ALERT: Datto Drive Cloud service will no longer be available as of July 1, 2019. For more information, see our end-of-life article. If you'd like to migrate your data to Datto Workplace, see our migration guide.
To learn how to download your Datto Drive Cloud data, please visit this article.

Legacy Open Mesh: An Expired Certificate Prevents Access Points and Switches From Checking Into CloudTrax

Follow

Issue

Access points and switches cannot check into CloudTrax

Environment

  • Datto Access Points
  • Datto Switches

Cause

As of August 21, 2018, access points that are not running the firmware releases listed below may not be able to check into CloudTrax due to having expired HTTPS certificates.

  • 6.1.4
  • 6.2.13
  • 6.3.16
  • 6.4.11

Resolution

A resolution for 100% of affected devices is pending. 

Update 3:

Switches running firmware releases before 1.0.7 will not be able to check into CloudTrax until their firmware is upgraded. You can try to manually update the firmware on your switch, or open a support request if you are unable to do so.

Update 2:

We're aware of issues with APs reporting as offline incorrectly due to this certificate change.

Some APs cannot get proper time from 0.openwrt.pool.ntp.org cannot use the new certificate properly. This looks to be due to how 0.openwrt.pool.ntp.org is being resolved. We'd suggest rebooting your local network router, and rebooting the APs to see if this clears out any DNS cache info for 0.openwrt.pool.ntp.org. Additionally try setting your router's DNS servers to 1.1.1.1 or 8.8.8.8.

We're still investigating a server-side fix for this issue.

Update

On August 26, 2018, we were able to make server-side changes that allowed us to utilize a secondary certificate on the affected access points. This should allow affected access points to check in again for the time being. The new certificate will expire in July 2019. Please upgrade these access points to 6.1.4, 6.3.16 or 6.4.11 as soon as possible.

Notice

Attempts were made over the last year to push out new certificates to access points running other firmware releases, but these access points may not have been able to download the update script, or the firmware release had bugs or design limitations that prevent the certificate update from working as designed.

Most issues have been seen with networks running firmware 590 and firmware 6.1.2. These firmware releases are quite old, and not recommended. We always recommend running the latest possible firmware releases to avoid these kinds of problems.

To get the access points checking in again, a manual firmware flash to a more recent firmware release will be needed. Keep in mind there are certain firmware restrictions for some models.

Model Flash Firmware
OM2P 32MB 481*
OM2Pv1 6.1.4
Other models 6.3.16

*481 firmware requires that you run CloudTrax in legacy mode, which has a limited feature set. The OM2P 32MB model hit End of Life in 2016, we would suggest you replace the access point with a newer model instead of reverting to 481 firmware and legacy mode.

 


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Community Forum or get live help.