Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2453
Views
0
Helpful
6
Replies

Dear all, I m trying to configure AIR-AP2802I-D-K9 on cisco 5508 controller but i m getting below errors

ansari.mohsin9121
Level 1
Level 1

‎01-14-2021 12:53 AM - edited ‎07-05-2021 01:00 PM

[*01/14/2021 08:21:25.2478]CAPWAP State: DTLS Setup

[*01/14/2021 08:21:25.0004] dtls_connectionDB_add_connection: Number of DTLS connections exceeded two

[*01/14/2021 08:21:25.2478] dtls_load_ca_certs: LSC Root Certificate not present

[*01/14/2021 08:21:25.2508] dtls_verify_con_cert: Controller certificate verification error

[*01/14/2021 08:21:25.2508] dtls_process_packet: controller cert verification failed

[*01/14/2021 08:21:25.2512] DTLS: Received packet 0x11cf000 caused DTLS to close connection

[*01/14/2021 08:21:25.2512] sendPacketToDtls: DTLS: Closing connection 0x1189400.

[*01/14/2021 08:21:25.2512] Lost connection to the controller, going to restart CAPWAP...

[*01/14/2021 08:21:25.2513] Restarting CAPWAP State Machine.

[*01/14/2021 08:21:25.2514] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Setup(3).

[*01/14/2021 08:21:25.2519] Failed to disconnect DTLS-CTRL session.

[*01/14/2021 08:21:25.2520] CAPWAP State: DTLS Teardown

[*01/14/2021 08:21:25.2573] DTLS: Error while processing DTLS packet 0x11d3000.

[*01/14/2021 08:21:29.9413] No more AP manager addresses remain..

[*01/14/2021 08:21:29.9414] No valid AP manager found for controller 'MMWOR-WLC' (ip: 10.1.1.5)

[*01/14/2021 08:21:29.9414] Failed to join controller MMWOR-WLC.

[*01/14/2021 08:21:29.9414] Failed to join controller.

Labels:
0 Helpful
6 Replies 6

Leo Laohoo
Hall of Fame
Hall of Fame

‎01-14-2021 01:33 AM

@ansari.mohsin9121 wrote:

[*01/14/2021 08:21:29.9414] No valid AP manager found for controller 'MMWOR-WLC' (ip: 10.1.1.5)

Does the controller have enough licenses?

0 Helpful

ansari.mohsin9121
Level 1
Level 1
In response to Leo Laohoo

‎01-14-2021 04:47 AM

Yes still 15 licenses left

0 Helpful

marce1000
VIP
VIP

‎01-14-2021 03:05 AM

 

 - What's the software version used on the 5508 ?

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

ansari.mohsin9121
Level 1
Level 1
In response to marce1000

‎01-14-2021 04:46 AM

on controller 8.3.150.6

 

0 Helpful

Rich R
VIP
VIP
In response to ansari.mohsin9121

‎01-14-2021 10:53 AM

Depends what other APs you have but consider moving to 8.5 or later code.

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc10

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#pgfId-590411

 

And have you reviewed field notice https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html and the associated bugs and workarounds?

 

And also try to factory default the AP then try again - sometimes that helps.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Chris C'Leon
Cisco Employee
Cisco Employee

‎01-14-2021 11:19 AM

This looks like a problem with LSC Root Certificate which disallow the AP to build the CAPWAP tunnel with the WLC.

Please check if this option- Accept Local Significant Certificate (LSC)
enabled under AP policies, if yes, please disable it and test.

 

Check out this guidelines to understand better how this cert works:

Locally Significant Certificates on Wireless LAN Controllers Configuration Example
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/110141-loc-sig-cert.html#tshoot

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card