08-13-2019 06:29 AM - edited 07-02-2021 07:15 PM
Hi,
WLC seats on a virtual machine.
On log, I see cert validation failed
[*08/13/2019 08:58:32.8085] Discovery Response from 192.168.108.240
[*08/13/2019 08:58:51.4271] Selected MWAR 'QAEngWLC89100' 192.168.108.240 (index 0).
[*08/13/2019 08:58:51.4271] Ap mgr count=1
[*08/13/2019 08:58:51.4271] Go join a capwap controller.
[*08/13/2019 08:58:51.4271] Choosing AP Mgr with index 0, IP = 192.168.108.240, load = 7..
[*08/13/2019 08:58:51.4271] Synchronizing time with AC time: 1565686722
[*08/13/2019 08:58:42.0000] CAPWAP State: DTLS Setup.
[*08/13/2019 08:58:42.0000]
[*08/13/2019 08:58:42.0000]
[*08/13/2019 08:58:42.0000] Cert Verification FAILED with error 20 (unable to get local issuer certificate) at 0 depth...
[*08/13/2019 08:58:42.0000]
[*08/13/2019 08:58:42.0000] /C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-vWLC-AIR-CTVM-K9-005056A39B7A/emailAddress=support@vwlc.com
[*08/13/2019 08:58:42.0000] ./base_capwap/dtls/lnxshim/dtls_shim_crypto_util.c 1034: Verify Cert: FAILED at 0 depth: unable to get local issuer certificate
[*08/13/2019 08:58:42.0000] X509 OpenSSL Errors...
[*08/13/2019 08:58:42.0000]
[*08/13/2019 08:58:42.0000] NONE
[*08/13/2019 08:58:42.0000]
[*08/13/2019 08:58:42.0000]
[*08/13/2019 08:58:42.0000] Certificate verification failed!
[*08/13/2019 08:58:42.0000] ./base_capwap/capwap/capwap_wtp_dtls.c 323: Certificate verified failed!
[*08/13/2019 08:58:42.0000] DTLS: Received packet caused DTLS to close connection
[*08/13/2019 08:58:42.0000]
[*08/13/2019 08:58:42.0000] Lost connection to the controller, going to restart CAPWAP...
Please advise.
Thanks
08-13-2019 12:39 PM
It is failing due to certification validation.
Did you set vWLC time correctly ?
HTH
Rasika
*** Pls rate all useful responses ***
08-14-2019 12:32 AM
Thank you.
Yes I think I did.
(Cisco Controller) >show time
Time............................................. Wed Aug 14 10:30:47 2019
Timezone delta................................... 0:0
Timezone location................................ (GMT +2:00) Jerusalem
NTP Servers
NTP Version.................................. 3
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server Status NTP Msg Auth Status
------- ---------------------------------------------------------------------
1 0 10.1.2.6 In Sync AUTH DISABLED
Log is the same as before:
[*08/14/2019 07:30:50.8085] Discovery Response from 192.168.108.240
[*08/14/2019 07:31:09.4370] Selected MWAR 'QAEngWLC89100' 192.168.108.240 (index 0).
[*08/14/2019 07:31:09.4370] Ap mgr count=1
[*08/14/2019 07:31:09.4370] Go join a capwap controller.
[*08/14/2019 07:31:09.4370] Choosing AP Mgr with index 0, IP = 192.168.108.240, load = 5..
[*08/14/2019 07:31:09.4370] Synchronizing time with AC time: 1565767860
[*08/14/2019 07:31:00.0000] CAPWAP State: DTLS Setup.
[*08/14/2019 07:31:00.0000]
[*08/14/2019 07:31:00.0000]
[*08/14/2019 07:31:00.0000] Cert Verification FAILED with error 20 (unable to get local issuer certificate) at 0 depth...
[*08/14/2019 07:31:00.0000]
[*08/14/2019 07:31:00.0000] /C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-vWLC-AIR-CTVM-K9-005056A39B7A/emailAddress=support@vwlc.com
[*08/14/2019 07:31:00.0000] ./base_capwap/dtls/lnxshim/dtls_shim_crypto_util.c 1034: Verify Cert: FAILED at 0 depth: unable to get local issuer certificate
[*08/14/2019 07:31:00.0000] X509 OpenSSL Errors...
[*08/14/2019 07:31:00.0000]
[*08/14/2019 07:31:00.0000] NONE
[*08/14/2019 07:31:00.0000]
[*08/14/2019 07:31:00.0000]
[*08/14/2019 07:31:00.0000] Certificate verification failed!
[*08/14/2019 07:31:00.0000] ./base_capwap/capwap/capwap_wtp_dtls.c 323: Certificate verified failed!
[*08/14/2019 07:31:00.0000] DTLS: Received packet caused DTLS to close connection
[*08/14/2019 07:31:00.0000]
[*08/14/2019 07:31:00.0000] Lost connection to the controller, going to restart CAPWAP...
[*08/14/2019 07:31:00.0000]
[*08/14/2019 07:31:00.0000] Capwap restart.
[*08/14/2019 07:31:00.0000] CAPWAP State: DTLS Teardown.
[*08/14/2019 07:31:00.0000]
[*08/14/2019 07:31:00.0000] [DP] Deleting capwap datapath
[*08/14/2019 07:31:00.0000] CAPWAP data tunnel delete from forwarding succeeded
[*08/14/2019 07:31:04.7485] DTLS session cleanup completed. Restarting capwap state machine.
[*08/14/2019 07:31:04.7485] Previous CAPWAP state was DTLS Setup,numOfCapwapDiscoveryResp = 1.
[*08/14/2019 07:31:04.7485] Starting Discovery.
[*08/14/2019 07:31:04.7485] CAPWAP State: Discovery.
[*08/14/2019 07:31:04.7485]
[*08/14/2019 07:31:04.7485] Did not get log server settings from DHCP.
[*08/14/2019 07:31:04.7485] DNS Option IpAddr 10.1.2.6 SwitchName CISCO-CAPWAP-CONTROLLER.corp.aeroscout.com
[*08/14/2019 07:31:04.7485] DNS resolved CISCO-CAPWAP-CONTROLLER.corp.aeroscout.com
[*08/14/2019 07:31:04.7485] DNS discover addr: 192.168.150.2
[*08/14/2019 07:31:04.7685] Discovery Request sent to 192.168.1.1 with discovery type set to 1
[*08/14/2019 07:31:04.7985] Discovery Request sent to 192.168.150.2 with discovery type set to 3
[*08/14/2019 07:31:04.8185] Discovery Request sent to 255.255.255.255 with discovery type set to 0
[*08/14/2019 07:31:04.8185] Discovery Response from 192.168.108.240
Thanks
08-14-2019 12:38 AM
08-14-2019 12:52 AM
Thank you.
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.9.111.0
RTOS Version..................................... 8.9.111.0
Bootloader Version............................... 8.5.1.85
Emergency Image Version.......................... 8.9.100.0
OUI File Last Update Time........................ Tue Feb 06 10:44:07 UTC 2018
▒▒ ▒
Build Type....................................... DATA + WPS
System Name...................................... QAEngWLC89100
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 192.168.108.240
IPv6 Address..................................... ::
System Up Time................................... 5 days 21 hrs 14 mins 7 secs
System Timezone Location......................... (GMT +2:00) Jerusalem
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
--More-- or (q)uit
Configured Country............................... Multiple Countries : IL,US
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0
OUI Classification Failure Count................. 4
Memory Current Usage............................. 45
Memory Average Usage............................. 45
CPU Current Usage................................ 0
CPU Average Usage................................ 0
Flash Type....................................... Compact Flash Card
Flash Size....................................... 1073741824
Burned-in MAC Address............................ 00:50:56:A3:C2:3E
Maximum number of APs supported.................. 3000
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1
Licensing Type................................... RTU
--More-- or (q)uit
vWLC config...................................... Large
(Cisco Controller) >
show ip interface brief
gateway-ip : 192.168.108.1
gateway-mac : 00:50:56:A3:22:93
00:50:56:A3:55:6C
00:DE:FB:93:51:81
Interface IP-Address Method Status Protocol
wired0 192.168.108.47 DHCP up up
wired1 unassigned unset administatively down down
wifi0 unassigned unset administatively down down
wifi1 unassigned unset administatively down down
AP80E8.6FD8.5220>
Show version
Restricted Rights Legend
Use, duplication, or disclosure by the Government is subject to
restrictions as set forth in subparagraph (c) of the Commercial
Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and
subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
This product contains some software licensed under the
"GNU General Public License, version 2" provided with
ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
This product contains some software licensed under the
"GNU Library General Public License, version 2" provided
with ABSOLUTELY NO WARRANTY under the terms of "GNU Library
General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html
This product contains some software licensed under the
"GNU Lesser General Public License, version 2.1" provided
with ABSOLUTELY NO WARRANTY under the terms of "GNU Lesser
General Public License, version 2.1", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
Cisco AP Software, (ap1g4), [wlc-tools:/local/build/JENKINS/workspace/mobility-express-cco/v8_1_mr_throttle_respin_250915091023/router]
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri Sep 25 10:33:54 PDT 2015
ROM: Bootstrap program is U-Boot boot loader
BOOTLDR: U-Boot boot loader Version 21
AP80E8.6FD8.5220 uptime is 0 days, 0 hours, 1 minutes
Last reload time : Sun Oct 11 00:46:43 UTC 2015
Last reload reason : unknown
cisco AIR-AP1832I-B-K9 ARMv7 Processor rev 0 (v7l) with 997136/726424K bytes of memory.
Processor board ID KWC193300WB
AP Running Image : 8.1.122.0
Primary Boot Image : 8.1.122.0
Backup Boot Image : 0.0.0.0
AP Image type : MOBILITY EXPRESS IMAGE
AP Configuration : MOBILITY EXPRESS CAPABLE
2 Gigabit Ethernet interfaces
2 802.11 Radios
Radio FW version : 98abcb8ec39f5a28393e632baa5bfcdb
NSS FW version : NSS.AK.1.0.c4-00026-E_custC-1.24160.1
Base ethernet MAC Address : 80:E8:6F:D8:52:20
Part Number : 0-0000-00
PCA Assembly Number : 074-104313-01
PCA Revision Number : 01
PCB Serial Number : KWC193300WB
Top Assembly Part Number : 000-00000-00
Top Assembly Serial Number : KWC193300WB
Top Revision Number : A0
Product/Model Number : AIR-AP1832I-B-K9
08-14-2019 03:08 AM - edited 08-14-2019 03:09 AM
@ItzikLevy4847 wrote:
AP Image type : MOBILITY EXPRESS IMAGE
The AP is running Mobility Express image. This is the reason why it doesn't want to join the controller.
Remote or console into the AP and use the command "ap-type capwap" to convert the AP to CAPWAP.
08-14-2019 03:12 AM
Thank you.
How can I solve that?
Thanks
08-14-2019 03:33 AM
Thank you.
I tried it.
Ap image type stays Mobility Express Image
Thanks
cisco AIR-AP1832I-B-K9 ARMv7 Processor rev 0 (v7l) with 997136/727924K bytes of memory.
Processor board ID KWC193300WB
AP Running Image : 8.1.122.0
Primary Boot Image : 8.1.122.0
Backup Boot Image : 0.0.0.0
AP Image type : MOBILITY EXPRESS IMAGE
AP Configuration : NOT MOBILITY EXPRESS CAPABLE
2 Gigabit Ethernet interfaces
2 802.11 Radios
Radio FW version : 98abcb8ec39f5a28393e632baa5bfcdb
NSS FW version : NSS.AK.1.0.c4-00026-E_custC-1.24160.1
Base ethernet MAC Address : 80:E8:6F:D8:52:20
Part Number : 0-0000-00
PCA Assembly Number : 074-104313-01
PCA Revision Number : 01
PCB Serial Number : KWC193300WB
Top Assembly Part Number : 000-00000-00
Top Assembly Serial Number : KWC193300WB
Top Revision Number : A0
Product/Model Number : AIR-AP1832I-B-K9
08-14-2019 04:44 AM
08-14-2019 04:47 AM
10-14-2020 05:18 PM - edited 10-14-2020 06:42 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: