Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AP not joining our vWLC


We're currently using a new Virtual WLC and we have over 45 AP's connected to it without any issues.  Recently, one of our AP's started having issues joining the controller and I'm not sure why not.  On the controller it says...

Reason for last unsuccessful attempt: Layer 3 discovery request not received on management VLAN


On the AP itself, I get he following error messages.  (Replaced the controller IP with X.X.X.X)


*Jun 16 20:44:43.113: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Jun 16 20:44:43.113: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jun 16 20:44:43.114: bsnInitRcbSlot: slot 1 has NO radio
*Jun 16 20:44:43.194: %PARSER-4-BADCFG: Unexpected end of configuration file.

*Jun 16 20:44:43.239:  status of voice_diag_test from WLC is false
*Jun 16 20:44:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: X.X.X.X peer_port: 5246
*Jun 16 20:44:53.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jun 16 20:44:53.023: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
*Jun 16 20:44:53.023: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jun 16 20:44:53.024: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:352 Certificate verified failed!
*Jun 16 20:44:53.024: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: X.X.X.X
*Jun 16 20:44:53.024: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to X.X.X.X:5246
*Jun 16 20:44:53.024: %DTLS-3-BAD_RECORD: Erroneous record received from X.X.X.X: Malformed Certificate
*Jun 16 20:44:53.025: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to X.X.X.X:5246
*Jun 16 20:44:53.025: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.


I tried changing the AP time to match the WLC but that didn't work although I'll admit that I'm a little confused about UTC vs EST.

I also tried to reload but that didn't help.

I tried modifying the WLC "AP Policies" to "Accept Self Signed Certificate (SSC)" but that didn't work either


Any ideas?  I won't be able to easily reset the AP since I will require a SkyJack to reach it so I'm looking for alternate options.  I'm able to Telnet or SSH to the device so I can run whatever required commands.




I assume you have tried to

I assume you have tried to factory reset the AP already, if not, try it. Also, try the following commands 'test capwap erase' 'test capwap restart'