Solved: Re: 9130 APs failed to join controller after code upgrade 17.9.3

DATHOZ · ‎06-29-2023

Several CAT 9130 APs failed to join controller after code upgrade here is the syslog error 2023-06-20T07:47:59-06:00 <local7.notice> 172.28.3.50 Jun 20 07:47:59.654 MST: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: ap-0032-6-650a Mac: a488.7370.6880 Session-IP: 172.30.9.167[5248] 172.28.3.50[5246] Disjoined DTLS close alert from peer

On the AP I see the following :

[*06/29/2023 20:56:05.8684] systemd[1]: Failed to start capwapd.
[*06/29/2023 20:56:05.8684] systemd[1]: capwapd.service failed.
[*06/29/2023 20:56:05.9230]
[*06/29/2023 20:56:05.9230]
[*06/29/2023 20:56:05.9230] Critical process has crashed repeatedly, This will result in reboot of system
[*06/29/2023 20:56:05.9230] You have 20 seconds to run this to stop the reboot. Good luck
[*06/29/2023 20:56:05.9231]
[*06/29/2023 20:56:05.9231] freeze -w
[*06/29/2023 20:56:05.9231]
show capwap client config
IPC socket server not ready for capwapd. Try after few moments, Errno: 111 Msg_id: 31

AdminState : ADMIN_ENABLED(1)
Name : APCC7F.75AE.49D4
Location : default location
Primary controller name :
Secondary controller name :
Tertiary controller name :
ssh status : Disabled
ApMode : Local
ApSubMode : Not Configured
Link-Encryption : Disabled
OfficeExtend AP : Disabled
Discovery Timer : 10
Heartbeat Timer : 30
Syslog server : 255.255.255.255
Syslog Facility : 0
Syslog level : errors
AP join priority : 1
IP Prefer-mode : Unconfigured
CAPWAP UDP-Lite : Unconfigured
AP retransmit count : 5
AP retransmit timer : 3
AP lsc enable : 0
AP Policy Tag : UNKNOWN
AP RF Tag : UNKNOWN
AP Site Tag : UNKNOWN
AP Tag Source : 0
Slot 0 Config:
Error: Socket open failed
Error: Socket open failed
Slot 1 Config:
Error: Socket open failed
Error: Socket open failed
APCC7F.75AE.49D4#[ OK ] Stopped Cisco image/firmware updater service.
Stoppi Stopping H

DATHOZ · ‎07-31-2023

Just to update this ticket, I worked with TAC on 3 diff 9130s AP and once we run the command on U-Boot and reboot, the AP stays on a loop and it just never loads anything. The plan is to RMA 15 devices. The interesting part is that during the migration I had 500+ 9130 APs but only 15 of them got into this issue. Thanks for the feedback

View solution in original post

Flavio Miranda · ‎06-29-2023

Hi

Factory reset one AP and test.

DATHOZ · ‎06-29-2023

That is one of the first things I did. You can see the AP name changed to APCC7F.75AE.49D4. I have a ticket open for about couple weeks without any success. Tonight I'm trying to move the ticket to the east region team. Hopefully I have a better success.
Obrigado Flavio

Leo Laohoo · ‎06-29-2023

Console into the AP and reboot the AP.

Post the entire boot-up process.

I suspect this is CSCwf42824.

Rich R · ‎08-02-2023

If it is CSCwf42824 then it's fixed in 17.12.1 and 17.9.4 which are both out now.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

JPavonM · ‎06-29-2023

I have suffered that behaviour when upgrading to 17.6.4 and to 17.9.3 for all kind of AP models, and after talking to BU they told me they have identified a defect where the new code on the AP is not verified.

Check this document BU shared with me related to bug CSCvx32806.

Leo Laohoo · ‎06-30-2023

@JPavonM wrote:

C9800# install add file bootflash: C9800-80-universalk9_wlc.17.03.07.SPA.bin

Thanks for sharing that document. The document contains a bug. The syntax (above) is incorrect.

Reading this document reminds my hack fix to FN-72524.

Rich R · ‎06-30-2023

Also check my answer here in case it's that: https://community.cisco.com/t5/wireless/c9130axi-e-stuck-downloading-image/m-p/4773527/highlight/true#M251543

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

DATHOZ · ‎07-31-2023

Just to update this ticket, I worked with TAC on 3 diff 9130s AP and once we run the command on U-Boot and reboot, the AP stays on a loop and it just never loads anything. The plan is to RMA 15 devices. The interesting part is that during the migration I had 500+ 9130 APs but only 15 of them got into this issue. Thanks for the feedback

Leo Laohoo · ‎07-31-2023

@DATHOZ wrote:
The plan is to RMA 15 devices. The interesting part is that during the migration I had 500+ 9130 APs but only 15 of them got into this issue.

15 APs needed to be RMA is a significant quantity in my book and is not good.

Has TAC provided a Bug ID with this behaviour?

Rich R · ‎08-02-2023

Did you try re-flashing any of those APs using the process at https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9120axi-access-point/217537-repairing-c9120-c9115-access-points-from.html (it talks about 9115 and 9120 but the firmware for 9130 is provided on the download link too)?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

JPavonM · ‎08-02-2023

I have suffered this too, and few APs from model C9130 went into RMA after multiple workarounds.

Rich R · ‎08-02-2023

It would be interesting to see if those APs would work on 17.9.4 or 17.12.1

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

oscarhernandezgil · ‎09-06-2023

Right now i'm deploying a network renewal, and found the issue everytime i turn on my devices (not AP is capable to join the controler).
It's an issue with time, don't know why. The time it shows is around March 2023, when the AP was manufactured. Well, i configure the right time and then all the AP start to join with no issue at all.

That will be a problem if something happens to the AP that has the controller role and no other standby AP is available to take that role. If that happens then all APs will be down until i configure the right time again.

Rich R · ‎09-06-2023

Is NTP correctly configured and synced on the WLC?
This is extremely important and highlighted in the Best Practice guide:
https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html#Wirelessmanagementinterface

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390