cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2365
Views
0
Helpful
10
Replies

WLC admin lobby issues

karolkarol1
Level 1
Level 1

We have a WLC on a remote site where the client needs to have access to the admin lobby on the WLC to control and manage users. The WLC has a dedicated interface on their corporate subnet which is meant to give them access to the lobby. When they tried accessing it for the very first time the controller asked for Lobby Admin credentials (it also recognised incorrect username or password) but as soon as correct details were provided the page went blank with "secure connection failed" message. Adding security exception on the browser made no difference. This was tried on several PC's and different browsers, http, https or full URL: https://10.1.2.3/screens/frameset.html. Depending on the browser the message that comes up is "secure connection failed" or "This page isn't working". Interesting part is that the admin lobby works fine when browsing to IP from the Management subnet. Has anyone experienced anything similar and know what might be the culprit here?

 

It's a 2504 WLC running on 8.2.130.0 but I've also tried on 8.0.152.0 and 8.2.170.0 - same issue across all of them.

I've seen discussions on similar issues but nothing quite like this. Thanks in advance for any suggestions / advice.

10 Replies 10

Hi,

 

Have you installed SSL certificate on your controller ? If not, Just generate a CSR SSL Certificate for Cisco WLC and get that trusted by external CA and import to the controller and see whether that helps you to resolve it. 

 

Sometimes the SSL Certificate can cause issue on browsers.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Hi,

 

I have tried regenerating the certificate under Web Auth > Certificate > Regenerate Certificate but I've not tried importing external ones. Wouldn't SSL issue affect access from both corporate & management equally? Admin lobby works fine when accessed from the management network.

 

Thanks for the reply.

Karol

Hi Karol,

 

For regenerating Web Admin certificate you have to go to Management-> HTTP-HTTPS Configuration. Restart will be required.

 

It doesn't make sense when you are accessing from two different networks. Make sure that if you have a proxy configured on your browser this IP is bypassed on that. Secured communication Error might be due to SSL communication breaks between client and server.

 

Use recommended browser version for accessing the WLC Browser Recommendation

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Following your suggestion that this might be SSL related I went to Management > HTTP-HTTPS and disabled WebAuth SecureWeb. I instructed the end user to try accessing lobby with HTTP instead of HTTPS. They reported that the only difference was that “Invalid Certificate” didn’t pop up.  But, the result was the same. Additionally, they intentionally typed the wrong credentials and the “Please sing in” prompt pop ups again.  Only when the correct credentials are used the message “This page isn’t working” shows up. Any other ideas / suggestions would be much appreciated.

 

1.jpg

2.jpg

 

Accessing via Https also giving same error?

 

 

 

 

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

When they tried HTTPS the only difference was that a "invalid certificate" message appeared. After clicking "proceed anyway" they were prompted for username and password. Identically to HTTP, once correct credentials were input, a blank page appeared saying "this page isn't working". The difference with using HTTP was that the "invalid certificate" message never appeared however the end result was the same.

Hi Karol,

 

Are you using external server for AAA or using internal user ?

 

Also is there any firewall in between? If so please check whether any packet reset is happening for HTTP or https request.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

There is nothing in-between the devices. It is all within the LAN network, all devices are locally connected. The authentication happens locally on the WLC.

Its a weird issue, Better a log a case with Cisco and see if they can help on this

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Thanks, I might need to do that. Unless someone else has any other ideas / suggestions?

Review Cisco Networking for a $25 gift card