Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3152
Views
0
Helpful
10
Replies

Lost connection to the controller, going to restart CAPWAP

Go to solution
Rdph8214
Level 1
Level 1

‎11-10-2022 02:01 AM - edited ‎11-10-2022 02:12 AM

Hi

I am having a problem getting the APs to join 1 a controller.

We have 2 WLCs and the APs are configured to have HA and when some APs must migrate to one of the WLCs this will generate an error.
Even some APs we had to remove the HA because all the time it was trying to connect to the WLCs and it generated the same error.

Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.0000] CAPWAP State: DTLS Setup
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5612] spamCheck_valid_vWLC_X509: SSC Hash not allowed
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5612]
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5773] display_verify_cert_status: Verify Cert: FAILED at 1 depth: self signed certificate in certificate chain
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5773] X509 OpenSSL Errors...
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5773]
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5773] NONE
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5773]
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5773]
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5795] dtls_verify_con_cert: Controller certificate verification error
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5795] dtls_process_packet: Controller certificate verification failed
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5802] sendPacketToDtls: DTLS: Closing connection 0x22a7c00.
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5802]
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.5802] Lost connection to the controller, going to restart CAPWAP (reason : dtls_rc_connection_closed)...
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.6847] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Setup(3).
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.6847] Failed to disconnect DTLS-CTRL session.
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.6848]
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.6848] CAPWAP State: DTLS Teardown
Oct 13 11:01:30 kernel: [*10/13/2022 11:01:30.6916] DTLS: Error while processing DTLS packet 0x2349000.
Oct 13 12:09:21 kernel: [*10/13/2022 11:01:35.3252] No more AP manager addresses remain..
Oct 13 12:09:21 kernel: [*10/13/2022 11:01:35.3253] No valid AP manager found for controller "Controler Name".' (ip: xx.xx.xx.xx)
Oct 13 12:09:21 kernel: [*10/13/2022 11:01:35.3253] Failed to join controller "Controler Name".
Oct 13 12:09:21 kernel: [*10/13/2022 11:01:35.3253] Failed to join controller.
Oct 13 12:09:21 kernel: [*10/13/2022 12:09:21.0000]

Can you help me with this issue?

Firmware 8.5.161.0

AP Models: AIR-AP2802E-I-K9

 

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rdph8214
Level 1
Level 1
In response to Leo Laohoo

‎11-18-2022 02:41 AM

Hello @Leo Laohoo 

Forcing the synchronization with the NTP server may cause the APs to drop?

View solution in original post

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Rdph8214

‎01-04-2023 04:57 PM

In AireOS, if they APs are all the same Regulatory Domain of "-E", then no.

View solution in original post

0 Helpful
10 Replies 10

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-10-2022 02:27 AM

check field notice :

https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎11-10-2022 03:01 PM

The time-and-date of the AP logs are wrong.  

Post the complete output to the following WLC commands: 

  1. sh sysinfo
  2. sh time
0 Helpful

Go to solution
Rdph8214
Level 1
Level 1
In response to Leo Laohoo

‎11-16-2022 11:30 PM

Hello Leo,

Here the commands on both WLCs

Preview file
3 KB
Preview file
3 KB
0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Rdph8214

‎11-17-2022 03:14 AM

1.  NTP "not synch" or "in progress" means WLC may have the wrong time and date. 

2.  Multiple countries enabled.  

0 Helpful

Go to solution
Rdph8214
Level 1
Level 1
In response to Leo Laohoo

‎11-17-2022 03:19 AM

Controllers connect to APs from ES, TN and MA, should we remove EG and US?

I will check if the NTP Server is sending the correct information between the WLCs we have the same day, but a difference of 30 minutes.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Rdph8214

‎11-17-2022 03:40 AM - edited ‎11-17-2022 03:41 AM

Without NTP, the WLC should have no more than 60 seconds out of synch.

Invest in a proper NTP server.  They are so affordable it is no longer an "excuse" not to have one.

0 Helpful

Go to solution
Rdph8214
Level 1
Level 1
In response to Leo Laohoo

‎11-18-2022 02:41 AM

Hello @Leo Laohoo 

Forcing the synchronization with the NTP server may cause the APs to drop?

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Rdph8214

‎11-18-2022 03:18 AM

Nope.

0 Helpful

Go to solution
Rdph8214
Level 1
Level 1
In response to Leo Laohoo

‎01-04-2023 06:42 AM

Hello @Leo Laohoo 

Excuse me, one last question,
If I have the WLCs in Spain and I add the Spain zone, but I also have APs in Morocco and Tunisia which are another Zone, does this affect anything?

My doubt is because in these WLCs we have connected APs from Spain, Morocco and Tunisia, and we have different time zone.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Rdph8214

‎01-04-2023 04:57 PM

In AireOS, if they APs are all the same Regulatory Domain of "-E", then no.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card