Skip to main content

RM Programming — Over-Wi-Fi Across Sites/Subnets

Overview

SystemMotorola

Programming MOTOTRBO R7 radios and repeaters over Wi-Fi with Radio Management (RM), across over-Wi-Fi programming of R7 portablessites and SLRsubnets. repeaters

RM Server / Device Programmer runs on pbr-radio-kl1 (10.8.40.1010), (RM Server,version Job Processor, Device Programmer, Device Monitor on one host) RM Version2.157.149.0 StatusWorking — cross-site OTAP/Wireless (LAN) programming confirmed across routed VLANs (July 2026) Radio VLANVLAN 40 per site, 10.<site>.40.0/24 addressing, pbrb_radio SSID (WPA3-Enterprise / EAP-TLS via SCEPman) AuthorMitch Fraser, documented with Claude — 2 July 2026 0.

This page documents how RM device discovery and programming actually works over Wi-Fi, and the four independent fixes that were all required to make programming work across sites/subnets. Out of the box, RM Wi-Fi programming only works when the Device Programmerradio and the radios share the same L2 segment. Each fix below addresses a different silent failure; removing any one of them breaks cross-site programming again, each with a different symptom (see Troubleshooting table at the bottom).


How RM Wi-Fi Discovery Actually Works

Same-subnet (default behaviour)

The RM Device Programmer (DP) discovers radios using DNS-SD over mDNS. The DP sends periodic multicast queries (~every 20 s) for _otap._tcp.local to 224.0.0.251:5353, and radios respond with PTR/SRV/TXT/A records advertising their hostname (e.g. MOTOTRBO_09e0000542803a00.local), their current IP, and the TCP port to program them on (observed: 8003, also seen 8002 in session traffic). Multicast is link-local by design — it does not route across VLANs — which is why programming historically only worked with the DPare on the same Wi-Fisubnet, networkbecause asdiscovery theuses radio.mDNS This limitation is confirmed in Motorola's own Wi-Fi FAQ.

Cross-subnetmulticast (DNS-SD224.0.0.251:5353) forwarding)

which

Sincedoesn't DProute. 2.21.61.0,Four thechanges radiowere codeplug supports a Device Discovery Server Name field (CPS → Network → Wi-Fi, per network profile). When populated, the radio sends its DNS-SD announcement as unicast UDPneeded to thatmake hostit on port 5353 at the configured DNS-SD Interval (PBR: 90 s), instead of relying on local multicast. The radio also leaves the 224.0.0.251 multicast group (visible as an IGMP leave). This unicast announcement routes normallywork across VLANs/sites and throughall thefour Paloare Alto like any other traffic.

After discovery, the actual programming session is a normal TCP connection initiated by the DP to the radio, on the port the radio advertised in its SRV record (8002/8003).required.


The Four Required Fixes

1. Disable Windows mDNS registry change on the RM server (critical)registry — most important)

SymptomWindows' itDnscache fixes:service Unicastbinds DNS-SDUDP 5353 and silently consumes the radios' incoming discovery announcements visibly arrive at the RM server in Wireshark, butMotorola Device MonitorProgrammer never showsreceives thethem. radioRadios as connected and jobs sit atshow Waiting For Device forever.forever Nowith errorno is ever logged.

Root cause: Windows' native mDNS responder (inside the Dnscache service, running in svchost) binds UDP 5353 on all interfaces. Unicast UDP is delivered to a single socket — Windows' stack wins the bind and silently consumes every announcement. The Motorola DP never receives a single packet. (Multicast delivery goes to all group members, which is why local discovery still worked.)

Diagnosis:

Get-NetUDPEndpoint -LocalPort 5353 | Select LocalAddress,OwningProcess
Get-Process -Id <PID>
tasklist /svc /fi "PID eq <PID>"
# If svchost/Dnscache owns 5353 instead of the Motorola DP process, this is the fault.

Fix — disable Windows native mDNS, then reboot:error.

New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" `
  -Name EnableMDNS -Value 0 -PropertyType DWord -Force
# RebootThen REBOOT the server
(a

Verify Dnscacheafter restart alone is not sufficientreboot — the Motorola DP process (not svchost) must # re-attempt its 5353 bind afterown the portport:

is free).

Verify after reboot: re-run

Get-NetUDPEndpoint -LocalPort 5353 | Select LocalAddress,OwningProcess and confirm the Motorola Device Programmer process now owns the port. Radios should begin showing Connected in Device Monitor within 1–2 DNS-SD intervals (~90–180 s).

Side effect: this disables .local mDNS resolution on the server itself — not relevant for a server role. Note that Apple Bonjour (mDNSResponder) is another known 5353 squatter if ever installed.

2. Set Device Discovery Server Name in the radio codeplug

SymptomCPS it fixes: Radios on other subnets never discovered at all (multicast can't cross the VLAN boundary).

In CPS/RM, per Wi-Fi → per network profile:profile: set Device Discovery Server Name to the DP host. PBR value: pbr-radio-kl1 (resolvesor via10.8.40.10). This makes the domainradio suffix;send aits rawdiscovery IPannouncement 10.8.40.10unicast also works and removesto the DNSserver dependency).(routable) Leaveinstead DNS-SDof Listeninglocal Portmulticast. atSet 5353 and DNS-SD Interval at 90 sec.

Important: set thisit on every networkWi-Fi profile the radio mayuses. useDNS-SD (e.g.port both5353, theinterval MOTOTRBO90 staging profile and PBRB_Radio) — a profile without it falls back to local multicast only. Confirm the Wi-Fi VLAN's DHCP scope hands out DNS servers that can resolve the internal zone if using a hostname.sec.

3. RM Machine Authorization for the Device Programmer

Symptom it fixes: Device Programmer / Device Monitor fails to connect to the RM Server with the generic error "Failed to connect to the RM server… (5 possible causes)", from any client including localhost, despite the service running, 443 listening, correct domain membership and time sync. Writes queued but never dispatched.

Fix: RM Server Utility → Machine Authorization —Authorization: the machine running the Device Programmer (including the RM server itself) must be listed and havewith the Programmer permission ticked.ticked. UserWithout accountsit, connectingconnections mustfail alsowith appearthe undergeneric User"Failed Authorization.to ADconnect authenticationto succeeding is not sufficient —the RM enforcesserver" itsdialog ownand authorizationjobs listnever at the application layer after Windows auth.dispatch.

4. Address all RM components asUse 10.8.40.10, not localhost

Symptom it fixes: After discovery works, cross-site write jobs fail with Error 450 — "Application has encountered an error. The connection could not be established with the selected connection type" — and packet capture shows no SYN is ever sent toward the radio. Same-subnet writes work.

Fix: In the settings for RM configuration,config, Job Processor and Device MonitorMonitor/DP / Device Programmer,settings, set the RM Server address to 10.8.40.10 (the host'snot reallocalhost. routableWith IP) rather than localhost. Components registered via loopback have no valid routable identity to anchorlocalhost, cross-subnetsite programmingwrites sessionsfail from;with locallyError this450 never("connection matters,could sonot be established with the faultselected onlyconnection appearstype") cross-site.while local writes still work.


DeviceQuick Programmer Settings (reference)

SettingValue RM Server Address10.8.40.10 (not localhost) RM Server Port443 Authentication MethodWindows Credentials Communication MethodUSB + Wireless (LAN) (+ IP Program for repeaters) DNS-SD Listening Port5353 IP Program TCP range50000–50100 IP Program local UDP port20000

Port Matrix

Port(s)ProtoDirectionPurpose 443TCPClients/DP → RM ServerRM Server / Discovery Server (HTTPS) 5353UDPRadio → DP hostUnicast DNS-SD announcements (Device Discovery Server Name). Also local multicast 224.0.0.251 8002–8003TCPDP → RadioProgramming session — port advertised in the radio's SRV record. Must be permitted DP→radio VLANs on the Palo Alto 8675TCPClient → DPRM client to Device Programmer (legacy/documented) 50000–50100TCPDP ↔ deviceIP Program (repeaters) session range 20000UDPDPIP Program local UDP 4005UDPDDMSOnly if DDMS in use 80, 3416, 49202, 49205–49210, 50003, 51020–51030, 56901, 65534 TCP; 50000–50010, 56401 UDPAdditional ports in the server's Windows Firewall rule set (Motorola KB-derived); retained as configured

Windows Firewall on the RM server has inbound + outbound rules covering the above (rules "Motorola Test" / "Motorola Test UDP", plus ExecutorService/ExecutorConfigUI.DP app rules). Traffic between the RM server zone and site radio VLANs currently matches intrazone-default (allow) on the Palo Alto — if radio VLANs are ever moved to their own zone, an explicit rule with the ports above is required.


Troubleshooting: Symptom → CauseTroubleshooting

SymptomCause / FixCheck
Cross-site radio never appears / job sits at Waiting For Device; mDNSforever, visible in Wireshark on the servercross-siteWindowsFix Dnscache1 — who owns UDP 53535353? Windows Fixupdates/rebuilds 1can (EnableMDNS=0re-enable + reboot). Verify with Get-NetUDPEndpoint -LocalPort 5353mDNS
Cross-site radio never discovered, no unicast 5353 traffic arrivingdiscovered at allFix 2 — Device Discovery Server Name not setmissing on the active Wi-Fi profile in use — Fix 2. Check every profile, not just one
DP/Device"Failed Monitor can'tto connect to RM Serverserver" (generic 5-cause dialog), even from localhostdialogRMFix 3 — Machine Authorization missing Programmer permission — Fix 3
Error 450 on cross-site write; capture shows no SYN toward the radio; local writes fineonlyRMFix components4 addressed as localhost — Fix 4addressing
Discovery
works, SYN

Ports

sent

UDP to5353 (radio on 8002/server, discovery) · TCP 443 (RM server/clients) · TCP 8002-8003 but(DP no reply

Checkradio, programming session) · TCP 50000-50100 / UDP 20000 (IP Program, repeaters). Traffic currently rides the Palo Alto policyintrazone-default for those ports, then Aruba client isolation / deny-inter-user-bridging / ClearPass role ACL on pbrb_radio Radio drops offline briefly after a successful writeExpectedallowWi-Fiadd stackexplicit restartsrules if radio VLANs move to applytheir config;own radiozone. re-announces

Notes

within
~90If s (DNS-SD interval) Working setupthis breaks after a Windows update or server rebuildRe-rebuild, check the EnableMDNS registry value and 5353 port ownership first — an update or rebuild can restore Windows' mDNS responder

Useful diagnostics

# Who owns the DNS-SD port
Get-NetUDPEndpoint -LocalPort 5353 | Select LocalAddress,OwningProcess

# Watch for unicast announcements arriving (Wireshark on RM server)
#   filter: udp.port == 5353
# Radio announcements every 90 s: PTR/SRV/TXT/A for MOTOTRBO_<id>.local,
# SRV advertises the programming port (8003), A record carries the radio's real IP.

# Watch a job attempt end-to-end
#   filter: ip.addr == <radio-ip>
# A healthy write = DP opens TCP to the radio's advertised port, data, clean FIN.

Maintenance Notes

    The EnableMDNS registry key is the fragile piece. Any RM server rebuild, OS upgrade, or feature update that re-enables Windows mDNS will silently break cross-site discovery with no error anywhere. Check 5353 ownership first whenever this system misbehaves.first. If the RM server'sserver IP ever changes, update:update it in both the Deviceradio Discovery Server Namecodeplugs (orFix DNS record) in radio codeplugs,2) and theRM server address configured in Job Processor / Device Monitor / DPcomponent settings (Fix 4). Remove any test entries from C:\Windows\System32\drivers\etc\hosts on the RM server (a MOTOTRBO_*.local mapping was used during fault-finding). Consider DHCP reservations on VLAN 40 for repeaters/fixed radios to keep addresses stable for troubleshooting. New radios: ensure the Wi-Fi profile template includes Device Discovery Server Name on all profiles before fleet rollout. Only one OTAP-configured DP is supported per RM system — the central DP model relies entirely on the unicast DNS-SD forwarding above. If it ever proves unreliable, the fallback is a lightweight per-site Device Programmer (NUC/VM) connecting back to the central RM Server.