12-21-2018 06:27 AM - edited 07-05-2021 09:37 AM
we have download a config file from one ME ap and upload it to another ME ap,we have changed the WLC's MAC addr and Serial number of that config file before upload it.after that,the internal ap of ME ap cannot join itself. There is the error log: CAPWAP State: DTLS Setup dtls_process_packet: DTLS Error: 1046 dtls_process_packet: The controller shut down the DTLS connection. No more AP manager addresses remain.. dtls_process_packet: Please verify that the AP certificate is valid and has not expired. dtls_disconnect: ERROR shutting down dtls connection ... CAPWAP State: DTLS Teardown No more AP manager addresses remain.. No valid AP manager found for controller 'WLC-001' (ip: 192.168.1.100) Failed to join controller WLC-001. Failed to join controller. I have check the time of WLC,it's right.And the timezone also have no problem.I don't know if there will be a problem when use another ME's config file.So,i want to know whether we cannot do that.if we can do that,Is there any workaround? Thanks
12-22-2018 12:57 PM
Does your 2nd AP has IP address on same 192.168.1.0/x24 subnet ? What AP models are these & what version you running on your ME AP ?
HTH
Rasika
12-22-2018 10:05 PM
12-23-2018 02:23 PM
Have you configured correct time & proper country code in WLC?
Post "show sysinfo" from WLC & "show ver" from AP CLI
Rasika
12-23-2018 10:07 PM
11-11-2020 01:55 PM
Hi,
How did you fix the issue? I'm seeing the exact same issue on 5520 wlc after upgrading to 8.10.142, AP models are AIR-AP2802I-B-K9 and AIR-AP3802I-B-K9.
I downgraded the wlc back to 8.10.130, but AP still can't join the wlc. Same AP can join 9800 controller, but not 5520.
Logs from AP console -
[*11/11/2020 21:46:38.8818] CAPWAP State: Discovery
[*11/11/2020 21:46:38.8865] Got WLC address 100.1.1.10 from DHCP.
[*11/11/2020 21:46:38.8866] IP DNS query for CISCO-CAPWAP-CONTROLLER.talpha.com
[*11/11/2020 21:46:38.9520] Discovery Request sent to 100.1.1.10, discovery type DHCP(2)
[*11/11/2020 21:46:38.9549] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*11/11/2020 21:46:38.9551] Discovery Response from 100.1.1.10
[*11/11/2020 21:46:49.0003]
[*11/11/2020 21:46:49.0003] CAPWAP State: DTLS Setup
[*11/11/2020 21:46:49.0030] dtls_process_packet: DTLS Error: 1040
[*11/11/2020 21:46:49.0030] dtls_process_packet: The controller shut down the DTLS connection.
[*11/11/2020 21:46:49.0030] dtls_process_packet: Please verify that the AP certificate is valid and has not expired.
[*11/11/2020 21:47:46.0357]
[*11/11/2020 21:47:46.0357] CAPWAP State: DTLS Teardown
[*11/11/2020 21:47:46.1040] upgrade.sh: Script called with args:[ABORT]
[*11/11/2020 21:47:46.1597] do ABORT, part1 is active part
[*11/11/2020 21:47:46.1737] upgrade.sh: Cleanup tmp files ...
[*11/11/2020 21:47:46.2011] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
[*11/11/2020 21:47:46.2012] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
[*11/11/2020 21:47:50.7872] No more AP manager addresses remain..
[*11/11/2020 21:47:50.7872] No valid AP manager found for controller 'C5520-WLC' (ip: 100.1.1.10)
[*11/11/2020 21:47:50.7872] Failed to join controller C5520-WLC.
[*11/11/2020 21:47:50.7872] Failed to join controller.
AP MIC cert -
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:f8:7b:28:2b:54:dc:8d:42:a3:15:b5:68:c9:ad:ff
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=Cisco Systems, CN=Cisco Root CA 2048
Validity
Not Before: May 14 20:17:12 2004 GMT
Not After : May 14 20:25:42 2029 GMT
Subject: O=Cisco Systems, CN=Cisco Root CA 2048
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
#sh clock
*21:53:57 UTC Wed Nov 11 2020
WLC cert -
Certificate Name: Cisco Root CA SHA1 cert
Subject Name :
O=Cisco Systems, CN=Cisco Root CA 2048
Issuer Name :
O=Cisco Systems, CN=Cisco Root CA 2048
Serial Number (Hex):
5FF87B282B54DC8D42A315B568C9ADFF
Validity :
Start : May 14 20:17:12 2004 GMT
End : May 14 20:25:42 2029 GMT
Signature Algorithm :
sha1WithRSAEncryption
(C5520-WLC) >show time
Time............................................. Wed Nov 11 21:54:05 2020
Timezone delta................................... 0:0
Timezone location................................ (GMT) London, Lisbon, Dublin, Edinburgh
11-11-2020 05:39 PM
This does not seem to be a same problem. But it looks like AP or WLC certificate issue. Should you use the command "show certificate all" to check “Certificate Name: Cisco SHA1 device cert”? not “Certificate Name: Cisco Root CA SHA1 cert”
Thx & BR
01-23-2019 01:53 AM
Hi,
Verify that your ntp settings are ok and not blocked by the firewall.
I just had the same problem.
regards,
05-04-2023 04:11 AM
Hi,
I have the same problem and I notice that the WLC time is correct but the AP time and date is incorrect. Any suggestion how to set the time and date of AP C9120axi?
"clock set" command is not available in the AP.
regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide