Troubleshooting Ubiquiti UniFi Access Points when Connecting to a Windows-based Controller

I’m a big fan of Ubiquiti’s UniFi access points. I think it’s generally a good idea to divorce the wireless capabilities from the router because you are more able to adapt when new wireless standards come out, and you don’t end up needing to replace a perfectly good 1Gbps router when that happens.

I love the level of insight and control of Ubiquiti’s devices (and the overall user interface – let’s gloss over the fact that it still relies on a Java plugin to run), but getting them to connect to a controller on Windows can be tricky. Here are some recommendations:

  • Assign your UniFi device a static IP address. Do the same to the machine where you install the controller software, if you can
  • Make sure you can ping your UniFi Access Point. If not, you have a problem with your network configuration
  • If you’re getting a disconnections, try and SSH directly in to the device
    • Windows now offers an optional install of SSH as an add on module to Windows, but I wasn’t able to connect to my UniFi because I received the following message:

      Unable to negotiate with 192.168.xxx.xxx port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au

      This means that the SSH installed via Windows couldn’t be used since it didn’t have one of those three key exchange methods available (note that after upgrading my UniFi firmware, the message changed, as it appears they are using more secure key exchanges now: ssh-rsa,ssh-dss).

    • Since I couldn’t use SSH via Powershell, I downloaded good old PuTTY and connected to my UniFi access point that way
      • Run “info” once connected via PuTTY to look for clues regarding your disconnected controller. The “Status” line shows whether or not the device is currently connected. If you see status Unknown[11] (http://192.168.xxx.xxx), then you know there is an issue connecting to your controller. At least this message tells you whether or not your device is trying to communicate with the IP address where your controller resides
        • Run “set-inform http://192.168.xxx.xxx:8080/inform” if your controller isn’t the IP displayed in the info box
      • If you SSH’d in from a machine other than your controller, run a ping command to your controller to make sure that the access point can communicate with your controller
  • Check your Windows Firewall rules
    • On one controller, the connection to my access point was restored almost immediately as soon as I disabled Windows Firewall. Check that the rules created by the installation of the UniFi Controller software apply to all network types (public, private, domain) that you use to communicate with the outside world
      • In my case, the problem was Java was being blocked from private network connections. Once I added private networks to the “Allow” rules, the connection restored almost immediately
    • Check out this post if you’re having trouble identifying what program is blocking your connection: https://superuser.com/questions/1130078/how-to-tell-which-windows-firewall-rule-is-blocking-traffic