AP3802i wont join 5508 controller

Paul.Ostaszewski · ‎06-05-2023

I have a 5508 controller running 8.3.150 that I have four AIR-CAP3702I-A-K9 running on currently. I purchased four AIR-AP3802I-B-K9 to replace the four 3702's that I'm currently running.

My SHA1 cert is expired.

Certificate Name: Cisco SHA1 device cert

Subject Name :
C=US, ST=California, L=San Jose, O=Cisco Systems, CN=AIR-CT5508-K9-503de5aec9a0, emailAddress=support@cisco.com
Issuer Name :
O=Cisco Systems, CN=Cisco Manufacturing CA
Validity :
Start : Apr 8 13:39:08 2011 GMT
End : Apr 8 13:49:08 2021 GMT

I have disabled NTP and set the clock on the 5508 back to before the certificate expires.

I have also ran this command: config ap cert-expiry-ignore mic enable

I have a 25 license count for which 4 are being used by the 3702's.

Here is the debug from the controller:

*sshpmLscTask: Apr 08 04:03:02.699: sshpmLscTask: LSC Task received a message 4
*spamApTask5: Apr 08 04:03:34.746: 70:df:2f:05:0e:38 Failed to parse CAPWAP packet from 10.10.10.211:5248

*spamApTask5: Apr 08 04:03:44.230: sshpmGetCID: called to evaluate <cscoSha2IdCert>

*spamApTask5: Apr 08 04:03:44.230: sshpmGetCID: failed to find matching cert name cscoSha2IdCert

*spamApTask5: Apr 08 04:03:44.230: GetIDCert: Using SHA2 Id cert on WLC

*spamApTask5: Apr 08 04:03:44.230: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*spamApTask5: Apr 08 04:03:44.230: sshpmGetCID: Found matching ID cert cscoDefaultIdCert in row 2
*spamApTask5: Apr 08 04:03:44.230: Get Cert from CID: For CID 1db5a6a2 certType 1
*spamApTask5: Apr 08 04:03:44.230: Get Cert from CID: Found match of ID Cert in row 2
*spamApTask5: Apr 08 04:03:44.230: sshpmGetCID: called to evaluate <cscoSha2IdCert>

*spamApTask5: Apr 08 04:03:44.230: sshpmGetCID: failed to find matching cert name cscoSha2IdCert

*spamApTask5: Apr 08 04:03:44.231: GetDERIDKey: Using SHA2 Id cert Private Keys on WLC

*spamApTask5: Apr 08 04:03:44.231: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*spamApTask5: Apr 08 04:03:44.231: sshpmGetCID: Found matching ID cert cscoDefaultIdCert in row 2
*spamApTask5: Apr 08 04:03:44.231: GetPrivateKey: called to get key for CID 1db5a6a2

*spamApTask5: Apr 08 04:03:44.231: Private Key found row 2 KeyBufLen 2048 Keylen 1191 PrivateKeyPtr 0x2c4945b0

*spamApTask5: Apr 08 04:03:44.271: OpenSSL Get Issuer Handles: locking ca cert table

*spamApTask5: Apr 08 04:03:44.272: OpenSSL Get Issuer Handles: x509 subject_name /serialNumber=PID:AP3800 SN:FOC212448KU/O=Cisco/OU=ACT-2 Lite SUDI/CN=AP3800

*spamApTask5: Apr 08 04:03:44.272: OpenSSL Get Issuer Handles: issuer_name /O=Cisco/CN=ACT2 SUDI CA

*spamApTask5: Apr 08 04:03:44.272: OpenSSL Get Issuer Handles: CN AP3800

*spamApTask5: Apr 08 04:03:44.272: OpenSSL Get Issuer Handles: issuerCertCN ACT2 SUDI CA

*spamApTask5: Apr 08 04:03:44.272: OpenSSL Get Issuer Handles: Cert Name in subject is AP3800

*spamApTask5: Apr 08 04:03:44.272: OpenSSL Get Issuer Handles: Extracted cert issuer from subject name.

*spamApTask5: Apr 08 04:03:44.272: NMSP:: Algo name matched SHA256

*spamApTask5: Apr 08 04:03:44.272: ACT2 RSA SHA1 certificate

*spamApTask5: Apr 08 04:03:44.272: ACT2 dummy mac: MAC: 1122.3344.5566

*spamApTask5: Apr 08 04:03:44.272: OpenSSL Get Issuer Handles: Cert is issued by Cisco Systems.

*spamApTask5: Apr 08 04:03:44.272: Retrieving x509 cert for CertName cscoAct2RsaCaCert

*spamApTask5: Apr 08 04:03:44.272: sshpmGetCID: called to evaluate <cscoAct2RsaCaCert>

*spamApTask5: Apr 08 04:03:44.272: sshpmGetCID: Found matching CA cert cscoAct2RsaCaCert in row 8
*spamApTask5: Apr 08 04:03:44.272: Found CID 2b40476b for certname cscoAct2RsaCaCert

*spamApTask5: Apr 08 04:03:44.272: CACertTable: Found matching CID cscoAct2RsaCaCert in row 8 x509 0x2cc7be3c
*spamApTask5: Apr 08 04:03:44.273: Retrieving x509 cert for CertName cscoDefaultNewRootCaCert

*spamApTask5: Apr 08 04:03:44.273: sshpmGetCID: called to evaluate <cscoDefaultNewRootCaCert>

*spamApTask5: Apr 08 04:03:44.273: sshpmGetCID: Found matching CA cert cscoDefaultNewRootCaCert in row 4
*spamApTask5: Apr 08 04:03:44.273: Found CID 29307290 for certname cscoDefaultNewRootCaCert

*spamApTask5: Apr 08 04:03:44.273: CACertTable: Found matching CID cscoDefaultNewRootCaCert in row 4 x509 0x2cc7cd00
*spamApTask5: Apr 08 04:03:44.273: cscoAct2RsaCaCert: successfully added ACT2 RSA to store cert Verify User Certificate(?!)

*spamApTask5: Apr 08 04:03:44.279: Verify User Certificate: X509 Cert Verification return code: 1
*spamApTask5: Apr 08 04:03:44.279: Verify User Certificate: X509 Cert Verification result text: ok
*spamApTask5: Apr 08 04:03:44.279: sshpmGetCID: called to evaluate <cscoAct2RsaCaCert>

*spamApTask5: Apr 08 04:03:44.279: sshpmGetCID: Found matching CA cert cscoAct2RsaCaCert in row 8
*spamApTask5: Apr 08 04:03:44.279: Verify User Certificate: OPENSSL X509_Verify: AP Cert Verfied Using >cscoAct2RsaCaCert<

*spamApTask5: Apr 08 04:03:44.279: OpenSSL Get Issuer Handles: Check cert validity times (allow expired YES)
*spamApTask5: Apr 08 04:03:44.279: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*spamApTask5: Apr 08 04:03:44.279: sshpmGetCID: Found matching ID cert cscoDefaultIdCert in row 2
*spamApTask5: Apr 08 04:03:44.279: sshpmFreePublicKeyHandle: called with 0x1b0b5cc8

*spamApTask5: Apr 08 04:03:44.279: sshpmFreePublicKeyHandle: freeing public key

*spamApTask5: Apr 08 04:04:56.104: 70:df:2f:05:0e:38 Failed to parse CAPWAP packet from 10.10.10.211:5248

Here is the debug from the AP3802i:

[*04/08/2021 09:03:34.7848] CAPWAP State: Discovery
[*04/08/2021 09:03:34.7856] Got WLC address 192.168.1.10 from DHCP.
[*04/08/2021 09:03:34.7856] IP DNS query for CISCO-CAPWAP-CONTROLLER.zewsworld.com
[*04/08/2021 09:03:34.8559] Discovery Request sent to 192.168.1.10, discovery type DHCP(2)
[*04/08/2021 09:03:34.8600] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*04/08/2021 09:03:34.8602] Discovery Response from 192.168.1.10
[*04/08/2021 09:03:44.0001] Started wait dtls timer (60 sec)
[*04/08/2021 09:03:44.0005]
[*04/08/2021 09:03:44.0005] CAPWAP State: DTLS Setup
[*04/08/2021 09:03:44.0409] dtls_verify_server_cert: Controller certificate verification successful
[*04/08/2021 09:03:44.7221]
[*04/08/2021 09:03:44.7221] CAPWAP State: Join
[*04/08/2021 09:03:44.7389] Sending Join request to 192.168.1.10 through port 5248
[*04/08/2021 09:04:41.0377]
[*04/08/2021 09:04:41.0377] CAPWAP State: DTLS Teardown
[*04/08/2021 09:04:41.1404] status 'upgrade.sh: Script called with args:[CANCEL]'
[*04/08/2021 09:04:41.1975] do CANCEL, part2 is active part
[*04/08/2021 09:04:41.2120] status 'upgrade.sh: Cleanup tmp files ...'
[*04/08/2021 09:04:41.2453] Dropping dtls packet since session is not established. Peer 192.168.1.10-5246, Local 10.10.10.211-5248, conn (nil)
[*04/08/2021 09:04:41.2454] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
[*04/08/2021 09:04:41.2455] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
[*04/08/2021 09:04:55.7907]
[*04/08/2021 09:04:55.7907] CAPWAP State: Discovery
[*04/08/2021 09:04:55.7915] Got WLC address 192.168.1.10 from DHCP.
[*04/08/2021 09:04:55.7915] IP DNS query for CISCO-CAPWAP-CONTROLLER.zewsworld.com
[*04/08/2021 09:04:55.8696] Discovery Request sent to 192.168.1.10, discovery type DHCP(2)
[*04/08/2021 09:04:55.8721] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*04/08/2021 09:04:55.8743] Discovery Response from 192.168.1.10
[*04/08/2021 09:05:06.0001] Started wait dtls timer (60 sec)
[*04/08/2021 09:05:06.0005]
[*04/08/2021 09:05:06.0005] CAPWAP State: DTLS Setup
[*04/08/2021 09:05:06.0446] dtls_verify_server_cert: Controller certificate verification successful
[*04/08/2021 09:05:06.7043]
[*04/08/2021 09:05:06.7043] CAPWAP State: Join
[*04/08/2021 09:05:06.7116] Sending Join request to 192.168.1.10 through port 5248
[*04/08/2021 09:06:03.0353]
[*04/08/2021 09:06:03.0353] CAPWAP State: DTLS Teardown
[*04/08/2021 09:06:03.1216] status 'upgrade.sh: Script called with args:[CANCEL]'
[*04/08/2021 09:06:03.1782] do CANCEL, part2 is active part
[*04/08/2021 09:06:03.1927] status 'upgrade.sh: Cleanup tmp files ...'
[*04/08/2021 09:06:03.2260] Dropping dtls packet since session is not established. Peer 192.168.1.10-5246, Local 10.10.10.211-5248, conn (nil)
[*04/08/2021 09:06:03.2261] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
[*04/08/2021 09:06:03.2261] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).

I think I've tried everything that's available to get these AP's to join. Anything I missed? I don't have support on this controller so upgrading to 8.5.182 or higher isn't really an option.

Here's more information:

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.3.150.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 1.27
OUI File Update Time............................. Sun Sep 07 10:44:07 IST 2014

Build Type....................................... DATA + WPS

System Name......................................
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 192.168.1.10
IPv6 Address..................................... ::
Last Reset....................................... Power on reset
System Up Time................................... 98 days 19 hrs 4 mins 29 secs
System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
System Stats Realtime Interval................... 5

--More-- or (q)uit
System Stats Normal Interval..................... 180

Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +21 C
Fan Status....................................... OK

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 35

OUI Classification Failure Count................. 8443

Burned-in MAC Address............................ 50:3D:E5:AE:C9:A0
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 500
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1

Any help would be greatly appreciated!

Thank you in advance

Leo Laohoo · ‎06-05-2023

Put NTP back on. The 3800 is not affected by the FNs.

Paul.Ostaszewski · ‎06-06-2023

With the time set correctly, the DTLS fails due to the certificate being
expired and the AP3802i will not join.

Leo Laohoo · ‎06-06-2023

Factory reset the AP using the command "capwap ap reset all".

Paul.Ostaszewski · ‎06-06-2023

What’s the username/password? I tried cisco/cisco and couldn’t get to the
command prompt.

Leo Laohoo · ‎06-06-2023

Power down the AP.
While still powered down, hold down the Mode button.
Keep holding the Mode button and apply power.
Keep the Mode button held down for 30 seconds and then release.

Paul.Ostaszewski · ‎06-06-2023

I've done that before, and I can't get to a command prompt without a username/password.

Paul.Ostaszewski · ‎06-08-2023

[*06/09/2023 06:08:13.7793] CAPWAP State: Discovery
[*06/09/2023 06:08:13.7801] Got WLC address 192.168.1.10 from DHCP.
[*06/09/2023 06:08:13.7801] IP DNS query for CISCO-CAPWAP-CONTROLLER.zewsworld.com
[*06/09/2023 06:08:13.8633] Discovery Request sent to 192.168.1.10, discovery type DHCP(2)
[*06/09/2023 06:08:13.8709] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*06/09/2023 06:08:13.8710] Discovery Response from 192.168.1.10
[*06/09/2023 06:08:23.0000] Started wait dtls timer (60 sec)
[*06/09/2023 06:08:23.0004]
[*06/09/2023 06:08:23.0004] CAPWAP State: DTLS Setup
[*06/09/2023 06:08:23.0489] Certificate is expired
[*06/09/2023 06:08:23.0490] Certificate Start Date: Apr 8 13:39:08 2011 GMT
[*06/09/2023 06:08:23.0490] Certificate End Date: Apr 8 13:49:08 2021 GMT
[*06/09/2023 06:08:23.0490] display_verify_cert_status: Verify Cert: FAILED at 0 depth: certificate has expired
[*06/09/2023 06:08:23.0491] X509 OpenSSL Errors...
[*06/09/2023 06:08:23.0491]
[*06/09/2023 06:08:23.0492] 1956686832:error:0909006C:lib(9):func(144):reason(108):NA:0:Expecting: CERTIFICATE
[*06/09/2023 06:08:23.0492] 1956686832:error:0909006C:lib(9):func(144):reason(108):NA:0:Expecting: CERTIFICATE
[*06/09/2023 06:08:23.0492] 1956686832:error:0909006C:lib(9):func(144):reason(108):NA:0:Expecting: CERTIFICATE
[*06/09/2023 06:08:23.0492] 1956686832:error:0909006C:lib(9):func(144):reason(108):NA:0:Expecting: CERTIFICATE
[*06/09/2023 06:08:23.0492]
[*06/09/2023 06:08:23.0492]
[*06/09/2023 06:08:23.0492]
[*06/09/2023 06:08:23.0492] dtls_verify_server_cert: Controller certificate verification error
[*06/09/2023 06:08:23.0496] 1956686832:error:1416F086:lib(20):func(367):reason(134):NA:0:
[*06/09/2023 06:08:23.0496] dtls_process_packet: Error connecting TLS context ERR: 5
[*06/09/2023 06:08:23.0502] DTLS: Error while processing DTLS packet 0x55e65000.

Leo Laohoo · ‎06-09-2023

What is the serial number of this AP?

Paul.Ostaszewski · ‎06-09-2023

FCW2125JNSF

Leo Laohoo · ‎06-09-2023

Post the complete output to the command "sh version" taken from the AP.

Paul.Ostaszewski · ‎06-09-2023

AP70DF.2F05.0E38>sh version
Restricted Rights Legend

Use, duplication, or disclosure by the Government is subject to
restrictions as set forth in subparagraph (c) of the Commercial
Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and
subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

This product contains some software licensed under the
"GNU General Public License, version 2" provided with
ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

This product contains some software licensed under the
"GNU Library General Public License, version 2" provided
with ABSOLUTELY NO WARRANTY under the terms of "GNU Library
General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html

This product contains some software licensed under the
"GNU Lesser General Public License, version 2.1" provided
with ABSOLUTELY NO WARRANTY under the terms of "GNU Lesser
General Public License, version 2.1", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

This product contains some software licensed under the
"GNU General Public License, version 3" provided with
ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html.

This product contains some software licensed under the
"GNU Affero General Public License, version 3" provided
with ABSOLUTELY NO WARRANTY under the terms of
"GNU Affero General Public License, version 3", available here:
http://www.gnu.org/licenses/agpl-3.0.html.

Cisco AP Software, (ap3g3), C3802, RELEASE SOFTWARE
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2023 by Cisco Systems, Inc.
Compiled Wed Aug 10 23:07:52 GMT 2022

ROM: Bootstrap program is U-Boot boot loader
BOOTLDR: U-Boot boot loader Version 2013.01-g2ee3a18aa (Jun 03 2022 - 11:27:17)

AP70DF.2F05.0E38 uptime is 0 days, 0 hours, 33 minutes
Last reload time : Sat Jun 24 23:59:59 UTC 2017
Last reload reason : unknown

cisco AIR-AP3802I-B-K9 ARMv7 Processor rev 1 (v7l) with 1028224/579380K bytes of memory.
Processor board ID FCW2125JNSF
AP Running Image : 17.6.4.56
Primary Boot Image : 17.6.4.56
Backup Boot Image : 0.0.0.0
Primary Boot Image Hash:
Backup Boot Image Hash:
1 Multigigabit Ethernet interfaces
1 Gigabit Ethernet interfaces
2 802.11 Radios
Radio Driver version : 9.0.5.5-W8964
Radio FW version : 9.1.8.1
NSS FW version : 2.4.28

Base ethernet MAC Address : 70:DF:2F:05:0E:38
Part Number : 73-017278-06
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : FOC212448KU
Top Assembly Part Number : 068-100730-01
Top Assembly Serial Number : FCW2125JNSF
Top Revision Number : C0
Product/Model Number : AIR-AP3802I-B-K9

I'm also seeing a new error on the console of the AP:

[*06/09/2023 16:45:10.7731] No more AP manager addresses remain..
[*06/09/2023 16:45:10.7731] No valid AP manager found for controller 'ZEW-WLC-01' (ip: 192.168.1.10)

See the console output below:

[*06/09/2023 16:45:06.0238] CAPWAP State: DTLS Teardown
[*06/09/2023 16:45:06.1096] status 'upgrade.sh: Script called with args:[CANCEL]'
[*06/09/2023 16:45:06.1682] do CANCEL, part2 is active part
[*06/09/2023 16:45:06.1829] status 'upgrade.sh: Cleanup tmp files ...'
[*06/09/2023 16:45:06.2252] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
[*06/09/2023 16:45:06.2252] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
[*06/09/2023 16:45:10.7731] No more AP manager addresses remain..
[*06/09/2023 16:45:10.7731] No valid AP manager found for controller 'ZEW-WLC-01' (ip: 192.168.1.10)
[*06/09/2023 16:45:10.7731] Failed to join controller ZEW-WLC-01.
[*06/09/2023 16:45:10.7732] Failed to join controller.
[*06/09/2023 16:45:30.7776]
[*06/09/2023 16:45:30.7777] CAPWAP State: Discovery
[*06/09/2023 16:45:30.7784] Got WLC address 192.168.1.10 from DHCP.
[*06/09/2023 16:45:30.7784] IP DNS query for CISCO-CAPWAP-CONTROLLER.zewsworld.com
[*06/09/2023 16:45:30.8304] Discovery Request sent to 192.168.1.10, discovery type DHCP(2)
[*06/09/2023 16:45:30.8332] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*06/09/2023 16:45:30.8333] Discovery Response from 192.168.1.10
[*06/09/2023 16:45:42.0000] Started wait dtls timer (60 sec)
[*06/09/2023 16:45:42.0013]
[*06/09/2023 16:45:42.0013] CAPWAP State: DTLS Setup
[*06/09/2023 16:45:42.0443] Certificate is expired
[*06/09/2023 16:45:42.0443] Certificate Start Date: Apr 8 13:39:08 2011 GMT
[*06/09/2023 16:45:42.0444] Certificate End Date: Apr 8 13:49:08 2021 GMT
[*06/09/2023 16:45:42.0444] display_verify_cert_status: Verify Cert: FAILED at 0 depth: certificate has expired
[*06/09/2023 16:45:42.0445] X509 OpenSSL Errors...
[*06/09/2023 16:45:42.0445]
[*06/09/2023 16:45:42.0445] 1956203504:error:0909006C:lib(9):func(144):reason(108):NA:0:Expecting: CERTIFICATE
[*06/09/2023 16:45:42.0445] 1956203504:error:0909006C:lib(9):func(144):reason(108):NA:0:Expecting: CERTIFICATE
[*06/09/2023 16:45:42.0445] 1956203504:error:0909006C:lib(9):func(144):reason(108):NA:0:Expecting: CERTIFICATE
[*06/09/2023 16:45:42.0445] 1956203504:error:0909006C:lib(9):func(144):reason(108):NA:0:Expecting: CERTIFICATE
[*06/09/2023 16:45:42.0445]
[*06/09/2023 16:45:42.0445]
[*06/09/2023 16:45:42.0445]
[*06/09/2023 16:45:42.0446] dtls_verify_server_cert: Controller certificate verification error
[*06/09/2023 16:45:42.0450] 1956203504:error:1416F086:lib(20):func(367):reason(134):NA:0:
[*06/09/2023 16:45:42.0450] dtls_process_packet: Error connecting TLS context ERR: 5
[*06/09/2023 16:45:42.0455] DTLS: Error while processing DTLS packet 0x54886000.

Paul.Ostaszewski · ‎06-09-2023

Leo,

I was also able to upgrade to 8.5.182.0 last night, and I still have the same issues.

Leo Laohoo · ‎06-09-2023

@Paul.Ostaszewski wrote:
I was also able to upgrade to 8.5.182.0 last night, and I still have the same issues.

How? I thought the AP was unable to join the controller?

Can we see the complete output to the WLC command of "show ap join stats detail 70DF.2F05.0E38"?

Paul.Ostaszewski · ‎06-10-2023

Leo,

Sorry, i should have been more clear. I updated the 5508 controller to 8.5.182.0, not the AP3802i.

here is the output of the command you requested:

(Cisco Controller) >show ap join stats detailed 70DF.2F05.0E38
No join information found for AP: 70:df:2f:05:0e:38