Cloudmylab KnowledgeBase
            Knowledge Base Cloudmylab Known Issues Wireless

            AP not registering to vWLC

            %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: X.X.X103 peer_port: 5246

            %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to X.X.X103:5246

            %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to X.X.X103:5246

            %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: X.X.X103 peer_port: 5246

            %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF


            1. Login in to vWLC using SSH

            2. Make sure the certificates and time is correct

            (Cisco Controller) >show certificate ssc

            SSC Hash validation.............................. Enabled.

            SSC Device Certificate details:

              Subject Name :

               C=US, ST=California, L=San Jose, O=Cisco Virtual Wireless LAN Controller,

               CN=DEVICE-vWLC-AIR-CTVM-K9-000C29085BB8, MAILTO=[email protected]

              Validity :

             Start : 2017 Nov  30th, 17:52:46 GMT

             End   : 2027 Nov  29th, , 17:52:46 GMT

             Hash key : bd7bb60436202e830802be1e8931d539b67b2537

            3. Disable the DTLS validation

            (Cisco Controller) >configure certificate ssc hash validation disable

            4. Login to the Access Point

            debug capwap console cli

            erase /all nvram:

            undebug all


            save config : no

            5. Make sure time is synced between WLC and AP, if Not make sure you manually sync it 

            6.. Login back in to WLC using Gui 

            Go to Management >Licensing> Set AP count to 5 and accept the agreement 

            Alternately you can go to existing license and accept the EULA

            7. Still not working?
            Make sure the ap is running at least 15.33 code if you have vWLC 8.3 or above
            FOR AP 3500i:  ap3g1-k9w8-mx.153-3.JF1
            FOR AP 3600i: ap3g2-k9w8-mx.153-3.JF1

            8. Commands to upgrade in LWAPP mode
            debug capwap console cli
            archieve download-sw /force-reload /overwrite tftp://<IP OF THE TFTP SERVER>/ ap3g2-k9w8-mx.153-3.JF1.tar

            Updated: 17 Nov 2018 04:51 PM
            Help us to make this article better
            0 0