We have ZD1100 managing 8 AP's, few are connected on the same LAN as the ZD, and the others are on remote site and reach the ZD via IPSec VPN.
I upgraded the ZD from 9.5.1 to 9.7.1, it seemed to work well and the directly connected AP's upgraded fine to 9.7.1. The problem is that all remote AP's got stuck in the state: "Upgrading firmware" and did not pass this stage (they were still reachable but did not connect any clients).
I did a rollback of ZD to 9.5.1 and all AP's were back online.
The remote AP's has full access to the ZD over the VPN and normally act with no problem. Any idea why the firmware upgrade of remote AP's might fail? Anyone with a similar setup?
Could you please post here the log messages on ZD GUI for those remote AP's?
I have couple of suggestions to ponder up:
if number of remote AP's impacted are just few and you don't want the trouble of finding out what's causing it then just upgrade those AP's as standalone to same new version as ZD and then connect them to ZD.
check the router/firewall at the remote site at the time of upgrade to see if any fragmentation or error happening which is causing this trouble. this shall give some hint.
did you miss any intermediate firmware version between 9.5.1 to 9.7.1?
which router/switch you have between?
I'm afraid I can't find the logs anymore, it might have been cleared.
All remote AP's were impacted (those not in the same LAN as the ZD). Upgrading as standalone is not a good option for me as those are remote sites.
I planned to check the firewall next time I try it but it should not be causing any problem. It is a Juniper SRX and the VPN is used for various traffic with no problem. Also tcp-mss is configured to lower MSS so I don't see a reason for MTU problem to arise but it's still possible.
I did the upgrade directly from 9.5.1 to 9.7.1 which should have been supported according to the release notes.
The support recommended I go through 9.6 so I will try it.