- Good , does it help on the roaming issues ( I have doubts) ? ; anyway have a checkup review if the (new) 9800 controller configuration with the CLI command show tech wireless ; feed the output into :
                                 https://cway.cisco.com/wireless-config-analyzer/

    In essence for new 9800 setups this could be considered a requirement ; but WirelessAnalyzer remains very useful too after configuration changes (later on) and after upgrades , (e.g.)

 M.
                                         

 - Client roaming decisions are independent forcing to stay on a particular band may lead to coverage issues and or has a wireless site survey be done for the particular places too ? Besides the mentioned procedure concerning WirelessAnalyzer (don't forget to run it) you can also do client debugging on the 9800 platform according to : 
                                          https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity

 You can have client debugs analyzed with : https://cway.cisco.com/tools/WirelessDebugAnalyzer/
 

  M.

Hello Rich,

We're running 8.5.164.0 on the 5520 and 17.3.6 (which was recommended version at the time, but I see it has changed to .7) on the 9800

Hmmm 8.5.164.0 is not an IRCM release so IRCM is not supported on that! It would have to be 8.5.164.216 to support IRCM.

But really you should have upgraded to the latest for best interoperability with 9800 - currently 8.5.182.108 (link below).

I'm not a fan of 17.3 release but at least 17.3.6 isn't too out of date but I'd highly recommend looking at 17.9.3 (soon 17.9.4) as the TAC recommended doc says next to 17.3: "Cisco recommends 17.3.7 as minimum code and for customers looking to adopt WiFi-6E technology, new hardware or features beyond 17.3, Cisco recommends 17.9.3 CCO image." because 17.3 has already reached end of software maintenance meaning no more bug fixes.

Thanks Rich for the insight. 8.5.164.0 is IRCM and supports secure mobility. We have several controllers running this version with successful mobility peering to 9800's. As most of our controllers are in a manufacturing environment, it can be tough to get the downtime to upgrade and we started the 8.5.164.0 upgrades shortly after IRCM was released. As these controllers are in the process of being replaced, we just needed to support roaming until the migration to 9800 is complete. We have a decent number of model 2700/3700 APs in the environment which were not supported on versions 17.4.1 - 17.9.2. I didn't know that they reintroduced support for 17.9.3 so we will investigate pursuing that as an option...our only other issue making upgrades difficult is Prime (probably just opened myself up for a lecture about moving to DNA center

I understand that IRCM *might* work (some of the time) on 8.5.164.0 but it is not (and has never been) supported for IRCM with 9800.  You may not have realised it, but each 8.5 release had a parallel release purely for 9800 IRCM support and IRCM is only supported on that IRCM build.  In your defence the release notes don't make that completely clear
https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn85mr6_ircm.html but it's clear from the resolved caveats that the IRCM/mobility fixes went into 8.5.164.216 not 8.5.164.0:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn85mr6_ircm.html#resolved-caveats

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#toc-hId--805306453
"The 8.5 Mainline branch supports 5508/8510/5520/8540/3504/2504/7510/WiSM2/vWLC controllers.  It supports intercontroller mobility (IRCM) between AireOS and old "New Mobility" ("Converged Access") controllers (5760/3850/3650.)  It does not support IRCM with 9800 controllers."
"The 8.5 IRCM branch supports only 5508/8510/5520/8540/3504 controllers.  It supports IRCM between AireOS and 9800 controllers"

So at this point you probably don't care - best to get the migration finished but what you've done there is not a Cisco supported configuration so no surprise at all that it doesn't work properly with 9800.

As for Prime - we've binned it completely (turned the servers off recently) as total operating cost far exceeded the value we got from it, and no DNAC. So I will not be the one to lecture you on that lol