Reply
Posted Aug 29, 2013
4:24:05 PM
View profile
Micro Cell fails to activate

I have an interesting issue with the microcell. ATT has not been much help. I have the cell connected to my network and my network device config is as correct as I know to make it. Activation fails, just sits with the singal bars light flashing. So I use network packet analyzer and watch as I restart the cell. After GPS lock, the cell tries to contact 12.230.209.3 on port 443. This I expected as it was indicated as an early step in the process by some posts I read. However, the attempt to connect to this IP address times out. There is no reply from 12.230.209.3. The cell will retry this address and 12.230.209.67, which is apparently shutdown as I get an ICMP for that indicating it is blocked on purpose. A tracert of 12.230.209.3 shows the route going into series of att servers and finally to 12.122.138.245 and then the tracert times out.

 

Now it seems if this connection is not made, activiation cannot proceed. ATT ignores this and runs me through all kinds of other stuff before telling me my connection speed is too low and that is why it fails. Really?

 

ATT did confirm that 12.230.209.3 is the correct IP but thats about all I got out of them.

 

Any ideas on why I am not getting any further than the failed connect to 12.230.209.3:443?

Micro Cell fails to activate

1,962 views
15 replies
(0) Me too
(0) Me too
Post reply
Replies
(15)
5
(1)
  • Rate this reply
View profile
Aug 29, 2013 5:09:12 PM
5
(1)
ACE - Master

There are 4 ports that should be open at all times. 443 seems to be the most troublesome. I have seen an upstream switch between the ISP and AT&T's servers fail which will cause the symptoms that you are describing. Unfortunately, it takes some footwork to figure this out. You might want to PM CustomerCare (see the link in my sig), explain the problem, give them your account info, and include a copy of your traceroute to show where it appears to be failing. You might also want to look at my MicroCell Technical Guide for further information (the link is in my sig). Let us know what happens.

___________________________________________________________

MicroCell Technical Guide by Otto Pylot


I am not an AT&T employee. For additional help, please send a PM to ATTCustomerCare

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Micro Cell fails to activate

2 of 16 (1,950 Views)
0
(0)
  • Rate this reply
View profile
Aug 30, 2013 12:31:14 PM
0
(0)
Tutor

I want to confirm, port 443 needs to be open for incomming connection? If so, does this mean ATT will try to contact the MC on 443?

 

Separately, I have a friend, who has an MC (the reason I got one) and he installed it, made no changes to router/modem (no port forwarding) turned it on and it worked first time and ever since. I had him do the tracert on his connection (comcast) and the tracert failed exactly the same as mine...that baffles me. My network traces show the MC failing to get a connection to 12.230.209.3 (this appears to be a connection timeout) and that is as far as the MC start up gets. tracert shows path to 12.230.209.3 ends at 12.91.193.50 with "Destination Net Unreachable".

Re: Micro Cell fails to activate

3 of 16 (1,898 Views)
5
(1)
  • Rate this reply
View profile
Aug 30, 2013 12:44:32 PM
5
(1)
ACE - Master
Edited by OttoPylot on Aug 30, 2013 at 12:47:22 PM

The ports that need to be open are 123 UDP, 443 TCP, 500 UDP, and 4500 UDP (all public and private). IPSec Pass-through has to be enabled and Block Fragmented Packets needs to be disabled. If you have a separate router and modem, only one of them can be handling NAT. 123 is for NTP traffic, 443 is for HTTPS over TLS/SSL, 500 is for IPSec Phase 1 prior to NAT detection, and 4500 is for IPSec NAT Traversal.

 

Most of the time, the MicroCell is plug and play with little to none configuring. But, depending on how you have your LAN setup, the router you use, your ISP, etc it may take a little more work to get it up and running. I don't have an answer for the confusing traceroute results. Make sure that your home address is correct. You may have to either reset the MicroCell or deactivate/reactivate your account. Is this a new MicroCell or did you buy it off of eBay or someplace else. You may find some useful information in my MicroCell Guide. See the link in my sig.

___________________________________________________________

MicroCell Technical Guide by Otto Pylot


I am not an AT&T employee. For additional help, please send a PM to ATTCustomerCare

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Micro Cell fails to activate

[ Edited ]
4 of 16 (1,893 Views)
0
(0)
  • Rate this reply
View profile
Aug 30, 2013 4:25:14 PM
0
(0)
Tutor

So here is an interesting twist to all this. I was watching my router logs and saw a ping comming to my router from an ATT ip address which I have previously seen as the source of the icmp message stating the target att IP 12.230.209.3 or 12.230.209.67 cant be reached. My router was blocking that icmp from reaching the MC and so I have opened that up. We will see what happens. as an aside, until today my MC would get GPS lock in about 2 min, today its taking an hour or more...the fun never stops.

Re: Micro Cell fails to activate

5 of 16 (1,878 Views)
0
(0)
  • Rate this reply
View profile
Aug 30, 2013 6:01:46 PM
0
(0)
ACE - Guru

Another thing you might try is to put your Mcell in your router's DMZ.

___________________________________________________________

MicroCell Technical Guide by Otto Pylot


I am not an AT&T employee. For additional help, please send a PM to ATTCustomerCare

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Micro Cell fails to activate

6 of 16 (1,869 Views)
0
(0)
  • Rate this reply
View profile
Aug 30, 2013 6:17:30 PM
0
(0)
ACE - Master

Yep. Can you tell us how you have your LAN setup for the MicroCell?

___________________________________________________________

MicroCell Technical Guide by Otto Pylot


I am not an AT&T employee. For additional help, please send a PM to ATTCustomerCare

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Micro Cell fails to activate

7 of 16 (1,866 Views)
0
(0)
  • Rate this reply
View profile
Sep 3, 2013 5:34:49 PM
0
(0)
Tutor

Did that. No joy.

Re: Micro Cell fails to activate

8 of 16 (1,753 Views)
0
(0)
  • Rate this reply
View profile
Sep 3, 2013 5:46:19 PM
0
(0)
Tutor

lets ignore my home setup for now. I have the MC at my office where I have more control and tools to research this problem. The setup is actiontec dsl modem doing pretty much 100% passthru to a Windows 2000 box running ISA server as the gateway and firewall. The 2000 box serves my office lan via a second nic.

 

Now using packet analyzer to monitor my network, both inside and on the outgoing nic to the dsl modem, when the MC gets GPS lock, it tries to connect TCP to 12.230.209.3:443. This appears to be expected based on my readings on this forum and elsewhere. The problem is, that connect never completes. It times out and in looking at the packets, I get an ICMP message sent back to me by an att server saying that 12.230.209.3 is administratively blocked. Given that this connection fails, the MC never goes any further. It does try 12.230.209.67 after an hour and then back to 12.230.209.3 after an hour and this just repeats failing each time. At my home, I see the same thing, tho in less detail...MC trys to connect to 12.230.209.3:443 but fails.

 

It appears to me that all the configuration info about ports and fragmentation and etc does not yet apply here as the MC needs to complete that connection to 12.230.209.3 in order to move forward with configuration and eventually reach a point where that other stuff would come into play. It suggests the ATT server for MC has changed at some point and my MC (used) has old firmware or ??

 

As one might expect, regular ATT MC support has been useless. I have received a response to my PM posted here saying I will be contacted by a tech at some point soon.

Re: Micro Cell fails to activate

9 of 16 (1,749 Views)
0
(0)
  • Rate this reply
View profile
Sep 3, 2013 5:48:54 PM
0
(0)
Tutor

As an additional data point, I had my ISP check things out and they pointed out that a tracert on 12.230.209.3 goes into s series of ATT systems before the tracert stops with the ICMP indicating the IP is not available.

Re: Micro Cell fails to activate

10 of 16 (1,745 Views)
0
(0)
  • Rate this reply
View profile
Sep 3, 2013 6:12:39 PM
0
(0)
ACE - Master

Ok. The MicroCell is basically a simple, dumb device. The more you put in front of it, the more it is apt not to work. It is for home use and not for work use (but there are some who successfully use it at work).Your home setup is important for us to troubleshoot the issues so that is why we asked. See the MicroCell Technical Guide link in my sig for more information.

___________________________________________________________

MicroCell Technical Guide by Otto Pylot


I am not an AT&T employee. For additional help, please send a PM to ATTCustomerCare

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Micro Cell fails to activate

11 of 16 (1,737 Views)
0
(0)
  • Rate this reply
View profile
Sep 3, 2013 6:19:01 PM
0
(0)
Tutor

A further correction...when trying to contact 12.230.209.3:443, there is no reply at all. When contacting 12.230.209.67:443, there is an ICMP reply stating the address is administratively denied. Thats not the exact text but it will take another hour for retry on that addr so will get the exact text and source of the ICMP tomorrow.

Re: Micro Cell fails to activate

12 of 16 (1,728 Views)
0
(0)
  • Rate this reply
View profile
Sep 3, 2013 8:58:40 PM
0
(0)
ACE - Master

I wouldn't worry too much about the addies you're connecting to, or trying to connect to. It's interesting to see what the communication is but it's not going to help you much. Most people don't have the ability to do what you can do so we have to work from that premise to keep the help as universal as possible. For your home, how do you have the MicroCell setup?

___________________________________________________________

MicroCell Technical Guide by Otto Pylot


I am not an AT&T employee. For additional help, please send a PM to ATTCustomerCare

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Micro Cell fails to activate

13 of 16 (1,693 Views)
0
(0)
  • Rate this reply
View profile
Sep 4, 2014 9:46:24 AM
0
(0)
Contributor

I am seeing the same exact simptoms. I see traffic leaving my fw/router destined to two netblocks of ATT (12.230.208.0/24, 12.230.209.0/24). I am not see any traffic coming back to the device. Are these network block even valid for Microcells anymore?

 

Any help would be greatful. I only get 1-2 bars inside my house. 

 

Re: Micro Cell fails to activate

14 of 16 (310 Views)
0
(0)
  • Rate this reply
View profile
Sep 4, 2014 11:10:08 AM
0
(0)
Contributor

Like I said before I see the packets leave my network just nothing comes back. I also noticed that the 443 connection require a cert to connect. It would be amusing if they issued new certs for heartbleed and not able to update microcells that are trying to connect. 

 

This is very frustrating. Having this device outside my network is unacceptable and see nothing blocking outbound initiated traffic. Creating rules from untrust(internet) to the device to me is silly as the only ports open on the device are 22,80, and 8080. Which all are filtered. 

 

Sigh. 

Re: Micro Cell fails to activate

15 of 16 (298 Views)
5
(1)
  • Rate this reply
View profile
Sep 5, 2014 8:23:56 AM
5
(1)
ACE - Master
I'm out of town with limited access but like I said, the MicroCell is a dumb device in that the four ports and the other router conflicts listed in my Guide must be met. Any other alteration or addresses used will probably not work. The MicroCell needs to create its own secure VPN to the AT&T mobility servers and with as simple of a connection as possible. Either directly to the modem or router. If the 3G light is blinking green, then connection has not been made which could be due to one of the mandatory conditions not being met, line quality conditions, etc.
___________________________________________________________

MicroCell Technical Guide by Otto Pylot


I am not an AT&T employee. For additional help, please send a PM to ATTCustomerCare

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

I'm out of town with limited access but like I said, the...

16 of 16 (265 Views)
Share this post
Share this post