Solved: Re: WLC 2504 2702i-UXK9 not connecting after prime

jd653687 · ‎01-05-2019

We have a WLC 2504 with several 27021-E-K9 AP's that are working fine. We now have 2 2702i-UX-K9 AP's and I was able to Prime the AP's with the mobile app. I pressed configure (only option) and than the AP's auto reset and the AP's are not connection to the WLC anymore,

The error on the AP is:

*Jan 3 16:43:10.483: Using SHA-2 signed certificate for image signing validation.
*Jan 3 16:43:18.003: AP image integrity check PASSED

*Jan 3 16:43:18.011: Non-recovery image. PNP Not required.

*Jan 3 16:43:18.039: Cert ISSUER (39): cn=Cisco Manufacturing CA SHA2,o=Cisco

*Jan 3 16:43:18.075: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jan 3 16:43:19.179: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 3 16:43:19.187: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jan 3 16:43:20.179: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jan 3 16:43:20.411: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jan 3 16:43:21.411: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up%Default route without gateway, if not a point-to-point interface, may impact performance
*Jan 3 16:43:30.675: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.100.199.157, mask 255.255.255.0, hostname AP0462.732e.a1b8

*Jan 3 16:43:36.687: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Jan 3 16:43:37.687: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 started - CLI initiated
Translating "CISCO-CAPWAP-CONTROLLER.TheHumanNetwork.local"...domain server (10.100.100.2) [OK]

*Jan 3 16:43:58.699: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jan 3 16:45:21.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.100.199.150 peer_port: 5246
*Jan 3 16:45:21.391: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.100.199.150 peer_port: 5246
*Jan 3 16:45:21.395: %CAPWAP-5-SENDJOIN: sending Join Request to 10.100.199.150
*Jan 3 16:45:21.471: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_record.c:169 Pkt too old last_seq_num : 1,Received sequence num: 1 distance: 0
*Jan 3 16:45:39.471: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.100.199.150:5246

Searched internet but didn't find a solution

WLC:Software Version 8.5.135.0

Wireless AP image 8.5.135.0

Any idea how to solve this?

Regards.

jd653687 · ‎01-07-2019

cleared private-config

reload AP

WLC was able to see the AP again.

Set the AP to local

Created a SSID unprime with WPA key

Connect my mobiel started the app and I was able to configure

After reload of the AP the WLC was silll seeing the AP and then I changed it to Flexconnect

Added the vlans

Working fine now.

Dont know what went wrong the first time.

View solution in original post

Leo Laohoo · ‎01-05-2019

Time and date on the controller could be wrong.

jd653687 · ‎01-06-2019

Thanks for your reply.
Should have told that earlier, but time and date are right. I already checked this. I checked lots of things but cannot find the problem.

jd653687 · ‎01-06-2019

I found in de WLC log the problem and after search the net I found the following:

https://community.cisco.com/t5/wireless-and-mobility/ap-not-joining-wlc-regulatory-domain-problems/td-p/3217274

Seems that I am in the same boat as Sergej with bug id CSCvi34340

There seems no workaround for this problem.

jd653687 · ‎01-06-2019

For now I cleared the private-config.

Ik can see the AP again in the WLC but now it is unprimed.

Configured the AP now as I want it to work. Tomorrow I go on site and will prime the AP again. Ik hope this is the solution.

jd653687 · ‎01-07-2019