Never, ever, do ISSU upgrade without TAC on a WebEx call. 

i did couple of ISSU upgrade recently with Cat 9K AP associated with clients, from 17.X to 17.9.3 all works as expected.

May be in the network we do not have any 2700 to give you confirmation.

Another thing want to to check how is your Sync Link connected between 2 chassis ? back to back or going via another Switch ?

Ammahend, at what point do you do that "clear install state" command? Instead of doing an ISSU terminate, could I have used that after both WLCs were on 17.9.4 but ISSU was stuck on "upgrading active"?

Balaji, the chassis are directly connected by fiber (they're located in separate DCs). Each chassis has one uplink to a 6500 VSS in one DC and another uplink to the other VSS in the other DC. Shared L2 VLANs between them.

Thanks, Rich. I will heed your (and Leo's) advice and just do the regular install and predownload.

We haven't been using predownload since it caused WLC crash (8540) several years ago due to a bug, and last time we did it a couple years ago, some APs were stuck predownloading, which prevented the reboot. So, we've just rebooted them and let image download happen afterwards. Fingers crossed predownload goes smoothly this time. If not, is there a way to force the reboot if there are APs still downloading?

The only problem we had the first time we did a 9800 upgrade was that flexconnect Efficient Image Upgrade was enabled by default which is great if all your APs are on the same site - where ours were spread across multiple sites on a single flex profile (yes I hear the screams of horror - follow the best practice guidelines lol).  So one of each AP model downloaded and the rest were trying (without success) to download from that one.  So either make sure your flexconnect profiles are site specific or turn off Efficient Image Upgrade.  Apart from that lesson learned - pre-download has worked fine.  You can expect the odd AP to fail or need another download and be aware of https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/220443-how-to-avoid-boot-loop-due-to-corrupted.html

Note https://twitter.com/DarchisNicolas/status/1290210991590871045 which TAC also recommended we set to 50 to improve download speed.
ap profile <profile name>
capwap window size 50

Thanks, Rich.

I just realized mobility was broken between the lab 9800s that (so I thought) upgraded to 17.9.4 successfully with ISSU and an 8540 pair on 8.10.185.3 (control and data path down). Rebooting the 9800 made the mobility tunnel come back up. Could be a coincidence, but I consider that another strike against ISSU.

Rich, that capwap window size, are you using that for all your APs or just some? Cisco says it should only be increased on teleworker/OfficeExtend APs. Would it benefit some APs and be a detriment to others depending if they're on WAN/LAN? The 17.9.4 GUI says the window size is limited to 20 BTW. (I'm not changing it at this time.)

We have a very small number of APs that are connected back to campus via IPSEC VPN over cable broadband. The rest of our remote sites are on gig fiber or faster. No DSL, satellite, or anything like that.

Anyone interested in performing software upgrade with ISSU, please note down the following Bug IDs:

* CSCwe62246
* CSCwh29442
* CSCwh36951
* CSCwh76420

NOTE: In the future, I will be using this thread to update any ISSU-related Bug IDs.

I never use ISSU due to the many problems it creates and I also perform manual code upgrade and pre-download always.