I have an interesting issue. I have a remote building connected to my main campus over an MPLS 4xT1 WAN. I have a 4402 (version 220.127.116.11) running 17 1252 AP's using H-REAP. Now I want to upgrade to a 5508 controller (also version 18.104.22.168), but the 1252 AP's won't join the 5508 from the remote building. When I connect the 1252's from any other vlan on main campus, they join just fine. The error message I get on the controller is:
*spamApTask6: Jun 28 13:53:40.973: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:629 Failed to complete DTLS handshake with peer x.x.x.x
I have been through all the Cisco documents related to this that I can find. I can ping the AP's from the controller.