Community discussions

MikroTik App
 
Junim
just joined
Topic Author
Posts: 6
Joined: Wed May 21, 2008 5:44 pm

BIG BUG- Unicast key exchange timeout

Thu Aug 07, 2008 2:40 am

Mikrotik 3.x have a bug with WPA and WPA2.

In wpa, wpa2, tkip or aes... all configuration log: "unicast key exchange timeout" or "GROUP KEY EXCHANGE TIME OUT" or something else.

See topics:

http://forum.mikrotik.com/viewtopic.php ... nicast+key
my post - http://forum.mikrotik.com/viewtopic.php ... hilit=wpa2
http://forum.mikrotik.com/viewtopic.php ... nicast+key

Nobody solved the problem.
Does the 3.12 will right?
 
Jawssaus
just joined
Posts: 1
Joined: Sun Aug 17, 2008 5:34 am

Re: BIG BUG- Unicast key exchange timeout

Sun Aug 17, 2008 5:40 am

Excactly the same problem (error) here. Its a link between a RB133C and RB600 with R51H cards.
They are running software version 3.13
WPA2 encryption
 
lehonk
just joined
Posts: 7
Joined: Wed Dec 10, 2008 12:43 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Dec 13, 2008 2:01 pm

Any news on this topic?

We are still having these issues with Linksys Clients and WPA/WPA2 encryption.
 
User avatar
fx242
just joined
Posts: 16
Joined: Wed Jan 23, 2008 6:22 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Dec 20, 2008 3:03 am

I was stuck with this error for ages! I recently found a workaround by changing the security profile to use WPA AES CCN (as the only option)! Maybe the problem is the TKIP support or something with the protocol negotiation.
Hope this helps, as i've tried before with different NICs (R52 and Gigabyte) and different clients (atheros and ralink) but my RB333 always filled the log with those errors.

TL
 
chernobyl
just joined
Posts: 4
Joined: Sat Sep 09, 2006 10:52 pm

Re: BIG BUG- Unicast key exchange timeout

Sun Dec 21, 2008 1:08 am

This are mine log events

- AP side (RB333, ROS 3.9, firmware 2.14)

18:03:01 wireless,info 00:0C:42:xx:yy:zz@wlan2: connected
18:07:31 wireless,info 00:0C:42:xx:yy:zz@wlan2: disconnected, group key exchange timeout
18:07:35 wireless,info 00:0C:42:xx:yy:zz@wlan2: connected
18:07:40 wireless,info 00:0C:42:xx:yy:zz@wlan2: disconnected, unicast key exchange timeout
18:07:45 wireless,info 00:0C:42:xx:yy:zz@wlan2: connected
/interface wireless registration-table print stats
...
interface=wlan2 radio-name="000C42XXYYZZ" mac-address=00:0C:42:XX:YY:ZZ ap=no wds=no rx-rate="36Mbps" tx-rate="24Mbps" packets=361,350
bytes=22139,25685 frames=361,358 frame-bytes=20297,24481 hw-frames=857,375 hw-frame-bytes=76109,39224 tx-frames-timed-out=0 uptime=14m53s
last-activity=930ms signal-strength=-80dBm@36Mbps signal-to-noise=19dB
strength-at-rates=-77dBm@6Mbps 3s350ms,-77dBm@9Mbps 14m47s610ms,-77dBm@12Mbps 14m39s960ms,-80dBm@18Mbps 14m20s950ms,-79dBm@24Mbps 16s750ms,
-80dBm@36Mbps 930ms,-78dBm@48Mbps 35s870ms
tx-signal-strength=-81dBm tx-ccq=69% rx-ccq=78% p-throughput=16214 ack-timeout=50 nstreme=no framing-mode=none routeros-version="2.9.51"
last-ip=172.16.2.57 802.1x-port-enabled=yes authentication-type=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm compression=no
wmm-enabled=no


- Client side (RB133C3, ROS 2.9.51, firmware 2.12)

18:03:01 wireless,info 00:0C:42:aa:bb:cc@wlan1 established connection on 5320, SSID xx
18:07:31 wireless,info 00:0C:42:aa:bb:cc@wlan1: lost connection, got deauth: group key handshake timeout (16)
18:07:35 wireless,info 00:0C:42:aa:bb:cc@wlan1 established connection on 5320, SSID xx
18:07:40 wireless,info 00:0C:42:aa:bb:cc@wlan1: lost connection, got deauth: 4-way handshake timeout (15)
18:07:45 wireless,info 00:0C:42:aa:bb:cc@wlan1 established connection on 5320, SSID xx

Ok, signal maybe is not so good, but this problem happens also with Nanostation, which take minutes to reconnect, also after a power cycle.
 
lehonk
just joined
Posts: 7
Joined: Wed Dec 10, 2008 12:43 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Dec 29, 2008 4:15 pm

I was stuck with this error for ages! I recently found a workaround by changing the security profile to use WPA AES CCN (as the only option)! Maybe the problem is the TKIP support or something with the protocol negotiation.
Hope this helps, as i've tried before with different NICs (R52 and Gigabyte) and different clients (atheros and ralink) but my RB333 always filled the log with those errors.
Well, at least i have a direction to work in now. My next step would have been to change NICs, but I'll trust in your experience.
 
kbyrd
just joined
Posts: 13
Joined: Sun Jun 03, 2007 6:26 am

Re: BIG BUG- Unicast key exchange timeout

Fri Apr 03, 2009 10:05 pm

i got around this problem in a very complicated way, the problem appeared to be that the wds-slaves would try to connect to ap with default security profile but the ap side of the wds-slave would use the profile1 of the security profile.

there are 4 wds-slaves using profile1 and 1 ap bridge

when ap bridge is set to profile1 i get the key exchange timeout, so what i did was have the 4 wds-slaves set to profile1 with the wpa2 turned on and the ap bridge one set to default on security profiles and all 4 connect fine and pass traffic and you have to use the passkey to connect to the wds-slaves but the ap is set to wide open.

so now 4 work fine but main is not secure, so i did access-list rules to only allow the repeaters to connect to wlan1 interface and hid ssid on the ap-bridge and on the repeaters i put a connect-list to make the repeaters connect to the wlan1 with the mac address and another rule to not connect to anything else, then on the ap-bridge i created a virtual ap with the same ssid as wlan1 and set that security profile to profile1 and all is good.

now passkey works on all ap's

:lol: if you can filter through all my ramblings it may make sense but its running with wds-slaves and wpa2 and basicly the main ap is set to default and the repeaters have a security profile. So it looks like the client side of wds-slave uses default and the ap side uses whatever you set in the wireless settings. it did work at first just comes and goes like its a bug that randomly uses the default or just doesnt use encryption.
ill do some test where instead of adding profile1 ill just edit default and see if it works.
 
cdiggity
newbie
Posts: 31
Joined: Fri Oct 31, 2008 12:40 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Apr 06, 2009 9:54 am

I have never been able to get WDS aka ap-bridge mode and WPA (psk) to work on routeros 3.x. Windows can connect fine but mikrotik to mikrotik ap-bridge WPA-PSK can not, nor have I ever heard of anyone having it working. I think it is safe to say it's broken! Feel free to prove me wrong.

This page: http://wiki.mikrotik.com/wiki/Mesh_wds shows a config for WPA-EAP which does seem to work for ap-bridge mode (after very brief testing) but windows clients complain they can't find a certificate.

I wouldn't call this thread dead, it is just a long standing defect in routeros. Lots of people seem to have this problem and the only answer to have windows clients and mikrotik WDS from the same SSID is to use WEP, which is only marginally better than no security at all.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Apr 06, 2009 11:37 am

WDS and WPA is working between two mikrotik routers.
First make sure that you have specified the correct security profile in the connect-list if you are using it.
Second, we recommend to use wds-mode=dynamic-mesh or static-mesh as it has better link establishemnt for WDS and with that WAP will work better. Note that those new WDS modes are not compatible with the old ones.
 
cdiggity
newbie
Posts: 31
Joined: Fri Oct 31, 2008 12:40 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Apr 07, 2009 7:37 am

I am not using the connect list. I have the MAC addresses specified with wds mode static.

wds-mode=dynamic-mesh and static-mesh don't appear in the manual nor can anyone find out anything them.

WDS using ap-bridge and wds-mode=static with WPA-psk does not work on mikrotik routeros. It is broken until someone can prove otherwise by providing a working example.
 
iddqd
just joined
Posts: 3
Joined: Thu Jun 18, 2009 9:58 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Jun 18, 2009 10:03 pm

WDS and WPA is working between two mikrotik routers.
First make sure that you have specified the correct security profile in the connect-list if you are using it.
Second, we recommend to use wds-mode=dynamic-mesh or static-mesh as it has better link establishemnt for WDS and with that WAP will work better. Note that those new WDS modes are not compatible with the old ones.
GREAT!! It work!
I suffered with this problem 3 days. Simply fine that has found a way out!
Here sample config I used:

#main AP
/interface wireless add name=mesh_static mac-address=00:0C:42:QQ:XA:ZZ ssid=mesh_static master-interface=wlan1 \
security-profile=secure hide-ssid=yes wds-mode=static-mesh wds-default-bridge=bridge1 disabled=no;
/interface wireless wds add name=map1 master-interface=mesh_static wds-address=0:0C:42:QQ:XB:ZZ disabled=no ;
/interface wireless wds add name=map2 master-interface=mesh_static wds-address=0:0C:42:QQ:XC:ZZ disabled=no ;
/interface wireless wds add name= map3 master-interface=mesh_static wds-address=0:0C:42:QQ:XD:ZZ disabled=no ;

#map1
/interface wireless add name=mesh_static mac-address=0:0C:42:QQ:XB:ZZ ssid=mesh_static master-interface=wlan1 \
security-profile=secure hide-ssid=yes wds-mode=static-mesh wds-default-bridge=bridge1 disabled=no;
/interface wireless wds add name=main_ap master-interface=mesh_static wds-address=0:0C:42:QQ:XA:ZZ disabled=no ;

#map2
/interface wireless add name=mesh_static mac-address=0:0C:42:QQ:XC:ZZ ssid=mesh_static master-interface=wlan1 \
security-profile=secure hide-ssid=yes wds-mode=static-mesh wds-default-bridge=bridge1 disabled=no;
/interface wireless wds add name=main_ap master-interface=mesh_static wds-address=0:0C:42:QQ:XA:ZZ disabled=no ;

#map3
/interface wireless add name=mesh_static mac-address=0:0C:42:QQ:XD:ZZ ssid=mesh_static master-interface=wlan1 \
security-profile=secure hide-ssid=yes wds-mode=static-mesh wds-default-bridge=bridge1 disabled=no;
/interface wireless wds add name=main_ap master-interface=mesh_static wds-address=0:0C:42:QQ:XA:ZZ disabled=no ;
 
cdiggity
newbie
Posts: 31
Joined: Fri Oct 31, 2008 12:40 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Aug 22, 2009 1:59 am

WDS and WPA is working between two mikrotik routers.
First make sure that you have specified the correct security profile in the connect-list if you are using it.
Second, we recommend to use wds-mode=dynamic-mesh or static-mesh as it has better link establishemnt for WDS and with that WAP will work better. Note that those new WDS modes are not compatible with the old ones.
The solution to this problem was to use the SAME SSID on all the APs.

For the static/dynamic-mesh modes the same SSID must be used as noted in the wiki they don't support "WDS IGNORE SSID".

I have also found that static/dynamic WDS modes won't work with WPA unless the same SSID is used, regardless of the "WDS IGNORE SSID" checkbox.
 
cdiggity
newbie
Posts: 31
Joined: Fri Oct 31, 2008 12:40 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Jan 22, 2010 2:13 am

I've found that using dynamic-mesh for WDS with WPA encryption does 'work', but isn't useable: the links frequently reset with messages like "no beacons received" or "class 2 frame received (6)" even when there are no clients around to connect to the APs.

I've Changed some radios from AP-bridge to station-wds and the links do not reset for months. Of course now clients can't connect to those radios.

while it is possible to do WDS with WPA in theory, in practice it doesn't work well enough.

Thought I'd better post what I have discovered to save someone else 1.5 years of frustration.
 
pastranini
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Mon Nov 19, 2007 5:48 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jul 01, 2010 11:11 pm

HI i have the same problem.

If the link has not security the link works great.

Im using wpa2 and the link is good for 1 or 2 hours, but inmeadeatly falls down.

I use wep, wpa, and suddenly the log shows the message unicast key exchange timeout.

I am thinking to change the cards, I dont not how solve this problem.

Advicess ¡¡¡¡¡
 
thejinx
just joined
Posts: 13
Joined: Wed Jun 06, 2007 12:09 am

Re: BIG BUG- Unicast key exchange timeout

Sat May 07, 2011 2:37 pm

exact the same problem and no solution :(
 
User avatar
enk
Member Candidate
Member Candidate
Posts: 165
Joined: Fri Aug 17, 2007 8:59 am
Location: Russia
Contact:

Re: BIG BUG- Unicast key exchange timeout

Sun May 08, 2011 11:23 am

Sometimes "unicast key exchange timeout" happens when time is not synchronized between APs. Use NTP for this purpose.
 
thejinx
just joined
Posts: 13
Joined: Wed Jun 06, 2007 12:09 am

Re: BIG BUG- Unicast key exchange timeout

Wed May 11, 2011 2:34 pm

i try it and no way to get a better link

bridge --------- station perfect link, no AP
ap-bridge ------ station-wds work with encryption, need AP functions, 2-3 reconnects per week

ap-bridge ------ ap-bridge work with no encryption
ap-bridge ------ slave-wds failed to select channel, no link
ap-bridge ------ ap-bridge (WPA or WPA2) unicast key exchange timeout

singal at -70
CCQ 98-100%
it is definitly a ROS problem

is it not possible to get a working WDS with ap-bridge (WPA PSK) mode ?
 
kalamees
just joined
Posts: 3
Joined: Thu Aug 26, 2010 10:50 am

Re: BIG BUG- Unicast key exchange timeout

Mon Aug 22, 2011 12:14 pm

Same problem here. My only solution was to use mac autentification since our organisation is small but it is not working now. How to fix this???
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Aug 23, 2011 12:31 pm

Same problem here. My only solution was to use mac autentification since our organisation is small but it is not working now. How to fix this???
what problem exactly you have? What is your setup?
 
kalamees
just joined
Posts: 3
Joined: Thu Aug 26, 2010 10:50 am

Re: BIG BUG- Unicast key exchange timeout

Tue Aug 30, 2011 11:11 am

Some clients are able to connect but most of them can only connect through mac registration tables. We had couple of new computers coming and but now they cant connect even through registration table authentication. It says "unicast key exchange timeout" on router and invalid password on client. They are using intel 3945 wireless cards with tkip ciphers.

Any help would be greatly appreciated.


Posted my configuration here
0  R name="wlan1" mtu=1500 mac-address=00:0C:42:18:95:A7 arp=enabled 
      interface-type=Atheros AR5413 mode=ap-bridge ssid="EYL-2.4G" 
      frequency=2412 band=2.4ghz-b/g scan-list=default antenna-mode=ant-a 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=wpa compression=no
0 name="default" mode=none authentication-types="" unicast-ciphers="" 
   group-ciphers="" wpa-pre-shared-key="" wpa2-pre-shared-key="" 
   supplicant-identity="EYL-VS-01" eap-methods=passthrough 
   tls-mode=no-certificates tls-certificate=none static-algo-0=none 
   static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none 
   static-key-2="" static-algo-3=none static-key-3="" 
   static-transmit-key=key-0 static-sta-private-algo=none 
   static-sta-private-key="" radius-mac-authentication=no 
   radius-mac-accounting=no radius-eap-accounting=no interim-update=0s 
   radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username 
   radius-mac-caching=disabled group-key-update=5m 
   management-protection=disabled management-protection-key="" 

 1 name="wpa" mode=dynamic-keys authentication-types=wpa-psk,wpa2-psk 
   unicast-ciphers=tkip group-ciphers=tkip wpa-pre-shared-key="*******" 
   wpa2-pre-shared-key="********" supplicant-identity="EYL-VS-01" 
   tls-mode=no-certificates tls-certificate=none static-algo-0=none 
   static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none 
   static-key-2="" static-algo-3=none static-key-3="" 
   static-transmit-key=key-0 static-sta-private-algo=none 
   static-sta-private-key="" radius-mac-authentication=no 
   radius-mac-accounting=no radius-eap-accounting=no interim-update=0s 
   radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username 
   radius-mac-caching=disabled group-key-update=5m 
   management-protection=disabled management-protection-key="" 
 
User avatar
evert
Member Candidate
Member Candidate
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Re: BIG BUG- Unicast key exchange timeout

Tue Oct 25, 2011 3:05 pm

Same problem for me. Trying to connect a Netgear UNIVERSAL WIFI RANGE EXTENDER (WN3000RP), but am unable to, thanks to this 'feature'...

Please fix asap! 8)
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Oct 25, 2011 3:23 pm

try to switch to AES instead of TKIP.
 
User avatar
evert
Member Candidate
Member Candidate
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Re: BIG BUG- Unicast key exchange timeout

Tue Oct 25, 2011 3:58 pm

try to switch to AES instead of TKIP.
No luck. I have tried disabling tkip en enabling aes for both unicast & group ciphers, but i keep getting the same errors...
 
karentom
newbie
Posts: 34
Joined: Fri Dec 30, 2011 12:51 pm

Re: BIG BUG- Unicast key exchange timeout

Wed May 09, 2012 12:46 pm

I have same/similar issue?

Configuration: RB433 latest MTik 5.15 as AP and several wireless clients (win xp, win 7) are connected.
One of the clients - new DELL Latitude E5520 with WIFI Intel Centrino Advanced-N 6205 (win xp sp3, latest drivers, latest BIOS) randomly breaks wireless connection and MTik log says unicast key exchange timeout. Other clients seems ok.

MTik wireless configuration:
/interface wireless security-profiles
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm group-key-update=5m interim-update=0s management-protection=allowed mode=dynamic-keys name=xxx unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=XXXXXXXXXXX
I tried earlier mentioned "workaround" to disable tkip in group-ciphers and unicast-ciphers but problem still exists.
I also tried downgrade to 5.14 and it is slightly better situation because it happens less but it still exist

Is this BUG supposed to be solved in 5.15 or is it possible that this BUG still exist? Please help! It is a horrible problem to figure it out the solution or workaround!
 
karentom
newbie
Posts: 34
Joined: Fri Dec 30, 2011 12:51 pm

Re: BIG BUG- Unicast key exchange timeout

Thu May 10, 2012 9:26 am

I post here wireless, debug log and this is typical process of connection break which happens randomly: Here it is:
06:08:45 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected
06:20:27 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate
06:20:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: reassociating
06:20:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, ok
06:20:27 wireless,debug wlan1: XX:XX:XX:XX:XX:XX not in local ACL, by default accept
06:20:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected
06:20:32 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, unicast key exchange timeout
06:20:32 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate
06:20:32 wireless,debug wlan1: XX:XX:XX:XX:XX:XX not in local ACL, by default accept
06:20:32 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected
06:20:37 wireless,info XX:XX:XX:XX:XX:XX@wlan1: disconnected, unicast key exchange timeout
06:20:37 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate
06:20:37 wireless,debug wlan1: reject XX:XX:XX:XX:XX:XX, banned (last failure - unicast key exchange timeout)
06:20:37 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate
06:20:37 wireless,debug wlan1: reject XX:XX:XX:XX:XX:XX, banned (last failure - unicast key exchange timeout)
06:20:50 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate
06:20:50 wireless,debug wlan1: XX:XX:XX:XX:XX:XX not in local ACL, by default accept
06:20:50 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected
Can someone please give me a hint?
 
karentom
newbie
Posts: 34
Joined: Fri Dec 30, 2011 12:51 pm

Re: BIG BUG- Unicast key exchange timeout

Sat May 12, 2012 12:09 am

Anyone, please help. Any opinion is very appreciated! I am googling around and I have found lots of post about this error - log: unicast key exchange timeout, but no solutions - just one to disable TKIP but this does not work. Is there someone from MTik team or other experts that has some experiance with wifi random dropouts and this log in Mtik.
 
Takv2011
just joined
Posts: 8
Joined: Wed Nov 02, 2011 5:34 pm

Re: BIG BUG- Unicast key exchange timeout

Sun May 20, 2012 5:37 am

bump
 
didit7039
just joined
Posts: 7
Joined: Thu Apr 07, 2011 1:45 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Jul 17, 2012 8:15 am

Same issue in here. I already upgrade the version on my mikrotik (RB411UAHL) become version 5.18 but the error "unicast key exchange timeout" still occurred.
 
didit7039
just joined
Posts: 7
Joined: Thu Apr 07, 2011 1:45 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Jul 20, 2012 1:14 pm

Still facing same problem, even already upgrade again with the latest version 5.19 in RB411AR and RB411U.
Does any one can help?

Regards,
Last edited by didit7039 on Wed Aug 15, 2012 7:25 am, edited 2 times in total.
 
addictedtobass
just joined
Posts: 3
Joined: Mon Nov 27, 2006 4:36 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Jul 20, 2012 8:53 pm

I had same error ("disconnected, unicast key exchange timeout"), the problem was...Dune media player, which located near my MikroTIk router. When I switched Dune off, I connected to my RB/751G-2HnD successfully. So if you have this problem, try to power off all devices except MikroTik and your WiFi device.
 
didit7039
just joined
Posts: 7
Joined: Thu Apr 07, 2011 1:45 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Jul 30, 2012 9:30 am

But... There's no dune-hd near around the mikrotik. Do you have any other suggestion ?
Thx
 
User avatar
macsrwe
Forum Guru
Forum Guru
Posts: 1008
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: BIG BUG- Unicast key exchange timeout

Mon Jul 30, 2012 2:55 pm

I put up a new tower a couple weeks ago, and had this problem right off the bat. The problem turned out to be a sour radio card on the AP (in my case, a UBNT XP2). Apparently the crypto hardware went faulty. Replaced the card with a MikroTik radio and it's been smooth sailing since. Try replacing your radio card?
 
samsung172
Forum Guru
Forum Guru
Posts: 1193
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: BIG BUG- Unicast key exchange timeout

Mon Jul 30, 2012 9:47 pm

downgrade to 4.17 and turn off encryption. Problem solved.

Issue happend if some radio device not following correct standard in encryption. Seen this issue a lot in hotspots, where you newer know who is connecting.
 
didit7039
just joined
Posts: 7
Joined: Thu Apr 07, 2011 1:45 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Aug 13, 2012 11:50 am

Already monitor for 1 week (on RB411U and RB411AR) and yes... this issue were solved when we downgrade the firmware become v4.17.
Thx for the advice before ...

Regards,
 
leon84
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Dec 02, 2009 12:15 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Sep 07, 2012 3:45 pm

Hi to all,
I have your same problem. Is there a solution?
 
samsung172
Forum Guru
Forum Guru
Posts: 1193
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: BIG BUG- Unicast key exchange timeout

Sat Sep 15, 2012 8:57 pm

Dont use 5.X.
 
User avatar
kevigizmo
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Mon Dec 19, 2011 3:35 pm
Location: Norfolk, UK
Contact:

Re: BIG BUG- Unicast key exchange timeout

Mon Oct 22, 2012 8:26 pm

I had an issue today with the unicast key exchange time out,

after sifting through every conceivable wireless setting on my RB751G-2HnD using ROS v5.21 (as i was making some small changes to improve things), I found what the issue was..

this morning i added some more packages to my board, one of which was NTP package,

from reading parts of this post about NTP servers ect and not synchronizing i thought ill disable the NTP package i put on this morning.. Job Done! no more unicast timeouts :p

Kev
 
magnavox
Member
Member
Posts: 357
Joined: Thu Jun 14, 2007 1:03 pm

Re: BIG BUG- Unicast key exchange timeout

Wed Mar 27, 2013 10:50 pm

I have now this issue.
Release 5.24 (also 5.20).

Please help me :)
 
Rukicc
just joined
Posts: 2
Joined: Tue Feb 22, 2005 11:23 am

Re: BIG BUG- Unicast key exchange timeout

Fri Aug 16, 2013 7:24 pm

The same problem with RouterOS 6.1 and Windows XP, with Windows 7 as client all is ok.
NEW security profile created from GUI.
unicast key exchange timeout
Resolution:
Create copy of existing (default) security profile and then change password and other settings witch is needed. and all works.....
 
rmerch1
just joined
Posts: 1
Joined: Fri Oct 18, 2013 1:33 am

Re: BIG BUG- Unicast key exchange timeout

Fri Oct 18, 2013 3:52 am

The same problem with RouterOS 6.1 and Windows XP, with Windows 7 as client all is ok.
NEW security profile created from GUI.
unicast key exchange timeout
Resolution:
Create copy of existing (default) security profile and then change password and other settings witch is needed. and all works.....
What other settings did you have to change?
 
Rukicc
just joined
Posts: 2
Joined: Tue Feb 22, 2005 11:23 am

Re: BIG BUG- Unicast key exchange timeout

Sat Oct 19, 2013 4:02 pm

After creating a copy of default profile. Changed was only Password and profile name.
 
Amidamaru
just joined
Posts: 2
Joined: Thu Dec 05, 2013 8:26 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Dec 05, 2013 8:45 pm

double post..see below.
Last edited by Amidamaru on Mon Dec 09, 2013 10:36 am, edited 2 times in total.
 
Amidamaru
just joined
Posts: 2
Joined: Thu Dec 05, 2013 8:26 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Dec 05, 2013 8:50 pm

After creating a copy of default profile. Changed was only Password and profile name.
Nope. It doesn't worked this way either. I've updated my MikroTik 2011 wifi AP router with the latest OS, 6.7.

After 2 DAYS of hell I've finally discovered that the reported BUG of "unicast key exchange timeout" isn't not resolved and no matter what I've tried the WPA2 auth method simple doesn't work.

All my clients, Nexus tablets, Nexus phones, Android, etc have connected and then dropped off.

I've successfully make it works using WPA with AES option though. Overall isn't such a big deal because I can protect this router using other in place solutions as wifi access list.

BUT, come one MikroTik's tech guys, is such difficult to resolve this stupid BUG and make us happy? There are a lot of other low cost options which have this WPA2 option in place and most important, WORKING!!!

Thanks from a new MikroTik owner.
You do not have the required permissions to view the files attached to this post.
 
hwmonkey
Member Candidate
Member Candidate
Posts: 115
Joined: Wed Feb 08, 2012 9:50 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Dec 30, 2013 12:34 am

I am having the same problem on an RB2011 after updating from 6.5 to 6.7
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=none allow-sharedkey=\
    no antenna-gain=0 area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=\
    6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=\
    20/40mhz-ht-above compression=no country=no_country_set \
    default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=\
    0 default-forwarding=yes dfs-mode=none disable-running-check=no disabled=\
    no disconnect-timeout=3s distance=indoors frame-lifetime=0 frequency=2412 \
    frequency-mode=manual-txpower frequency-offset=0 hide-ssid=yes \
    ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
    ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
    ht-guard-interval=any ht-rxchains=0,1 ht-supported-mcs="mcs-0,mcs-1,mcs-2,\
    mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-\
    14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" \
    ht-txchains=0,1 hw-fragmentation-threshold=disabled hw-protection-mode=\
    none hw-protection-threshold=0 hw-retries=7 interworking-profile=disabled \
    l2mtu=2290 mac-address=D4:CA:6D:AA:AA:68 max-station-count=2007 mode=\
    ap-bridge mtu=1500 multicast-buffering=enabled multicast-helper=default \
    name=wlan noise-floor-threshold=default nv2-cell-radius=30 \
    nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
    nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
    periodic-calibration=default periodic-calibration-interval=60 \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\
    BEOT rate-selection=advanced rate-set=default scan-list=default \
    security-profile=default ssid=MikroTik \
    station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power=22 tx-power-mode=\
    all-rates-fixed update-stats-interval=disabled wds-cost-range=50-150 \
    wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=\
    disabled wireless-protocol=any wmm-support=disabled
add area="" arp=enabled bridge-mode=enabled comment=PASSWORD-wifi \
    default-ap-tx-limit=0 default-authentication=no default-client-tx-limit=0 \
    default-forwarding=yes disable-running-check=no disabled=no hide-ssid=no \
    interworking-profile=disabled l2mtu=2290 mac-address=D4:CA:6D:AA:AA:69 \
    master-interface=wlan max-station-count=2007 mtu=1500 \
    multicast-buffering=enabled multicast-helper=default name=wlan0_PASSWORD \
    proprietary-extensions=post-2.9.25 security-profile=default ssid=\
    ValidSSID update-stats-interval=disabled wds-cost-range=0 \
    wds-default-bridge=none wds-default-cost=0 wds-ignore-ssid=no wds-mode=\
    disabled wmm-support=disabled

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods=\
    passthrough group-ciphers=aes-ccm group-key-update=5m interim-update=0s \
    management-protection=disabled management-protection-key="" mode=\
    dynamic-keys mschapv2-password="" mschapv2-username="" name=default \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
    none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=\
    "PASSWORD\?" wpa2-pre-shared-key="PASSWORD\?"
You do not have the required permissions to view the files attached to this post.
 
alexjhart
Member Candidate
Member Candidate
Posts: 198
Joined: Thu Jan 20, 2011 8:03 pm

Re: BIG BUG- Unicast key exchange timeout

Wed Jan 15, 2014 5:56 pm

By chance, are you guys (v6.7) using spaces or dashes in your WPA/2 key? I am and found that removing those (at least on a VirtualAP) allowed me to connect with the devices having trouble.
 
rhurst
just joined
Posts: 4
Joined: Fri Jan 18, 2013 11:15 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jan 16, 2014 3:26 am

I had the same issue two things that fixed it for me.

one run NTP and sync ap and clients. problem gone.

The other make sure you copy the default security profile and then edit it don't just create a new one. fixed problem with or without Ntp getting synced at least for me.. good luck.

Also not all clients seem to be affected with this issue before the fixes. My dell laptop would never see this but my wife's lenovo would spam the log full of this error before I fixed it.
 
logg
just joined
Posts: 7
Joined: Thu Jan 16, 2014 12:23 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Mar 27, 2014 12:49 pm

hi, i have same problem
hw metal 5shpn
it is impossible to have a similar problem and no one is interested to solve it.
I have to think again about the professionalism of mikrotik and its products?
 
User avatar
vipnet
newbie
Posts: 26
Joined: Sat Jul 20, 2013 9:27 pm
Location: Brazil

Re: BIG BUG- Unicast key exchange timeout

Fri May 30, 2014 3:48 pm

I have same problem

RV 6.13 RB951G-2HnD
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26823
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: BIG BUG- Unicast key exchange timeout

Fri May 30, 2014 4:02 pm

it is not a bug, this error means that your wireless link is not good quality, and enctypted link could not be established.
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jun 12, 2014 1:40 pm

how do i solve this as i have 20 desktops attached to a RB-SXT ( Desktops are of different brands with different NIC's )

and all clients keep getting disconnected ..... it is running ROS 6.11

please help at earliest....
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Jun 12, 2014 2:20 pm

please upgrade the RouterOS to v6.14 and try out the wireless-fp package.
Also we would recommend to reset the wireless configuration and reconfigure only the settings you need.
 
User avatar
koolandrew
newbie
Posts: 29
Joined: Tue Dec 06, 2011 7:20 pm
Location: Toronto
Contact:

Re: BIG BUG- Unicast key exchange timeout

Tue Jun 24, 2014 5:05 pm

This is crazy. I have upgraded to 6.15 and this bug still exists. I cannot connect with an android device, even when i put the MAC address in the access list.

It just started happening with v 6.13 and now it cannot connect.

Mikrotik, i have followed this thread and it has gone on for about six years. You really need to take this seriously, as it doesnt appear that you have.

I have other wireless issues with Mikrotik and now this!
 
mveloso
just joined
Posts: 1
Joined: Thu Jul 03, 2014 5:34 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jul 03, 2014 5:47 am

RESOLVED:

In our case, we were using MAC Address as Username and at the radreply some MAC Addresses were in lowercase, and at radcheck the same MAC Addresses wer in Uppercase.

This difference made Radius not send a complete radius reply message, so MK disconnected and then reject and banned those MAC Addresses.

We've solved this problem after migrating from MySQL to PostgreSQL. Apparently our MySQL was not differentiating lowercase from uppercase.

I hope this may help you.
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jul 10, 2014 5:13 am

we are talking of simple AP<-->Client connectivity. its nothing to do with databases etc.

i am now on 6.15 and still the same problem. using AES as security standard.

SXT is the AP and around 20 Windows desktops and laptops. even the ping gives a "Request time out" after every 10 to 15 pings.
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jul 10, 2014 5:16 am

ok...now i have tried increasing the Group Key Exchange Timeout to ' 01:00:00 '

don't know how much will this help but atleast it has stopped disconnecting frequently....

.
 
samsung172
Forum Guru
Forum Guru
Posts: 1193
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: BIG BUG- Unicast key exchange timeout

Fri Jul 11, 2014 3:27 am

it is not a bug, this error means that your wireless link is not good quality, and enctypted link could not be established.
Well - Why do you see this about 90% more often With random Devices Connected - and never mikrotik - mikrotik? This is related to encryption in ros - and random Device connecting. Solution - Turn off encryption or change to WEP (at least better) Also old 4.17 have less issues than 5.x and 6.x. Signal might trigger some - But this is also seen in good signal enviroments.
 
LordBinary
just joined
Posts: 5
Joined: Wed Jan 19, 2011 12:44 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Sep 23, 2014 11:07 am

Set Band to B/G only
 
berker
just joined
Posts: 1
Joined: Tue Dec 23, 2014 2:23 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Dec 23, 2014 2:26 pm

SOLVED:

The problem just about with NTP.
Make all devices NTP client address same and lean back. :)
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jun 11, 2015 2:14 pm

SOLVED:

The problem just about with NTP.
Make all devices NTP client address same and lean back. :)
how do you do that with Windows clients connecting to RB-SXT
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Tue Jun 30, 2015 6:12 pm

somebody from Mikrotik please address this... as this issue is still existing and causing me loose clients....

lost almost 3 till now... i would appreciate if Mikrotik could give a firm solution at earliest...

all devices running ROS Ver 6.27
 
dmitriyt
just joined
Posts: 5
Joined: Thu Aug 27, 2015 2:06 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Aug 27, 2015 2:23 pm

I have a RB2011-UiAS-2HnD @ ROS 6.31.
It is 2 wireless interfaces configured: wlan1 (real one) and VirtualAP (for guests), both WPA2-PSK with AES. All things was OK until yesterday, when I've decided to add ACL MAC authentication for the main AP. After that it is became impossible to connect from any guest devices, including those ones who works earlier flawlessly. "...unicast key exchange timeout..." starts to appear in the Log.
I've checked a lots of things, including mentioned earlier in this thread, but without success.
But is seems that I've found workaround (at least for my case)!
Password for the VirtualAP was like "XXXX-XXXX", i.e. contained "-" sign. When I've changed password to just "XXXXXXXX" bug mysteriously disappeared. I've checked several times switching keys back and forth between "XXXX-XXXX" and "XXXXXXXX" , and it seems that at least in my case "-" is the source of the problem.
Interestingly, that the key for the wlan1 (real one) remains with a lots of special symbols (including "-") and works well.
 
jp88
just joined
Posts: 1
Joined: Sat Sep 05, 2015 3:31 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Sep 05, 2015 3:54 pm

I had 951G-2HnD running on ROS v6.31 when wifi suddenly stopped working on all devices - Android phones + Panasonic TV with following records in log:
Sep/05/2015 14:16:35 wireless,info ...@wlan1: connected
Sep/05/2015 14:16:40 wireless,info ...@wlan1: disconnected, unicast key exchange timeout
I did upgrade to v6.33, stop NPT completely, etc. and nothing helped. Then I just re-typed my pre-shared key and devices were able to authenticate.

It is weird as everything was working fine and then suddenly devices were not able to authenticate. It looked like the key was suddenly lost because I was not able to show it when I unchecked "Hide Passwords" check box in winbox. Once I re-typed the key and devices were able to connect I was also able to see the key with unchecked "Hide Passwords" option.
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Thu Sep 10, 2015 9:22 am

i am harassed by that problem everyday and no help from Mikrotik till date... :( :(
 
angboontiong
Forum Guru
Forum Guru
Posts: 1136
Joined: Fri Jan 16, 2009 9:59 am

Re: BIG BUG- Unicast key exchange timeout

Wed Sep 23, 2015 1:15 pm

Is there any solution for this ???
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

BIG BUG- Unicast key exchange timeout

Wed Sep 23, 2015 2:13 pm

Try to disable management protection if enabled and set group key update interval to 1hour. Use wpa2 psk aes only. Then check if it is better. If not check the link quality with problematic client.
 
Chinezupwnz
just joined
Posts: 18
Joined: Thu Sep 03, 2015 3:01 pm

Re: BIG BUG- Unicast key exchange timeout

Wed Sep 23, 2015 4:36 pm

workaround- just go to DHCP settings and put a longer lease time (not the default 5 minutes)
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Fri Oct 16, 2015 6:52 am

workaround- just go to DHCP settings and put a longer lease time (not the default 5 minutes)
this happens without DHCP too.... so there is no actual way out....
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3099
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: BIG BUG- Unicast key exchange timeout

Fri Oct 16, 2015 7:37 am

I had 951G-2HnD running on ROS v6.31 when wifi suddenly stopped working on all devices - Android phones + Panasonic TV with following records in log:
Sep/05/2015 14:16:35 wireless,info ...@wlan1: connected
Sep/05/2015 14:16:40 wireless,info ...@wlan1: disconnected, unicast key exchange timeout
I did upgrade to v6.33, stop NPT completely, etc. and nothing helped. Then I just re-typed my pre-shared key and devices were able to authenticate.

It is weird as everything was working fine and then suddenly devices were not able to authenticate. It looked like the key was suddenly lost because I was not able to show it when I unchecked "Hide Passwords" check box in winbox. Once I re-typed the key and devices were able to connect I was also able to see the key with unchecked "Hide Passwords" option.

happened to me six months ago, but not any more im on 6.30.4
 
BlackCat
just joined
Posts: 1
Joined: Thu Oct 22, 2015 6:43 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Oct 22, 2015 6:47 pm

Same happening for me with mobile devices connected to RB2011UiAS-2HnD-IN ( ROS v. 6.33rc30 )

Are there any workarounds for this?
 
Chinezupwnz
just joined
Posts: 18
Joined: Thu Sep 03, 2015 3:01 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Nov 12, 2015 3:22 pm

workaround- just go to DHCP settings and put a longer lease time (not the default 5 minutes)
this happens without DHCP too.... so there is no actual way out....

Ok it seems latest version brought it back.... i don't know what to do now.
 
User avatar
jfrater
newbie
Posts: 30
Joined: Fri Jun 08, 2007 9:05 pm
Location: Costa Rica
Contact:

Re: BIG BUG- Unicast key exchange timeout

Sat Nov 14, 2015 3:37 am

This happened to me today with an antenna running 6.31.

Since 6.31 has the password bug (where it literally changes passwords to asterisks) I had to change my password on the AP to "**********" let the client connect, do the upgrade to 6.33 and only then change the passwords back.

Just in case this happens to someone else...
 
Chinezupwnz
just joined
Posts: 18
Joined: Thu Sep 03, 2015 3:01 pm

Re: BIG BUG- Unicast key exchange timeout

Mon Nov 16, 2015 5:13 pm

I want to mention this send death, happens just on iphone (2 iphone 5s with different IOS versions and 1 iphone 4 with lower version of IOS). The thing is that it happens a lot more on the never iphones than on the older.

I have connected other devices with android, ps4 wi-fi laptops, and it doesn't happen.


If someone has another idea what else we can do.
 
Chinezupwnz
just joined
Posts: 18
Joined: Thu Sep 03, 2015 3:01 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Nov 19, 2015 12:22 pm

Please help :)
 
Chinezupwnz
just joined
Posts: 18
Joined: Thu Sep 03, 2015 3:01 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Nov 27, 2015 10:11 am

I'm sorry that i'm spamming, but what should we do ? (everyday i'm looking and its at least 5-6 people that are watching this topic)
Open a ticket to support ?



LE: seems 6.33.1 fixed the issue.
 
slavisar
just joined
Posts: 7
Joined: Mon Nov 30, 2015 9:38 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Dec 01, 2015 2:56 am

Since 6.33.1 I have lost wpa2 capability. Devices affected are GrooveA 5HPn, SXT G-2HnD and RB2011UiAS-2HnD-IN.
When establishing wpa2 connection, AP log says "unicast keys exchange timeout", then connection drops.
If connection is set unencrypted, everything works ok. I have also tried PTP bridge configuration, but no luck.
I also have tried to downgrade to earlier versions of routeros, but wpa2 still does not work (???).
 
ivanluiz
just joined
Posts: 2
Joined: Thu Oct 08, 2015 1:01 am

Re: BIG BUG- Unicast key exchange timeout

Mon Dec 14, 2015 4:54 pm

it is not a bug, this error means that your wireless link is not good quality, and enctypted link could not be established.
Normis, I am using the new mikrotik hAP AC and the same error is happening. Even with clients to five meters from the AP.
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Tue Dec 15, 2015 11:27 am

i still have not figured out how to solve the problem. i am not able to sell any more AP due to this issue.

can anyone from Mikrotik seriously look into this.
 
User avatar
RowdyDog
just joined
Posts: 1
Joined: Sat Dec 12, 2015 3:53 am

Re: BIG BUG- Unicast key exchange timeout

Sun Dec 27, 2015 8:40 pm

This age of this issue is 5 years! Is there no response from MikroTik?
 
djidji77
just joined
Posts: 1
Joined: Sat Jan 02, 2016 5:03 am

Re: BIG BUG- Unicast key exchange timeout

Sat Jan 02, 2016 5:06 am

the only solution is to put all **** for password???!! Mikrotik, WTF??? I mean, seriously??
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Mon Jan 04, 2016 11:52 am

the only solution is to put all **** for password???!! Mikrotik, WTF??? I mean, seriously??
really???? :shock:
 
akosenko
newbie
Posts: 48
Joined: Fri Aug 21, 2009 8:56 am
Location: Lipetsk, Russia

Re: BIG BUG- Unicast key exchange timeout

Sat Jan 30, 2016 1:40 pm

I confirm this problem too. I get this problem if I use wireless-fp-xxxx-mipsbe.npk or wireless-cm2-xxxx-mipsbe.npk packages in any wireless ap mode (b, b/g, b/g/n). If I use package wireless-xxxx-mipsbe.npk only in b/g ap mode then wpa/wpa2 working fine without any "Unicast key exchange timeout" error. I think problem in these packages wireless-fp-xxxx-mipsbe.npk, wireless-cm2-xxxx-mipsbe.npk. Mikrotik team do you have any comments about my theory?
 
User avatar
Plnt
just joined
Posts: 10
Joined: Thu Jul 16, 2015 2:27 pm
Contact:

Re: BIG BUG- Unicast key exchange timeout

Fri Feb 26, 2016 12:38 pm

it is not a bug, this error means that your wireless link is not good quality, and enctypted link could not be established.
Normis, I am using the new mikrotik hAP AC and the same error is happening. Even with clients to five meters from the AP.
I have the same problem with hAP ac which I installed just few days ago. It's happening only on the 2.4GHz wlan, 5GHz wlan is working fine. I had hAP lite before on the same place with the same configuration and clients. It was working fine without this issue.
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Fri Feb 26, 2016 1:32 pm

The issue seems to have flared up since the last update and I am wondering why is Mikrotik so damn quiet on this still?? :shock:
 
User avatar
Plnt
just joined
Posts: 10
Joined: Thu Jul 16, 2015 2:27 pm
Contact:

Re: BIG BUG- Unicast key exchange timeout

Fri Feb 26, 2016 6:54 pm

it is not a bug, this error means that your wireless link is not good quality, and enctypted link could not be established.
Normis, I am using the new mikrotik hAP AC and the same error is happening. Even with clients to five meters from the AP.
I have the same problem with hAP ac which I installed just few days ago. It's happening only on the 2.4GHz wlan, 5GHz wlan is working fine. I had hAP lite before on the same place with the same configuration and clients. It was working fine without this issue.
I tried couple of changes in configuration of hAP ac and I think I found a workaround. If I disable wireless-cm2 package and enable wireless-fp instead everything seems to work fine. I'm running RouterOS 6.34.2. I'm not completely sure if this can be related but so far it looks good. I'll report results after few days.

Update 02/03/2016: I upgraded to the latest 6.35rc15 RC version of RouterOS and switched to wireless-rep driver. It still happens from time to time but it's much better than with RouterOS 6.34.2. It seems that the problem is probably caused by worser sensitivity of the 2.4GHz radio in hAP ac in comparison with hAP lite. Also I can't say for sure that upgrade fixed the issue or there was some strong interference during the time I was running RouterOS 6.34.2.
 
User avatar
sszbv
Trainer
Trainer
Posts: 11
Joined: Sun Oct 07, 2012 11:47 am
Contact:

Re: BIG BUG- Unicast key exchange timeout

Wed Mar 23, 2016 10:24 am

On a RB411 with 6.34.2 I get this error (unicast key exchange timeout) with a Microsoft Lumia 650 and a Microsoft Surface Pro 3.
This started happening after I switched to the wireless-cm2 package and after a big Windows 10 update. So it's unclear if this has to do with RouterOS or with Windows 10.
It usually happens when the phone or the tablet wakes from sleep. The tablet restores the connection after a while, but the phone never restores the connection. Only after a reboot it will work again.
It only happens with the Windows 10 devices, no problems with iOS or Android.

Does anyone else experience this error?
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Thu Mar 24, 2016 3:56 am

i am really bothered about this problem... it's started cropping up very very very frequently now....

just before this post all the 15 computers connected to the RB-SXT2 were disconnected and now had to be manually connected.

sent a SUPOUT file to Mikrotik but they have not bothered to reply... it's been almost more than a month.

:-(
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1347
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: BIG BUG- Unicast key exchange timeout

Thu Mar 24, 2016 5:44 am

Has anyone tried changing to 5Ghz to see if the issues still occur there? It maybe interference.
 
drazovic
just joined
Posts: 1
Joined: Fri Mar 11, 2016 12:43 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Mar 29, 2016 12:27 pm

This bug make me crazy...
Maybe problem can be too many wireless clients around router...so I tried to put freq which are less used...but without hope, tried all versions of RouterOS - no hope, tried to change encryption from WPA2-AES to WPA-TKIP - no hope, tried to remove MAC filtering - no hope, tried with NTP changes - no hope...
There are many firmware updates, but there is still no fix for this killing-bug. Do someone from Mikrotik support guys reading this 6y old topic???

How can we contact support officially about this problem?
 
cameronhall
just joined
Posts: 11
Joined: Mon Apr 18, 2016 11:59 am

Re: BIG BUG- Unicast key exchange timeout

Mon Apr 18, 2016 12:12 pm

Is anyone else still having this issue? I'm getting Unicast key exchange timeouts at least once a day on my hap ac (6.34)
I've increased the group key update time but I still get disconnected.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1347
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: BIG BUG- Unicast key exchange timeout

Mon Apr 18, 2016 7:19 pm

Is anyone else still having this issue? I'm getting Unicast key exchange timeouts at least once a day on my hap ac (6.34)
I've increased the group key update time but I still get disconnected.
2.4Ghz or on the 5Ghz channels?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3099
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: BIG BUG- Unicast key exchange timeout

Mon Apr 18, 2016 8:43 pm

i want to report 6 months without the issue on rb951g and rb951ui actually i am on ros 6.34 and wireless-fp and cm2 packages
 
macak91
just joined
Posts: 11
Joined: Sat Jan 17, 2015 7:32 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Apr 22, 2016 8:48 pm

Hello,

I also have the same problem...it seems it started with the last upgrade (a few days ago).

I am connected to an AP, browsing the web and then suddenly I loose connection. I am using WPA2 AES, AP is 951G-2HnD. I tried solutions with copying default profile, reseting wireless configuration, lowering power, but the problem exists.

When I get disconnected I sometimes get the "Group key exchage timeout", but mostly "disconnected, received disassod: sending station leaving (8). With this SSID this is the only AP, so the notebook has nowhere to "switch".

Is this a bug or what Mikrotik? This thread is old, but the problem is still occuring. What now?
 
cameronhall
just joined
Posts: 11
Joined: Mon Apr 18, 2016 11:59 am

Re: BIG BUG- Unicast key exchange timeout

Sun Apr 24, 2016 3:30 am

Is anyone else still having this issue? I'm getting Unicast key exchange timeouts at least once a day on my hap ac (6.34)
I've increased the group key update time but I still get disconnected.
2.4Ghz or on the 5Ghz channels?
Only on the 2.4Ghz Channel, the 5hgz is running in station mode
 
pejot
just joined
Posts: 3
Joined: Mon Mar 02, 2015 4:04 pm

Re: BIG BUG- Unicast key exchange timeout

Mon May 16, 2016 12:52 pm

On 6.35.2 same error
F/W: 3.27
RouterBOARD 952Ui-5ac2nD
 
Gandalf56
just joined
Posts: 1
Joined: Sun May 22, 2016 10:41 pm

Re: BIG BUG- Unicast key exchange timeout

Sun May 22, 2016 11:17 pm

Hello Community,

i also got this Unicast key exchange timeout error about every 30 minutes and tried many things but finally found a SOLUTION, verified it, its also reproducible.

My Configuration:
3 WIFI-Devices (Laptop, Android Tablet, Smartphone) connecting sometimes to "WIFI-Network1" and sometimes to "WIFI-Network2"

i got this error on both Routerboards with all connected devices.

WIFI1: Routerboard:RB951G-2HnD, Firmware 3.33, installed Version: 6.35.2, wireless-fp Package
WIFI2: Routerboard 962UiGS-5HacT2HnT (hAP ac), Firmware 3.31, installed Version: 6.35.2, wireless-cm2 Package

Security Profile Settings on Both Routers: WPA2 PSK AES ONLY, Ciphers: aes ccm ONLY and different WPA2 Pre-Shared Keys, all other settings at Standard, no Connect List and no Access List in use.

WIFI-Config Routerboard:RB951G-2HnD:
ap bridge, Band: 2GHz-B/G/N, 2447 MHz, Channel Width: 20/40MHz Ce, no Radio Name, unique SSID hidden, all other settings Standard, ARP Enabled

WIFI-Config Routerboard 962UiGS-5HacT2HnT (hAP ac):
ap bridge, Band: 2GHz-only-N, 2452 MHz, Channel Width: 20/40MHz Ce, no Radio Name, unique SSID hidden, all other settings Standard, ARP Enabled


First i have to say that i exported the config from my RB951G and imported it to the hAP ac and noticed that the MAC-Addresses of all Interfaces also has been exported and imported into the new RouterBoard Config.

###############

1.So first check your Interfaces if you have a similar situation like me described above, reset the MAC Address, and maybe create a new Bridge Interface because this MAC cannot be resetted.

2. Then check your Packages
Open Winbox, go to System -> Packages -> Check Installation of wireless-cm2 Package/wireless-fp Package - sometimes this Update fails (for my RB951 for example 2 times), then download it manually from mikrotik website and install it again.

3. But the real solution for me was to change the Wireless INTERFACE Name, in my config both was only named "WLAN".
After this Change restart of the Wireless Interfaces is needed too.

Changing both names to an unique Interface Name solved the "Unicast key exchange timeout error" for me.

In this way i also changed all other Interface Names to unique ones.

Maybe this helps you out, try it ;)
@Mikrotik: please check if this is a bug or feature

############Update: I made some Test just for the sake: ############
changed Frequency on both Routerboards to 2412 MHz

now i have a stable WIFI-Connection since 11 hours in fully crowded 2412 MHz Network with 8 other Stations near me and both Routerboards 20cm away from each other, 2 clients connected.

I also tried to reproduce this problem again, now after changing back both Interface names back to "WLAN" error no longer appeared, also stable Connection since 1 hour.
 
veranson
just joined
Posts: 8
Joined: Wed Oct 26, 2011 5:44 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Jun 18, 2016 10:53 pm

nothing helps. Worth PSK2 with aes

Do not are working some devices such as the Samsung tablet. In an open network, all devices are connected and working
 
LaZyLion
newbie
Posts: 32
Joined: Fri May 09, 2014 10:27 am

Re: BIG BUG- Unicast key exchange timeout

Sun Jul 31, 2016 10:16 pm

Hi all

I'm adding my two cents to the issue as well. This is now July 31 of 2016.
Eight years of an ongoing issue! oh well.

I'm using ROS 6.36 on all devices involved.

Devices are in AP Bridge mode, same SSID, same AES WPA2 key
All set up by script so no typo's.

The devices connect and work great for a couple hours, then just they disconnect and won't reconnect without divine intervention.

This happens both in the field and in my home lab (aka the living room).


I'm trying a work around a good friend of mine suggested:

The master device should be AP-Bridge mode, but the nodes should be in WDS-Slave mode.
I don't know what the actual difference is between the two but.....

I have let this run and it seems to be stable as long as I don't touch anything. 

On the Master (which is connected to my modem):
/interface wireless
set [ find default-name=wlan1 ] name="WiFi-Link(main)" ssid="Link" mode=ap-bridge \ 
security-profile=Link  frequency=2452  distance=dynamic  hide-ssid=no \ 
preamble-mode=both allow-sharedkey=yes wps-mode=disabled allow-sharedkey=yes disabled=no \
wds-default-bridge=bridge wds-mode=dynamic ;
On the Node (which the computers usually connect to):
/interface wireless
set [ find default-name=wlan1 ] name="WiFi-Link(main)" ssid="Link" mode=wds-slave \ 
security-profile=Link frequency=2452 distance=dynamic hide-ssid=no \ 
preamble-mode=both allow-sharedkey=yes wps-mode=disabled allow-sharedkey=yes disabled=no \
wds-default-bridge=bridge wds-mode=dynamic ;
You can see that the only difference between the two commands is the mode=

A couple Notes:

These are the settings I had to use to make it work.  Whenever I'm testing setups I like to mess around and break things
until I know what is actually needed and what is trivial. All these seem to be needed as of this posting. 
I may edit this post down the road as I learn more. Please feel free to contribute what you find.

On the master you can use a virtual-ap for the link, but on the node I had to use the main radio.
I can then add a virtual-ap on the node so that the laptops connect to a different ssid with a different wpa2 key

The security profile is just a standard wpa2 setup. Nothing special.

I'm using wds-mode=dynamic but you can use wds-mode=static if you know the mac addresses of the devices. 
I've played briefly with dynamic-mesh but didn't notice any difference.


6.36 appears to have introduced WPS and I'm not having it!!!!!
But in my case, none of my equipment has a button or is publicly accessible. 

Hope this helps.

Roy
 
aios
just joined
Posts: 2
Joined: Thu Jan 08, 2015 11:18 pm

Re: BIG BUG- Unicast key exchange timeout

Wed Aug 03, 2016 5:44 pm

Hi everyone!

Yeah, after years of using Mikrotik routers now I experience issue that I can't resolve.

We bought RB951G-2HnD router (ROS 6.33) and set up it with default configuration. It worked good (with some rare drops) but suddenly WiFi started to drop connections more often. At first few times in a day and now it's so often that work is impossible. Sometimes it's about 5 times in 30 minutes.

Log shows - Unicast key exchange timeout, read all forum and tried countless suggested solutions but none of them works. Really want to throw router in a trash.
Is it possible that this is caused by large interference (~60 devices around)?

Configuration at the moment.
 0  R name="wifi" mtu=1500 mac-address=xx:xx:xx:xx:xx:xx arp=enabled interface-type=Atheros AR9300 mode=ap-bridge 
      ssid="xxxxxxxx" frequency=2467 band=2ghz-b/g/n channel-width=20/40mhz-Ce scan-list=default 
      wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 wds-mode=static-mesh wds-default-bridge=none wds-ignore-ssid=no 
      bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 
      hide-ssid=no security-profile=default compression=no 
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: BIG BUG- Unicast key exchange timeout

Thu Aug 04, 2016 8:50 am

Update to latest stable and change the group key timeout from 5 minutes to 1hour. If you already have not tried it. Maybe it helps. Use wireless rep package.
 
volkirik
Member Candidate
Member Candidate
Posts: 212
Joined: Sat Jul 23, 2016 2:03 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Aug 05, 2016 1:02 pm

change the group key update time from 5 minutes to 1 hour.
Last edited by volkirik on Fri Jul 14, 2017 9:21 am, edited 7 times in total.
 
axelf
just joined
Posts: 1
Joined: Wed Aug 31, 2016 7:25 pm

Re: BIG BUG- Unicast key exchange timeout

Wed Aug 31, 2016 7:39 pm

It's weird, but it helps WiFi password change. It is necessary to change the pattern of symbols in the password and use the symbol "#".
I use letters, numbers and "#".
 
tano
just joined
Posts: 3
Joined: Sat Sep 17, 2016 10:12 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Sep 17, 2016 10:29 pm

Hello,

I have the same issue on a Mikrotik RB951G-2HnD ( FW 6.36.3 ) in a single AP home configuration .

All my devices can connect to the wireless network, except two host ( a raspberrypi running librelec and a alienware m11x R1 laptop ) even when they're roughly 3m far from the AP .
I've followed the tips in the previous posts ( changing the frequency \ security profile \ ... ) with no go .
 
PavelJ
just joined
Posts: 3
Joined: Sun May 31, 2015 4:23 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Feb 18, 2017 5:42 pm

Hello,

I have the same issue on a Mikrotik RB951G-2HnD ( FW 6.36.3 ) in a single AP home configuration .

All my devices can connect to the wireless network, except two host ( a raspberrypi running librelec and a alienware m11x R1 laptop ) even when they're roughly 3m far from the AP .
I've followed the tips in the previous posts ( changing the frequency \ security profile \ ... ) with no go .
Hi, I now resolved an issue with old laptop running Win10, which started refusing connection to my Mikrotik hAP ac (2,4GHz wifi), probably after modifiing Mikrotik's configuration. Restart of laptop didn't help. All other devices are connected without problem.

Mikrotik log when trying to connect this laptop:
13:21:25 ... wlan1: connected
13:21:30 ... wlan1: disconnected, unicast key exchange timeout
13:21:30 ... wlan1: connected
13:21:35 ... wlan1: disconnected, unicast key exchange timeout
13:22:03 ... wlan1: connected
13:22:08 ... wlan1: disconnected, recieved deauth: unspecified (1)

Resolution:
In Win10 changed WiFi configuration in Device manager -> WiFi adapter-> Properties -> Advanced (enabled WMM and mixed mode protection) = laptop connected to WiFi. Then I disabled both functions again, and WiFi connection is still working. :) Think, that would also help changing any other value - there was probably need to rewrite wifi settings only.

PavelJ
 
User avatar
колбаскин
newbie
Posts: 40
Joined: Tue Mar 29, 2016 6:36 pm
Location: Ukraine Zaporozhye
Contact:

Re: BIG BUG- Unicast key exchange timeout

Tue Mar 21, 2017 12:05 pm

Same issue with WPA2 PSK and iphone
Try:
Disable WDS Mode
Check WDS Ignore SSID
Change Group Key Update to 30min

10:50:39 wireless,info 78:C3:E9:E6:7B:4A@neonmobile: connected
10:52:05 wireless,info E0:2C:B2:7A:1F:F8@neonmobile: connected
10:52:11 wireless,info E0:2C:B2:7A:1F:F8@neonmobile: disconnected, unicast key exchange timeout
10:52:12 wireless,info E0:2C:B2:7A:1F:F8@neonmobile: connected
10:52:17 wireless,info E0:2C:B2:7A:1F:F8@neonmobile: disconnected, unicast key exchange timeout
10:53:05 wireless,info EC:1F:72:BD:C3:E0@neonmobile: connected
10:53:10 wireless,info EC:1F:72:BD:C3:E0@neonmobile: disconnected, unicast key exchange timeout
10:53:26 wireless,info E0:2C:B2:7A:1F:F8@neonmobile: connected
10:53:31 wireless,info E0:2C:B2:7A:1F:F8@neonmobile: disconnected, unicast key exchange timeout
10:53:43 wireless,info E0:2C:B2:7A:1F:F8@neonmobile: connected
10:53:48 wireless,info E0:2C:B2:7A:1F:F8@neonmobile: disconnected, unicast key exchange timeout

What need to do?
 
beamzer
just joined
Posts: 2
Joined: Sat Jan 21, 2017 9:54 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Mar 25, 2017 3:23 pm

I had the same problem on a raspberry pi with a certain wifi usb adapter,
when i change the for other types, the worked, so i assume for me it's something
in the driver (r8712u) which doesn't work well with Mikrotik.
I did not have these problems on my previous access point (different brand).
 
Alwest
just joined
Posts: 4
Joined: Sun Jan 29, 2017 4:24 pm

Re: BIG BUG- Unicast key exchange timeout

Mon May 22, 2017 3:50 pm

I had the same issue ("disconnected, unicast key exchange timeout") on ROS 38.5. I fixed it with decreasing HW-retries parameter to 4.
Maybe it wil help somebody)
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Fri Jun 30, 2017 5:29 am

till date i am faced with this draconian issue of Unicast timeout disconnecting all the clients on the wireless network.... the frequency is far too much to handle. clients are just chucking out the systems...

wonder if i should continue to sell mikrotik wifi products....
mikrotik_error.png
You do not have the required permissions to view the files attached to this post.
 
Stril
Member Candidate
Member Candidate
Posts: 204
Joined: Fri Nov 12, 2010 7:18 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Sep 22, 2017 8:39 am

Hi!

I had that problem, too, yesterday.

The reason was a short WPA2-key. Changing it to a longer key solved the problem for me.

Regards,
Stril
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1650
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: BIG BUG- Unicast key exchange timeout

Fri Sep 22, 2017 9:19 am

Stril - What was the length of original key? Minimums key length is 8 symbols and key length should not affect this (exchange timeout) in any way.
 
fmikker
just joined
Posts: 2
Joined: Tue Oct 17, 2017 11:00 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Oct 17, 2017 11:13 pm

The same issue appeared in my Routerboard 2011 RB after upgrading to RouterOS v6.40.4 (stable).
Don't know if it is related, but I haven't noticed it in the logs before.
58:F8:D1:6D:17@wlan1: disconnected, unicast key exchange timeout
58:F8:D1:6D:17@wlan1: connected
-	deassigned 192.168.88.18 from 2C:59:8A:62:9C:BA
59:8A:62:9C:BA@wlan1: connected
-	assigned 192.168.1.12 to 2C:59:8A:62:9C:BA
58:F8:D1:6D:17@wlan1: disconnected, unicast key exchange timeout
58:F8:D1:6D:17@wlan1: connected
58:F8:D1:6D:17@wlan1: disconnected, unicast key exchange timeout
58:F8:D1:6D:17@wlan1: connected
58:F8:D1:6D:17@wlan1: disconnected, unicast key exchange timeout
58:F8:D1:6D:17@wlan1: connected
58:F8:D1:6D:17@wlan1: disconnected, unicast key exchange timeout
58:F8:D1:6D:17@wlan1: connected
58:F8:D1:6D:17@wlan1: disconnected, unicast key exchange timeout

 
marianob85
just joined
Posts: 20
Joined: Wed Feb 08, 2017 9:47 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Nov 03, 2017 11:16 pm

Have the same today when trying connect RaspberryPi3 with Windows 10 IoT :/

aAP ac, 6.40.4

Anyone know solution for this ?
disconnected, unicast key exchange timeout
 
cantanko
newbie
Posts: 39
Joined: Mon Apr 05, 2010 12:53 am

Re: BIG BUG- Unicast key exchange timeout

Thu Nov 09, 2017 5:11 pm

Hello,

Also seeing this on a wAP-2nD-r2 that was working just fine on 6.40.4, upgraded to 6.40.5 and now have this:
14:37:04 wireless,info 90:3A:E6:15:AE:C7@wlan: connected
14:37:09 wireless,info 90:3A:E6:15:AE:C7@wlan: disconnected, unicast key exchange timeout
14:40:11 wireless,info 90:3A:E6:15:AE:C7@wlan: connected
14:40:16 wireless,info 90:3A:E6:15:AE:C7@wlan: disconnected, unicast key exchange timeout
14:44:29 wireless,info 90:3A:E6:15:AE:C7@wlan: connected
14:44:34 wireless,info 90:3A:E6:15:AE:C7@wlan: disconnected, unicast key exchange timeout
Client is a Tesla Model S (!), AP is a wAP-2nD-r2. Rock solid until this point, and even downgrading to the (previously working) 6.40.4 hasn't fixed it. Car is on firmware revision 2017.42.a88c8d5 and hasn't changed in the last couple of weeks, and neither has the config in the wAP... Very odd...

EDIT: Did upgrade the Routerboard's firmware at that stage also from 3.27 -> 3.41 - not sure if that is in any way related...
 
graudeejs
just joined
Posts: 1
Joined: Tue Nov 14, 2017 9:03 pm
Location: Riga, Latvia

Re: BIG BUG- Unicast key exchange timeout

Tue Nov 14, 2017 9:33 pm

Today I tried my newly purchased router.
I experienced the same issue.

What solved problem for me was changing WiFi password to 18 characters.
Once that worked I tried to WiFi password with 20 characters and problem started again.
After that changed password to 18 characters and it was all good again.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: BIG BUG- Unicast key exchange timeout

Wed Nov 15, 2017 3:30 pm

I use longer than that wifi passwords without any kind of problems.
 
Mikhail73
just joined
Posts: 12
Joined: Wed Sep 21, 2016 8:31 pm

Re: BIG BUG- Unicast key exchange timeout

Sun Nov 19, 2017 10:55 pm

Same problem: ROS 6.40.5, Cap Lite - Apple TV. Mikrotik, WHEN WILL YOU SOLVE THIS PROBLEM?!
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3099
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: BIG BUG- Unicast key exchange timeout

Sun Nov 19, 2017 11:26 pm

i think the issue is related with the use of symbols (different from letter and numbers) in psk, i only use numbers and letters and no problem in years
 
User avatar
MadEngineer
Member Candidate
Member Candidate
Posts: 141
Joined: Mon May 02, 2011 10:47 am
Location: New Zealand

Re: BIG BUG- Unicast key exchange timeout

Mon Nov 20, 2017 11:44 am

I came across this issue a wee while back. Problem was a single Android mobile phone kept generating this error on a Mikrotik AP while other devices were fine. Cause was another Mikrotik connected to the AP but with a very low signal.
 
meristo
just joined
Posts: 4
Joined: Sat Oct 14, 2017 11:24 pm

Re: BIG BUG- Unicast key exchange timeout

Sat Dec 30, 2017 8:40 pm

Hello guys,

for delete this error I put only AES for crypt and delete TKIP, with this setting error disappear...

Hope this help someone
 
Oliver96
just joined
Posts: 2
Joined: Thu Apr 19, 2018 12:51 am

Re: BIG BUG- Unicast key exchange timeout

Thu Apr 19, 2018 12:55 am

Hi Guys!

My Problem was solved by changing the Channel Width form "20/40MHz Ce" to "20/40MHz eC.

Hope it works for you

Regards

Oliver
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: BIG BUG- Unicast key exchange timeout

Fri Aug 24, 2018 4:06 pm

that's a discovery... let me try it too!
 
myleskeller
just joined
Posts: 3
Joined: Thu Oct 25, 2018 7:03 am

Re: BIG BUG- Unicast key exchange timeout

Thu Oct 25, 2018 7:13 am

Hi Guys!

My Problem was solved by changing the Channel Width form "20/40MHz Ce" to "20/40MHz eC.

Hope it works for you

Regards

Oliver
Created an account just to say that this also worked for me.
I just replaced my previous Tenda AC router with a MikroTik and used my previous SSID and WPA key.
All devices connected seamlessly to the new router except my Google home Minis, which would only function on the 2.4GHz band, where they used 5GHz on the Tenda.
Changed the channel width on wlan2 from "20/40/80MHz Ceee" to "20/40/80MHz eeeC" and they connected immediately during setup.
Haven't seen "unicast key exchange timeout" in the logs since. Hopefully I'll have no further updates to post regarding this issue and that this may resolve this problem for some of you as well.
 
User avatar
slavko989
just joined
Posts: 6
Joined: Tue Jul 02, 2019 7:18 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Mar 04, 2022 1:42 am

It's March 2022!
I can't believe that Mikrotik devs still haven't addressed this issue. I lost an entire day because of this, trying EVERY POSSIBLE solution people here posted for 6+ years! NOTHING!

I have a problem connecting a TP-LINK WA850RE (v7) to my Mikrotik wifi. I tried every option in Winbox on both security profile and wifi configuration even DHCP etc.
I tried connecting the repeater to a few other routers and it works. Only Mikrotik noooopeeeeeeeee.

I also updated routerOS to the latest 7.1.1 stable from 6.46.6 and also tried 6.49.4 in the process. Nope. Cleared the settings, tried setting it up from scratch... nope. This is a pity.

I have finaly given up. I decided that I will not lose my mind over something even a 15$ Chinese router is able to do. But not Mikrotik. Connect with a device.
 
dmq
newbie
Posts: 26
Joined: Mon Feb 07, 2022 10:46 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Mar 04, 2022 2:37 pm

Unfortunately I am suffering on the same issue. I thought this thread is dead, so I created an own description here:

viewtopic.php?t=183808&sid=8c5c2a8fd6b4 ... c0b5ba8801

1) sync times between station and access point
2) switches between Auth Modes and Encryption Standards: AES CCMP / TKIP etc.
3) modfied group key interval to 01:00:00 / one hour
4) changed channel width between 20mhz and 20mhz - 40mhz
5) fixed channel
6) changed PSK in size and char variation (somewhat freaky)
7) installed three different os versions / versions of kernel modules

I have ROS 7.1.2 on MikroTik rb4011igs+5hacq2hnd-in.

Problem Adapter is a: RTL8191SU 802.11n WLAN with r8712u.

I also invested many many hours - I can not change anything - I really like my MikroTik setup but these systems (5) are important for me. Maybe I have to got back to Turris on the weekend (but actually I don't want).
 
User avatar
grillotron
just joined
Posts: 2
Joined: Fri Sep 27, 2013 12:42 pm
Location: spain

Re: BIG BUG- Unicast key exchange timeout

Tue Apr 19, 2022 11:29 pm

hi everyone, I have managed to solve it only by returning to the factory firmware version - downgrade
... and key cannot contain special characters
 
dadoCA
just joined
Posts: 9
Joined: Fri Jul 06, 2018 11:43 am

Re: BIG BUG- Unicast key exchange timeout

Tue May 10, 2022 8:17 pm

Same, here. Problem between three routerboards, in WDS mode. Tried dynamic and static WDS, tried changing passwrds, changing ssid name, changing frequencies, all 20/40 combinations. There are no other APs nearby, so inteferences are not a problem. Reset all routerboards to factory default. Updated all routerboards to 6.49.6(stable). (hap lite rb941, rb951 and rb751). RB951 configured as main router with internet access, and DHCP server enabled,other two routerboard configured as ap bridge, I tried wds slave mode also. The connection lasts for about 5min, then it gets disconnected, with unicast key exchange timeout message in log. :(
 
User avatar
Albirew
just joined
Posts: 8
Joined: Wed Oct 14, 2020 7:16 pm

Re: BIG BUG- Unicast key exchange timeout

Thu May 12, 2022 5:37 pm

on my side, this bug appeared when one RB used an user-created security profile and the other edited default security profile...
the fix was to not mix default and user-created security profile on RB, so both on edited-default security profile or either both on user-created security profile...
 
MikeKulls
Member Candidate
Member Candidate
Posts: 137
Joined: Thu Dec 22, 2016 4:31 am

Re: BIG BUG- Unicast key exchange timeout

Thu Jul 14, 2022 12:35 pm

This thread has now been going for 14 years with very limited response from Mikrotik. I have been getting this issue also across a wireless link between 2 Mikrotik devices. The problem is fairly random so I think a lot of the proposed solutions might not work. From what I understand the 2 devices exchange a new encryption key every 5 mins by default and if that process fails for some reason then it will drop the connection. I have a suspicion this could be CPU related because it was a lot worse on an older slower device. If this is just key exchange timeout couldn't they just retry for longer? Waiting an extra 10 seconds to update the key surely isn't the end of the world.

Just to add to the potential solutions I have seen. I've listed anything I've seen even if they didn't work for me.
- Set adaptive noise immunity to ap and client mode
- Pick a clear channel
- Use 20MHz channel width
- Increase disconnect timeout (this was in Mikrotik docs for WDS but they didn't say to what)
- Don't run VLANs over WDS
- use a faster device

And to sum up every solution I've read in this thread, to save people reading the entire thread:
- enable NTP
- copy default security profile, then edit. Don't make new profiles
- only numbers and letters in pre-shared key
- retype pre-shared key
- make sure unique mac addresses
- unique names for wlan interfaces + restart
- change the group key timeout from 5 minutes to 1hour
- I fixed it with decreasing HW-retries parameter to 4
- The reason was a short WPA2-key. Changing it to a longer key solved the problem for me.
- What solved problem for me was changing WiFi password to 18 characters. (I saw multiple mentions of this)
- for delete this error I put only AES for crypt and delete TKIP
- My Problem was solved by changing the Channel Width form "20/40MHz Ce" to "20/40MHz eC.
- on my side, this bug appeared when one RB used an user-created security profile and the other edited default security profile...
 
MikeKulls
Member Candidate
Member Candidate
Posts: 137
Joined: Thu Dec 22, 2016 4:31 am

Re: BIG BUG- Unicast key exchange timeout

Sat Jul 16, 2022 3:33 am

Stril - What was the length of original key? Minimums key length is 8 symbols and key length should not affect this (exchange timeout) in any way.
Mikrotik staff need to have a good look into this. I can 100% demonstrate it's a bug and not interference. For my device I had some mildly more complicated config, still only 1 page though when exported. This was giving me the error every few hours with a dropout. I did a blank config wipe and set the device up with absolutely minimal config. In my case I was using station bridge mode to another mikrotik, so it's quite minimal the number of connections. This 100% solved the problem and the connection has been rock solid overnight with absolutely zero entries added to the log. The links down counter for the wireless link has stayed flat on 0. Note that in either case the number of connections was minimal as this is a test environment. I realise this error can happen as a normal part of operation, but it most definitely also happens as part of a bug. The fact I can get a rock solid connection with some config demonstrates this is NOT an issue with interference.

Some additional info
- I only changed config on the station bridge side, config on the AP side is still the same.
- The mikrotiks have been given channel 6, all other APs have been moved to 1 and 11. I have no APs from neighbors
- I rebooted both devices after applying config and before running the test
- The device has literally not added a single log entry after the logs from the reboot
 
MikeKulls
Member Candidate
Member Candidate
Posts: 137
Joined: Thu Dec 22, 2016 4:31 am

Re: BIG BUG- Unicast key exchange timeout

Sun Jul 17, 2022 7:15 am

I've worked out what is causing this, in my case at least. I can 100% eliminate it and 100% reproduce it. I have 1 mikrotik providing the usual wifi/internet/dhcp etc and a second mikrotik as a wifi extender. The extender is using station bridge to the first AP and then I create a virtual AP on top of that with the same name as the first. Having clients connect to the second AP is what causes the problem. I presume it's just busy talking to the client when the key exchange request comes in and the key exchange times out. If I connect the clients to the second AP with a cable then the problem goes away 100% and the connection shows 0 drops over a 24 hr period. I have used it for work like this and been in Teams meetings and it works fine. With wireless clients connected it will give the key exchange error every few hours and drops out for short periods.

The solution unfortunately seems to be to use a second radio or second device for the wireless bridge. I presume mikrotik know about this which is why their Audience router has 3 radios. Mikrotik staff, can we have a fix for this? It seems more retries in some form would solve the problem. The link itself seems to be fine, it appears the key exchange timeout happens and then mikrotik drops the link. Or if this is a problem that is impossible to solve it would be nice to know. I have a third mikrotik I can use however this is running on solar/batteries so that would double my power usage.
 
babah
just joined
Posts: 3
Joined: Mon Jan 02, 2023 3:28 pm

Re: BIG BUG- Unicast key exchange timeout

Fri Feb 17, 2023 7:10 pm

in my case (im using RB4011iGS+RM), it was caused by using the same channel. im on channel 11, and my neighbor suddenly changed to the same channel. then it started this "unicast key exchange timeout" issue. once his device moved to another channel, this issue was also gone.
 
User avatar
slavko989
just joined
Posts: 6
Joined: Tue Jul 02, 2019 7:18 pm

Re: BIG BUG- Unicast key exchange timeout

Tue Oct 10, 2023 4:13 pm

UPDATE October 2023:

In my case, the problem was with TP LINK TL-WA850RE extender - with introduction of WPA3 support on it. It just couldn't connect to the Mikrotik because of errors. I bet it had something to do with standard wifi package, a bug of some sort related to the new WPA3 standard.

I didn't manage to solve it until one of the new versions of RouterOS came out.
At the time I was having issues with 7.1.1, but upgrading the router to a newer one, i can't really remember which one (just upgrade to the newest, at the point of writing this - 7.11.2) the problem was solved.

Another possible solution now in Oct 2023 is to use the newer "wifiwave2" wireless management package instead of the classic one if possible, it has proper WPA3 support but it is not needed.

However, do note that TP LINK TL-WA850RE range extender is a BAD one, and should be avoided because of its buggy firmware updates. The newest TP LINK firmware (TL-WA850RE(EU)_V7_1.0.12 Build 221109 released on 2023-02-07) introduced an entirely new problem - its DHCP server somehow messes with Mikrotik's, even when Authoritative mode is set, so devices in Mikrotik network often connect to the network, but fail to get a valid IP from Mikrotik's DHCP Server. Which is ridiculous really, so if you want to use that specific extender device, please use it with the oldest factory shipped firmware, DO NOT UPGRADE, because of some cheap reason TP LINK doesn't let you downgrade.

The permanent fix for issues introduces to Mikrotik network is to just throw TP LINK TL-WA850RE in the garbage.

Who is online

Users browsing this forum: No registered users and 8 guests