Solved: Thank you for taking the time

usamaaboodi · ‎12-11-2016

Hello,

I have two AP with light weight AIR-IOS version ( c1140-k9w8-mx.152-2.JA) and one WLC 2504 with AIR-IOS (7.6.130.0) .

and I configured everything right but still the AP tried to connect to WLC and I get these errors from AP console

*Jan 1 00:21:17.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 1 00:20:13.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.29.100 peer_port: 5246
*Jan 1 00:20:13.116: %PKI-3-CERTIFICATE_INVALID_NOT_YET_VALID: Certificate chain validation has failed. The certificate (SN: 7B6171040000000754F6) is not yet valid Validity period starts on 09:28:20 UTC Nov 6 2015Peer certificate verification failed 001A

*Jan 1 00:20:13.117: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jan 1 00:20:13.117: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
*Jan 1 00:20:13.117: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.29.100:5246
*Jan 1 00:20:13.117: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.29.100:5246
*Jan 1 00:20:13.118: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

please any advice

thanks

Scott Fella · ‎12-11-2016

You sure you set the time properly on the controller?

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

View solution in original post

Leo Laohoo · ‎12-11-2016

Yup, just as suspected. The time-and-date of the controller is incorrect.

Without a correct time and date, the AP won't join.

View solution in original post

Leo Laohoo · ‎12-11-2016

Post the complete output to the following commands:

1. WLC: sh sysinfo;

2. WLC: sh time; and

3. AP: sh version

usamaaboodi · ‎12-11-2016

1- AP sh Version

Cisco IOS Software, C1140 Software (C1140-K9W8-M), Version 15.2(2)JA, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 23-Aug-12 03:15 by prod_rel_team

ROM: Bootstrap program is C1140 boot loader
BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA1, RELEASE SOFTWARE (fc1)

APccef.4807.2bba uptime is 18 minutes
System returned to ROM by power-on
System image file is "flash:/c1140-k9w8-mx.152-2.JA/c1140-k9w8-mx.152-2.JA"
Last reload reason:

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-LAP1142N-A-K9 (PowerPC405ex) processor (revision A0) with 81910K/49152K bytes of memory.
Processor board ID FTX1537K3UB
PowerPC405ex CPU at 586Mhz, revision number 0x147E
Last reset from power-on
LWAPP image version 7.3.1.73
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: CC:EF:48:07:2B:BA
Part Number : 73-12836-03
PCA Assembly Number : 800-33767-03
PCA Revision Number : A0
PCB Serial Number : FOC15344PN4
Top Assembly Part Number : 800-33775-02
Top Assembly Serial Number : FTX1537K3UB
Top Revision Number : A0
Product/Model Number : AIR-LAP1142N-A-K9

Configuration register is 0xF

2- WLC:show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.130.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. PIC 20.0

Build Type....................................... DATA + WPS

System Name...................................... Cisco_00:35:c4
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 192.168.29.100
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 3 mins 33 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

--More-- or (q)uit
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +33 C
External Temperature............................. +36 C
Fan Status....................................... 3200 rpm

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0

Burned-in MAC Address............................ 80:E8:6F:00:35:C0
Maximum number of APs supported.................. 5

3-WLC: show time

Time............................................. Sat Jan 1 00:37:54 2000

Timezone delta................................... 0:0
Timezone location................................

NTP Servers
NTP Polling Interval......................... 3600

Index NTP Key Index NTP Server NTP Msg Auth Status
------- ----------------------------------------------------------------------------------
1 0 192.168.29.254 AUTH DISABLED

Leo Laohoo · ‎12-11-2016

Yup, just as suspected. The time-and-date of the controller is incorrect.

Without a correct time and date, the AP won't join.

usamaaboodi · ‎12-12-2016

Yes, it was incorrect time, thanks for your advice!

Leo Laohoo · ‎12-12-2016

Thank you for taking the time to rate our posts. :)

Scott Fella · ‎12-11-2016

You sure you set the time properly on the controller?

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

My AIR-LAP1142N-A-k9 doesn't join to WLC 2504