Prime, MSE and WLC NMSP Status

Similar Messages

• Prime MSE and WLC

  Hi
  Just installed Prime 1.3, currently upgrading wlc's to 7.0.240 (WiSM), we have a MSE as well, what version should this be on, currently on 7.0.230 as this matched the WCS?
  I'm sure I read somewhere it had to be the same version as the controllers or the WCS.

  Hi,
  on this link you can find all compatibility information
  http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html

• MSE and WLC Operation

  Hello,
  I need to develop a solution of wIPS, but I'm not sure about the compatibility between the MSE and the WLC. My WLC is in 7.6.100 version and the MSE is 3310 model. Reviewing documentation, the MSE can only update until 7.3 version. Somebody knows if the version between wlc and mse must match, or which are the restrictions. Additionally, i can use Prime I or WSC, we have both systems.

  but I'm not sure about the compatibility between the MSE and the WLC.
  Here is the compatibility information.
  http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#pgfId-148604
  My WLC is in 7.6.100 version
  You should consider upgrade this to min 7.6.130.0  as that is the stable code of 7.6.x software train.
  MSE is 3310 model. Reviewing documentation, the MSE can only update until 7.3 version. Somebody knows if the version between wlc and mse must match, or which are the restrictions.
  It does not need to be exact match between WLC & MSE versions. Refer release notes of each product & version, it will listed the new features added in each releases. Since MSE 3310 not supporting 7.3.x onward, I would plan for MSE migration anyway. You can go with VM in later versions of MSE & no need to buy hardware for that.
  Additionally, i can use Prime I or WSC, we have both systems
  Go with Prime as WCS is not supported any longer. What's the reason still keeping the WCS ?
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Prime Infrastructure and WLC 2504 N+1 config syncronization

  I've setup 2 cisco 2504 WLC's in a N+1 configuration, before we purchased Prime Infrastructure.  Now I'm trying to syncronize the configurations between the two devices in PI.  I've setup a configuration group, and it seems using templates will keep the configuration syncronized between the two devices.  Is it possible for PI to automatically create the templates based on the current configuration of the device.  Plus with PI 2.1 it seems like I have to create a template for every section of the configuration, shouldn't there be just one large template that has all the configurations.

  Yes, you should be able to discover templates from the WLC
  HTH,
  Steve

• MSE NMSP status inactive after WLC 5508 HA failover

  I have a customer who has a Prime Infrastructure 2.0 server and MSE 7.4 server for Context Aware Services.   The MSE also has the AeroScout Tag Engine for Tracking the AeroScout RFID tags it has deployed.    They have a WLC 5508 HA pair running version 7.4 at their main campus, and two other standalone WLC 5508s at 2 other smaller campuses.   The issue they are having is that when a failover of the WLC5508 HA pair occurs at their main campus, they lose tracking of the WiFi and AeroScout clients.   The other WLCs are not affected.
  When this happens, the Prime Infrastructure show the NMSP status of the WLC5508 HA pair as inactive.   The PI gives the message that the time of the WLC is before the MSE.  But the PI, MSE, and WLCs are all synched to the same Campus NTP server, and the time shows the same time down to the second.   I can get the WLC communicating to the MSE again by removing the Assignment of the WLC to the MSE, then re-adding it to the MSE a few minutes later. 
  We are not sure why the WLC 5508 HA pair occasionally fails over to the standby or back to the primary.  We have not seen any cause for the HA pair failover.   Is there something we need to do to the WLC HA pair so that the NMSP still works if a failover of the WLC occurs.  The customer is planning on converting one of their other Standalone WLCs to a HA Pair also.

  That is what I have been doing.  But the problem is that the I have had to do this about 3 times in the last 6 weeks.  Each time correlates with a failover of the WLC 5508 pair.   Will this have to be done each time there is a failover, or is there some setting on the WLCs, MSE, or Prime Infrastructure that can prevent  having manually to un-assign, then re-assign the WLC to the MSE.

• Controller - NMSP status inactive

  Prime 1.2
  Controller - NMSP status INACTIVE
  I having a problem with one particular controller seen by my Standalone MSE
  see snapshot below, I have 2 other old controllers running exactly the same code (4.2.207.0) which are seen by MSE as NMSP ACTIVE
  Is there a setting I need to change on this particular controller?
  NMSP Troubleshooting Checklist
  Controller reachable from NCS
  Controller reachable from MSE
  Controller time after MSE time
  MSE KeyHash present on the Controller
  Controller Keyhash matches with the MSE
  Pre-5.1.x.x Controller assigned to Single MSE

  Take a look at this thread as it may help.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Virtualized WLC + Prime + MSE solution

  Dear all,
  we are facing some problem to deploy a virtualized localization solution made of WLC, Prime Infrastructure and MSE.
  We constructed, in our lab, on a UCS C220M3 with VMWare 5.1 the following solution:
  Virtual WLC version 7.3.101 (ip address 10.0.1.249)
  Prime Infrastructure 1.2.0.103 (ip address 10.0.1.250)
  Virtual MSE 7.3.101 (ip address 10.0.1.247)
  WLC is working properly, can register APs and is properly integrated with the Prime. For the localization solution we deployed three access points:  
  -one 3502 in flex connect mode
  -two 1142 in monitor mode
  The problem came out  when we started to work with the MSE. MSE has been registered inside Prime and synchronized with maps and controller.
  After that we checked the maps but no information was displayed. So we started facing the problem and we found that the NMSP protocol remained inactive even if the troubleshooting windows didn't report any explicit issue.
  At this stage we started checking the debug messages and in particular, for the NMSP we countinuously received the follwing message:
  *nmspRxServerTask: Nov 17 17:55:09.777: Allocated new NMSP connection 0
  *nmspRxServerTask: Nov 17 17:55:09.778: sslConnectionInit:  SSL_new() conn ssl 0x2aaaae71ab88
  *nmspRxServerTask: Nov 17 17:55:09.778: sslConnectionInit: SSL_do_handshake for conn ssl 0x2aaaae71ab88, conn state: INIT, SSL state: HANDSHAKING
  *nmspRxServerTask: Nov 17 17:55:09.778: -- returns WANT_READ for conn ssl 0x2aaaae71ab88
  *nmspRxServerTask: Nov 17 17:55:09.778: sslConnectionInit() success with Connection state: INIT, SSL state: HANDSHAKING
  *nmspRxServerTask: Nov 17 17:55:09.785: doSSLRecvLoop: Handshake has not completed for conn 0
  *nmspRxServerTask: Nov 17 17:55:09.785: sslConnectionInit: SSL_do_handshake for conn ssl 0x2aaaae71ab88, conn state: INIT, SSL state: HANDSHAKING
  *nmspRxServerTask: Nov 17 17:55:09.785: -- returns WANT_READ for conn ssl 0x2aaaae71ab88
  *nmspRxServerTask: Nov 17 17:55:10.100: doSSLRecvLoop: Handshake has not completed for conn 0
  *nmspRxServerTask: Nov 17 17:55:10.100: sslConnectionInit: SSL_do_handshake for conn ssl 0x2aaaae71ab88, conn state: INIT, SSL state: HANDSHAKING
  *nmspRxServerTask: Nov 17 17:55:10.100: -- handshake failed for conn ssl 0x2aaaae71ab88,error = error:00000000:lib(0):func(0):reason(0)
  *nmspRxServerTask: Nov 17 17:55:10.100:  freeing Nmsp conn ssl 0x2aaaae71ab88, conn id 0
  Also the statistics for the NMSP protocol emphatized an SSL error:
  (Cisco Controller) >show nmsp statistics summary
  NMSP Global Counters
  Client Measure Send Fail......................... 0
  Send RSSI with no entry.......................... 0
  APP msg too big.................................. 0
  Failed Select on Accept Socket................... 0
  Failed SSL write................................. 0
  Partial SSL write................................ 0
  SSL write returned zero.......................... 0
  SSL write attempts to want read.................. 0
  SSL write attempts to want write................. 0
  SSL write got default error...................... 0
  SSL write max data length sent................... 0
  SSL write max attempts to write in loop.......... 0
  SSL read returned zero........................... 0
  SSL read attempts to want read................... 0
  SSL read attempts to want write.................. 0
  SSL read got default error....................... 0
  Failed SSL read - Con Rx buf freed............... 0
  Failed SSL read - Con/SSL freed.................. 0
  Max records read before exiting SSL read......... 0
  --More-- or (q)uit
  Highest Prio Tx Q full........................... 0
  Normal Prio Tx Q full............................ 0
  Highest Prio Tx Q Sent........................... 0
  Normal Prio Tx Q Sent............................ 0
  Highest Prio Tx Q count.......................... 0
  Normal Prio Tx Q count........................... 0
  Messages sent by APPs to Highest Prio TxQ........ 0
  Max Measure Notify Msg........................... 0
  Max Info Notify Msg.............................. 0
  Max Highest Prio Tx Q Size....................... 0
  Max Normal Prio Tx Q Size........................ 0
  Max Rx Size...................................... 1
  Max Info Notify Q Size........................... 0
  Max Client Info Notify Delay..................... 0
  Max Rogue AP Info Notify Delay................... 0
  Max Rogue Client Info Notify Delay............... 0
  Max Client Measure Notify Delay.................. 0
  Max Tag Measure Notify Delay..................... 0
  Max Rogue AP Measure Notify Delay................ 0
  Max Rogue Client Measure Notify Delay............ 0
  Max Client Stats Notify Delay.................... 0
  Max RFID Stats Notify Delay...................... 0
  RFID Measurement Periodic........................ 0
  --More-- or (q)uit
  RFID Measurement Immediate....................... 0
  SSL Handshake failed............................. 1319
  NMSP Rx detected con failure..................... 0
  NMSP Tx detected con failure..................... 0
  NMSP Tx buf size exceeded........................ 0
  NMSP Tx Invalid msg id .......................... 0
  Reconnect Before Conn Timeout.................... 0
  Rogue AP Info Changed DB Full.................... 0
  Rogue AP Meas Changed DB Full.................... 0
  Rogue Client Info Changed DB Full................ 0
  Rogue Client Meas Changed DB Full................ 0
  Looking around the Internet we found a similar case where the issue was solved dealing with the authorization list upon the wireless lan controller but after the suggested check we saw that the MSE is correctly authorized inside the controller: Here's the "show auth-list" on the WLC:
  (Cisco Controller) >show auth-list
  Authorize MIC APs against AAA ................... disabled
  Authorize LSC APs against Auth-List ............. disabled
  APs Allowed to Join
    AP with Manufacturing Installed Certificate.... no
    AP with Self-Signed Certificate................ no
    AP with Locally Significant Certificate........ no
  Mac Addr                  Cert Type    Key Hash
  00:0c:29:68:c8:57         LBS-SSC      6d6703ef9cccfb5a430e04b3ad128f8170fb435c
  that perfectly matches what was on the MSE:
  cmd> show server-auth-info
  invoke command: com.aes.server.cli.CmdGetServerAuthInfo
  AesLog queue high mark: 50000
  AesLog queue low mark: 500
  Server Auth Info
  MAC Address: 00:0c:29:68:c8:57
  Key Hash: 6d6703ef9cccfb5a430e04b3ad128f8170fb435c
  Certificate Type: SSC
  Finally I tried to look around the MSE logs and here what I found tailing the locserver errors:
  ==> /opt/mse/logs/locserver/locserver-error-0-0.log <==
  11/17/12 17:54:13.513 ERROR[locp] [36] Error in ConnectHandler(endPoint) <LocpSessionTarget mode=CLIENT><LocpEndPoint status=HANDSHAKE totalBytesSent=72000 totalBytesReceived=1315800><LocpEndPoint.Key host=10.0.1.249 port=16113/></LocpEndPoint></LocpSessionTarget>
  11/17/12 17:54:13.513 ERROR[com.aes] [36] [ConnectHandler:handle-09] THROW
  javax.net.ssl.SSLHandshakeException: General SSLEngine problem
          at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015)
          at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485)
          at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1128)
          at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1100)
          at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452)
          at com.aes.server.locp.transport.IOChannelSecure.doHandshake(IOChannelSecure.java:230)
          at com.aes.server.locp.transport.LocpTransportService$ConnectHandler.handle(LocpTransportService.java:354)
          at com.aes.server.locp.transport.ChannelEventDispatcherImpl$HandlerTask.run(ChannelEventDispatcherImpl.java:348)
          at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
          at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
          at java.util.concurrent.FutureTask.run(FutureTask.java:138)
          at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
          at java.lang.Thread.run(Thread.java:662)
  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
          at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
          at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1528)
          at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:243)
          at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
          at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
          at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
          at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
          at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533)
          at java.security.AccessController.doPrivileged(Native Method)
          at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952)
          at com.aes.server.locp.transport.IOChannelSecure.doTasks(IOChannelSecure.java:265)
          at com.aes.server.locp.transport.IOChannelSecure.doHandshake(IOChannelSecure.java:193)
          ... 8 more
  Caused by: sun.security.validator.ValidatorException: No trusted certificate found
          at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:346)
          at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:111)
          at sun.security.validator.Validator.validate(Validator.java:218)
          at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
          at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
          at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
          at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
          ... 15 more
  Everything seems to bring to a certificate error but I don't know, from a side if this is the right direction of investigfation and, from the other, where to check for this certificate and how to find a solution.
  May someone  give us some help?
  Thank in advance to all.
  Regards.
  Marco

  Hi Pongsatorn,
  This is caused by a bug with the ID - CSCub42987. And yes, it only applies to the Virtual WLC's.
  Here is the work-around: (need to be performed from the CLI of the MSE as follows)
  1. cmdshell
  2. config unauthenticated-nmsp true
  3. exit
  4. service msed restart
  Ram.

• Prime 1.3 and WLC 7.6 Can I push guest accounts?

  Hi all
  My Customer needs to update the WLC to 7.6 (from 7.4) due to 3700 APs, but does not use the ac or other new features (yet).
  He has a Prime 1.3 update 4, where the guest Account are created.
  Can he, after the WLC Upgrade  to 7.6.130.0 still see the WLC from Prime 1.3 and Push guest accounts to the WLC?
  The migration to PI 2.1 will be planned.
  Thanks
  Willem

  Cisco Prime 1.3 doesn't support 7.6 please check the compatibility matrix
  Table 4 Cisco Prime Infrastructure and Cisco Wireless Release Compatibility Matrix
  Cisco Prime Infrastructure
  Cisco WLC
  Cisco MSE
  ISE
  Remarks
  Update 4 for 1.3.0.20
  Update 1 for 1.3.0.20
  1.3.0.20
  7.4.121.0
  7.4.110.0
  7.4.100.60
  7.4.100.0
  7.3.112.0
  7.3.101.0
  7.2.115.2
  7.2.111.3
  7.2.110.0
  7.2.103.0
  7.0.250.0
  7.0.240.0
  7.0.235.3
  7.0.235.0
  7.0.230.0
  7.1.91.0
  7.0.220.0
  7.0.116.0
  7.0.98.218
  7.0.98.0
  7.4.121.0
  7.4.110.0
  7.4.100.0
  7.3.101.0
  7.2.110.0
  7.2.103.0
  7.0.240.0
  7.0.230.0
  7.0.220.0
  7.0.201.204
  7.0.112.0
  7.0.105.0
  1.0
  1.1
  1.2

• MSE wIPS services - NMSP Connection active/not active

  Hi all,
  Recently deployed Prime Infra 1.3.0.20, MSE 7.4.110.0 and WLC 7.4.110.x.
  The CAS and wIPS services are up but wIPS Profiles can't be push to controller.
  Though when using GUI, NMSP is active..
  ..but when using CLI via /opt/mse/wips/bin/wips_cli, sometimes it will display no WLC found then seconds later  it will display Pending donwload to controller, NMSP connection -> No response
  wIPS>show wlc all
  No WLC found
  wIPS>
  wIPS>
  wIPS>show wlc all
  WLC MAC              Profile                        Profile Status                           IP                   NMSP Connection Status       
  XX:XX:XX:XX:XX:E0    Default                        Pending download to controller           xx.xxx.xx.68         No Response                  
  wIPS>show wlc all
  WLC MAC              Profile                        Profile Status                           IP                   NMSP Connection Status       
  XX:XX:XX:XX:XX:E0     Default                        Pending download to controller           xx.xxx.xx.68          No Response                  
  wIPS>show wlc all
  No WLC found
  Screenshot in wIPS Profile Assignment
  MSE output command using /etc/init.d/msed status
  STATUS:
  Health Monitor is running
  Starting MSE Platform, Waiting to check the status.
  MSE services are up, getting the status
  Server Config
  Product name: Cisco Mobility Service Engine
  Version: 7.4.110.0
  Health Monitor Ip Address: 1.1.1.1
  High Availability Role: 1
  Hw Version: V01
  Hw Product Identifier: AIR-MSE-VA-K9
  Hw Serial Number: XXXXXX
  Use HTTP: false
  Legacy HTTPS: false
  Legacy Port: 8001
  Log Modules: -1
  Log Level: INFO
  Days to keep events: 2
  Session timeout in mins: 30
  DB backup in days: 2
  Services
  Service Name: Context Aware Service
  Service Version: 7.4.0.45
  Admin Status: Enabled
  Operation Status: Up
  Service Name: WIPS
  Service Version: 1.0.4041.0
  Admin Status: Enabled
  Operation Status: Up
  Service Name: Mobile Concierge Service
  Service Version: 2.0.0.37
  Admin Status: Disabled
  Operation Status: Down
  Service Name: Location Analytics Service
  Service Version: 1.0.0.12
  Admin Status: Disabled
  Operation Status: Down
  Server Monitor
  Server start time: Mon Sep 30 22:57:16 PHT 2013
  Server current time: Tue Oct 01 15:09:26 PHT 2013
  Server timezone: Asia/Manila
  Server timezone offset: 28800000
  Restarts: 3
  Used Memory (bytes): 613409344
  Allocated Memory (bytes): 1328349184
  Max Memory (bytes): 1908932608
  DB virtual memory (kbytes): 0
  DB virtual memory limit (bytes): 0
  DB disk memory (bytes): 18164721280
  DB free size (kbytes): 0
  Active Sessions
  Session ID: 30483
  Session User ID: 1
  Session IP Address: 1x.xx.xx.5
  Session start time: Mon Sep 30 22:58:39 PHT 2013
  Session last access time: Tue Oct 01 15:09:19 PHT 2013
  Default Trap Destinations
  Trap Destination - 1
  IP Address: xx.xx.xx.4
  Last Updated: Mon Sep 30 22:58:42 PHT 2013
  Context Aware Service
  Total Active Elements(Wireless Clients, Tags, Rogue APs, Rogue Clients, Interferers, Wired Clients): 4069
  Active Wireless Clients: 3800
  Active Tags: 0
  Active Rogue APs: 218
  Active Rogue Clients: 0
  Active Interferers: 51
  Active Wired Clients: 0
  Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients, Tags) Limit: 6000
  Active Sessions: 1
  Wireless Clients Not Tracked due to the limiting: 0
  Tags Not Tracked due to the limiting: 0
  Rogue APs Not Tracked due to the limiting: 0
  Rogue Clients Not Tracked due to the limiting: 0
  Interferers Not Tracked due to the limiting: 0
  Wired Clients Not Tracked due to the limiting: 0
  Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients) Not Tracked due to the limiting: 0
  Context Aware Sub Services
  Subservice Name: Aeroscout Tag Engine
  Admin Status: Disabled
  Operation Status: Down
  Subservice Name: Cisco Tag Engine
  Admin Status: Enabled
  Operation Status: Up
  +++++++++++++++++++++++++
  Could this be the results of DB free size (kbytes): 0?  means I don't enough space for my database?
  Regards,
  Dave

  Hello Rasmus,
  I got NMSP issue while configuration so i did troubleshoot and root cause i found is please synchronize your appliances clock with NTP Server:
  Thanks.

• MSE and Zones (Cisco Connected Mobile Experience)

  Hello everybody,
  I am trying to do Cisco Connected Mobile Experience work using Cisco Prime 1.3, MSE 7.4, WLC 7.4 (everything virtual appliance) and Meridian App.
  It is working well, but although I have configured some zones on Cisco Prime, it is not shown on MSE and Meridian.
  What can be happening? Why aren't zones shown?

  Dear andre.ortega,
  we have similar project.
  And may be you can help me, geting answers for my questions.
  1. MSE v 7.5 will support navigation features. Can MSE output this information via API to Mobile Apps?
  2. did u investigate other solutions for mobile apps then Meridian?
  thank you.

• WCS and WLC AP values not fully in sync.

  I have recently added several new aps on my network,after they connect to the controller, I set a hostname, and change the ip address to a static. However, WCS still sees the aps by the old ip and host name despite going into each one, hitting audit, and then save, any way to fix this? Thanks.

  You may want to also consider the following:
  1) Both the WCS and the WLC need to be at the same major revs (i.e.: The if the WCS is at v4.2, then the WLC should also be at 4.2). Failure to do so results in some significantly bizarre behavior such as errors after an audit - at least that was my experience.
  2) You may have better success if you make the change from the WCS which pushes the change to the WLC and that way the WCS is already aware of the change. (Normally, this should work - I know of one instance where it does not: changing Master Controller Mode from the WCS).
  3) If you feel strongly about making the change in the WLC (and are running a newer version of code in the WCS/WLC - i.e.: 4.x), there is a setting that forces the WLC to send configuration changes to the WCS once APPLY and "Save Configuration" are clicked:
  From the *WCS*, click on Configure->Controllers and click on the controller you wish to change, and check the "Refresh on Save Config Trap" check box and click OK.
  This will cause the controller to push any configuration changes up to the WCS after an APPLY and "Save Configuration" are clicked.
  4) In terms of getting the WCS to actually synch up with the controller (assuming the WCS and WLC are at the same rev. levels), you may need to do what I did (this was subsequent to upgrading to v4.2 in both the WLC and WCS and having chronic "mismatch" status between the WCS and WLC):
  From the WCS:
  Configure->Controllers, check the controllers you wish to synch up. From the dropdown, select "refresh config from controller"
  Next, select the DELETE option (instead of the RETAIN option). I believe that there are bugs in the software that upgrades earlier revisions to 4.2. I know that it might seem undesirable to DELETE information in the WCS, however, if you choose "DELETE", it seems to get rid of the residual information from the previous revisions that did not upgrade properly and the WCS will now be in synch with the controllers. DELETING the other settings makes the audit errors go away.
  Subsequent audits may go better for you after performing the step shown above. However, you may need to repeat this process in item 4 above once or twice more until the database gets cleaned up, but after that my own experience has been that the WCS and WLC will eventually stay in synch.
  It is unfortunate that we are forced to come up with workarounds like these when the software should clearly be able to handle this on its own, but we do what we must to get the job done.
  Hope this helps,
  - John
  (Please rate helpful posts)

• Migrating APs and WLCs to other subnets

  At the moment we have 2 and WLCs with 50 licenses and almost 100 LAPs (with fixed IP-address and with configured controller address).
  I want to move the WLCs to VLAN 150 (192.168.150.0/24) and the LAPs to VLAN (192.168.160/24). 
  To do this do I need to change the fixed configuration of every AP to the correct IP-address and than place them in de correct VLAN and if all LAPs changed the IP-address of the controller and place him in correct VLAN? Our is there a easier way to do this.
  I have read something about giving a option in the DHCP scope but I don't think that wil work in my situation because I have 2 controllers.

  There are multiple ways of doing this.
  If you have WCS or Prime, you could push Primary Controller information to all you AP with new controller IP information (since it is not live, it won't affect AP). In this way one you change the WLC IP, AP will join your new controller as primary controller.
  As Leo suggested you can use DNS or DHCP option 43 method as well. In DHCP option 43, you can give multiple controllers IP if you want. But if these two controllers are in same mobility group, irrespective of the option 43 config, AP will get to know about available controllers as long as they reach any one of your controller.
  HTH
  Rasika
  *** Pls rate all useful responses ****

• Please i have ordered for Bottom Case of white macbook for over 2 months now and the repair status is still processing. is dat normal

  please i have ordered for Bottom Case of white macbook (late 2009)for over 2 months now and the repair status is still processing. is dat normal? i really need the bottom case asap, how can i get it

  Call Apple.  Contact Apple for support and service
  This is a user to user forum, we don't work for Apple.

• My phone will not load past the apple icon when trying to turn on. all it has on the screan is apple icon and a blank status bar. whats wrong? and what can i do?

  my phone will not load past the apple icon when trying to turn on. all it has on the screan is apple icon and a blank status bar. whats wrong? and what can i do?

  Hi, Just put phone in the recovery mode and restore to the factory settings. It should work.

• Ask the Expert: Cisco BYOD Wireless Solution: ISE and WLC Integration

  With Jacob Ideji, Richard Hamby  and Raphael Ohaemenyi   
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about  the new Identity Solutions Engine (ISE) and Wireless LAN Controller (WLC) hardware/software, integration, features, specifications, client details, or just questions about  Cisco's Bring-your-own device (BYOD) solution with cisco Experts Richard Hamby, Jacob Ideji, and Raphael Ohaemenyi. The interest in BYOD (Bring You Own Device) solutions in the enterprise has grown exponentially as guests and company users increasingly desire to use personal devices to access .  Cisco BYOD enhances user experience and productivity while providing security, ease-of-administration, and performance. The heart of the Cisco wireless BYOD solution is Identity Solutions Engine (ISE) utilizing the Cisco Unified Wireless portfolio.  Starting with ISE v1.1.1MR and WLC (Wireless LAN Controller) code v7.2.110.0 and higher, end-to-end wireless BYOD integration is reality. 
  Jacob Ideji is the technical team lead in the Cisco authentication, authorization and accounting (AAA) security team in Richardson, Texas. During his four years of experience at Cisco he has worked with Cisco VPN products, Cisco Network Admission Control (NAC) Appliance, Cisco Secure Access Control Server, and Dot1x technology as well as the current Cisco Identity Services Engine. He has a total of more than 12 years experience in the networking industry. Ideji holds CCNA, CCNP, CCSP, CCDA, CCDP, and CISM certifications from Cisco plus other industry certifications.
  Richard Hamby  works on the Cisco BYOD Plan, Design, Implement (PDI) Help Desk for Borderless Networks, where he is the subject matter expert on wireless, supporting partners in the deployment of Cisco Unified Wireless and Identity Services Engine solutions. Prior to his current position, Hamby was a customer support engineer with the Cisco Technical Assistance Center for 3 years on the authentication, authorization, accounting (AAA) and wireless technology teams. 
  Raphael Ohaemenyi  Raphael Ohaemenyi is a customer support engineer with the authentication, authorization and accounting (AAA) team in the Technical Assistance Center in Richardson, Texas, where he supports Cisco customers in identity management technologies. His areas of expertise include Cisco Access Control Server, Cisco Network Admission Control (NAC) Appliance, Cisco Identity Services Engine, and IEEE 802.1X technologies. He has been at Cisco for more than 2 years and has worked in the networking industry for 8 years. He holds CCNP, CCDP, and CCSP certification.
  Remember to use the rating system to let Jacob, Richard and Raphael know if you have received an adequate response.  
  Jacob, Richard and Raphael might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the wireless mobility sub community forum shortly after the event. This event lasts through Oct 5th, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

  OOPS !!
  I will repost the whole messaqge with the correct external URL's:
  In  general, the Trustsec design and deployment guides address the specific  support for the various features of the 'whole' Cisco TS (and other  security) solution frameworks.  And then a drill-down (usually the  proper links are embedded) to the specifc feature, and then that feature  on a given device.  TS 2.1 defines the use of ISE or ACS5 as the policy  server, and confiugration examples for the platforms will include and  refer to them.
  TrustSec Home Page
  http://www.cisco.com/en/US/netsol/ns1051/index.html
  http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/at_a_glance_c45-654884.pdf
  I find this page very helpful as a top-level start to what features and capabilities exist per device:
  http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
  The TS 2.1 Design Guides
  http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html
  DesignZone has some updated docs as well
  http://www.cisco.com/en/US/netsol/ns982/networking_solutions_program_home.html#~bng
  As  the SGT functionality (at this point) is really more of a  router/LAN/client solution, the most detailed information will be in the  IOS TS guides like :
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x.html
  http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/asr1000/sec-usr-cts-xe-3s-asr1000-book.html
  http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html