@pete32117 

Are the access points controlled by controllers or are they stand alone? If they are stand alone, the SSID settings must be exactly the same on all access points, you will also lose the roaming function that you would have if you used controllers.

  @MR.S Thanks for getting back to me, yes via a dedicated controller so the WiFi is configured for all devices centrally. I've been working with them for 7 years, set up various vlan configurations, vpns, routes, segregated networks, etc and this is the first time I've had issues otherwise I'd assume I'd done something stupid.

  @pete32117 

try creating an SSID with default settings, set only SSID and password and which vlan, leave everything else as default.
try to see how roam works then.
i know that WPA3 and PMF can cause problems on some devices. set PMF to Disable or cpabel. do not use mandatory.

  @pete32117 

And as you probably discovered, 6GHZ requires WPA3 and Manatory PMF. I had the same problem and ended up creating a separate SSID for 6Ghz, and one for 2.4 and 5 GHZ, all the devices that were problematic were just old devices and did not have 6GHz

@MR.S Thanks again for the quick reply. I did that first and which is what showed me that it was certainly the authentication mismatch. If my wifi was just disconnecting it'd be different, it's my phone identifying the authentication method doesn't match and refusint to connect to it for security reasons. (shows an error meaning the authentication method doesn't match what's stored for that network).

First thing i did was turn off wifi 6 on that one device becuase it was the only one that supports it. I also deleted and recreate my two wifi profiles (I seperate 5G / 2.5G) and use default settings (with all roaming assists etc off(as per your suggestion))

I also created individual wifi profiles for each device so i could track down the issue, checked interference and moved 5GHz out of the DFS range in case somehow i was getting too much of that causing channel shifting.

I've removed the wifi from it now and that device is functioning as an expensive ethernet adaptor, but my wifi works flawlessly again across the other EAP225 devices (other than the deadspot this one was covering of course). 

It's not a big deal to be honest, it covers my front drive - just annoying becuase I'm thinking about upgrading and now i'm having to look at ubiquiti and I'd rather stick with Omada so hoping this is a firmware glitch and gets fixed because it has until now been bullet proof. (The only other thing lacking i've had with Omada is that conditional routing of traffic over a VPN is all or nothing so I can't send individual devices to connect via a country by IP) 

  @pete32117 

ok, if you are using different wifi profiles that may be part of the problem, it is not possible to roam between wifi profiles or WLAN groups as they are called. if you have multiple WLAN groups then you will experience what you are experiencing.

  @MR.S I think I might have confused by listing what i've tried, apolgies

I have 2 Wifi Networks. One called XXXXXX2.5G (just 2.5Ghz wifi) and one called XXXXXX5G(with both 2.5Ghz and 5Ghz enabled but no 6Ghz).

These two networks are pushed out to 1xEAP615-Wall, 3xEAP225, 1xEAP225-Outdoor

On both 2.5Ghz network and 5Ghz which work independently i get the authentication caused by the EAP615-Wall. The issue goes away if I deactive the EAP615-Wall.

I have used default settings with all roaming etc turned off.

This setup has worked for years and broke following the last 2 updates.

  @pete32117 

Ok, so you don't use WLAN Groups, well then I don't know, could be firmware problem as you say.
maybe Omada team on the forum has some good advice..

@Vincent-TP 

  @MR.S I use the profiles as per below.

I appreciate your help, i'm an IT engineer with >20 years of troubleshooting experience (though not wireless networking) but I do sometimes make very stupid mistakes, but your suggestions have reassured me that i've tried all the obvious things.