06-22-2006 02:45 AM - edited 07-04-2021 12:26 PM
After a succesfull migration of a Cisco AIR-AP1231G-E-K9 to LWAPP this AP is not able to join the controller (4402)
I receive the following error message (we use the DNS solution for finding the controller which seems to work)
*Mar 1 00:00:05.377: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:06.377: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar 1 00:00:23.401: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
Translating "CISCO-LWAPP-CONTROLLER.ict.hva.nl"...domain server (x.x.x.x) [OK]
*Mar 1 00:00:31.549: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address x.x.x.x, mask 255.255.255.224, hostname AP1012.0128.6100
*Mar 1 00:00:44.545: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
*Mar 1 00:00:49.545: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the Join response
*Mar 1 00:00:49.545: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.
*Mar 1 00:00:49.545: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
*Mar 1 00:00:49.546: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
06-23-2006 08:27 AM
Hi Frank,
Is this the only AP that won't join the WLC? If you have others that were successful how many?
Please let me know.
Rob
06-23-2006 10:24 AM
Hi Rob,
None of the migrated AP's is able to join the contoller. (It has a supported radio, because I know that the older radio modules are not supported)
The migration was done by using the conversion tool.
Frank
06-23-2006 10:41 AM
Hi Frank,
Maybe you are running into this;
Field Notice: FN - 62379 - Wireless LAN Controller Network Module does not Authenticate with Cisco/Airespace Access Points - Hardware Upgrade
Problem Description
Wireless LAN Controller Network Modules NM-AIR-WLC6-K9 and NM-AIR-WLC6-K9= were shipped with incorrect certificates, causing the WLCNM to not be authenticated by Cisco/Airespace Access Points. Wireless LAN Controller Network Modules shipped between February 1, 2006 and March 22, 2006 are affected. A manufacturing process failure did not copy the correct certificates to WLCNM devices. The incorrect certificate creates an RSA key mismatch, which causes LWAPP-based Access Points to fail to join/associate/register to WLCNM.
Background
On March 20, 2006, a bug was logged indicating that Access Points were not authenticating to NM-AIR-WLC6-K9 or NM-AIR-WLC6-K9= network modules. It was found that an RSA key mismatch causes LWAPP-based Access Points to fail to join/associate/register to WLCNM. The cause of the incorrect certificate was related to a manufacturing process failure which prevented copying of the correct certificate to WLCNM devices. The manufacturing anomaly has since been corrected and Wireless LAN Controller Network Modules produced as of March 23, 2006 should no longer experience this problem.
Access point console log will show it is unable to decode the JOIN response:
LWAPP_CLIENT_ERROR_DEBUG: peer RSA public key decrypt failed
LWAPP_CLIENT_ERROR_DEBUG: spamDecodeJoinReply :
sessionId 0x7E7F8081 does not match sent 0xDD2439D8
LWAPP_CLIENT_ERROR_DEBUG: Unable to decode join reply
LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the Join response
LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.
%SYS-5-RELOAD: Reload requested by LWAPP CLIENT.
Reload Reason: DID NOT GET JOIN RESPONSE.
%LWAPP-5-CHANGED: LWAPP changed state to DOWN
Workaround/Solution
Replace the affected hardware using the Upgrade Form at the bottom of this field notice. As of approximately March 23, 2006, new products that were manufactured are guaranteed to be free of this problem. To ensure an RMA replacement is not affected by this problem, use the Upgrade Form below.
This upgrade program is scheduled to expire on March 31, 2007. After the upgrade program expires, customers may only replace product which has actually failed. Replacements for failed products will be through the standard RMA process.
Replacements fulfilled through this upgrade process typically take three business days or more to arrive on-site. Therefore, service level agreements do not apply to replacements obtained using the upgrade form.
From this doc;
http://www.cisco.com/en/US/products/hw/routers/ps282/products_field_notice09186a008065afe7.shtml
Hope this helps!
Rob
Please remember to rate helpful posts............
07-04-2006 10:12 PM
I have a different model WLC, so this fieldnotice is not applicable. Any idea what's going on?
07-05-2006 05:30 AM
Hi Frank,
Just curious, this log shows a date of Mar 1 @ 00:00:05 was this the actual time and date of the attempt? I'm running out of ideas here, but I do know that the time and date is very important;
The WLC time should be synchronized with the machine that hosts the upgrade utility. The upgrade utility configures the access point to generate a self-signed certificate with a validity interval, beginning with the machine time of the utility host or a time specified at run-time. If the WLC time is outside the validity interval of the SSC, the access point cannot join the controller. To configure the WLC time, use the WLC web-interface found by choosing Commands > Set Time
From this excellent doc;
Hope this helps!
Rob
07-05-2006 07:56 AM
what version of code are you on?
07-05-2006 09:49 AM
Verify SSC for 1230 is in AP polices -> AP authorization list. Verify you are running the latest MR2 release, 3.2.150.6. The time thing that previous poster mention should be checked.
hope this helps.
ys
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide