020 2:47 pm

Hello,

I had the same problem on my hAP ac². But currently I'm on 6.99 developer version. Maybe this will work for you guys.
The solution is to disable AES CCM in Wireless » Security Profile (default) » General. Uncheck the AES CCM for Unicast Ciphers and Group Ciphers.
Just leave the TKIP options.

HTH, Cheers
How did you got ROS 6.99?, is that a hidden version that only the enlightened can access?

AFAIK there's only 6.47 beta and 7.0 beta.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2985
Joined: Mon Apr 08, 2019 1:16 am

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Mon May 25, 2020 10:27 pm

Don't do something you don't understand, Google is your friend: https://www.howtogeek.com/204697/wi-fi- ... p-or-both/
:-) If you don't understand you will be running in circles, and never find what you are looking for.

Just by reading this thread ....

- changing basic rates and having problems with multicast key exchange? Multicasts are always sent at basic-rate speeds. Because there is no ACK possible, the basic rate is at a very low speed and maximum power. If you change basic rates you change the underpinnings of multicast and broadcast. Some multicasts are essential and must be received!
- not buffering of multicasts will drop or not sync multicasts for some devices
- still using 802.11b sets the basic rate at 1 Mbps. This takes 6 times more airtime than the 6 Mbps basic rate. There can be too much multicasts (including beacons) to transmit. You must have time for ALL multicasts of all devices: http://www.revolutionwifi.net/revolutio ... lator.html
- setting higher basic rates (12 Mbps) (by removing lower basic rates) may result in multicasts or broadcasts not reaching all devices every time
- multicast-helper (=full) will convert multicasts in separate unicasts (1 slow no ACK versus many fast with ACK)
- TKIP is too slow to be used on high speed connections. (If it's enabled its only for old devices that do not know CMM/AES)
- clients will store the parameters they used to connect with a SSID, and try to connect with the same setting. (Sometimes the network must be "forgotten" to adapt.)
- ...


https://tools.ietf.org/id/draft-ietf-mb ... ms-01.html
 
dcavni
Member Candidate
Member Candidate
Posts: 108
Joined: Sun Mar 31, 2013 6:02 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Thu Nov 05, 2020 2:45 pm

Anything new around this topic?

I have a case of Hap AC2 with newest firmware, that has this error: wlan1: disconnected, group key exchange timeout
For now i tried to enable WMM and change group key timeout to 1 hour, but i doubt this will help, phones are just stuck on Acquiering IP adress.

Sometimes log also shows "Unicast key exchange timeout" error.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2103
Joined: Mon May 14, 2012 9:30 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Thu Nov 05, 2020 3:08 pm

Anything new around this topic?

I have a case of Hap AC2 with newest firmware, that has this error: wlan1: disconnected, group key exchange timeout
For now i tried to enable WMM and change group key timeout to 1 hour, but i doubt this will help, phones are just stuck on Acquiering IP adress.

Sometimes log also shows "Unicast key exchange timeout" error.
If you click the wlan1 off then back on...
Does the device connect?

Is this all devices?
Or just one?
 
dcavni
Member Candidate
Member Candidate
Posts: 108
Joined: Sun Mar 31, 2013 6:02 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Thu Nov 05, 2020 9:38 pm

I did not try that yet, because the router is 300 km from me. They usualy just pull the plug and then it works again for a day or two. There are mostly just two clients. One LG G7 phone and one Huawei phone.

I also have Hap Ac2 at home and it works flawlessly so i don't realy know what could be the problem on this one.
 
dcavni
Member Candidate
Member Candidate
Posts: 108
Joined: Sun Mar 31, 2013 6:02 pm

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Fri Nov 06, 2020 7:24 pm

Now here is something new...

wlan1: reject 10:44:00:51:56:56, banned (last failure - unicast key exchange timeout)

And on phone: Acces to network has been rejected.

Is this wrong password at the phone?

Who is online

Users browsing this forum: No registered users and 8 guests