Solved: CSCvc60648 - debug client cleanup dot1xDoesPmkIdMatchPmk2

Pinurana32 · ‎03-18-2025

Access points are unable to join the WLC 5500

debug client cleanup dot1xDoesPmkIdMatchPmk2
CSCvc60648

any workaround for this Bug .

marce1000 · ‎03-18-2025

- @Pinurana32 : A common issue on these platforms (AP + controller) is that the certificates on the
APs are expired , then the APs suddenly without warning can no longer join

Checkout : https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html
for an explanation and countermeasures

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

marce1000 · ‎03-18-2025

- This is not related to AP joining issues ; please scrutinize the bug report ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Pinurana32 · ‎03-18-2025

Thanks Marce for the update ,When we are trying to debug getting below for all access points .

All of the sudden ,15 access points not joining WLC

AIR-CT5508-K9

apfMsConnTask_1: Mar 18 13:57:18.015: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:18.015: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:20.585: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:20.585: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_6: Mar 18 13:57:20.816: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_6: Mar 18 13:57:20.816: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:21.575: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:21.575: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_4: Mar 18 13:57:24.203: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_6: Mar 18 13:57:25.373: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_6: Mar 18 13:57:25.373: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_6: Mar 18 13:57:36.715: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:39.112: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:39.112: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:43.810: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:43.810: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 18 13:57:50.451: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 18 13:57:54.745: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 18 13:57:54.745: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:55.010: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_1: Mar 18 13:57:55.010: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 18 13:58:06.840: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 18 13:58:06.840: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 18 13:58:10.878: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 18 13:58:10.878: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 18 13:58:19.160: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 18 13:58:19.160: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_6: Mar 18 13:58:20.326: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_4: Mar 18 13:58:24.466: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 18 13:58:27.285: [SA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0

(Cisco Controller) >debug client a0ec.f926.792c

marce1000 · ‎03-18-2025

- You are mixing up issues ; the APs not joining is a different problem and not related to client issues ;
post the full boot process of an AP that can no longer join,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Pinurana32 · ‎03-18-2025

If anyone faced the similar issue in past ,please do sugguest .

marce1000 · ‎03-18-2025

- @Pinurana32 : A common issue on these platforms (AP + controller) is that the certificates on the
APs are expired , then the APs suddenly without warning can no longer join

Checkout : https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html
for an explanation and countermeasures

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Pinurana32 · ‎03-18-2025

Marce ,Thank you so much for your help . Issue resolved after running this command : config ap cert-expiry-ignore mic enable .