Hi All,Nothing above helped

Manjunatha Jayaram · ‎01-16-2015

Hi All,

air-ap1131ag-a-k9 unable to join controller 5508 getting certificate error kindly help on this.

nspasov · ‎01-16-2015

Hello Manjunatha-

Can you post the exact error that you are getting on the AP? Also, please confirm that the date/time matches on both the AP and the WLC

Thank you for rating helpful posts!

Manjunatha Jayaram · ‎01-16-2015

Hi Neno,

Thanks reply kindly find the below logs, the time in WLC and AP are different.

*Dec 8 23:57:39.549: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER.IN.nam.ad.pwcinternal.com
*Dec 8 23:57:49.550: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 17 06:25:21.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.31.64.41 peer_port: 5246Peer certificate verification failed 000B

*Jan 17 06:25:21.271: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jan 17 06:25:21.271: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
*Jan 17 06:25:21.271: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.31.64.41:5246
*Jan 17 06:25:21.272: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.31.64.41:5246
*Jan 17 06:25:21.273: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

Manjunatha Jayaram · ‎01-16-2015

Hi Neno,

The AP is running with IOS version of flash:/c1130-rcvk9w8-mx.124-25e.JAP/c1130-rcvk9w8-mx.124-25e.JA"

nspasov · ‎01-16-2015

- Is that the complete log from the AP? Can you make sure that you are not cutting out any of the output?

- Also, can you grab the logs from your controller and post them here

- Lastly, go to your controller and confirm that both the time and timezone are correct and that the WLC clock has not drifted from the current time

Thank you for rating helpful posts!

Manjunatha Jayaram · ‎01-17-2015

That is the full output.

AP0012.80ad.7f96#
*Jan 17 07:30:58.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 17 07:29:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.31.64.41 peer_port: 5246Peer certificate verification failed 000B

*Jan 17 07:29:53.275: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jan 17 07:29:53.275: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
*Jan 17 07:29:53.275: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.31.64.41:5246
*Jan 17 07:29:53.276: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.31.64.41:5246
*Jan 17 07:29:53.276: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

Now i cant get logs from WLC

Manjunatha Jayaram · ‎01-17-2015

Hi All,

Nothing above helped us we have downloaded the Cisco IOS upgrade tool for Autonomous to Lighweight and the we have covert the AP using that tool in that way AP can download SSC and LSC certificates from WLC so finally AP has joined WLC

Scott Fella · ‎01-17-2015

From the WLC can you post the following:

show sysinfo

show license summary

show ap summary

From the AP:

show version

show flash

-Scott

-Scott
*** Please rate helpful posts ***

air-ap1131ag-a-k9 unable to join controller getting certificate error