cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
983
Views
4
Helpful
11
Replies

LWAPP Conversion Tool generates wrong RSA Key Hash

Hi Folks, i converted about 30 AP?s 1230 from Autonomous to LWAPP Mode, using Conversion Tool 2.05, 6 AP?s at a Time. I used the output file for pushing the List from WCS to Controller. About 25% of AP?s could not be authorized by the WLC, because the RSA Key Hash was wrong. Knows anybody these behaviour and is there a reason or solution? Because i have the next Customer with roundabout 80 AP?s to convert... Regards, Michael

11 Replies 11

wififofum
Level 4
Level 4

Michael,

How did you verfiy this corruption? Are there single or several controllers? Could APs have gone to WLCs that weren't specified in the Upgrade Tool?

Some of my cohorts may have seen this recently so I'd like to see if I can corroborate.

Thanks,

Hi bjohnson5, thanks for your response. I have 2 3750 with integrated WLCs. The Problem is, that the generated RSA Key Hash is still wrong. So if i pushed it to the Controllers, the APs where not accepted. Only if i debug (debug pm pki enable) the MAC/ RSA Key pair, removed the wrong pair from SECURITY > AP Authorization List and added the right SSC Key Hash, the APs are able to authorize against both Controllers and connect to them. Regards, Michael

Thanks Michael,

Is the key missing or is it mis-entered on the WLC? Look in the Detailed Log. Does it have the correct command (and SSC hash) being entered, and does the script complete correctly? Not much that can be done in theis case, but curious as to the state of the key on the WLC. The controllers were pre-configured to allow SSCs, correct?

Thanks bjohnson5, the Controllers are configured to accept SSC. Most of them are correct and accepted. ca 25% of the Key Hashes in the csv File are generated wrong by the Conversion Tool. The Log Files shows a successfull Conversion. MAC Adress, Certificate Type are OK, RSA Key not. Regards, Michael

Michael, do you use exactly 6 APs at once or do you pull 6 at a time from a longer config file? I factory-default the config and use the default user/pass on the APs. What rev of IOS is on the APs prior to the upgrade? I have used 12.3.7-JA/JA2/JA3 with out issue. 12.3.8 has echibited a few problems.

Hi bjohnson5, i tested 1 AP, then i did 6 at a time. I used the working Config with 12.3.7-JAx and the Ip File contains Username, PW and enable PW. What do you mean, should i open a TAC Case? Regards, Michael

If you haven't yet, try doing this with a factory-defaulted config and Cisco, Cisco,Cisco.

Hi bjohnson5, i contacted an SE and he gaves me the same Information. I?ll try it next Time the Problem occurs. Thank you very much, Michael

prakashj
Level 1
Level 1

Hi michale,

This is saji here,This is regading the conversion of autonamus access point to lightweight access point,I am facing a probs with converting the same,Its giving error like 'FAILED Unable to Load the LWAPP Recovery Image on to the AP' at the bottom of the Update tool V2.05,I am not using any inbuilt TFTP for the same,I am trying to upgrade the same through update tool itself,But its showing upgrade process is completed save the file WCS management software.When I check the CSV file ,its blank.I am nt able to add the same to WISM.

AP and Controller reachbality is fine from the PC.Will u give some suggestion for this probelm.

Regds

Saji k.s

What selection are you using for the system time? Verify that the time is synced between both the controllers and the machine you are runing the upgrade tool from. I have used the V2.01 tool and did not have any major problems until my PC became out of sync with the time that was running on the controller. If you are using NTP on the controller and one of the default time servers on your PC they may not be on the same time, as Windows only updates every 7 days unless you change it in the registry. Just a thought.

Hi Tony, thanks for your idea. All Devices are in Sync with the central Timesource, the Converting PC, WLC and AP. In the conversion tool i decided to use the controller time. Regards, Michael

Review Cisco Networking for a $25 gift card