There's a LOT been written about this and it had the Cisco developers scratching their heads trying to solve it for a long time:
CSCvx32806, CSCwd90081 and CSCwc72021 are supposed to stop the AP from trying to boot a corrupt image but don't stop the image from getting corrupted during download. It will just keep trying to download over and over until it (hopefully) succeeds ... Those fixes are in all the latest maintenance releases which you can see in the Fixed Versions list. But that doesn't help if you are still running an older version used to do the upgrade.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf09053 is supposed to be the ultimate fix for this but not showing any fixed versions yet. The link @marce1000 provided implies this might be in 17.13 (and later) even though not documented on the bug or release notes.
Read:
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/221869-safely-upgrade-access-points-avoiding-i.html
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/220443-how-to-avoid-boot-loop-due-to-corrupted.html
https://www.cisco.com/c/en/us/support/docs/field-notices/741/fn74109.html
> I would like a solution that ensures, quickly and error-free, that all access points download the correct image and validate if they will indeed be able to boot and function properly with the controller. I know the controller does this, but in practice, it always goes wrong, and corrupted images are passed on.
- After you have upgraded to 17.12 you can use https downloads which are also mentioned in the doc Marce linked and in the config guide. https downloads should not be affected by this issue at all.
Meanwhile using a completely different method is probably your safest option until you have a fixed software version or https downloads. If you can download the AP image to a local router, switch or server then you can use the:
ap name <AP-name> tftp-downgrade <tftp-server-IP> <filename>
command to download the image to the AP directly. You can use an Excel spreadsheet to quickly produce the list of CLI commands for every AP.
For 17.12.4 you would use the corresponding AP image 15.3(3)JPQ3 as per the compatibility matrix (link below). For example for 9120: https://software.cisco.com/download/home/286322988/type/286288051/release/15.3.3-JPQ3
> I want to upgrade to 17.12.3 (golden version)
- 17.12.4 is likely to become the recommended version in the next few weeks so you might want to wait for that or consider using it now