×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

LWAPP Join Failed (migrated Cisco AP1230)

Unanswered Question
Jun 22nd, 2006
User Badges:

After a succesfull migration of a Cisco AIR-AP1231G-E-K9 to LWAPP this AP is not able to join the controller (4402)


I receive the following error message (we use the DNS solution for finding the controller which seems to work)


*Mar 1 00:00:05.377: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar 1 00:00:06.377: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

*Mar 1 00:00:23.401: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY

Translating "CISCO-LWAPP-CONTROLLER.ict.hva.nl"...domain server (x.x.x.x) [OK]


*Mar 1 00:00:31.549: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address x.x.x.x, mask 255.255.255.224, hostname AP1012.0128.6100


*Mar 1 00:00:44.545: %LWAPP-5-CHANGED: LWAPP changed state to JOIN

*Mar 1 00:00:49.545: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the Join response


*Mar 1 00:00:49.545: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.


*Mar 1 00:00:49.545: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.

*Mar 1 00:00:49.546: %LWAPP-5-CHANGED: LWAPP changed state to DOWN

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rob Huffman Fri, 06/23/2006 - 08:27
User Badges:
  • Super Red, 40000 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Frank,


Is this the only AP that won't join the WLC? If you have others that were successful how many?


Please let me know.

Rob

vergeerf Fri, 06/23/2006 - 10:24
User Badges:

Hi Rob,

None of the migrated AP's is able to join the contoller. (It has a supported radio, because I know that the older radio modules are not supported)

The migration was done by using the conversion tool.


Frank

Rob Huffman Fri, 06/23/2006 - 10:41
User Badges:
  • Super Red, 40000 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Frank,


Maybe you are running into this;



Field Notice: FN - 62379 - Wireless LAN Controller Network Module does not Authenticate with Cisco/Airespace Access Points - Hardware Upgrade


Problem Description


Wireless LAN Controller Network Modules NM-AIR-WLC6-K9 and NM-AIR-WLC6-K9= were shipped with incorrect certificates, causing the WLCNM to not be authenticated by Cisco/Airespace Access Points. Wireless LAN Controller Network Modules shipped between February 1, 2006 and March 22, 2006 are affected. A manufacturing process failure did not copy the correct certificates to WLCNM devices. The incorrect certificate creates an RSA key mismatch, which causes LWAPP-based Access Points to fail to join/associate/register to WLCNM.


Background


On March 20, 2006, a bug was logged indicating that Access Points were not authenticating to NM-AIR-WLC6-K9 or NM-AIR-WLC6-K9= network modules. It was found that an RSA key mismatch causes LWAPP-based Access Points to fail to join/associate/register to WLCNM. The cause of the incorrect certificate was related to a manufacturing process failure which prevented copying of the correct certificate to WLCNM devices. The manufacturing anomaly has since been corrected and Wireless LAN Controller Network Modules produced as of March 23, 2006 should no longer experience this problem.




Access point console log will show it is unable to decode the JOIN response:


LWAPP_CLIENT_ERROR_DEBUG: peer RSA public key decrypt failed

LWAPP_CLIENT_ERROR_DEBUG: spamDecodeJoinReply :

sessionId 0x7E7F8081 does not match sent 0xDD2439D8

LWAPP_CLIENT_ERROR_DEBUG: Unable to decode join reply

LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the Join response

LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.

%SYS-5-RELOAD: Reload requested by LWAPP CLIENT.

Reload Reason: DID NOT GET JOIN RESPONSE.

%LWAPP-5-CHANGED: LWAPP changed state to DOWN



Workaround/Solution


Replace the affected hardware using the Upgrade Form at the bottom of this field notice. As of approximately March 23, 2006, new products that were manufactured are guaranteed to be free of this problem. To ensure an RMA replacement is not affected by this problem, use the Upgrade Form below.


This upgrade program is scheduled to expire on March 31, 2007. After the upgrade program expires, customers may only replace product which has actually failed. Replacements for failed products will be through the standard RMA process.


Replacements fulfilled through this upgrade process typically take three business days or more to arrive on-site. Therefore, service level agreements do not apply to replacements obtained using the upgrade form.


From this doc;


http://www.cisco.com/en/US/products/hw/routers/ps282/products_field_notice09186a008065afe7.shtml


Hope this helps!

Rob


Please remember to rate helpful posts............

vergeerf Tue, 07/04/2006 - 22:12
User Badges:

I have a different model WLC, so this fieldnotice is not applicable. Any idea what's going on?


Rob Huffman Wed, 07/05/2006 - 05:30
User Badges:
  • Super Red, 40000 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Frank,


Just curious, this log shows a date of Mar 1 @ 00:00:05 was this the actual time and date of the attempt? I'm running out of ideas here, but I do know that the time and date is very important;


The WLC time should be synchronized with the machine that hosts the upgrade utility. The upgrade utility configures the access point to generate a self-signed certificate with a validity interval, beginning with the machine time of the utility host or a time specified at run-time. If the WLC time is outside the validity interval of the SSC, the access point cannot join the controller. To configure the WLC time, use the WLC web-interface found by choosing Commands > Set Time


From this excellent doc;


http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp156967


Hope this helps!

Rob

Actions

This Discussion

 

 

Trending Topics - Security & Network