%DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to X.X.X103:5246
%DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to X.X.X103:5246
%CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: X.X.X103 peer_port: 5246
%CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF
Steps
1. Login in to vWLC using SSH
2. Make sure the certificates and time is correct
(Cisco Controller) >show certificate ssc
SSC Hash validation.............................. Enabled.
SSC Device Certificate details:
Subject Name :
C=US, ST=California, L=San Jose, O=Cisco Virtual Wireless LAN Controller,
CN=DEVICE-vWLC-AIR-CTVM-K9-000C29085BB8, MAILTO=support@vwlc.com
Validity :
Start : 2017 Nov 30th, 17:52:46 GMT
End : 2027 Nov 29th, , 17:52:46 GMT
Hash key : bd7bb60436202e830802be1e8931d539b67b2537
3. Disable the DTLS validation
(Cisco Controller) >configure certificate ssc hash validation disable
4. Login to the Access Point
debug capwap console cli
erase /all nvram:
undebug all
reload
save config : no
5. Make sure time is synced between WLC and AP, if Not make sure you manually sync it
6. Login back in to WLC using Gui
Go to Management >Licensing> Set AP count to 5 and accept the agreement
Alternately you can go to existing license and accept the EULA