Community discussions

 
Junim
just joined
Topic Author
Posts: 6
Joined: Wed May 21, 2008 5:44 pm

BIG BUG- Unicast key exchange timeout

Thu Aug 07, 2008 2:40 am

Mikrotik 3.x have a bug with WPA and WPA2.

In wpa, wpa2, tkip or aes... all configuration log: "unicast key exchange timeout" or "GROUP KEY EXCHANGE TIME OUT" or something else.

See topics:

http://forum.mikrotik.com/viewtopic.php ... nicast+key
my post - http://forum.mikrotik.com/viewtopic.php ... hilit=wpa2
http://forum.mikrotik.com/viewtopic.php ... nicast+key

Nobody solved the problem.
Does the 3.12 will right?
 
Jawssaus
just joined
Posts: 1
Joined: Sun Aug 17, 2008 5:34 am

Re: BIG BUG- Unicast key exchange timeout

Sun Aug 17, 2008 5:40 am

Excactly the same problem (error) here. Its a link between a RB133C and RB600 with R51H cards.
They are running software version 3.13
WPA2 encryption
 
lehonk
just joined
Posts: 7
Joined: Wed Dec 10, 2008 12:43 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Dec 13, 2008 2:01 pm

Any news on this topic?

We are still having these issues with Linksys Clients and WPA/WPA2 encryption.
 
User avatar
fx242
just joined
Posts: 14
Joined: Wed Jan 23, 2008 6:22 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Dec 20, 2008 3:03 am

I was stuck with this error for ages! I recently found a workaround by changing the security profile to use WPA AES CCN (as the only option)! Maybe the problem is the TKIP support or something with the protocol negotiation.
Hope this helps, as i've tried before with different NICs (R52 and Gigabyte) and different clients (atheros and ralink) but my RB333 always filled the log with those errors.

TL
 
chernobyl
just joined
Posts: 4
Joined: Sat Sep 09, 2006 10:52 pm

Re: BIG BUG- Unicast key exchange timeout

Sun Dec 21, 2008 1:08 am

This are mine log events

- AP side (RB333, ROS 3.9, firmware 2.14)

18:03:01 wireless,info 00:0C:42:xx:yy:zz@wlan2: connected
18:07:31 wireless,info 00:0C:42:xx:yy:zz@wlan2: disconnected, group key exchange timeout
18:07:35 wireless,info 00:0C:42:xx:yy:zz@wlan2: connected
18:07:40 wireless,info 00:0C:42:xx:yy:zz@wlan2: disconnected, unicast key exchange timeout
18:07:45 wireless,info 00:0C:42:xx:yy:zz@wlan2: connected
/interface wireless registration-table print stats
...
interface=wlan2 radio-name="000C42XXYYZZ" mac-address=00:0C:42:XX:YY:ZZ ap=no wds=no rx-rate="36Mbps" tx-rate="24Mbps" packets=361,350
bytes=22139,25685 frames=361,358 frame-bytes=20297,24481 hw-frames=857,375 hw-frame-bytes=76109,39224 tx-frames-timed-out=0 uptime=14m53s
last-activity=930ms signal-strength=-80dBm@36Mbps signal-to-noise=19dB
strength-at-rates=-77dBm@6Mbps 3s350ms,-77dBm@9Mbps 14m47s610ms,-77dBm@12Mbps 14m39s960ms,-80dBm@18Mbps 14m20s950ms,-79dBm@24Mbps 16s750ms,
-80dBm@36Mbps 930ms,-78dBm@48Mbps 35s870ms
tx-signal-strength=-81dBm tx-ccq=69% rx-ccq=78% p-throughput=16214 ack-timeout=50 nstreme=no framing-mode=none routeros-version="2.9.51"
last-ip=172.16.2.57 802.1x-port-enabled=yes authentication-type=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm compression=no
wmm-enabled=no


- Client side (RB133C3, ROS 2.9.51, firmware 2.12)

18:03:01 wireless,info 00:0C:42:aa:bb:cc@wlan1 established connection on 5320, SSID xx
18:07:31 wireless,info 00:0C:42:aa:bb:cc@wlan1: lost connection, got deauth: group key handshake timeout (16)
18:07:35 wireless,info 00:0C:42:aa:bb:cc@wlan1 established connection on 5320, SSID xx
18:07:40 wireless,info 00:0C:42:aa:bb:cc@wlan1: lost connection, got deauth: 4-way handshake timeout (15)
18:07:45 wireless,info 00:0C:42:aa:bb:cc@wlan1 established connection on 5320, SSID xx

Ok, signal maybe is not so good, but this problem happens also with Nanostation, which take minutes to reconnect, also after a power cycle.
 
lehonk
just joined
Posts: 7
Joined: Wed Dec 10, 2008 12:43 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Dec 29, 2008 4:15 pm

I was stuck with this error for ages! I recently found a workaround by changing the security profile to use WPA AES CCN (as the only option)! Maybe the problem is the TKIP support or something with the protocol negotiation.
Hope this helps, as i've tried before with different NICs (R52 and Gigabyte) and different clients (atheros and ralink) but my RB333 always filled the log with those errors.
Well, at least i have a direction to work in now. My next step would have been to change NICs, but I'll trust in your experience.
 
kbyrd
just joined
Posts: 13
Joined: Sun Jun 03, 2007 6:26 am

Re: BIG BUG- Unicast key exchange timeout

Fri Apr 03, 2009 10:05 pm

i got around this problem in a very complicated way, the problem appeared to be that the wds-slaves would try to connect to ap with default security profile but the ap side of the wds-slave would use the profile1 of the security profile.

there are 4 wds-slaves using profile1 and 1 ap bridge

when ap bridge is set to profile1 i get the key exchange timeout, so what i did was have the 4 wds-slaves set to profile1 with the wpa2 turned on and the ap bridge one set to default on security profiles and all 4 connect fine and pass traffic and you have to use the passkey to connect to the wds-slaves but the ap is set to wide open.

so now 4 work fine but main is not secure, so i did access-list rules to only allow the repeaters to connect to wlan1 interface and hid ssid on the ap-bridge and on the repeaters i put a connect-list to make the repeaters connect to the wlan1 with the mac address and another rule to not connect to anything else, then on the ap-bridge i created a virtual ap with the same ssid as wlan1 and set that security profile to profile1 and all is good.

now passkey works on all ap's

:lol: if you can filter through all my ramblings it may make sense but its running with wds-slaves and wpa2 and basicly the main ap is set to default and the repeaters have a security profile. So it looks like the client side of wds-slave uses default and the ap side uses whatever you set in the wireless settings. it did work at first just comes and goes like its a bug that randomly uses the default or just doesnt use encryption.
ill do some test where instead of adding profile1 ill just edit default and see if it works.
 
cdiggity
newbie
Posts: 31
Joined: Fri Oct 31, 2008 12:40 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Apr 06, 2009 9:54 am

I have never been able to get WDS aka ap-bridge mode and WPA (psk) to work on routeros 3.x. Windows can connect fine but mikrotik to mikrotik ap-bridge WPA-PSK can not, nor have I ever heard of anyone having it working. I think it is safe to say it's broken! Feel free to prove me wrong.

This page: http://wiki.mikrotik.com/wiki/Mesh_wds shows a config for WPA-EAP which does seem to work for ap-bridge mode (after very brief testing) but windows clients complain they can't find a certificate.

I wouldn't call this thread dead, it is just a long standing defect in routeros. Lots of people seem to have this problem and the only answer to have windows clients and mikrotik WDS from the same SSID is to use WEP, which is only marginally better than no security at all.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3424
Joined: Mon May 31, 2004 2:55 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Apr 06, 2009 11:37 am

WDS and WPA is working between two mikrotik routers.
First make sure that you have specified the correct security profile in the connect-list if you are using it.
Second, we recommend to use wds-mode=dynamic-mesh or static-mesh as it has better link establishemnt for WDS and with that WAP will work better. Note that those new WDS modes are not compatible with the old ones.
 
cdiggity
newbie
Posts: 31
Joined: Fri Oct 31, 2008 12:40 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Apr 07, 2009 7:37 am

I am not using the connect list. I have the MAC addresses specified with wds mode static.

wds-mode=dynamic-mesh and static-mesh don't appear in the manual nor can anyone find out anything them.

WDS using ap-bridge and wds-mode=static with WPA-psk does not work on mikrotik routeros. It is broken until someone can prove otherwise by providing a working example.
 
iddqd
just joined
Posts: 3
Joined: Thu Jun 18, 2009 9:58 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Jun 18, 2009 10:03 pm

WDS and WPA is working between two mikrotik routers.
First make sure that you have specified the correct security profile in the connect-list if you are using it.
Second, we recommend to use wds-mode=dynamic-mesh or static-mesh as it has better link establishemnt for WDS and with that WAP will work better. Note that those new WDS modes are not compatible with the old ones.
GREAT!! It work!
I suffered with this problem 3 days. Simply fine that has found a way out!
Here sample config I used:

#main AP
/interface wireless add name=mesh_static mac-address=00:0C:42:QQ:XA:ZZ ssid=mesh_static master-interface=wlan1 \
security-profile=secure hide-ssid=yes wds-mode=static-mesh wds-default-bridge=bridge1 disabled=no;
/interface wireless wds add name=map1 master-interface=mesh_static wds-address=0:0C:42:QQ:XB:ZZ disabled=no ;
/interface wireless wds add name=map2 master-interface=mesh_static wds-address=0:0C:42:QQ:XC:ZZ disabled=no ;
/interface wireless wds add name= map3 master-interface=mesh_static wds-address=0:0C:42:QQ:XD:ZZ disabled=no ;

#map1
/interface wireless add name=mesh_static mac-address=0:0C:42:QQ:XB:ZZ ssid=mesh_static master-interface=wlan1 \
security-profile=secure hide-ssid=yes wds-mode=static-mesh wds-default-bridge=bridge1 disabled=no;
/interface wireless wds add name=main_ap master-interface=mesh_static wds-address=0:0C:42:QQ:XA:ZZ disabled=no ;

#map2
/interface wireless add name=mesh_static mac-address=0:0C:42:QQ:XC:ZZ ssid=mesh_static master-interface=wlan1 \
security-profile=secure hide-ssid=yes wds-mode=static-mesh wds-default-bridge=bridge1 disabled=no;
/interface wireless wds add name=main_ap master-interface=mesh_static wds-address=0:0C:42:QQ:XA:ZZ disabled=no ;

#map3
/interface wireless add name=mesh_static mac-address=0:0C:42:QQ:XD:ZZ ssid=mesh_static master-interface=wlan1 \
security-profile=secure hide-ssid=yes wds-mode=static-mesh wds-default-bridge=bridge1 disabled=no;
/interface wireless wds add name=main_ap master-interface=mesh_static wds-address=0:0C:42:QQ:XA:ZZ disabled=no ;
 
cdiggity
newbie
Posts: 31
Joined: Fri Oct 31, 2008 12:40 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Aug 22, 2009 1:59 am

WDS and WPA is working between two mikrotik routers.
First make sure that you have specified the correct security profile in the connect-list if you are using it.
Second, we recommend to use wds-mode=dynamic-mesh or static-mesh as it has better link establishemnt for WDS and with that WAP will work better. Note that those new WDS modes are not compatible with the old ones.
The solution to this problem was to use the SAME SSID on all the APs.

For the static/dynamic-mesh modes the same SSID must be used as noted in the wiki they don't support "WDS IGNORE SSID".

I have also found that static/dynamic WDS modes won't work with WPA unless the same SSID is used, regardless of the "WDS IGNORE SSID" checkbox.
 
cdiggity
newbie
Posts: 31
Joined: Fri Oct 31, 2008 12:40 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Jan 22, 2010 2:13 am

I've found that using dynamic-mesh for WDS with WPA encryption does 'work', but isn't useable: the links frequently reset with messages like "no beacons received" or "class 2 frame received (6)" even when there are no clients around to connect to the APs.

I've Changed some radios from AP-bridge to station-wds and the links do not reset for months. Of course now clients can't connect to those radios.

while it is possible to do WDS with WPA in theory, in practice it doesn't work well enough.

Thought I'd better post what I have discovered to save someone else 1.5 years of frustration.
 
pastranini
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Mon Nov 19, 2007 5:48 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jul 01, 2010 11:11 pm

HI i have the same problem.

If the link has not security the link works great.

Im using wpa2 and the link is good for 1 or 2 hours, but inmeadeatly falls down.

I use wep, wpa, and suddenly the log shows the message unicast key exchange timeout.

I am thinking to change the cards, I dont not how solve this problem.

Advicess ¡¡¡¡¡
 
thejinx
just joined
Posts: 13
Joined: Wed Jun 06, 2007 12:09 am

Re: BIG BUG- Unicast key exchange timeout

Sat May 07, 2011 2:37 pm

exact the same problem and no solution :(
 
User avatar
enk
Member Candidate
Member Candidate
Posts: 165
Joined: Fri Aug 17, 2007 8:59 am
Location: Russia
Contact:

Re: BIG BUG- Unicast key exchange timeout

Sun May 08, 2011 11:23 am

Sometimes "unicast key exchange timeout" happens when time is not synchronized between APs. Use NTP for this purpose.
as known as shados.
blog: http://betep.wpl.ru
A karma increase would be cool if you think I earned it.
 
thejinx
just joined
Posts: 13
Joined: Wed Jun 06, 2007 12:09 am

Re: BIG BUG- Unicast key exchange timeout

Wed May 11, 2011 2:34 pm

i try it and no way to get a better link

bridge --------- station perfect link, no AP
ap-bridge ------ station-wds work with encryption, need AP functions, 2-3 reconnects per week

ap-bridge ------ ap-bridge work with no encryption
ap-bridge ------ slave-wds failed to select channel, no link
ap-bridge ------ ap-bridge (WPA or WPA2) unicast key exchange timeout

singal at -70
CCQ 98-100%
it is definitly a ROS problem

is it not possible to get a working WDS with ap-bridge (WPA PSK) mode ?
 
kalamees
just joined
Posts: 3
Joined: Thu Aug 26, 2010 10:50 am

Re: BIG BUG- Unicast key exchange timeout

Mon Aug 22, 2011 12:14 pm

Same problem here. My only solution was to use mac autentification since our organisation is small but it is not working now. How to fix this???
 
uldis
MikroTik Support
MikroTik Support
Posts: 3424
Joined: Mon May 31, 2004 2:55 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Aug 23, 2011 12:31 pm

Same problem here. My only solution was to use mac autentification since our organisation is small but it is not working now. How to fix this???
what problem exactly you have? What is your setup?
 
kalamees
just joined
Posts: 3
Joined: Thu Aug 26, 2010 10:50 am

Re: BIG BUG- Unicast key exchange timeout

Tue Aug 30, 2011 11:11 am

Some clients are able to connect but most of them can only connect through mac registration tables. We had couple of new computers coming and but now they cant connect even through registration table authentication. It says "unicast key exchange timeout" on router and invalid password on client. They are using intel 3945 wireless cards with tkip ciphers.

Any help would be greatly appreciated.


Posted my configuration here
0  R name="wlan1" mtu=1500 mac-address=00:0C:42:18:95:A7 arp=enabled 
      interface-type=Atheros AR5413 mode=ap-bridge ssid="EYL-2.4G" 
      frequency=2412 band=2.4ghz-b/g scan-list=default antenna-mode=ant-a 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=wpa compression=no
0 name="default" mode=none authentication-types="" unicast-ciphers="" 
   group-ciphers="" wpa-pre-shared-key="" wpa2-pre-shared-key="" 
   supplicant-identity="EYL-VS-01" eap-methods=passthrough 
   tls-mode=no-certificates tls-certificate=none static-algo-0=none 
   static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none 
   static-key-2="" static-algo-3=none static-key-3="" 
   static-transmit-key=key-0 static-sta-private-algo=none 
   static-sta-private-key="" radius-mac-authentication=no 
   radius-mac-accounting=no radius-eap-accounting=no interim-update=0s 
   radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username 
   radius-mac-caching=disabled group-key-update=5m 
   management-protection=disabled management-protection-key="" 

 1 name="wpa" mode=dynamic-keys authentication-types=wpa-psk,wpa2-psk 
   unicast-ciphers=tkip group-ciphers=tkip wpa-pre-shared-key="*******" 
   wpa2-pre-shared-key="********" supplicant-identity="EYL-VS-01" 
   tls-mode=no-certificates tls-certificate=none static-algo-0=none 
   static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none 
   static-key-2="" static-algo-3=none static-key-3="" 
   static-transmit-key=key-0 static-sta-private-algo=none 
   static-sta-private-key="" radius-mac-authentication=no 
   radius-mac-accounting=no radius-eap-accounting=no interim-update=0s 
   radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username 
   radius-mac-caching=disabled group-key-update=5m 
   management-protection=disabled management-protection-key="" 
 
User avatar
evert
Member Candidate
Member Candidate
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Re: BIG BUG- Unicast key exchange timeout

Tue Oct 25, 2011 3:05 pm

Same problem for me. Trying to connect a Netgear UNIVERSAL WIFI RANGE EXTENDER (WN3000RP), but am unable to, thanks to this 'feature'...

Please fix asap! 8)
Regards,
Evert
 
uldis
MikroTik Support
MikroTik Support
Posts: 3424
Joined: Mon May 31, 2004 2:55 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Oct 25, 2011 3:23 pm

try to switch to AES instead of TKIP.
 
User avatar
evert
Member Candidate
Member Candidate
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Re: BIG BUG- Unicast key exchange timeout

Tue Oct 25, 2011 3:58 pm

try to switch to AES instead of TKIP.
No luck. I have tried disabling tkip en enabling aes for both unicast & group ciphers, but i keep getting the same errors...
Regards,
Evert
 
karentom
newbie
Posts: 34
Joined: Fri Dec 30, 2011 12:51 pm

Re: BIG BUG- Unicast key exchange timeout

Wed May 09, 2012 12:46 pm

I have same/similar issue?

Configuration: RB433 latest MTik 5.15 as AP and several wireless clients (win xp, win 7) are connected.
One of the clients - new DELL Latitude E5520 with WIFI Intel Centrino Advanced-N 6205 (win xp sp3, latest drivers, latest BIOS) randomly breaks wireless connection and MTik log says unicast key exchange timeout. Other clients seems ok.

MTik wireless configuration:
/interface wireless security-profiles
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm group-key-update=5m interim-update=0s management-protection=allowed mode=dynamic-keys name=xxx unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=XXXXXXXXXXX
I tried earlier mentioned "workaround" to disable tkip in group-ciphers and unicast-ciphers but problem still exists.
I also tried downgrade to 5.14 and it is slightly better situation because it happens less but it still exist

Is this BUG supposed to be solved in 5.15 or is it possible that this BUG still exist? Please help! It is a horrible problem to figure it out the solution or workaround!
 
karentom
newbie
Posts: 34
Joined: Fri Dec 30, 2011 12:51 pm

Re: BIG BUG- Unicast key exchange timeout

Thu May 10, 2012 9:26 am

I post here wireless, debug log and this is typical process of connection break which happens randomly: Here it is:
06:08:45 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected
06:20:27 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate
06:20:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: reassociating
06:20:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, ok
06:20:27 wireless,debug wlan1: XX:XX:XX:XX:XX:XX not in local ACL, by default accept
06:20:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected
06:20:32 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, unicast key exchange timeout
06:20:32 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate
06:20:32 wireless,debug wlan1: XX:XX:XX:XX:XX:XX not in local ACL, by default accept
06:20:32 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected
06:20:37 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, unicast key exchange timeout
06:20:37 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate
06:20:37 wireless,debug wlan1: reject XX:XX:XX:XX:XX:XX, banned (last failure - unicast key exchange timeout)
06:20:37 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate
06:20:37 wireless,debug wlan1: reject XX:XX:XX:XX:XX:XX, banned (last failure - unicast key exchange timeout)
06:20:50 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate
06:20:50 wireless,debug wlan1: XX:XX:XX:XX:XX:XX not in local ACL, by default accept
06:20:50 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected
Can someone please give me a hint?
 
karentom
newbie
Posts: 34
Joined: Fri Dec 30, 2011 12:51 pm

Re: BIG BUG- Unicast key exchange timeout

Sat May 12, 2012 12:09 am

Anyone, please help. Any opinion is very appreciated! I am googling around and I have found lots of post about this error - log: unicast key exchange timeout, but no solutions - just one to disable TKIP but this does not work. Is there someone from MTik team or other experts that has some experiance with wifi random dropouts and this log in Mtik.
 
Takv2011
just joined
Posts: 8
Joined: Wed Nov 02, 2011 5:34 pm

Re: BIG BUG- Unicast key exchange timeout

Sun May 20, 2012 5:37 am

bump
 
didit7039
just joined
Posts: 7
Joined: Thu Apr 07, 2011 1:45 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Jul 17, 2012 8:15 am

Same issue in here. I already upgrade the version on my mikrotik (RB411UAHL) become version 5.18 but the error "unicast key exchange timeout" still occurred.
 
didit7039
just joined
Posts: 7
Joined: Thu Apr 07, 2011 1:45 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Jul 20, 2012 1:14 pm

Still facing same problem, even already upgrade again with the latest version 5.19 in RB411AR and RB411U.
Does any one can help?

Regards,
Last edited by didit7039 on Wed Aug 15, 2012 7:25 am, edited 2 times in total.
 
addictedtobass
just joined
Posts: 3
Joined: Mon Nov 27, 2006 4:36 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Jul 20, 2012 8:53 pm

I had same error ("disconnected, unicast key exchange timeout"), the problem was...Dune media player, which located near my MikroTIk router. When I switched Dune off, I connected to my RB/751G-2HnD successfully. So if you have this problem, try to power off all devices except MikroTik and your WiFi device.
 
didit7039
just joined
Posts: 7
Joined: Thu Apr 07, 2011 1:45 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Jul 30, 2012 9:30 am

But... There's no dune-hd near around the mikrotik. Do you have any other suggestion ?
Thx
 
User avatar
macsrwe
Long time Member
Long time Member
Posts: 646
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: BIG BUG- Unicast key exchange timeout

Mon Jul 30, 2012 2:55 pm

I put up a new tower a couple weeks ago, and had this problem right off the bat. The problem turned out to be a sour radio card on the AP (in my case, a UBNT XP2). Apparently the crypto hardware went faulty. Replaced the card with a MikroTik radio and it's been smooth sailing since. Try replacing your radio card?
 
samsung172
Forum Guru
Forum Guru
Posts: 1186
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: BIG BUG- Unicast key exchange timeout

Mon Jul 30, 2012 9:47 pm

downgrade to 4.17 and turn off encryption. Problem solved.

Issue happend if some radio device not following correct standard in encryption. Seen this issue a lot in hotspots, where you newer know who is connecting.
 
didit7039
just joined
Posts: 7
Joined: Thu Apr 07, 2011 1:45 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Aug 13, 2012 11:50 am

Already monitor for 1 week (on RB411U and RB411AR) and yes... this issue were solved when we downgrade the firmware become v4.17.
Thx for the advice before ...

Regards,
 
leon84
Member Candidate
Member Candidate
Posts: 157
Joined: Wed Dec 02, 2009 12:15 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Sep 07, 2012 3:45 pm

Hi to all,
I have your same problem. Is there a solution?
 
samsung172
Forum Guru
Forum Guru
Posts: 1186
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: BIG BUG- Unicast key exchange timeout

Sat Sep 15, 2012 8:57 pm

Dont use 5.X.
 
User avatar
kevigizmo
newbie
Posts: 46
Joined: Mon Dec 19, 2011 3:35 pm
Location: Norfolk, UK
Contact:

Re: BIG BUG- Unicast key exchange timeout

Mon Oct 22, 2012 8:26 pm

I had an issue today with the unicast key exchange time out,

after sifting through every conceivable wireless setting on my RB751G-2HnD using ROS v5.21 (as i was making some small changes to improve things), I found what the issue was..

this morning i added some more packages to my board, one of which was NTP package,

from reading parts of this post about NTP servers ect and not synchronizing i thought ill disable the NTP package i put on this morning.. Job Done! no more unicast timeouts :p

Kev
Wireless & Network Consultant

¦ MTCNA MTCRE MTCINE MTCTCE ¦ UBWS UBWA UEWA USRS ¦ Ruckus WiSE ¦

- DISCLAIMER -
All posts are as advice, I will not be held accountable for any damage or complaints, if in doubt seek advice from manufacturer
 
magnavox
Member
Member
Posts: 335
Joined: Thu Jun 14, 2007 1:03 pm

Re: BIG BUG- Unicast key exchange timeout

Wed Mar 27, 2013 10:50 pm

I have now this issue.
Release 5.24 (also 5.20).

Please help me :)
Best Regards...
 
Rukicc
just joined
Posts: 2
Joined: Tue Feb 22, 2005 11:23 am

Re: BIG BUG- Unicast key exchange timeout

Fri Aug 16, 2013 7:24 pm

The same problem with RouterOS 6.1 and Windows XP, with Windows 7 as client all is ok.
NEW security profile created from GUI.
unicast key exchange timeout
Resolution:
Create copy of existing (default) security profile and then change password and other settings witch is needed. and all works.....
 
rmerch1
just joined
Posts: 1
Joined: Fri Oct 18, 2013 1:33 am

Re: BIG BUG- Unicast key exchange timeout

Fri Oct 18, 2013 3:52 am

The same problem with RouterOS 6.1 and Windows XP, with Windows 7 as client all is ok.
NEW security profile created from GUI.
unicast key exchange timeout
Resolution:
Create copy of existing (default) security profile and then change password and other settings witch is needed. and all works.....
What other settings did you have to change?
 
Rukicc
just joined
Posts: 2
Joined: Tue Feb 22, 2005 11:23 am

Re: BIG BUG- Unicast key exchange timeout

Sat Oct 19, 2013 4:02 pm

After creating a copy of default profile. Changed was only Password and profile name.
 
Amidamaru
just joined
Posts: 2
Joined: Thu Dec 05, 2013 8:26 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Dec 05, 2013 8:45 pm

double post..see below.
Last edited by Amidamaru on Mon Dec 09, 2013 10:36 am, edited 2 times in total.
 
Amidamaru
just joined
Posts: 2
Joined: Thu Dec 05, 2013 8:26 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Dec 05, 2013 8:50 pm

After creating a copy of default profile. Changed was only Password and profile name.
Nope. It doesn't worked this way either. I've updated my MikroTik 2011 wifi AP router with the latest OS, 6.7.

After 2 DAYS of hell I've finally discovered that the reported BUG of "unicast key exchange timeout" isn't not resolved and no matter what I've tried the WPA2 auth method simple doesn't work.

All my clients, Nexus tablets, Nexus phones, Android, etc have connected and then dropped off.

I've successfully make it works using WPA with AES option though. Overall isn't such a big deal because I can protect this router using other in place solutions as wifi access list.

BUT, come one MikroTik's tech guys, is such difficult to resolve this stupid BUG and make us happy? There are a lot of other low cost options which have this WPA2 option in place and most important, WORKING!!!

Thanks from a new MikroTik owner.
You do not have the required permissions to view the files attached to this post.
 
hwmonkey
Member Candidate
Member Candidate
Posts: 115
Joined: Wed Feb 08, 2012 9:50 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Dec 30, 2013 12:34 am

I am having the same problem on an RB2011 after updating from 6.5 to 6.7
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=none allow-sharedkey=\
    no antenna-gain=0 area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=\
    6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=\
    20/40mhz-ht-above compression=no country=no_country_set \
    default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=\
    0 default-forwarding=yes dfs-mode=none disable-running-check=no disabled=\
    no disconnect-timeout=3s distance=indoors frame-lifetime=0 frequency=2412 \
    frequency-mode=manual-txpower frequency-offset=0 hide-ssid=yes \
    ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
    ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
    ht-guard-interval=any ht-rxchains=0,1 ht-supported-mcs="mcs-0,mcs-1,mcs-2,\
    mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-\
    14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" \
    ht-txchains=0,1 hw-fragmentation-threshold=disabled hw-protection-mode=\
    none hw-protection-threshold=0 hw-retries=7 interworking-profile=disabled \
    l2mtu=2290 mac-address=D4:CA:6D:AA:AA:68 max-station-count=2007 mode=\
    ap-bridge mtu=1500 multicast-buffering=enabled multicast-helper=default \
    name=wlan noise-floor-threshold=default nv2-cell-radius=30 \
    nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
    nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
    periodic-calibration=default periodic-calibration-interval=60 \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\
    BEOT rate-selection=advanced rate-set=default scan-list=default \
    security-profile=default ssid=MikroTik \
    station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power=22 tx-power-mode=\
    all-rates-fixed update-stats-interval=disabled wds-cost-range=50-150 \
    wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=\
    disabled wireless-protocol=any wmm-support=disabled
add area="" arp=enabled bridge-mode=enabled comment=PASSWORD-wifi \
    default-ap-tx-limit=0 default-authentication=no default-client-tx-limit=0 \
    default-forwarding=yes disable-running-check=no disabled=no hide-ssid=no \
    interworking-profile=disabled l2mtu=2290 mac-address=D4:CA:6D:AA:AA:69 \
    master-interface=wlan max-station-count=2007 mtu=1500 \
    multicast-buffering=enabled multicast-helper=default name=wlan0_PASSWORD \
    proprietary-extensions=post-2.9.25 security-profile=default ssid=\
    ValidSSID update-stats-interval=disabled wds-cost-range=0 \
    wds-default-bridge=none wds-default-cost=0 wds-ignore-ssid=no wds-mode=\
    disabled wmm-support=disabled

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods=\
    passthrough group-ciphers=aes-ccm group-key-update=5m interim-update=0s \
    management-protection=disabled management-protection-key="" mode=\
    dynamic-keys mschapv2-password="" mschapv2-username="" name=default \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
    none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=\
    "PASSWORD\?" wpa2-pre-shared-key="PASSWORD\?"
You do not have the required permissions to view the files attached to this post.
 
alexjhart
Member Candidate
Member Candidate
Posts: 191
Joined: Thu Jan 20, 2011 8:03 pm

Re: BIG BUG- Unicast key exchange timeout

Wed Jan 15, 2014 5:56 pm

By chance, are you guys (v6.7) using spaces or dashes in your WPA/2 key? I am and found that removing those (at least on a VirtualAP) allowed me to connect with the devices having trouble.
-----
Alex Hart

The Brothers WISP
 
rhurst
just joined
Posts: 4
Joined: Fri Jan 18, 2013 11:15 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jan 16, 2014 3:26 am

I had the same issue two things that fixed it for me.

one run NTP and sync ap and clients. problem gone.

The other make sure you copy the default security profile and then edit it don't just create a new one. fixed problem with or without Ntp getting synced at least for me.. good luck.

Also not all clients seem to be affected with this issue before the fixes. My dell laptop would never see this but my wife's lenovo would spam the log full of this error before I fixed it.
 
logg
just joined
Posts: 7
Joined: Thu Jan 16, 2014 12:23 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Mar 27, 2014 12:49 pm

hi, i have same problem
hw metal 5shpn
it is impossible to have a similar problem and no one is interested to solve it.
I have to think again about the professionalism of mikrotik and its products?
 
User avatar
vipnet
newbie
Posts: 25
Joined: Sat Jul 20, 2013 9:27 pm
Location: Brazil

Re: BIG BUG- Unicast key exchange timeout

Fri May 30, 2014 3:48 pm

I have same problem

RV 6.13 RB951G-2HnD
Alex Endres.
VIPNET TELECOM LTDA - MONTENEGRO-RS/BRASIL

https://bmspanel.bmsoftware.org/parceir ... 95dd/0/N/N
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23998
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: BIG BUG- Unicast key exchange timeout

Fri May 30, 2014 4:02 pm

it is not a bug, this error means that your wireless link is not good quality, and enctypted link could not be established.
No answer to your question? How to write posts
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 757
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jun 12, 2014 1:40 pm

how do i solve this as i have 20 desktops attached to a RB-SXT ( Desktops are of different brands with different NIC's )

and all clients keep getting disconnected ..... it is running ROS 6.11

please help at earliest....
by professionals, for professionals....
Don't forget to give KARMA!!!

Who is online

Users browsing this forum: No registered users and 11 guests