Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
57635
Views
10
Helpful
17
Replies

certificate issue joining AP to vWLC

fcorfdir
Level 1
Level 1

‎09-12-2012 11:06 PM - edited ‎07-03-2021 10:39 PM

Hello,

I just install the new cisco virtual Wireless controller, and I try to join an lap 1042 to it but i receive this error:

Sep 13 04:58:43.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
Sep 13 04:58:43.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
Sep 13 04:58:53.008: %CAPWAP-3-ERRORLOG: Go join a capwap controller
Sep 13 03:59:51.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.41.253 peer_port: 5246
Sep 13 03:59:51.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
Sep 13 03:59:51.014: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
Sep 13 03:59:51.015: %CAPWAP-3-ERRORLOG: Certificate verification failed!
Sep 13 03:59:51.015: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:333 Certificate verified failed!
Sep 13 03:59:51.015: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 172.16.41.253
Sep 13 03:59:51.015: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 172.16.41.253:5246
Sep 13 03:59:51.016: %DTLS-3-BAD_RECORD: Erroneous record received from 172.16.41.253: Malformed Certificate
Sep 13 03:59:51.016: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.41.253:5246

I have already verify the time config on the WLC. I have try 2 LAP but same issue.

Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
ROM: Bootstrap program is C1040 boot loader
BOOTLDR: C1040 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)
AP5057.a87b.44e4 uptime is 8 minutes
System returned to ROM by reload
System restarted at 03:54:24 UTC Thu Sep 13 2012
System image file is "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco AIR-LAP1042N-E-K9    (PowerPC405ex) processor (revision B0) with 98294K/32768K bytes of memory.
Processor board ID FCZ1614W572
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 50:57:A8:7B:44:E4
Part Number                          : 73-14034-04
PCA Assembly Number                  : 800-34273-05
PCA Revision Number                  : A0
PCB Serial Number                    : FOC16091WYH
Top Assembly Part Number             : 800-34285-03
Top Assembly Serial Number           : FCZ1614W572
Top Revision Number                  : A0
Product/Model Number                 : AIR-LAP1042N-E-K9
Configuration register is 0xF
10 people had this problem
Labels:
0 Helpful
17 Replies 17

Dave Anthony David
Level 1
Level 1
In response to Winyou Kanokperavut

‎10-03-2012 04:33 PM

Try to disable the hash in cli

config certificate ssc hash validation disable

Sent from Cisco Technical Support iPhone App

0 Helpful

dwaters
Level 1
Level 1

‎10-20-2012 01:36 AM

Hello,

I now have an LAP1131AG (eBay for £60) working on my vWLC without the use of first assigning it to a physical WLC running 7.3 code as everyone keeps mentioning.

My vWLC is running 7.3.101.0

Now the most important bit: the Cisco website mentions under its Latest Releases for my 1130 series AP “12.4.10b-JDA(ED)” (03-Nov-08) THIS IS NOT CORRECT! There is a later version than this named “12.4.25e-JAL(ED)” (04-Sept-12) << this is the one you need!

Download “c1130-rcvk9w8-tar.124-25e.JAL.tar” and upgrade; I didn’t use the Upgrade Tool, admittedly the AP did come preconfigured with an LWAPP image (quite old). I just used the general method of renaming the file to .default, changing your IP address to 10.0.0.2/8 etc and using the MODE button.

Changed the mode to Flexconnect, which I believe is the new H-REAP and were off! Serving SSIDs and working without faults •J (I believe I may have played with Certificates also)

I hope this helps everyone and saves them the few hours this cost me •J

P.S. I have some 1200 series, AKA 1200, 1231, 1232, these do not work! However 1240’s do •J

Cheers! Dan.

Joseph Janning
Level 1
Level 1

‎01-10-2017 06:15 PM

I also realize this very old but recently ran into the problem after a power outage caused the WLC to reboot.  Turns out the time in the controller was off by 8 years.  Fixing the time registered the APs immediately.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card