Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
0
Helpful
3
Replies

Cisco 2504 with Cisco 1242's and old certificates expiring

Go to solution
bkastor
Level 1
Level 1

‎12-11-2016 10:13 PM - edited ‎07-05-2021 06:13 AM

I wasn't sure if I should add to:

 https://supportforums.cisco.com/document/12453081/lightweight-ap-fail-create-capwaplwapp-connection-due-certificate-expiration

...but I have this exact issue (pulling my hair out for a couple of hours, why isn't this AP joining this controller all of the sudden). 

My question is how to permanently fix this issue? 

I am following the fix (the workaround mentioned in the URL above) by turning off NTP and setting the time back to before the expiration (again, explained in the URL above).

The last part of the workaround is to run one of two commands (depends on which version you are running).

My problem is, I am running 8.0.115.0 and those commands at the CLI are not available to me. 

I am hoping it is somewhere in the GUI for the 2504?.. or that someone knows what CLI commands are equivalent to the URL above. 

Thanks!

For reference.. and anybody else ripping their hair out, here were the pertinent log messages that got me here:

%CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 1.1.1.1 peer_port: 5246
%DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 1.1.1.1
%CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
%DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 1.1.1.1:5246
%CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎12-11-2016 11:33 PM

My question is how to permanently fix this issue? 

The permanent fix is NOT found in the firmware 8.0.115.0.  Try upgrading to 8.0.240.0.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎12-11-2016 11:33 PM

My question is how to permanently fix this issue? 

The permanent fix is NOT found in the firmware 8.0.115.0.  Try upgrading to 8.0.240.0.

0 Helpful

Go to solution
bkastor
Level 1
Level 1
In response to Leo Laohoo

‎12-12-2016 11:13 AM

Thanks for the quick reply. I will upgrade and report back my findings. Thanks again!

0 Helpful

Go to solution
bkastor
Level 1
Level 1
In response to bkastor

‎12-12-2016 08:43 PM

That was it! I could not find that image? I went with 8.0.121. Then the option (at the CLI) was there. Appreciate the nudge (I had the 8.0.121 downloaded for a while I guess.. just never got around to upgrading). After the upgrade I changed those values. I reset NTP (turned it back on) and then rebooted the AP. It is up and functioning. 

Thanks again!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card