Omada Hardware controller oc300 fails to upgrade device connected in different sites

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Omada Hardware controller oc300 fails to upgrade device connected in different sites

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada Hardware controller oc300 fails to upgrade device connected in different sites
Omada Hardware controller oc300 fails to upgrade device connected in different sites
2022-09-10 13:26:18 - last edited 2023-10-19 06:09:53
Tags: #Firmware Update #NAT #PORT FORWARDING
Model: OC300  
Hardware Version: V1
Firmware Version: v 5.4.7

HI 

 

i have two created sites in omada oc300 .

Both sites is connected through AUTO IPSEC VPN

 

 My network is

 

ER605 (1) v 2 ----  Internet ---- ER7206(2)----Omada Controller v5.4.7

 

Both router is connected with controller. I have port forward All 29810 to 29814 on ER 7206 SITE A.

 

I have forwarded my controller https port on er 7206 and port All 29810 to All 29814 . All ports is accesible through my phone internet and other internet outside my network.

 

My ER 7206 where omada oc300 is located is site A

 

SITE B IS WHERE MY ER 605 is located.

 

BUT WHEN I UPGRADE SITE B - ER 605 Router firmware i get below error ::

 

[Failed]Failed to upgrade ER-605 ROUTER to firmware version 2.0.0 Build 20220106 Rel.56391 online. Please check your network configuration and make sure the device can access the Controller's HTTPS management port.

 

ALSO my network is simple . there is no VLAN or ACL or Static routing.

 

MY controller https port is accesible through internet , so the NAT port forwarding is working.

 

BUT Still i get the error. 

PLEASE HELP WITH THIS ERROR.

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites-Solution
2023-10-19 03:37:14 - last edited 2023-10-19 06:09:53

  @kdurigan This actually worked!  I I forwarded the TCP port 443 from the gateway to the controller at the main site, and then was able to update the gateway at the remote site.  The port is definitely listening and when attempting to connect to it, it complains that the request requires TLS.

Recommended Solution
  0  
  0  
#16
Options
16 Reply
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites
2022-09-13 07:02:57

  @atc 

 

Have you checked this post: https://community.tp-link.com/en/business/forum/topic/559150

 

Make sure that all opening port entries are set on the controller side, i.e. ER7206, and that they are valid?

Have you tried manually upgrading the firmware ER605(UN)_V2_2.0.1 Build 20220223?

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites
2022-09-14 09:05:40 - last edited 2022-09-14 09:56:31

  @Virgo 

 

YES . i have checked this post: https://community.tp-link.com/en/business/forum/topic/559150

 

IT did not work

 

ALso my https port in controller side ER7206 is open and working.

 

I disconnect/forget the eR 605 from controller and manually upgrade the device firmware and then reconnect it to controller.

 

BUT I cannot directly upgrade the firmware from controller.SO every time i have to disconnect and upgrade and reconnect . 

 

NOT good idea

 

Do i need static WAN IP on both side or only controller side??

Thanks virgo

  0  
  0  
#3
Options
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites
2022-10-11 11:20:02

Dear @atc ,

 

atc wrote

I disconnect/forget the eR 605 from controller and manually upgrade the device firmware and then reconnect it to controller.

BUT I cannot directly upgrade the firmware from controller.SO every time i have to disconnect and upgrade and reconnect . 

 

Thank you for reporting this issue in the community.


This issue has been escalated to the support engineer for further investigation and it has been confirmed that this issue will be optimised in the next release.


Until then, you may need to upgrade the router locally (not via VPN), sorry for the inconvenience.

 

Best Regards!

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#4
Options
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites
2023-02-16 20:27:32

  @Hank21 - Hello i am experiencing the same issue - in simplified terms - i have a site 2 site vpn via two er605 routers.  - everything* works except upgrading the remote router site B (the controller is at site A).  Cannot manually update it as well.  the router / equipment on the same side of the vpn upgrades fine.

  0  
  0  
#5
Options
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites
2023-02-16 22:23:47
note that when attempting manual firmware update ie controller to remote router - the upload gets to 99% then retries and fails at 99% again. so presumably there is not a connectivity issue with the controller.
  0  
  0  
#6
Options
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites
2023-02-22 20:26:10 - last edited 2023-02-22 20:28:34

  @atc I am running the software controller on a Windows VM and missed adding TCP port 8043 to the firewall rule on the VM.  Once I opened that port all was well.  Not sure how the hardware controller works but this is how my Windows firewall config looks now:

 

Any <> Any allowed

TCP Ports: 29811-29814, 8043

UDP Ports: 29810

 

 

  0  
  0  
#7
Options
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites
2023-02-22 20:34:15 - last edited 2023-02-22 20:41:55

  @kdurigan - no impact. issue still persists; enabled 8043 under transmission .... still cannot upgrade remote router.

 

stalls at99% Caption

 

always stalls at 99% and reports a failed upgrade - so presumably i do not have a connectivity issue.

  0  
  0  
#8
Options
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites
2023-02-22 23:01:44

  @mis203a - I am using the software controller which needs TCP 8043 for controller management.  I looked at the documentation again and the hardware controller and see the following:

For Omada Software Controller v5, the default port is TCP 8043,

For OC200/OC300 with built-in Controller v5, the default port is TCP 443.

 

Note: The port used for device upgrading will change as the setting of “HTTPS Ports for Controller Management changes. For example, if you change the HTTPS Port for Controller Management from 8043 to 8000, the port used for device upgrading will also change from 8043 to 8000 accordingly.

 

So I doubt you need to define 443 in the firewall since that is likely open, but wonder if you changed the default port for controller management?  If you have not opened a ticket yet that would be a good place to start.  The TP-Link folks seem to be pretty helpful.  I may purchase a OC200/OC300 instead of using the software controller so this info will be useful to me eventually as well.

 

Good luck, and please post the answer if you find one.

  0  
  0  
#9
Options
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites
2023-02-22 23:04:48 - last edited 2023-02-22 23:15:13

  @kdurigan technically there is no firewall - as its a site to site vpn in this scenario, local subnets are trusted.  what i'm not clear on is if the remote router goes around the vpn (open internet) to communicate with the controller from the easy discovery url....

 

will do a test with nat forwarding of 443 to the oc200.

one would think this is possible...i dont have any non-standard configurations...

 

*update - doesn't work.

  0  
  0  
#10
Options
Re:Omada Hardware controller oc300 fails to upgrade device connected in different sites
2023-02-22 23:50:24

  @mis203a You are correct in that the VPN tunnel is not used for communication between the controller and the router.  It sure seems to me like the router cannot communicate to the controller for the upgrade process only.  To test this you may want to try installing a software controller, open the firewall ports as I mentioned in my earlier post on the VM hosting the software controller, and then adopt the router in the software controller and see if the upgrade is successful.  I realize that is probably painful, but I really needed the upgrade to the router to version 1.2.3.  The new version fixed an issue with a S2S Azure connection issue that caused disconnects that did not quickly reconnect (Teams calls would fail).  Fortunately my problem was resolved with the router firmware upgrade.  It may be worth the pain and suffering, or may at least point you to what the problem may be.

  0  
  0  
#11
Options