Solved: DTLS Handshake Failure in 9800-CL Mobility Group

Dilip Rehan · ‎12-12-2025

I have two Cisco 9800-CL WLCs in the same mobility group:

UDP 16666 is allowed between them, DTLS is enabled, and keepalives are exchanged.

However, I keep getting:

I’ve checked mobility peer cofig, NTP sync, MTU, connectivity, and firewall logs. Both WLCs can ping each other.

Has anyone seen this before? Are additional ports/settings needed beyond UDP 16666?

Mark Elsen · ‎12-12-2025

- @Dilip Rehan Verify the configuration of both controllers with the CLI command : show tech wireless

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Dilip Rehan · ‎12-12-2025

Thank you so much. The issue was with certficate mismacted. Regenreated a new One from both controllers and the mobility groups is up.

Mark Elsen · ‎12-12-2025

- @Dilip Rehan Verify the configuration of both controllers with the CLI command : show tech wireless

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Dilip Rehan · ‎12-12-2025

Thank you so much. The issue was with certficate mismacted. Regenreated a new One from both controllers and the mobility groups is up.