Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member


I have a remote site with 2 AIR 2602i APs that were working up until a few days ago.  One AP still connects fine but the second will not connect and keeps generating this error:


*spamApTask3: Sep 18 10:16:09.249: #DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:687 Failed to complete DTLS handshake with peer 970200748.0.144.127 for AP 97:cc:79:13b0b000:10507114:13040000


I have powered off and on both APs several times but still keep getting the same problem.  Both APs are getting their config from DHCP and as part of that, a timesource.  I can see traffic back and forth to/from both APs. 


Any ideas on what the cause could be?


2504 WLC with free licenses on




Are the regulatory domains of

  • Are the regulatory domains of the access-points the same?
  • Has the other access-point been connected to an other WLC in the past?
    • If so please do a "test capwap erase" and a "test capwap restart" on the access-point (those are "hidden" commands).
  • If that still does not help the process, please post the output for the following commands on the WLC while the access-point is trying to join:
    • debug capwap events enable
    • debug capwap error enable
    • debug pm pki enable
    • debug disable-all (to turn of the debugs)

Also include all console information of a access-point while it is booting and trying to join the WLC.

New Member

Thank you very much for the

Thank you very much for the reply. I opened a TAC case and they identified an openssh bug in .120 and suggested to go to .130. This did solve the handshake issue, at least for now, but introduced a couple other issues that I may post about in another thread. Thanks for the help.
CreatePlease login to create content