We're currently using a new Virtual WLC and we have over 45 AP's connected to it without any issues. Recently, one of our AP's started having issues joining the controller and I'm not sure why not. On the controller it says...
Reason for last unsuccessful attempt: Layer 3 discovery request not received on management VLAN
On the AP itself, I get he following error messages. (Replaced the controller IP with X.X.X.X)
*Jun 16 20:44:43.113: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jun 16 20:44:43.113: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY *Jun 16 20:44:43.114: bsnInitRcbSlot: slot 1 has NO radio *Jun 16 20:44:43.194: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Jun 16 20:44:43.239: status of voice_diag_test from WLC is false *Jun 16 20:44:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: X.X.X.X peer_port: 5246 *Jun 16 20:44:53.001: %CAPWAP-5-CHANGED: CAPWAP changed state to *Jun 16 20:44:53.023: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed *Jun 16 20:44:53.023: %CAPWAP-3-ERRORLOG: Certificate verification failed! *Jun 16 20:44:53.024: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:352 Certificate verified failed! *Jun 16 20:44:53.024: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: X.X.X.X *Jun 16 20:44:53.024: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to X.X.X.X:5246 *Jun 16 20:44:53.024: %DTLS-3-BAD_RECORD: Erroneous record received from X.X.X.X: Malformed Certificate *Jun 16 20:44:53.025: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to X.X.X.X:5246 *Jun 16 20:44:53.025: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
I tried changing the AP time to match the WLC but that didn't work although I'll admit that I'm a little confused about UTC vs EST.
I also tried to reload but that didn't help.
I tried modifying the WLC "AP Policies" to "Accept Self Signed Certificate (SSC)" but that didn't work either
Any ideas? I won't be able to easily reset the AP since I will require a SkyJack to reach it so I'm looking for alternate options. I'm able to Telnet or SSH to the device so I can run whatever required commands.