I think you have point.. i look at AP show time and its 1h behind :)

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.110.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS

System Name...................................... WLC5508
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. SSO (Both AP and Client SSO)
IP Address....................................... 172.30.20.64
Last Reset....................................... Software reset
System Up Time................................... 0 days 2 hrs 7 mins 16 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

Configured Country............................... SE  - Sweden
Operating Environment............................ Commercial (0 to 40 C)

--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +40 C
External Temperature............................. +21 C
Fan Status....................................... OK

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 4
Number of Active Clients......................... 50

Burned-in MAC Address............................ 6C:20:56:BD:1F:A0
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 100

(Cisco Controller) >show time

Time............................................. Tue Mar 25 23:48:49 2014

Timezone delta................................... 0:0
Timezone location................................ (GMT +1:00) Amsterdam, Berlin, Rome, Vienna

NTP Servers
    NTP Polling Interval.........................     3600

     Index     NTP Key Index                  NTP Server                  NTP Msg Auth Status
    -------  ----------------------------------------------------------------------------------
       2              0                                 172.30.20.1       AUTH DISABLED

APd072.dc01.0020#sh ver
Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.2(4)JB1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Sat 16-Nov-13 11:00 by prod_rel_team

ROM: Bootstrap program is C3700 boot loader
BOOTLDR: C3700 Boot Loader (AP3G2-BOOT-M) LoaderVersion 15.2(4)JB, RELEASE SOFTWARE (fc1)

APd072.dc01.0020 uptime is 38 minutes
System returned to ROM by power-on
System restarted at 22:10:47 UTC Tue Mar 25 2014
System image file is "flash:/ap3g2-k9w8-mx.152-4.JB1/ap3g2-k9w8-xx.152-4.JB1"
Last reload reason:

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP3702I-E-K9 (PowerPC) pr
Mar 25 22:49:17.383: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to downocessor (revision A0) with 204790K/57344K bytes of memory.
Processor board ID FCZ1811W0LX
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.6.1.118
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: D0:72:DC:01:00:20
Part Number                          : 73-15243-01
PCA Assembly Number                  : 000-00000-00
 --More--
Mar 25 22:49:17.387: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
Mar 25 22:49:18.387: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
Mar 25 22:49:18.407: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
Mar 25 22:49:19.407: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed sPCA Revision Number                  :
PCB Serial Number                    : FOC180823YE
Top Assembly Part Number             : 068-05054-01
Top Assembly Serial Number           : FCZ1811W0LX
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP3702I-E-K9

Configuration register is 0xF

APd072.dc01.0020# sh ip interface brief; and
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       172.30.6.153    YES DHCP   up                    up
Dot11Radio0                unassigned      NO  unset  up                    up
Dot11Radio1                unassigned      NO  unset  up                    up
GigabitEthernet0           unassigned      NO  unset  up                    up
Virtual-WLAN0              unassigned      NO  unset  up                    up
Virtual-WLAN0.1            unassigned      NO  unset  up                    up
Virtual-WLAN0.2            unassigned      NO  unset  up                    up
Virtual-WLAN0.3            unassigned      NO  unset  up                    up
Virtual-WLAN0.4            unassigned      NO  unset  up                    up
Virtual-WLAN0.5            unassigned      NO  unset  up                    up
Virtual-WLAN0.6            unassigned      NO  unset  up                    up
Virtual-WLAN0.7            unassigned      NO  unset  up                    up
Virtual-WLAN0.8            unassigned      NO  unset  up                    up
Virtual-WLAN0.9            unassigned      NO  unset  up                    up
Virtual-WLAN0.10           unassigned      NO  unset  up                    up
Virtual-WLAN0.11           unassigned      NO  unset  up                    up
Virtual-WLAN0.12           unassigned      NO  unset  up                    up
Virtual-WLAN0.13           unassigned      NO  unset  up                    up
Virtual-WLAN0.14           unassigned      NO  unset  up                    up
Virtual-WLAN0.15           unassigned      NO  unset  up                    up
Virtual-WLAN0.16           unassigned      NO  unset  up                    up

APd072.dc01.0020#sh inventory
NAME: "AP3700", DESCR: "Cisco Aironet 3700 Series (IEEE 802.11ac) Access Point"
PID: AIR-CAP3702I-E-K9 , VID: V01, SN: FCZ1811W0LX

But all other AP work fine ! any suggestions ?

'

Have you configured any AP policy (Security -> AP Policy ) ? If so you have to add AP mac address on to the list

HTH

Rasika

*** Pls rate all useful responses ****

No we do not have. it looks i found solution :)

If this AP can ping the controller, can you console into the AP and enter the command "capwap ap controller ip address <WLC management IP address>".

Can you also post the first page of the output to the WLC command "sh ap summary"?

I think here is the problem

APd072.dc01.0020#sh capwap client rcb
AdminState                  :  ADMIN_ENABLED
SwVer                       :  7.6.1.118
NumFilledSlots              :  2
Name                        :  APd072.dc01.0020
Location                    :  default location
MwarName                    :  WLC5508
MwarApMgrIp                 :  172.30.20.64
MwarHwVer                   :  0.0.0.0
ApMode                      :  Bridge
ApSubMode                   :  Not Configured
OperationState              :  JOIN
CAPWAP Path MTU             :  576
LinkAuditing                :  disabled
ApRole                      :  MeshAP
ApBackhaul                  :  802.11a
ApBackhaulChannel           :  0

Lightweight Access Point does not register with the WLC. The log displays this the error message

AAA Authentication Failure for UserName:5475xxx8bf9c User
	 Type: WLAN USER

This can happen if the Lightweight Access Point was shipped with a mesh image and is in Bridge mode. If the LAP was ordered with mesh software on it, you need to add the LAP to the AP authorization list. Choose Security > AP Policies and add AP to the Authorization List. The AP should then join, download the image from the controller, then register with the WLC in bridge mode. Then you need to change the AP to local mode. The LAP downloads the image, reboots and registers back to the controller in local mode.

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99948-lap-notjoin-wlc-tshoot.html#p9

Problem 17

Cisco Controller) >show ap summary

Number of APs.................................... 62

Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured

I think i have it.. the AP is in Bridge mode and need to be set to Local mode.

I just did the trick :)

Add mac address in Security->MAC Filtering and it works :)

///Aram