hi all,

I was using Cisco 2500 WLC with 8.3 version and 1700 AP, that was ok. After i upgrade WLC version to 8.5 AP cant join the WLC.

AP get the ip from DHCP, I added manually wlc to ap via capwap ap controller ip address command. I can ping the wlc from ap but not joined.

Here is logs from wlc:

*spamApTask0: Dec 02 13:56:33.485: ap_mac Received LWAPP DISCOVERY REQUEST to wlc_mac on port '1'
*spamApTask0: Dec 02 13:56:33.485:  ap_mac Discarding discovery request in LWAPP from AP supporting CAPWAP

*spamApTask5: Dec 02 13:58:43.469: ap_mac Discovery Request from 172.18.7.13:31506

*spamApTask5: Dec 02 13:58:43.469: ap_mac Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 30, MaxLicense=5 joined Aps =0
*spamApTask5: Dec 02 13:58:43.469: ap_mac  apType = 71 apModel: AIR-CAP1702I-E-K9

*spamApTask5: Dec 02 13:58:43.470: ap_mac Discovery Response sent to 172.18.7.13 port 31506

*spamApTask5: Dec 02 13:58:43.470: ap_mac Discovery Response sent to 172.18.7.13:31506

*spamApTask5: Dec 02 13:58:43.470: ap_mac Discovery Request from 172.18.7.13:31506

*spamApTask5: Dec 02 13:58:43.470: ap_mac Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 30, MaxLicense=5 joined Aps =0
*spamApTask5: Dec 02 13:58:43.470: ap_mac apType = 71 apModel: AIR-CAP1702I-E-K9

*spamApTask5: Dec 02 13:58:43.470: ap_mac Discovery Response sent to 172.18.7.13 port 31506

*spamApTask5: Dec 02 13:58:43.470: ap_mac Discovery Response sent to 172.18.7.13:31506

*spamApTask0: Dec 02 13:58:43.470: ap_mac Received LWAPP DISCOVERY REQUEST to wlc_mac on port '1'
*spamApTask0: Dec 02 13:58:43.470: ap_mac Discarding discovery request in LWAPP from AP supporting CAPWAP

Here is logs from AP: 

Jan 16 07:28:29.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 212.156.208.74 peer_port: 5246
Jan 16 07:28:29.000: UDP: sent src=172.18.7.13(31506), dst=xxx_my_public_ipxx(5246), length=103
Jan 16 07:28:30.999: UDP: sent src=172.18.7.13(31506), dst=xxx_my_public_ipxx(5246), length=103
Jan 16 07:28:34.999: UDP: sent src=172.18.7.13(31506), dst=xxx_my_public_ipxx(5246), length=103
Jan 16 07:28:42.999: UDP: sent src=172.18.7.13(31506), dst=xxx_my_public_ipxx(5246), length=103
Jan 16 07:28:58.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmi!

Jan 16 07:29:28.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 212.156.208.74:5246
Jan 16 07:29:28.999: UDP: sent src=172.18.7.13(31506), dst=xxx_my_public_ipxx(5246), length=47
Jan 16 07:29:28.999: UDP: sent src=172.18.7.13(31506), dst=10.0.3.72(5246), length=217
Jan 16 07:29:28.999: UDP: sent src=172.18.7.13(31506), dst=10.0.3.72(5246), length=217
Jan 16 07:29:28.999: UDP: sent src=172.18.7.13(31505), dst=10.0.3.72(12223), length=118
Jan 16 07:29:28.999: UDP: sent src=172.18.7.13(31506), dst=255.255.255.255(5246), length=217
Jan 16 07:29:28.999: UDP: rcvd src=10.0.3.72(5246), dst=172.18.7.13(31506), length=139
Jan 16 07:29:28.999: UDP: rcvd src=10.0.3.72(5246), dst=172.18.7.13(31506), length=139
Jan 16 07:29:38.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

Thanks,