Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2704
Views
0
Helpful
3
Replies

1852i AP unable to register to vWLC on version 8.3.112

Go to solution
shaun barrs
Level 1
Level 1

‎08-17-2017 03:47 PM - edited ‎07-05-2021 07:33 AM

Hi all,

I have recently installed vWLC and am having difficulty in getting either of my 2 1852i AP's to register.  From the logs on the AP the reason seems to be down to a certificate error.

A quick search on Google and browsing the release notes I discovered that the version of vWLC I was running at the time did not support the 1852i, however I have since upgraded to version 8.3.112 which I believe should now support the 1852i's but am still unable to get the AP to register and getting the same certificate error.

Snippet from the AP trying to register below.

[*08/17/2017 22:24:39.7485] Starting Discovery.
[*08/17/2017 22:24:39.7485] CAPWAP State: Discovery.
[*08/17/2017 22:24:39.7485]
[*08/17/2017 22:24:39.7485] Did not get log server settings from DHCP.
[*08/17/2017 22:24:39.7485] DNS Option IpAddr 8.8.8.8 SwitchName CISCO-CAPWAP-CONTROLLER.
[*08/17/2017 22:24:39.7785] Could Not resolve CISCO-CAPWAP-CONTROLLER.
[*08/17/2017 22:24:39.7985] Discovery Request sent to 255.255.255.255 with discovery type set to 0
[*08/17/2017 22:24:39.7985] Discovery Response from 192.168.10.141
[*08/17/2017 22:24:58.4370] Selected MWAR 'Cisco_99:12:61' 192.168.10.141 (index 0).
[*08/17/2017 22:24:58.4370] Ap mgr count=1
[*08/17/2017 22:24:58.4370] Go join a capwap controller.
[*08/17/2017 22:24:58.4370] Choosing AP Mgr with index 0, IP = 192.168.10.141, load = 0..
[*08/17/2017 22:24:58.4370] Synchronizing time with AC time: 1503008689
[*08/17/2017 22:24:49.0000] CAPWAP State: DTLS Setup.
[*08/17/2017 22:24:4[*08/17/2017 22:25:41.4370] Selected MWAR 'Cisco_99:12:61' 192.168.10.141 (index 0).
[*08/17/2017 22:25:41.4370] Ap mgr count=1
[*08/17/2017 22:25:41.4370] Go join a capwap controller.
[*08/17/2017 22:25:41.4370] Choosing AP Mgr with index 0, IP = 192.168.10.141, load = 0..
[*08/17/2017 22:25:41.4370] Synchronizing time with AC time: 1503008732
[*08/17/2017 22:25:32.0000] CAPWAP State: DTLS Setup.
[*08/17/2017 22:25:32.0000]
[*08/17/2017 22:25:32.0000]
[*08/17/2017 22:25:32.0000] Cert Verification FAILED with error 20 (unable to get local issuer certificate) at 0 depth...
[*08/17/2017 22:25:32.0000]
[*08/17/2017 22:25:32.0000] /C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-vWLC-AIR-CTVM-K9-000C29991257/emailAddress=support@vwlc.com
[*08/17/2017 22:25:32.0000] ./base_capwap/dtls/lnxshim/dtls_shim_crypto_util.c 1034: Verify Cert: FAILED at 0 depth: unable to get local issuer certificate
[*08/17/2017 22:25:32.0000] X509 OpenSSL Errors...
[*08/17/2017 22:25:32.0000]
[*08/17/2017 22:25:32.0000] NONE
[*08/17/2017 22:25:32.0000]
[*08/17/2017 22:25:32.0000]
[*08/17/2017 22:25:32.0000] Certificate verification failed!
[*08/17/2017 22:25:32.0000] ./base_capwap/capwap/capwap_wtp_dtls.c 323: Certificate verified failed!
[*08/17/2017 22:25:32.0000] DTLS: Received packet caused DTLS to close connection
[*08/17/2017 22:25:32.0000]
[*08/17/2017 22:25:32.0000] Lost connection to the controller, going to restart CAPWAP...
[*08/17/2017 22:25:32.0000]

Any help or suggestions would be gratefully appreciated.

Thanks,

Shaun

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
biaacer2
Cisco Employee
Cisco Employee

‎08-21-2017 06:35 PM

Have you enabled SSC checkbox?

Enable SSC checkbox:
Security -> Ap policies -> Accept Self Signed Certificate (SSC)

If by any chance you also have a physical controller, try adding the AP to that controller first and then move it to your vWLC.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎08-17-2017 04:03 PM

Post the complete output to the following commands: 

  1. vWLC:  sh sysinfo; 
  2. vWLC:  sh time;
  3. AP:  sh version; and 
  4. AP:  sh ip interface brief

NOTE:  Please avoid using 8.3.112.X.  Go straight to 8.3.122.X. 

0 Helpful

Go to solution
shaun barrs
Level 1
Level 1
In response to Leo Laohoo

‎08-31-2017 02:29 PM

Thanks - I upgraded to the latest version of code which didn't work. I then registered the AP's to a physical controller and tried them again on the VWLC which has worked with the AP'S happily registered.

Bit wired that they need to have been registered to a physical WLC before you can register the with a vWLC?

Thanks
Shaun
0 Helpful

Go to solution
biaacer2
Cisco Employee
Cisco Employee

‎08-21-2017 06:35 PM

Have you enabled SSC checkbox?

Enable SSC checkbox:
Security -> Ap policies -> Accept Self Signed Certificate (SSC)

If by any chance you also have a physical controller, try adding the AP to that controller first and then move it to your vWLC.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card