I also noticed that there were messages of successful join followed immediately by dis-join messages.  I will be opening a TAC case as I am at a loss as to what to do next.

I did run the show tech wireless output through the wireless debug analyzer and there were two errors related to SSID, but I find it hard to believe that would affect the join stability.

  - @BoomShakaLak wrote : >... I will be opening a TAC case as I am at a loss as to what to do next.
                                                 It's always good to do that , but if it is with one office only , it looks not related to the 9800 controller and it's setup. Does that WAN link have special parameters such as a smaller MTU or lower throughput ?

 M.

The office connects to the HQ via site to site VPN so MTU is lower.  We also have an office in Asia where the MTU and speed are much worse, and that site had no issues after the upgrade.  So I am wondering if there may be some cached values on the WLC that are interfering, but I do not know how to clear them if that is the case.  I did to a reload of the WLC after the upgrade to see if that would clear up issue, but it did not.

 - No direct inputs on that , use https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/218396-troubleshoot-catalyst-9800-ap-join-or-di.html
   for further analysis and troubleshooting , 

 M.

 - @srimal99 wrote :  >...I have seen  DTL issues in the past and had to raise a tac case.
                                                Did they resolve it for you , if so how ?

 M.

@marce1000  in response to your question. Issue related to WLC. Tac requested to RMA the wlc. Problematic  wlc was a refurbished device.

CSCwb13784 is supposed to be fixed in 17.12.3 of course ...