Solved: Hi, I hit the same issue too.

rbermel83 · ‎11-05-2014

I have two brand new aironet 1702I-A lightweight access points that I am trying to join to a new WLC 2504 running 8.0.100.0, I can see the discovery request come in but shortly after the following entry is logged by debug capwap on the controller:

*spamApTask1: Nov 05 17:27:04.031: 58:f3:9c:d9:59:c0 Discovery Response sent to x.x.252.100:38301

*spamApTask1: Nov 05 17:27:04.031: 58:f3:9c:d9:59:c0 Discovery Request from x.x.252.100:38301

*spamApTask1: Nov 05 17:27:04.031: 58:f3:9c:d9:59:c0 ApModel: AIR-CAP1702I-A-K9

*spamApTask1: Nov 05 17:27:04.031: 58:f3:9c:d9:59:c0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 5, joined Aps =0
*spamApTask1: Nov 05 17:27:04.031: apModel: AIR-CAP1702I-A-K9

*spamApTask1: Nov 05 17:27:04.031: apType = 42 apModel: AIR-CAP1702I-A-K9

*spamApTask1: Nov 05 17:27:04.031: apType: Ox2a bundleApImageVer:
*spamApTask1: Nov 05 17:27:04.031: Could not find image version of bundled AP(apType: 42)!!!
*spamApTask1: Nov 05 17:27:04.031: Unable to get AP Bundled Version. Using Controller Version!!!

*spamApTask1: Nov 05 17:27:04.031: apModel: AIR-CAP1702I-A-K9

*spamApTask1: Nov 05 17:27:04.031: apType = 42 apModel: AIR-CAP1702I-A-K9

*spamApTask1: Nov 05 17:27:04.031: apType: Ox2a bundleApImageVer:
*spamApTask1: Nov 05 17:27:04.031: Could not find image version of bundled AP(apType: 42)!!!
*spamApTask1: Nov 05 17:27:04.031: Unable to get AP Bundled Version. Using Controller Version!!!

From the AP side I see the following:

*Nov 5 16:45:31.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Nov 5 16:45:32.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: x.x.252.10 peer_port: 5246
*Nov 5 16:46:01.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x3BFC8B4!

*Nov 5 16:46:31.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to x.x.252.10:5246

Thanks in advance,

Ryan

g.gudmundsson · ‎11-12-2014

You dont need the AP RMA'd just ask TAC for newer SW for the controller. 8.0.100.5 did the trick for us. We were seeing the excat same problem. It is not available from CCO newest there is 8.0.100.0.

View solution in original post

Dhiresh Yadav · ‎11-06-2014

Hi ,

Looks strange. Join is denied because of some error. When these AP show this behavior:

> Do they have recovery image and if yes then what is the version ?

Can you push some different version of recovery image and then try.

> Or Is it happening after AP joins WLC and downloads full image.

If it is not urgent , I would say wait for 8.0 MR1 which is coming very soon.

Regards

Dhiresh

rbermel83 · ‎11-07-2014

I opened a ticket with Cisco TAC after seeing bug ID CSCur50946, which seems to be a incorrect or corrupt certificate on access points manufactured in September or October of 2014. I am awaiting the delivery of the new units.

Thank you for your responses.

Ryan

zamoranoco · ‎11-11-2014

Hi Ryan.

I'm in the same situation. Did you have the new firmware?

Did you fix the situation? How?

Thanks

Dhiresh Yadav · ‎11-11-2014

Hi Ryan,

8.0 MR1 is expected between anytime from mid-November to End of November. That must have the fix.

Regards

Dhiresh

rbermel83 · ‎11-12-2014

Sorry, I do not have an update on this as I am still waiting for my RMA'd APs to show up.

g.gudmundsson · ‎11-12-2014

You dont need the AP RMA'd just ask TAC for newer SW for the controller. 8.0.100.5 did the trick for us. We were seeing the excat same problem. It is not available from CCO newest there is 8.0.100.0.

Dhiresh Yadav · ‎11-12-2014

Hi ,

Yes that is correct. But as I said if it is not very urgent , wait for few more days and 8.0 MR1 would be posted on CCO. If cant wait , do as suggested above.

Regards

Dhiresh

**Please rate helpful posts**

julien.pasquier · ‎02-23-2015

Hi, Does the SW version 8.0.110.0 fix the problem? I have installed it but my 1702 don't appear on the controller and I can't see any capwap events for them.

julien.pasquier · ‎02-27-2015

In fact, some 1702 don't support DNS discovery out of the box.

You have to configure your DHCP with option 43 to make them find your controllers.

Leo Laohoo · ‎11-06-2014

Post the following output:

1. AP: sh inventory

2. AP: sh ip interface brief

2. WLC: sh sysinfo

g.gudmundsson · ‎11-12-2014

Had the same problem. Contacted TAC and got 8.0.100.5 witch fixed the problem.

Yap Kian Shin · ‎12-02-2014

Hi,

I hit the same issue too. Do you have the SW 8.0.100.5 ? I'm quite urgent here.

Thanks.

Yap

Aironet 1702I-A unable to join WLC 2504 running 8.0.100.0