Showing results for 
Search instead for 
Did you mean: 

Cannot apply ACL template to WLC - Failed In CA backup before deploy

Hello everybody,

is somebody also facing a problem with Prime Infrastructure 1.3 that is unable to deploy ACL template to a controller? All the time it ends on the following error:

Failed In CA backup before deploy

Does anybody knows what this means?

WLC ver (with it didn't work also)

dc2cpi1v/admin# show application

<name>          <Description>

NCS             Cisco Prime Network Control System

                Patches: Update-1_12_for_version_1_3_0_20

1.3 (

Also tried to reload CPI without any help and readding the controller in device work center also didn't fix the issue

On other controllers it works somehow, same wlc firmware, same config.

With this Prime Infrastructure I'm starting to have a feeling that it has more bugs than features ...



Cisco Employee


Prime Infrastructure is going to validate that what it thinks it knows about a given setting on the controller is what it's supposed to be before it applies a template.  "Failed in CA backup before deploy" sounds like it's trying to validate something--perhaps a certificate--on the controller before it sends down the new information. 

The best source of information will come from turning up logging while an attempt to apply the template is made.  Administration > Logging > General Logging Options, and set the logging level to Trace for the modules SNMP and System, and click Save.  Then on the left side, down to the SNMP Logging Options page, check to Enable SNMP Trace, check to enable Trace Values, add the IP address of the controller the template is being sent to to the Selected IP Address list, and click Save. Go back and try to apply the template, allowing the attempt to fail.  When it does, return to Administration > Logging, and click the Download button to retrieve the file. Inside that file, the actions taken will be logged in a series of ncs-x-x.log files, and the SNMP transactions will be in an snmpmed-x-x-x-x.log (where x-x-x-x is the IP address of the controller).  The conflicts or whatever the problem is will be there.



I have the similar problem applying ACLs to WLC, but the error is different:

Reason:                              SNMP operation to Device failed:

Operational Status:Error

other templates can be applied without any errors on the same controllers.



Did you find a fix for this issue? I am seeing the same issue with PI 2.0 and 7.4 WLC. I'm not sure if I can push other templates though. The ACL template is the first one I tried.

Thank you,



I am able to push other ACLs, but not one called PermitISE. If I use the same ACL configured with a different name, it deploys fine. I thought at first it was because that ACL was initially configured locally on the WLC and PI couldn't update it. I deleted PermitISE from a WLC and I was still unable to deploy it from PI.

Thank you,



My issue was resolved by removing the PermitISE ACL from the device configuration page in PI before I could push the new updated version. That ACL that was there was learned from the device initially.

Thank you,



I had the same issue with pushing ACLs that were originally learned from the device being pushed to. After deleting these ALCs from the device configuration, I was able to push updates with no issue. Thanks.


Content for Community-Ad