MAX BR1 Incontrol incorrectly shows down when unit is up


#1

We have a number of MAX BR1s deployed at various offices for several years working well. Now, suddenly, we two units (both at my office) that are now green on our side but red on your side. What I mean is that both units are connecting fine to the local cell network and all functionality seems to be working from our side. But the Incontrol website is showing them offline.

If I reset a unit to factory (via the pin in the hole), It comes on line in in-control for a few minutes to an hour, then goes offline and is unreachable from Incontrol. But from the client’s side all remains well and clients can use the internet. The same happens if we restore it to our current config. Comes up on Incontrol “at first” then goes down “after a while”. But from our side it is up the whole time.

This is serious for us as we rely on Incontrol heavily.

Thanks for any suggestions.
Steve


#2

For the device to be able to access incontrol2 it needs to be able to get to the *.peplink.com servers on the following ports UDP port 5246 and TCP port 443 and 5246. More info can be found here:

If you are sure that these are open and not being blocked by the service provider then I would suggest opening a support ticket with us and enabling RA on the device so that we can run some further tests:

https://contact.peplink.com/secure/create-support-ticket.html

Thanks


#3

Thanks for you help. We have no firewall that would be blocking. If the ISP is blocking, they are doing so intermittently. Before opening a ticket, how could I test from my side that those ports are open to me on the IC2 servers?

Steve


#4

Hi: Please search the forum for ac1.peplink.com. There are a few entries with your problem. For checking TCP ports you can use telnet.
telnet ac1.peplink.com 5246
telnet ac2.peplink.com 5246
Repeat the telnet tests when your device is shown as offline again. If you get no connection but internet is up and running, try nslookup to test if ac1.peplink.com replies an ip address.

Theo


#5

@it_mbeya, it sounds like the devices are out of warranty or do not have an InControl2 subscription. Can you confirm? Thanks


#6

Our service status on both devices is In Subscription with an end date of 2019-08-28. But the warranty has expired.

Thanks,
Steve


#7

Hi Steve, in this case I suspect an issue with your ISP blocking access. We literally have tens of thousands of devices phoning home to InControl2 every minute so doubtful the issue is on our side. Thanks


#8

Hi Tim,

Turns out to be my fault, and Africa’s. We have a DNS filter service and I had put its resolvers in the WAN configuration. But we also rely on the pep phoning home to keep the filter service informed of our current IP. (Don’t everyone laugh at once.) It actually works MOST of the time. I think that’s because the pep has its own dns cache and doesn’t have to look up Mom’s address very often. It usually can call Mom by IP and say “Hey, I just moved.”

But we are in Africa. We had a long power outage, we past our UPS capacity so the Pep was powered down. When everything came back, our ISP gave us a new IP that our filter service was clueless about, so our PEP could never make contact to the Incontrol service. Hence offline. I could bypass the filter for our clients, but I didn’t realize the device itself was still trying to talk through the filter.

As soon as I put google’s DNS servers into the WAN config, the device immediately showed up in Incontrol.

The moral, I think, is that if you have a filtered DNS, put those resolvers in the network config but never filter the DNS that the device needs to operate. Does that make sense?

Thanks for everyone’s help.

Steve


#9

Glad you got this sorted out Steve!