Yes, there is a mobility group configured and active between the two controllers.

The primary and secondary controllers are configured in AP HA tab with both hostnames and IP addresses. The host names are correct.

I have 12 APs working fine, means that are joined with the primary controller, and have 3 APs that are joined with the secondary and not able to push them to join the primary one. All APs were configured in the same way - initially joined the secondary controller ( because only there I had the OS version compatible with C3602 at that time ) where I used GUI to configure the HA for APs. As I am lazy I configured the primary and secondary names and IPs through a copy and paste way, so there is no typo in the HA names or IPs.

I do not have any security enabled to prevent APs from joining other WLCs. Also in the log on the AP I can see it does not try to join the primary one, it goes directly to the secondary one.

There is also DHCP configured for the APs on our core switch, the same way for all APs

!

ip dhcp pool XXXX

   host 192.168.1.21 255.255.255.0

   client-identifier 01e0.5fb9.a800.7f

   default-router 192.168.1.254

   option 43 ip 192.168.1.1 192.168.1.2

   lease 30

!

Option 43 and DNS is only for initial join. If the apps already joined you have to configure each ap to point to the WLC you want it to join.

Sent from Cisco Technical Support iPhone App

Yes, this is what I am trying all the time - configure the AP to point to the WLCs I want it to join.

Firstly I did through GUI, did not work.

Secondly I  used 'Clear All Config" option on the controller and configured the AP from the scratch through GUI, did not work.

Thirdly I tried through command line on the AP, did not work.

I used these commands

XXXX#capwap ap  primary-base ZZZZ1 192.168.1.1

XXXX#capwap ap  secondary-base ZZZZ2 192.168.1.2

XXXX#sh capwap client config

configMagicMark         0xF1E2D3C4

chkSumV2                30883

chkSumV1                1072

swVer                   7.2.111.3

adminState              ADMIN_ENABLED(1)

name                    XXXX

location                YYYY

group name

mwarName                ZZZZ1

mwarIPAddress           192.168.1.1

mwarName                ZZZZ2

mwarIPAddress           192.168.1.2

mwarName

mwarIPAddress           0.0.0.0

ssh status              Enabled

Telnet status           Enabled

numOfSlots              2

spamRebootOnAssert      1

spamStatTimer           180

randSeed                0xBAC2

transport               SPAM_TRANSPORT_L3(2)

transportCfg            SPAM_TRANSPORT_DEFAULT(0)

initialisation          SPAM_PRODUCTION_DISCOVERY(1)

ApMode                  Local

ApSubMode               Not Configured

AP Rogue Detection Mode Enabled

OfficeExtend AP         [0] Disabled

OfficeExtend AP JoinMode[0] Standard

Discovery Timer         10 secs

Heart Beat Timer        30 secs

Led State Enabled       1

Primed Interval         0

AP ILP Pre-Standard Switch Support Disabled

AP Power Injector Disabled

Infrastructure MFP validation Disabled

Configured Switch 1 Addr 192.168.1.2

Configured Switch 2 Addr 192.168.1.1

non-occupancy channels:

Ethernet (Duplex/Speed) auto/auto

XXXX#sh log
Syslog logging: enabled (1 messages dropped, 8 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level debugging, 61 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level debugging, 67 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Trap logging: level emergencies, 0 message lines logged
        Logging to 255.255.255.255(global) (udp port 514, audit disabled,  link down), 0 message lines logged, xml disabled,
               filtering disabled

Log Buffer (1048576 bytes):

*Mar  1 00:00:09.424: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar  1 00:00:09.434: *** CRASH_LOG = YES

*Mar  1 00:00:09.434: 64bit PCIE devicesSecurity Core found.
Base Ethernet MAC address: E0:5F:B9:A8:00:7F

*Mar  1 00:00:12.482: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:13.731: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar  1 00:00:13.797: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:16.996: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar  1 00:00:17.052: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1024 messages)

*Mar  1 00:00:17.068:  status of voice_diag_test from WLC is false
*Mar  1 00:00:19.182: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 12.4(25e)JA2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Fri 14-Sep-12 19:13 by prod_rel_team
*Mar  1 00:00:19.182: %SNMP-5-COLDSTART: SNMP agent on host XXXX is undergoing a cold start
*Mar  1 00:13:33.342: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar  1 00:13:33.342: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 00:13:33.493:  status of voice_diag_test from WLC is false
*Mar  1 00:13:33.632: %SSH-5-ENABLED: SSH 2.0 has been enabledlwapp_crypto_init: MIC Present and Parsed Successfully

*Mar  1 00:13:33.956: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:13:34.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar  1 00:13:34.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar  1 00:13:36.029: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:13:41.484: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.1.21, mask 255.255.255.0, hostname XXXX

*Mar  1 00:13:51.981: Logging LWAPP message to 255.255.255.255.

*Mar  1 00:14:01.997: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar  1 00:14:06.099: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar  1 00:14:07.190: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:14:08.191: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar  1 00:14:08.288: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 00:14:09.289: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar  1 00:14:11.000: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Mar  1 00:14:23.001: %CAPWAP-3-ERRORLOG: Selected MWAR 'ZZZZ2'(index 1).
*Mar  1 00:14:23.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 23 06:07:13.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.2 peer_port: 5246
*Aug 23 06:07:13.578: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.2 peer_port: 5246
*Aug 23 06:07:13.578: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
*Aug 23 06:07:14.025: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
*Aug 23 06:07:14.091: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Aug 23 06:07:14.094: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller ZZZZ2
*Aug 23 06:07:14.154: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

What I think might be the key to the problem is this

Configured Switch 1 Addr 192.168.1.2

Configured Switch 2 Addr 192.168.1.1

This is not changing no matter what I do.

Thanks,

Vlad

XXXX#capwap ap  primary-base ZZZZ1 192.168.1.1

That's not the right command.  Try "capwap ap controller ip address ".

This one I tried in the past as well, did not help me.

XXXX#capwap ap controller ip address 192.168.1.1
XXXX#sh capwap client config
configMagicMark         0xF1E2D3C4
chkSumV2                30884
chkSumV1                1071
swVer                   7.2.111.3
adminState              ADMIN_ENABLED(1)
name                    XXXX
location                YYYY
group name
mwarName                ZZZZ1
mwarIPAddress           192.168.1.1
mwarName                ZZZZ2
mwarIPAddress           192.168.1.2
mwarName
mwarIPAddress           0.0.0.0
ssh status              Enabled
Telnet status           Enabled
numOfSlots              2
spamRebootOnAssert      1
spamStatTimer           180
randSeed                0xBAC2
transport               SPAM_TRANSPORT_L3(2)
transportCfg            SPAM_TRANSPORT_DEFAULT(0)
initialisation          SPAM_PRODUCTION_DISCOVERY(1)
ApMode                  Local
ApSubMode               Not Configured
AP Rogue Detection Mode Enabled
OfficeExtend AP         [0] Disabled
OfficeExtend AP JoinMode[0] Standard
Discovery Timer         10 secs
Heart Beat Timer        30 secs
Led State Enabled       1
Primed Interval         0
AP ILP Pre-Standard Switch Support Disabled
AP Power Injector Disabled
Infrastructure MFP validation Disabled
Configured Switch 1 Addr 192.168.1.2
Configured Switch 2 Addr 192.168.1.1

Reboot

XXXX#sh log
Syslog logging: enabled (1 messages dropped, 8 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level debugging, 60 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 14 messages logged, xml disabled,
                     filtering disabled
        Logging to: vty1(14)
    Buffer logging: level debugging, 66 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Trap logging: level emergencies, 0 message lines logged
        Logging to 255.255.255.255(global) (udp port 514, audit disabled,  link down), 0 message lines logged, xml disabled,
               filtering disabled

Log Buffer (1048576 bytes):

*Mar  1 00:00:09.418: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar  1 00:00:09.430: *** CRASH_LOG = YES

*Mar  1 00:00:09.430: 64bit PCIE devicesSecurity Core found.
Base Ethernet MAC address: E0:5F:B9:A8:00:7F

*Mar  1 00:00:12.479: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:13.724: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar  1 00:00:13.790: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:16.993: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar  1 00:00:17.046: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1024 messages)

*Mar  1 00:00:17.062:  status of voice_diag_test from WLC is false
*Mar  1 00:00:19.179: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 12.4(25e)JA2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Fri 14-Sep-12 19:13 by prod_rel_team
*Mar  1 00:00:19.179: %SNMP-5-COLDSTART: SNMP agent on host XXXX is undergoing a cold start
*Mar  1 00:13:33.342: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar  1 00:13:33.342: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 00:13:33.475:  status of voice_diag_test from WLC is false
*Mar  1 00:13:33.613: %SSH-5-ENABLED: SSH 2.0 has been enabledlwapp_crypto_init: MIC Present and Parsed Successfully

*Mar  1 00:13:33.965: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:13:34.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar  1 00:13:34.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar  1 00:13:36.029: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
--More--
*Aug 23 09:17:08.232: %DOT11-6-DFS_SCAN_COMPLETE: DFS scan complete on frequenc*Mar  1 00:13:41.465: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.1.21, mask 255.255.255.0, hostname XXXX

*Mar  1 00:13:51.978: Logging LWAPP message to 255.255.255.255.

*Mar  1 00:14:01.994: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar  1 00:14:06.313: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar  1 00:14:07.404: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:14:08.405: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar  1 00:14:08.502: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 00:14:09.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar  1 00:14:10.997: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Mar  1 00:14:22.998: %CAPWAP-3-ERRORLOG: Selected MWAR 'ZZZZ2'(index 1).
*Mar  1 00:14:22.998: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 23 09:16:04.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.2 peer_port: 5246
*Aug 23 09:16:04.578: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.2 peer_port: 5246
*Aug 23 09:16:04.578: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2

ip dhcp pool XXXX
host 192.168.1.21 255.255.255.0
client-identifier 01e0.5fb9.a800.7f
default-router 192.168.1.254
option 43 ip 192.168.1.1 192.168.1.2
lease 30

The two lines in RED does not make any logic.  So you have assigned the MAC addres (via client-id) to a specific IP address.  You don't necessarily need the 30-day lease time, really.

In regards to your initial problem, I agree with Scott.  Go to the AP and manually set the primary/secondary controllers.

These all are Cisco default values. I am going to open a ticket at Cisco.

Well, finally I realized that the number of APs on the primary controller is on its maximum. That's why the AP did not join the primary controller. There was not a clue in any log file that this could be a license issue.

You typically would see that log on the WLC. We assume when answering a post that this has been checked since we cant see the wlc. At least now I know that I have to quit assuming:).

Thanks for providing the results.

Sent from Cisco Technical Support iPhone App