HAVE NOT TRIED OPEN AUTHENTICATION?  THE SYSTEM WORKS PERFECT IN MY OFFICE,, AS IS,,, BUT NOT ON THE SHIP.  I USED A UPS TO AVOID ANY ISSUES IN THE SHIPS POWER DIFFERENCES ( 60V  60V)  AS OPPOSED TO HOME OUTLETS (  VS  120  0V ) .  I AM USING THE SYSTEM NOW TO POST THIS.  I HAVE USED A 2ND AND THIRD  WLC AND HAVE THE SAME RESULTS. 

FOR SOME CLARIFICATION .    I AM LOOKING AT THE GENERAL PROCESS OF

1.  AP  GETS IP ADDRESS      2.  AP JOINS  WLC      3.  CLIENT LOGS ON 

AT HOME ALL THREE STEPS  HAPPEN  AND CAN BE SEEN INTHE STATIXZTICS AND THE AP INFO.  WHEN ON THE SHIP  STEP 2 DOES NOT OCCURE AND HENCE  STEP 3 IS MOOT AT THIS POINT.  THERE IS NO HARDWARE DIFFERENCE IN THE 2 LOCATIONS ( INCLUDING CABLING)   WITH EXCEPTION OF WHICH TABLE THE EQUIPMENT IS PHYSICALY SITTING ON.   CURRENTLY THERE IS NO LEVEL 2 OR 3 SECURITY ON THE WLC  IT IS OPEN AND WORKS FINE WHEN THE ADDITIONAL PATCH CORD IS CONNECTED TO MY HOME NETWORK LIKE IT IS NOW.  I AM USING IT TO MAKE THIS POST FROM MY HOME.

CONNECT A CONSOLE CABLE TO THE AP AND REBOOT.  POST THE ENTIRE BOOT-UP PROCESS OF THE AP.

i will try to get that done.  it is note worthy to say it is fully working in the home location.     i am at home,,, the ap is joined to the wlc,,  i am connected to the ap as a desktop cell and pad client. ( blue light on ap").    i am unable to get the boot up  data,,, as the ship site is 100 miles away  I am assuming you want to see a failed join process in the  boot up.  

---

@KWSEISER wrote:
I am assuming you want to see a failed join process in the  boot up.  

---

Correct.

there is NO difference in the hardware.  i am moving the entire hardware group from location to location.  everything is the same right down to the patch cables.  i am using a switch,,  2702 ap's and a lap top with the 5508 wlc.  all those items are  the package of hardware that remains together.   i move the entire set from home to the ships site.  it works at home and not on the ship irrelivant as to whether it is further connected to a existing site network. the only difference is whose kitchen able the package sits on.   even the power being used is the same.  it is from a ups that is not plugged in to either site outlet.  there is  LITERALLY  no hardware differences.  i am right now using the same equipment paackage  leaving this post ( at home) that i am transporting to the site.    perhaps one exception  at home i can also connect the switch to the home network like it is now to get to the www.   when not connected to the home network and these components are stand alone  the ap's  join the wlc  at the ship  the same physical ap's  will not join the wlc.  certificate issues  is moot.   because the equipment package is the same at home as on the ship.

all your suggestions should be moot because the entire package works in the home.  teh software is  i think 8.4 on the wlc and the ap's.  they work fine to gether at home.  i am doing the side by side comparison,,,, as not a thing in the hardware changes from the home to the ship site.  using the same  wlc  saame  switch  same ap's  same laptop.  and on the ship i can not get aps to join the wlc.  again the only difference is the table the identical hardware equipment is sitting on.  

sorry about the limited info.  its all i have being not on the site to get the ap boot  log.   the dhcp is from the wlc and works fine while sitting on the dining room table  and not connected to the home router  it gives me a  join status onthe statistics  join screen .  the phone shows  the ssid  of hte wlc and i can client connect with the wlc  and ultimately get to the www if I patch the equipment to the home  network.  . again the exact process on the ship dining table will not yeild a join.  i can use advanced ip scanner and see the IP's  on the AP's  and when logging into the wlc  i can also see the IP's  but no join like at home.   would be glad to video connect via face book  and we can talk live.  fb  namd  is Keith Seiser