08-21-2014 02:40 PM - edited 07-05-2021 01:24 AM
So I had a image go bad on an 3602i AP, loaded up a new IOS on the AP. Loaded the new IOS, everything seems fine until it get just about done with the boot and then it reboots itself again. Lots of output but the meat and potatos is this
*Aug 10 07:44:19.999: Using SHA-1 signed certificate for image signing validation.
*Aug 10 07:44:19.999: Error opening file flash:/ap3g2-k9w8-mx.153-3.JA/final_hash.sig
*Aug 10 07:44:19.999: Digital Signature Failed Validation (flash:/ap3g2-k9w8-mx.153-3.JA/final_hash)
*Aug 10 07:44:19.999: AP image integrity check FAILED!
*Aug 10 07:44:19.999: Release image validation failure - restarting AP.
Any ideas?
Solved! Go to Solution.
08-21-2014 07:36 PM
Ohh, looks like the image you uploaded is corrupted. Its digital signature is,
Try this when you try to upload a new image
1. If you got it from a *.tar file, extract it to get to the *.bin file
2. copy that bin file
#copy /verify tftp:<IP> flash:
though, try to download the image again.
08-21-2014 07:36 PM
Ohh, looks like the image you uploaded is corrupted. Its digital signature is,
Try this when you try to upload a new image
1. If you got it from a *.tar file, extract it to get to the *.bin file
2. copy that bin file
#copy /verify tftp:<IP> flash:
though, try to download the image again.
07-30-2015 04:10 PM
This discussion has been reposted from Additional Communities to the Other Wireless - Mobility Subjects community.
08-22-2014 06:26 AM
If your access point has a firmware failure, you must reload the complete access point image file using the Web browser interface or on 1100 and 1200 series access points, by pressing and holding the MODE button for around 30 seconds. You can use the browser interface if the access point firmware is still fully operational and you want to upgrade the firmware image. However, you can use the MODE button when the access point has a corrupt firmware image. On 350 series access points, you cannot use the MODE button to reload the image file, but you can use the CLI through a Telnet or console port connection.
refer http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-2_15_JA/configuration/guide/i12215sc/s15trb.html
08-26-2014 10:53 AM
Thanks for the replies everyone! This was a new IOS pushed out to the device AFTER a IOS failure. So no web browser access. The new IOS had an issue with the hash, which I thought was weird (obviously a bad image). Rather than try to reinvent the wheel, I just used the recovery image.
What I ended up doing was downloading, and booting off of inside rommon, the recovery image via tar -xtract over tftp, letting the WLC grab the AP and push out the IOS onto the AP which solved my issue. Thanks again for the help.
08-25-2014 01:53 PM
Worked for me.
Load AP with recovery LWAPP image, then just plug into the WLC network and it was perfect..
Thanks
08-26-2014 10:51 AM
Glad I could help!
01-07-2018 07:17 PM
* perform a mode button image recovery
OR, if you can get onto the AP console, and if the AP has another viable IOS image on flash, then:
* hit the escape key when you see "Interrupt within 5 seconds to abort boot process"
* at the ap: bootloader prompt, enter the following command:
ap: dir flash:
* look for a viable IOS image folder, such as "c1140-rcvk9w8-mx"
* set the bootloader BOOT variable to boot that image, for example:
ap: set BOOT flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx
* issue the command
ap: reset
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide