Showing results for 
Search instead for 
Did you mean: 

WLC NMSP status is inactive

Level 1
Level 1

I am running the following

WLC: 7.0.220

MSE: 7.0.220


NCS shows Controller is not reachable from MSE.

I am able to ping to and from the Controller and MSE.

Sychronization service is showing everything being synchronize. Removed and MSE from NCS and add it back in several times. Not really sure where to go from here.

26 Replies 26

Hi Ric,


This got resolved after enabling TLSV1.0

We ensured that TLSv1.0 is enabled on MSE as MSE is running on version use TLSv1.2 by default.

TLSv1.2 support on WLC came only after release. This behavior is documented in the bug, CSCvh68000


-- Binish


Hi Binish,

Thanks for coming back to let us know the final solution! Please mark your reply as the answer so others will see it too :).

Please rate helpful / correct posts



 From richard wakefield explains the workaround. enable option 23 on MSE


  1. Invoke the setup script in the MSE:
  • /opt/mse/setup/
  1. Select option 23
  2. Save the settings by selecting the option#25

This fix worked for me. Thanks!


Abdul H. Malik

Thank you. Your recommendations helped solve the problem with NMSP status is inactive on my MSE (Cisco MSE 8.0.150, Cisco Prime, Cisco WLC 8.2.170).

Hi all!

For CMX 10.x and WLC 8.5.x i had the same problem and found a solution. I am posting this for future reference.



CMX 10.4.1-28


On WLC connection was down, cipher high option was enabled:

WLC > show nmsp status
NMSP Cipher High Option......................... Enabled
Max number of Nmsp Connections supported : 4
MSE IP Address Echo Resp Echo Req Tx Data Rx Data
-------------- ------------ ----------- ------- -------


WLC > show nmsp statistics connection

NMSP Connection Counters
Connection status: DOWN


Debug shows SSL wrong version number and Decode Failure detected at MSE:

WLC > debug nmsp all enable

SSL routines:ssl3_get_client_hello:wrong version number

Decode Failure detected at MSE: Sending out keys to MSE



cmxctl config controllers show
| IP Address | Type | Version | SHA2 | Status |
| | WLC | | Yes | INACTIVE |


The solution was to disable NMSP cipher high option:

WLC > config nmsp cipher-option high disable

NMSP high cipher option will be enabled/disabled after WLC Reboot.
Power MUST be ON while 'save config' is getting executed.


Both controllers need to be rebooted for this to work, as stated above. If your controllers are in HA, you can reboot one at the time without service interruption - reset system self


After reboot:

cmxctl config controllers show
| IP Address | Type | Version | SHA2 | Status |
| | WLC | | Yes | ACTIVE |


WLC > show nmsp status
NMSP Cipher High Option......................... Disabled

Max number of Nmsp Connections supported : 4

MSE IP Address Echo Resp Echo Req Tx Data Rx Data
-------------- ------------ ----------- ------- ------- 22 22 937 10


Downside to turning off cipher high is the loss of advanced security. I hope someone from Cisco can clarify this.


I hope this helps.




When using the show nmsp status command im not seeing the cipher option, however I am also on 8.5.140

MSE IP Address Tx Echo Resp Rx Echo Req Tx Data Rx Data
-------------- ------------ ----------- ------- -------
XXXXXX                  242114 242114 9089556 8


Any idea? On CMX the controller is shown as inactive. Other WLCs work great.

Thanks for that Tom, it was very helpful post.


I ran into the same problem setting up CMX 10.4.1-15 with WLC

I was getting the following error when running the debug command on the WLC:


*spectrumNMSPTask: May 24 11:06:52.717: [PA] NMSP Send Msg To Task failed - All NMSP connections are down


Setting the 'NMSP Cipher High Option' to 'Disabled' appears to have resolve it.

I'm running this in a dev environment but would like some feedback from Cisco regarding the implications of disabling this the cipher high option before moving to a production environment.

Tanks Tom!
I had the same problem with the same versions and it's work like a charm.


Verify “ status” on Primary MSE?


If the output shows disabled, enable it by running the below command. enable


Restart MSED services.


Service msed restart


worked for me.



Review Cisco Networking for a $25 gift card