Here is some info for why you may be getting this error (see which one seems to apply to your setup);
Q. I have converted my AP to Lightweight AP Protocol (LWAPP), but the AP does not register with the controller. I get the message "LWAPP Join-Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP". What causes this problem?
A. This error means that the X.509 digital certificates are not valid. There is a possibility that you have hit Cisco bug ID CSCsd42296 ( registered customers only) , the workaround for which is to reset the APs to the factory defaults.
Another possibility is that the self-signed certificate (SSC) is not registered at the WLC. Manual addition of the SSC at the controller can be necessary. Refer to Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs for the procedure.
Q. The lightweight access points (LAPs) do not register with the controller. What could be the possible problem? I see these error messages at the controller: Thu Feb 3 03:20:47 2028: LWAPP Join-Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:0b:85:68:f4:f0. Thu Feb 3 03:20:47 2028: Unable to free public key for AP 00:0B:85:68:F4:F0
A. When the access point (AP) sends the Lightweight Access Point Protocol (LWAPP) Join Request to the WLC, it embeds its X.509 certificate in the LWAPP message. It also generates a random session ID that is also included in the LWAPP Join Request. When the WLC receives the LWAPP Join Request, it validates the signature of the X.509 certificate using the APs public key and checks that the certificate was issued by a trusted certificate authority. It also looks at the starting date and time for the AP certificate validity interval and compares that date and time to its own date and time.
**This problem is due to an incorrect clock setting on the WLC. In order to set the clock on the WiSM modules you can use the show time and config time commands.
Q. A Lightweight Access Point Protocol (LWAPP) AP is unable to join its controller. The WLC log display a message similar to this: LWAPP Join-Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:0b:85:68:ab:01
A. The LWAPP tunnel between the AP and the WLC traverses a network path with an MTU under 1500 bytes. This causes the fragmentation of the LWAPP packets. This is a known bug in the controller ( Cisco bug ID CSCsd39911 ( registered customers only) ).
The solution is to upgrade the controller firmware to 4.0(155).
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...