Thanks for sharing your setup and confirming that you’re good regardless both bands sharing the SSID. I was fairly certain that I was good to go in that regard since I could pull an IP. The main problem that I’m seeing is that after it pulls an IP address it never attempts to leave the network. 
Are you seeing DNS activity? After DHCP that should be one of the first things to happen.
Hi DPG, thank you for sending the frame sequence! I tried to do a trace on my phone since I knew the mobile hotspot add operation worked, by downloading tPacketCapture, but when running that and trying to add the Rachio, it would fail; the packet capture software sets up some sort of VPN to intercept the traffic, and the controller didn’t like it. As soon as I disabled the VPN / packet capture, then the Rachio could connect… Anyhow, definitely appreciate your response.
So when I look at the Wireshark trace (I left it running over night watching only traffic from the Rachios MAC address, using the following display filter in wireshark (where the X’s are obviously not the real values):
eth.addr == f0:03:8c:xx:xx:xx
I see in the DHCP ACK frame the Option 3 (for the Router) and Option 6 (for the Domain Name Server) offer up my routers IP address (10.1) for both.
All 90 or so other devices on my network are also using 10.1 for their DNS and they work fine. When manually checking from the machine that I’m typing on right now this is the result:
Resolve-DnsName -Name mqtt.rach.io -Server 192.168.10.1
Name Type TTL Section NameHost
mqtt.rach.io CNAME 275 Answer a3bmbcwe3hybwy.iot.us-west-2.amazonaws.com
a3bmbcwe3hybwy.iot.us-west-2.a CNAME 275 Answer iotmoonraker.us-west-2.prod.iot.us-west-2.amazonaws.com
mazonaws.com
iotmoonraker.us-west-2.prod.io CNAME 275 Answer dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
t.us-west-2.amazonaws.com
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : AAAA
TTL : 60
Section : Answer
IP6Address : 2620:108:700f::3423:f086
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : AAAA
TTL : 60
Section : Answer
IP6Address : 2620:108:700f::22d0:8d83
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : AAAA
TTL : 60
Section : Answer
IP6Address : 2620:108:700f::3420:de5
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : AAAA
TTL : 60
Section : Answer
IP6Address : 2620:108:700f::3420:503f
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : AAAA
TTL : 60
Section : Answer
IP6Address : 2620:108:700f::3270:8294
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : AAAA
TTL : 60
Section : Answer
IP6Address : 2620:108:700f::342a:58c4
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : A
TTL : 34
Section : Answer
IP4Address : 52.42.88.196
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : A
TTL : 34
Section : Answer
IP4Address : 52.32.13.229
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : A
TTL : 34
Section : Answer
IP4Address : 52.32.80.63
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : A
TTL : 34
Section : Answer
IP4Address : 52.35.240.134
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : A
TTL : 34
Section : Answer
IP4Address : 50.112.130.148
Name : dualstack.iotmoonraker-u-elb-1w8qnw1336zq-1186348092.us-west-2.elb.amazonaws.com
QueryType : A
TTL : 34
Section : Answer
IP4Address : 34.208.141.131
DNS itself works fine. The issue that I’m seeing is that the Rachio never even attempts to resolve anything. I see no DNS traffic.
I can send you the traces if you wanna take a look? See if i’m missing something.
Thanks,
Eric
When I change my filter to the still running capture, adding an or statement for the Rachio namespace, I only see my machine do the query, based on what I pasted above. The new filter looks like this:
eth.addr == f0:03:8c:xx:xx:xx || dns.qry.name == mqtt.rach.io
Thanks,
Eric
I think for android you’ll need a rooted device to get anything useful. If you have a rooted device you can download a binary of tcpdump and use that to do a packet capture.
I think if DNS isn’t happening that probably means the issue is around DHCP.
When the gen2 is trying to connect to your network does the second led go solid on a few seconds after the first led? If it the third led takes a long time to come on it could be that your controller is going into autoip mode and in a lot of situations that’s pretty useless.
Nah, it’s not getting an APIPA address. I can see that it’s pulling the IP address that I reserved for it (10.250). It always makes it to the 3rd light, but just blinks and stays there.
Thanks,
Eric
Sorry I meant second LED instead of third 
Are you able to ping the address the DHCP server assigned to it?
Getting to third LED should mean that the controller thinks it’s on your network and
it’s trying to connect to mqtt.rach.io.
Here’s a ping to the USG which is the firewall/router/DHCP/DNS server:
PS C:\Users\eric> ping 192.168.10.1
Pinging 192.168.10.1 with 32 bytes of data:
Reply from 192.168.10.1: bytes=32 time=1ms TTL=64
Reply from 192.168.10.1: bytes=32 time=1ms TTL=64
Reply from 192.168.10.1: bytes=32 time=1ms TTL=64
Reply from 192.168.10.1: bytes=32 time=1ms TTL=64
Thanks,
Eric
Can you ping the controller from the same network? It should respond to the address it got via DHCP and it’s IPv6 link local address.
PS C:\Users\eric> ping 192.168.10.250
Pinging 192.168.10.250 with 32 bytes of data:
Reply from 192.168.10.250: bytes=32 time=1460ms TTL=255
Reply from 192.168.10.250: bytes=32 time=401ms TTL=255
Reply from 192.168.10.250: bytes=32 time=2ms TTL=255
Reply from 192.168.10.250: bytes=32 time=4ms TTL=255
Ping statistics for 192.168.10.250:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 1460ms, Average = 466ms
PS C:\Users\eric> ping 192.168.10.1
Pinging 192.168.10.1 with 32 bytes of data:
Reply from 192.168.10.1: bytes=32 time<1ms TTL=64
Reply from 192.168.10.1: bytes=32 time=1ms TTL=64
Reply from 192.168.10.1: bytes=32 time=1ms TTL=64
Reply from 192.168.10.1: bytes=32 time=1ms TTL=64
Ping statistics for 192.168.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
PS C:\Users\eric>
Interesting. I wonder if it’s not taking the default gateway from DHCP.
In your packet logs do you see an mDNS packet right after DHCP completes?
I just SSH’d in to the USG gateway, and also pinged it from there as well, so it would show up in the Wireshark trace. In the trace, I can show you that the owner of .250 is the Rachio based on the MAC address. If I change the filter from eth.addr == x to ip.addr == 192.168.10.50, after the DHCP traffic, I only see IGMPv2 traffic. (and the ICMP traffic from the USG, since I pinged it from there.)
When switching to my ip.addr filter looking only for the .250 address I only see the following 3 frames, over and over.
DHCP Offer
DHCP Ack
IGMPv2
Repeat
Since it was listening on a mirrored port, it was easier to just get a picture and sent from this laptop - apologies for the bad photography.
For anyone interested in the final resolution, there were in fact two.
The first one which was more of a work around, that took a lot of my time and money was resolved in part with the purchasing of the 3rd router for testing, based on what I read worked for others in the community forums. This particular Gen2 - I don’t know if it was just the couple of controllers that I tested or a larger handful from a specific batch, but I did test two different Gen2’s and neither worked with my R7000 or my USG Pro 4, during the initial add operation. It did work with the Asus RT-AC68U router however. I actually plugged this router in behind my USG Pro, setting up a double NAT scenario, and when the Rachio was using the Asus router, it added just fine, so I continued my testing and just added another WLAN/SSID that had the same name and password as the ASUS to my existing environment, turned the Asus router off, and then plugged the Rachio back in so that it would connect to my Unifi APs, and it worked just fine. Quite the work around, but that got it working. The only issue is that if I needed to reset the Wifi or set it back to factory defaults, I’d need to still have the Asus in place, which I didn’t want to use. After a lot of Wireshark traces, i was just able to show that the Rachio showed different behaviors (as far as connecting to the network) when doing an initial add operation vs adding it, and then rebooting it after it’s been successfully added.
When doing the initial add operation when plugged in behind the R7000 or the USG Pro, the Rachio would pull an IP address that I had reserved then send out some IGMPv2 traffic, and that was it. It never did a DNS request as it was supposed to. After being added successfully using the ASUS, then unplugging both the ASUS and the Rachio, and then plugging the Rachio back in, after adding the same SSID / Password to my existing network, and watching on the mirrored port (again, with Wireshark) I could see the behavior that it should have been doing initially immediately - if anyone is interested in seeing the Wireshark traces, let me know as I’ve saved them. I’ve sent this info and a lot more detail to the Rachio team, so hopefully they address that for the Gen2.
As far as the second and final resolution, they sent me a Gen3. That immediately worked the first time with no workarounds and no troubleshooting. It was quite refreshing. After dealing with these issues for about a month now, I’m glad that it’s finally over. After all of this, hopefully this thread helps someone else.
Cheers,
Eric
3 Likes
I had issues with getting my Rachio 2 to connect to the wifi. i tried several things but not to the extend you did. i bought it and returned it on the same day, today… maybe i will try the gen 3 and see if i can get it going on the wifi before i try to install it like i did with the Rachio 2. that was a waste of time, currently debating whether i should put my old controller back or try the Rachio 3.
@mpicon Sorry to hear that. The Gen 3 has an entirely different WiFi module that supports 2.4g and 5.4g. It might work better with your router. Also, make sure the firmware on your router is up-to-date.
I think I have the exact same issue here…
Can you have your tech to take a look, @franz ? My RouteThis code is EZZXH3A5.
I am using TP-Link APs on mesh network. connected to a 2.4G ONLY network…
Thanks !
In case it helps…
Had the same issue and seemed to happen quite regularly, usually after a wifi disconnect for whatever reason (router reboot).
The first symptom was that it wouldn’t try to connect to wifi at all. This was rectified by doing a wifi reset and using an Apple device (iPad Air in this case) with all LTE stuff turned off. Using Android wouldn’t work at all.
Once connected to wifi, it still wouldn’t show as connected in the App/Cloud. The only way to resolve this was to clear the DNS cache on the main router (all connected devices use the router as their primary DNS). When the Rachio Gen 2 attempted to connect again, it worked.
This DNS fix seems to work every time now, as long as we don’t reset the wifi and have to go through the iPad again…
I’m using Mikrotik routers/AP’s in this particular instance.
This seems to be a bug in the firmware wrt to DNS or the upstream DNS is not updating properly to changing AWS service names/IP’s.