cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4430
Views
25
Helpful
8
Replies

Controller Keyhash matches with the MSE

santana_a
Level 1
Level 1

Hello guys. I need your help. I have the following machines: WLC 8.2.166.0 vMSE 8.0.150.0 CPI 3.1.0 I can see reachable the MSE from CPI, but the NMSP status is inactive. all machines has the same time zone and clock. Thank you for your help

8 Replies 8

Same exact revisions, same exact problems. I've tried manually adding the hash:

config auth-list add sha256-lbs-ssc <mac> <hash>

With no luck.

d.friday
Level 4
Level 4

I had this same issue a few months ago.  I tired everything from manually adding the key on the WLC and  rebuilding  the MSE.  I finally removed the MSE from Prime,  added the MSE back into Prime and resynced the MSE to Prime  which fixed my issue.

 

I hope this fixed your issues too.

 

David

Tried all of the above a few times... No luck. Thanks for the response, though. 

...although I'm in awe that this is a Sev 6 Enhancement.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh68000/?reffering_site=dumpcr

 

WLC8540 8.2MR6 rejects NMSP SSL Handshake after server hello from MSE8.0MR5
CSCvh68000
 
Description
Symptom:
WLC is sending TCP FIN as soon as it received server hello from MSE to establish NMSP handshake. Confirmed by packet capture.
WLC nmsp statistics shows SSL Handshake error.

Conditions:
MSE3365 running 8.0.150.0
WLC8540 running 8.2.166.0
PI3.1
AP3800 joined
Trigger: MSE upgrade. (8.0.140.0 -> 8.0.150.0)

Workaround:
None at this time
 
Last Modified:
May 3,2018
Status:
Other
Severity:
6 Enhancement

From TAC:

 

Accordingly to our internal research, the workaround in this case will be to enable TLSv1.0 for NMSP:

 

  1. Invoke the setup script in the MSE:
  • /opt/mse/setup/setup.sh
  1. Select option 23
  2. Save the settings by selecting the option#25

 

This did actually work for me... 

Brilliant - that work around worked for me too

 

Many thanks for the post

Saved me a headache, couldn't figure this out. Thank you for sharing this info!! 

Enabling TLS 1.0 worked for us too. 

WLC 5520 8.2.151

Upgraded MSE from 8.0.130 to 8.0.150  and NMSP connection to WLCs broke. 

Review Cisco Networking for a $25 gift card