01-20-2022 10:21 PM
Hi All,
Having issues with my 2500 series controller.
Access points will disconnect from the controller and not re-connect until I set the controller date to be within the set period that the access point seems to have set on it.
Example debugging log.
*spamApTask5: Jan 21 15:29:35.758: sshpmGetIssuerHandles: ValidityString (current): 2016/01/21/04:59:35
*spamApTask5: Jan 21 15:29:35.758: sshpmGetIssuerHandles: ValidityString (NotBefore): 2018/06/12/13:15:18
*spamApTask5: Jan 21 15:29:35.758: sshpmGetIssuerHandles: ValidityString (NotAfter): 2037
Is there some kind of way I can get ALL my ap's to join the controller regardless of the date/time?
This is an issue because some of my ap's seem to stop at 2018, and some only start working at 2018 so I always seem to be having to constantly adjust this date/time to keep the majority of them connected.
Thanks
Jason
01-20-2022 10:40 PM
@Jas4 wrote:
Is there some kind of way I can get ALL my ap's to join the controller regardless of the date/time?
Time and date has to be correct because APs have an SSC.
01-20-2022 11:34 PM
@Jas4 wrote:This is an issue because some of my ap's seem to stop at 2018, and some only start working at 2018.
As @Leo Laohoo said APs have a certificate that should be valid so the only way to fix that is to generate new certificates for all APs.
01-21-2022 07:43 AM
What version of code?
What AP models?
Either way the answer is likely to be obvious once you've had a long slow read and re-read of https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html and followed all the steps in the right order.
Importantly you need code version with the fix/workaround and the config applied.
Then you may need to play with date to get them joined.
Once you've got them joined they can update fixed code version and config and once they're all done you should be able to sync to NTP again.
01-21-2022 07:49 AM
Helpful tip... next time, post the ap model and controller firmware. Also, the output from the ap via the console helps with troubleshooting when an access point fails to join. It does seem like you might have old ap's that the cert has expired (10 years for manufactured date).
01-22-2022 10:27 PM
Thanks for the replies guys.
I will have to read through those documents.
Software Version of controller is 8.0.133.0
We have a number of AP models.
AIR-LAP1142N-N-K9's
AIR-CAP1532E-E-K9's
And
AIR-CAP1532I-Z-K9's
01-23-2022 04:29 AM
So the field notice definitely applies. You should get on to the last 8.3 release 8.3.150.0:
https://software.cisco.com/download/home/283848165/type/280926587/release/8.3.150.0
It's out of support but the last release that will support your 1142 APs.
And then apply the config for ignoring the expired certs, get the APs joined (by turning back the date) then they'll download the new code and config workaround and then you can set time back to normal and the rest should join and update.
01-24-2022 07:51 AM
Take a look at what @Rich R posted. The issue that you will have is obtaining the software if you don't have support. You can reach out to TAC to see if they can provide the image to you per this document. Also search the forum for "ap certificate expiration" and see what the others have done to fix the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide