Re: AP cannot join WLC

sahara101 · ‎02-12-2020

Hello Cisco Community,

I have an issue with one AP which refuses to connect to the WLC. WLC logs show this:

[...It occurred 2 times/sec!.]
*spamApTask5: Feb 12 10:24:03.869: #CNFGR-5-LIC_REQUEST_FAILURE: cnfgr.c:1442 License request for feature data_encryption failed, return code is 18
*dot1xMsgTask: Feb 12 10:23:56.805: #DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M5 retransmissions exceeded for client 34:51:c9:43:58:60
*spamApTask7: Feb 12 10:23:24.532: #DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:681 Failed to complete DTLS handshake with peer 192.168.0.127

WLC sh sysinfo:

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.100.0
Bootloader Version............................... 1.0.16
Field Recovery Image Version..................... 1.0.0
Firmware Version................................. PIC 16.0


Build Type....................................... DATA + WPS

System Name...................................... Cisco
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 192.168.0.16
Last Reset....................................... Power on reset
System Up Time................................... 26 days 21 hrs 5 mins 20 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

WLC license

License Store: Primary License Storage
StoreIndex:  0  Feature: base                              Version: 1.0
        License Type: Permanent
        License State: Active, Not in Use
        License Count: Non-Counted
        License Priority: Medium
License Store: Primary License Storage
StoreIndex:  1  Feature: base-ap-count                     Version: 1.0
        License Type: Permanent
        License State: Active, In Use
        License Count: 15 /15 (Active/In-use)
        License Priority: Medium
License Store: Evaluation License Storage
StoreIndex:  0  Feature: base-ap-count                     Version: 1.0
        License Type: Evaluation
        License State: Inactive
            Evaluation total period: 12 weeks  6 days
            Evaluation period left: 12 weeks  6 days
        License Count: 75 / 0 (Active/In-use)
        License Priority: None

I don't know why it shows 15/15 when there are only 6 APs connected. Checking under GUI

Counted Feature
AP Count
Max Count
15
Current Count
6
Remaining Count
9

AP Log:

[*01/16/2020 13:18:38.0022] dtls_disconnect: ERROR shutting down dtls connection ...

[*01/16/2020 13:18:38.0022] 

[*01/16/2020 13:18:38.0022] 

[*01/16/2020 13:18:38.0022] CAPWAP State: DTLS Teardown

[*01/16/2020 13:18:42.7607] ApMgr list is empty.. setting TRIED_BOTH_ADDRESS

[*01/16/2020 13:18:42.7607] No valid AP manager found for controller 'Cisco' (ip: 192.168.0.16)

[*01/16/2020 13:18:42.7607] Failed to join controller Cisco.

[*01/16/2020 13:18:42.7607] Failed to join controller.

[*01/16/2020 13:18:42.8707] 

[*01/16/2020 13:18:42.8707] CAPWAP State: Discovery

[*01/16/2020 13:18:42.8707] IP DNS query for CISCO-CAPWAP-CONTROLLER.

[*01/16/2020 13:18:42.8807] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)

[*01/16/2020 13:18:42.8807] Discovery Response from 192.168.0.16


Username: [*01/16/2020 13:18:52.0000]  can't find the Ip from discoveryRequest array 

[*01/16/2020 13:18:52.0000] 

[*01/16/2020 13:18:52.0000] 

[*01/16/2020 13:18:52.0000] CAPWAP State: DTLS Setup

[*01/16/2020 13:18:52.1199] dtls_process_packet: DTLS Error: 1046

[*01/16/2020 13:18:52.1199] dtls_process_packet: The controller shut down the DTLS connection.

[*01/16/2020 13:18:52.1199] dtls_process_packet: Please verify that the AP certificate is valid and has not expired.

I don't have access to the AP console at the moment, cna you please help me?

Thank you!

Sandeep Choudhary · ‎02-12-2020

Whihc AP model(2800 or 3800 or...)you are trying to Join ?

sahara101 · ‎02-12-2020

It is an AIR-AP1852E-E-K9

Sandeep Choudhary · ‎02-12-2020

As you are running 7.4.100.0 version on WLC Which is not compatible with 1852AP.

1852 AP need minimum 8.1.111.0 version or higher on WLC to join .

So please upgrade the WLC and then try again to register AP.

Check the compatibility matrix: https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html

Regards

Dont forget to rate helpful posts

sahara101 · ‎02-12-2020

Oh, thank you for te information. Will upgrading the WLC do something to existing AP connections?

Thanks again

Sandeep Choudhary · ‎02-12-2020

Yes it will disconnect all AP because you nee dto reload the WLC aftre new software upgrade.

If you have AP SSO filover then you can reduce the downtime else plan a downtime of 20-30 minutes.

Upgrade from 7.4 to 8.0.152.0 and then to 8.3.143.0

Regards

Dont forget to rate helpful posts

patoberli · ‎02-12-2020

Depending on your WLC you probably also need to upgrade the FUS. Check that also in the release notes. If you need to, add another 60 minutes to the upgrade time.

patoberli · ‎02-18-2021

See here: https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html

You will find some workarounds in that document.

sahara101 · ‎02-18-2021

Thank you. This has been solved with a RMA after a failed upgrade.