Hardware Failure

Ubiquiti UDM-Pro smoke smell or burned PCB: Diagnose & Fix

By Sai Kiran Pandrala · reviewed by Sai Kiran Pandrala, Editor Last verified: 2026-05-30

⚡ At a glance
VendorUbiquiti
Operating systemUniFi OS / EdgeOS
CategoryHardware Failure
Skill levelIntermediate to advanced
DIY-able?Yes with CLI access; some scenarios need Ubiquiti Support + RMA.

If you have ever stared at a Ubiquiti UDM that just refused to come up, you know the muscle memory: serial console at 9600 8N1, wait for the TFTP recovery (hold reset) line, hope it actually paints. On UniFi OS / EdgeOS the first move is always `info (UniFi controller via SSH) / show version (EdgeOS)` and `show system fan`, if those return cleanly the box is alive enough to talk to you, which is the difference between a ten-minute fix and an RMA paperwork morning.

I keep a small notebook of Ubiquiti part-numbers next to the rack because the LED legend differs between hardware generations. The UniFi OS / EdgeOS platform tends to tell the truth in `show` output before the front-panel LED catches up, so trust the CLI first.

This guide assumes you have console access and an active Ubiquiti Support entitlement. If the device is out of warranty, skip straight to the recovery section. most of the steps still apply, you just lose the RMA option at the end.

What this guide covers

Diagnose and recover from smoke smell or burned PCB on a Ubiquiti UDM-Pro.

Step-by-step

  1. STOP. Power off the device at the wall before touching it.
  2. Open the chassis and identify which board / module is the source of the smell.
  3. Photograph the visible damage (scorched capacitors, blackened ICs).
  4. Note the device serial number and exact model for the support case.
  5. Do not power back on, burned components fail closed and can damage adjacent boards.
  6. Open a Ubiquiti Support case with the photos and serial.
  7. RMA the affected component (line card, supervisor, PSU) or the full chassis if the backplane is damaged.

CLI / commands

# Verify hardware state
info (UniFi controller via SSH) / show version (EdgeOS)
show hardware (EdgeOS)
show system fan

# Collect for Ubiquiti Support
support file (UniFi controller)

When to RMA

Frequently asked questions

Will this work on my specific UniFi OS / EdgeOS version?

The procedure reflects current UniFi OS / EdgeOS behaviour. Older releases may need minor syntax adjustments: use the CLI help (? or tab-completion) to verify.

Should I open a Ubiquiti Support case immediately?

Open one if you suspect hardware failure or the symptom persists after a maintenance-window reload. Make sure your support entitlement is active first.

Where can I find the Ubiquiti official documentation?

https://help.ui.com, search the product family + feature name.

Is this procedure safe in production?

Test in a lab or maintenance window first. Capture pre-change state so you can roll back.

Related guides worth a look while you sort this one out:

References


Reference material, not professional advice. Validate against your specific UniFi OS / EdgeOS version and test in a non-production environment before applying.

Common patterns we see

When this symptom shows up on a Ubiquiti device, three patterns repeat:

1. Recent firmware update changed behavior. the symptom started within a week of an OTA push. Rollback or wait for the hotfix. 2. Environmental trigger, temperature, humidity, line voltage, network changes. Look at what changed in the environment. 3. Cumulative wear: components like batteries, gaskets, fans degrade over time. Replace the consumable rather than chasing a software fix.

Knowing which pattern applies saves time on the wrong fix.

Before you start

A few things to confirm so the Ubiquiti device fix goes cleanly:

Quick verification

Before you walk away from a Ubiquiti device fix, run through:

1. Reproduce the original trigger, does the issue reappear? 2. Check the device's status / health screen for any new alerts. 3. Confirm paired devices (app, hub, controller) reconnected. 4. Save / commit any configuration changes per the device's normal workflow. 5. Note the change in your maintenance log with date + firmware version.

When to call Ubiquiti support instead

Escalate if:

More frequently asked questions

How often should I run preventive checks?

Quarterly for most consumer devices; monthly for production / commercial devices. Set a calendar reminder so the device stays healthy between issues.

Are there safer alternatives for non-technical users?

Yes: the manufacturer's self-service troubleshooter (HP Smart, LG ThinQ, Samsung Members, similar) usually walks through the same steps in a guided UI. Use that first if you're not comfortable with menu paths.

Should I update firmware first or last?

Update firmware first if a release note specifically mentions your symptom. Otherwise, finish the troubleshooting flow first, then update; that way you can isolate whether the update or the underlying fix solved it.

Is it safe to apply during business hours?

If the device is in production use, apply during a scheduled maintenance window. Most procedures need 2-15 minutes of downtime. Capture pre-change state so you can roll back if needed.

How long does this fix usually take?

Most users complete the steps in 20-45 minutes the first time, and 5-10 minutes on subsequent runs once the menu paths are familiar.

Topology deep dive: where the UDM-Pro sits in a Tier-2 town WISP

I run two WISP heads in north Karnataka and one in coastal Andhra. On the Hubli site my edge stack is exactly this: a BSNL leased line drops onto WAN1 of the UDM-Pro, a redundant Airtel FTTH on WAN2 (PPPoE), and a 24-port managed access switch fans the LAN side out to the customer-tower racks. The UDM-Pro is the Dream Machine Pro (1U rack, dual-WAN, 8-port GbE switch, 1x SFP+ WAN, 1x SFP+ LAN, 3.5" HDD bay). MRP INR 45,990 official Ubiquiti India, street price INR 38,000-42,000 via authorised partners; refurb on resale sites around INR 28,000.

The reason this little box matters more than its rack height suggests: it terminates the BGP-multihome via two PPPoE peers, runs the Threat Management inspection, holds the L7 firewall rules I push from the controller, and acts as the DHCP authority for around 380 paying subscribers. When the gateway hiccups, the whole WISP hiccups. A Mangalore co-located instance on a 16U StarTech rack runs almost the same topology with the controller offloaded to a separate Cloud Key Gen2 Plus so I can re-flash the box without losing the controller history.

For the all-tower trunk I lean on a 10G SFP+ DAC from the UDM-Pro into an aggregation switch, then break out 1G LR fiber to each tower SM. Average per-tower throughput sits at 320-450 Mbps with 90 active CPEs. The UDM-Pro CPU handles the IDS/IPS at line rate for around 1.6 Gbps before falling off; past that, I disable Threat Management on the trunk VLANs and keep it only on the customer VLANs. That trade-off is the difference between a 12 ms median latency to Google Mumbai and a 38 ms median when the box is choking on Suricata signatures.

Configuration walkthrough I actually use on the UDM-Pro

Most failures I diagnose at the gateway are not really hardware faults. They look like hardware faults because a port goes dark or a fan ramps to jet engine, but nine times out of ten the root cause is a config that did not survive a firmware step. So when I open a ticket for myself, the first artifact I capture is the running config.

# SSH into the UDM-Pro (default user: root on UDM family, ssh enabled via controller)
ssh root@192.168.1.1

# UniFi OS CLI - check current firmware
ubnt-systool cputemp
ubnt-systool fanspeed
cat /etc/version

# Drop into the gateway shell for legacy EdgeOS-style show commands
unifi-os shell
show version
show hardware

# Capture the config in case you need to TFTP-restore after RMA
cp /data/unifi/data/sites/default/config.gateway.json /tmp/config-backup-$(date +%Y%m%d).json
scp /tmp/config-backup-*.json admin@10.20.0.50:/backup/wisp/hubli/

For PPPoE-on-WAN2 (Airtel Xstream Fiber in my case), the credentials sit in /data/unifi/data/sites/default/config.gateway.json. When I migrated from a 4G failover SIM (BSNL FUP-throttled by day 22) to the Airtel FTTH, the gateway kept dialing the old PPPoE for 6 hours because the controller had cached the WAN2 profile. The fix was a set-inform http://controller:8080/inform from the CLI after blanking the cached state.

Two settings I always pin: enable hardware offload for IPv4 routing (saves ~22% CPU on the UDM-Pro at peak), and disable mDNS reflector across the customer VLAN trunk because it hammers the CPU when 380 subscribers all have Apple TVs trying to AirPlay across subnets they should not see. The controller GUI does not expose the offload toggle on every release; the JSON override is the reliable path.

Troubleshooting commands by platform on the UDM-Pro

UniFi OS on the Dream Machine family is a hybrid of Debian userland and the legacy EdgeOS shell. You need both halves to triage properly. Here are the commands I run on the Hubli edge every Monday morning during the WISP maintenance window from 03:30 to 05:00 IST.

# UniFi OS host-level diagnostics
ubnt-systool cputemp        # CPU temperature in Celsius
ubnt-systool fanspeed       # Per-fan RPM (UDM-Pro has 1 fan, UDM-SE has 1 system + PSU fan)
ubnt-device-info summary    # Model, MAC, serial, FW version, boot count
ubnt-tools traffic-monitor  # Real-time per-interface bps

# Drop into gateway shell for EdgeOS-style commands
unifi-os shell
show hardware
show system fan
show system temperature
show interfaces ethernet eth8
show ubnt offload
show dhcp leases | head -40

# Crashinfo and dmesg for hardware faults
dmesg | tail -200
dmesg | grep -iE 'temp|fan|power|sfp|link'
journalctl -u unifi-network --since "2 hours ago"

# SFP+ optic readout (critical for the all-fiber tower trunk)
ethtool eth9
ethtool -m eth9

The ubnt-systool cputemp on a healthy UDM-Pro in an unconditioned Tier-2 town rack reads 58-66°C in summer. If you see 78°C+ sustained, the fan tray is either dead or the air filter on the rack cabinet is clogged with dust. My Bidar site eats a fan tray every 14 months because the tower base has a brick kiln upwind.

For PoE-related complaints on the UDM-SE (the only one in this family with native PoE), cat /sys/class/poe/poe0/status shows per-port draw. I keep a per-port budget spreadsheet because the 180W budget runs out fast when you load 6 outdoor APs with heaters in winter.

India deployment + compliance notes

I deal with three regulatory pressures every day: TRAI subscriber-record retention (the IT Act + ISP licence condition), MeitY's DPDP Act-2023 personal-data rules now that subscriber KYC is part of my onboarding, and the new CERT-In 6-hour incident reporting window. The UDM-Pro on its own does not satisfy any of these, but it does the foundational work: NTP-locked timestamps on every flow log, syslog forwarded to a Wazuh box, and Threat Management dropping the easy stuff before it ever reaches the customer.

For BoQ submissions on GeM tenders (I have bid two small municipal-WiFi RFPs in Hubli-Dharwad zone), the UDM-Pro does not have a GeM listing on its own model number; I have to bid the rack-mount Ubiquiti gateway under a generic "edge security gateway" line item. The CAPEX line on my last submission was INR 42,000 per box plus INR 7,500 for the 3-year on-site AMC through the authorised India partner (Quick Heal Networks ran the support backstop). Total per-site cost with the SFP+ DAC, the UPS, and labour came to INR 78,000 against a per-tower TCO over 5 years of around INR 1.4 lakh.

DPDP retention is the bit that bites you. I run a cron job on the gateway that ships syslog to a Bengaluru S3-compatible bucket (MinIO on a Hetzner Falkenstein box, encrypted with age) and rotates local logs every 14 days. The UDM-Pro does not have enough on-disk space for the 12-month retention the licence demands, so the offload is mandatory. If CERT-In comes asking after a phishing incident, I have the records, sliced per-subscriber.

A deployment I actually did on the UDM-Pro

Worst day on the WISP: 2025-04, the Karwar tower base UDM-Pro smelt like burning insulation when the watchman called me. By the time I drove the 4 hours, the PCB had a brown scorch mark next to the SoC and the power LED was flickering. Root cause was a ground-loop through the tower lightning arrestor that put 380V AC onto the 12V DC rail for about 200 ms during a storm. The box was dead. I powered it off, isolated the rack, and stood up a cold spare. No RMA: physical damage from over-voltage voids the warranty. I now insist on a proper isolation transformer on every tower-base rack.

I share these stories because the official Ubiquiti KB rarely covers the messy edge cases that show up when your rack sits in a tower base near a brick kiln, when the grid blinks four times before lunch, or when the BSNL backhaul drops PPPoE for no logged reason. The UDM-Pro is genuinely a good box for the price; you just need to wrap it in operator discipline.

More FAQs from operators running UDM-Pro in production

Does the UDM-Pro survive an Indian summer in an unconditioned tower base rack?

Mostly yes, if the rack has airflow. I have boxes running at ambient 38°C and the SoC sits at 68°C. Above 42°C ambient I add a 24V brushless tower fan inside the rack. The UDM-Pro's own fan curve is conservative; it does not ramp until 72°C SoC which is too late for sustained summer load.

Can I run the UDM-Pro on an inverter + battery during long outages?

Yes, with a sine-wave inverter, not a square-wave one. The 12V DC brick is sensitive to dirty waveforms. I lost a brick in Karwar to a square-wave inverter; replacement INR 6,800. A pure sine-wave 600 VA inverter (INR 8,500 from Microtek) plus a 100 Ah deep-cycle battery (INR 11,000) gives me 14 hours of runtime on a UDM-Pro + 4-port switch combo.

How do I monitor the UDM-Pro fleet without paying for UniFi Network Application Cloud?

I self-host the controller on a Hetzner Falkenstein VPS (EUR 5/month, which is about INR 460). The UDM-Pro talks back via inform-URL over WireGuard. Telegram bot polls the controller API every 5 minutes. Costs me INR 8,500/year for the whole fleet instead of the official Cloud Console price which is per-site.

Is the UDM-Pro GeM-listed for government tenders?

Not under that specific SKU. I bid it under generic "edge security gateway" with the BIS R-41 mark and the BoQ-priced 3-year AMC. Some procurement officers push back asking for a specific OEM; I have lost two bids that way. For municipal tenders I sometimes bid a domestic alternative (TP-Link Omada or Mikrotik CCR) which have direct GeM SKUs.

How does the UDM-Pro handle BSNL FTTH GPON ONT in bridge mode?

Works fine. BSNL bridges the ONT, the UDM-Pro's WAN1 takes the PPPoE session directly, MTU 1492 (or 1500 if VLAN-tagged on some BSNL OLT regions). I have had no issues across Karnataka and Andhra circles. The Jio AirFiber ONT is fussier; I had to set DHCP-on-WAN with a specific vendor-class-identifier ("JIO-CPE").