WLC 5508- GUI Cert Error

I tried installing chained certificate in for the https access in wlc 5508. It failed and later i came to know it will only accept unchained cert for management access. But now the problem is i could not get GUI access. It shows error like "This server security certificate is revoked "
What should i do now..?

Amjad,
Do you mean this link for unchained certs ?
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

Similar Messages

WLC 5508 duplex mismatch error

Hi I've got a WLC 5508 connected to a Catalyst 6000 switch. In the switch I've get a CDP duplex mismatch error every 30 min.
%CDP-4-DUPLEXMISMATCH:Full/half duplex mismatch detected on port 3/23
with the show port command I can see this:
Port Name                 Status     Vlan       Duplex Speed       Type
3/23 WLC           connected trunk        full        1000 10/100/1000
With the show CDP neigh I see a duplex mismatch
C6K9> (enable) sh cdp neig 3/23 detail
Port (Our Port): 3/23
Holdtime: 142 sec
Capabilities: HOST
Version:
Manufacturer's Name: Cisco Systems Inc. Product Name: Cisco Controller Product Version: 7.0.116.0 RTOS Version: Erro Bootloader Version: 1.0.1 Build Type: DATA + WPS
Platform: AIR-CT5508-K9
Port-ID (Port on Neighbors's Device): GigabitEthernet0/0/1
VTP Management Domain: unknown
Native VLAN: unknown
Duplex: half (Mismatch)
But in the WLC console there is not half duplex
(WLC5508) show>port 1
           STP   Admin   Physical   Physical   Link   Link
Pr Type   Stat   Mode     Mode      Status   Status Trap     POE    SFPType
1 Normal Forw Enable Auto       1000 Full Up     Enable N/A     1000BaseTX
I don't have errors in the port counters
How I can resolve this duplex mismatch?

Try upgrading the firmware of the WLC to 7.0.230.0.

Converted 1140 AP can't join the WLC 5508

Hello! Please, help me to sort my problem out.
We have bought autonomous APs   AIR-AP1141N-E-K9 and converted them to the lightweight mode, but they cannot join the WLC 5508. The errors are below. There were NO problems with the LAPs that were bought before, together with the WLC.
AP's IP: 172.22.90.27   IOS version 12.4
WLC's IP: 172.22.90.20   IOS version 6.0.188.0
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This Discussion has been converted into document:- https://supportforums.cisco.com/docs/DOC-23054
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
logs from the AP:
Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
*Oct 13 21:37:06.044: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Oct 13 21:37:06.045: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Oct 13 21:37:06.046: bsnInitRcbSlot: slot 1 has NO radio
*Oct 13 21:37:06.056: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a
dministratively down
*Oct 13 21:37:06.066: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to r
eset
*Oct 13 21:37:06.098: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Oct 13 21:37:15.060: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLL
ER
*Oct 13 21:37:24.060: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Oct 13 21:37:34.060: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 13 21:38:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 172.22.90.20 peer_port: 5246
*Oct 13 21:38:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Oct 13 21:38:34.822: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 172.22.90.20 peer_port: 5246
*Oct 13 21:38:34.823: %CAPWAP-5-SENDJOIN: sending Join Request to 172.22.90.20
*Oct 13 21:38:34.823: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Contr
ol Message from 172.22.90.20
*Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
e from controller
*Oct 13 21:38:39.823: %CAPWAP-5-SENDJOIN: sending Join Request to 172.22.90.20
*Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Contr
ol Message from 172.22.90.20
*Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
e from controller
*Oct 13 21:38:39.824: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap p
acket from 172.22.90.20
*Oct 13 21:39:33.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 1
72.22.90.20:5246
*Oct 13 21:39:34.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 13 21:38:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 172.22.90.20 peer_port: 5246
*Oct 13 21:38:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Oct 13 21:38:34.001: %DTLS-5-PEER_DISCONNECT: Peer 172.22.90.20 has closed conn
ection.
*Oct 13 21:38:34.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 1
72.22.90.20:5246
*Oct 13 21:38:34.001: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination
*Oct 13 21:38:34.125: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established.
logs from the WLC:
debug capwap events enable
*Dec 21 15:02:06.244: 68:bc:0c:63:3d:a0 DTLS keys for Control Plane deleted successfully for AP 172.22.90.27
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 DTLS connection closed event receivedserver (172:22:90:20/5246) client (172:22:90:27/21077)
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 Entry exists for AP (172:22:90:27/21077)
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 0
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 0
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 1
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 1
Ble
*Dec 21 15:04:03.194: 68:bc:0c:63:3d:a0 capwap_ac_platform.c:1223 - Operation State 0 ===> 4
*Dec 21 15:04:03.194: 68:bc:0c:63:3d:a0 Register LWAPP event for AP 68:bc:0c:63:3d:a0 slot 0
*Dec 21 15:05:36.253: 68:bc:0c:63:3d:a0 Join Version: = 100711424
*Dec 21 15:05:36.253: 68:bc:0c:63:3d:a0 Join resp: CAPWAP Maximum Msg element len = 93
debug capwap errors enable
*Dec 21 16:16:51.879: 68:bc:0c:63:3d:a0 DTLS connection was closed
*Dec 21 16:17:09.940: 68:bc:0c:63:3d:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 12, joined Aps =5
debug capwap detail enable
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 CAPWAP Control Msg Received from 172.22.90.27:21078
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 packet received of length 281 from 172.22.90.27:21078
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Msg Type = 3 Capwap state = 5
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: Result Code message element len = 8
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 1. 47 0
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 2. 232 3
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 3. 6 0
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 4. 12 0
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: AC Descriptor message element len = 48
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 acName = Wi-Fi_Controller
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: AC Name message element len = 68
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: WTP Radio Information message element len = 77
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: CAPWAP Control IPV4 Address len = 87
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Sending encrypted packet to AP 172:22:90:27 (21078)
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Releasing WTP
*Dec 21 16:24:12.212: 68:bc:0c:63:3d:a0 CAPWAP Control Msg Received from 172.22.90.27:21077
*Dec 21 16:24:12.212: 68:bc:0c:63:3d:a0 DTLS connection 0x167c8b20 closed by controller
*Dec 21 16:24:12.212: DTL Deleting AP 9 - 0.0.0.0
*Dec 21 16:24:12.214: CAPWAP DTLS connection closed msg
*Dec 21 16:24:12.216: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'mfpSendEventReport+168' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.216: Received SPAM_MFP_RADIO_DOWN message
*Dec 21 16:24:12.218: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'l2roamInit+560' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.220: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamCallbackInSpamContext+1224' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.222: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamSendBlackListTable+376' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.224: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'rrmIappSendChdPacket+2320' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.226: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'asTrackInitTask+19360' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.228: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'mfpSendEventReport+168' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.228: Received SPAM_MFP_RADIO_DOWN message
*Dec 21 16:24:12.230: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'l2roamInit+560' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.232: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamCallbackInSpamContext+1224' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.234: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamSendBlackListTable+376' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.236: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'rrmIappSendChdPacket+2320' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.238: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'asTrackInitTask+19360' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.238: 68:bc:0c:63:3d:a0 Deleting and removing AP 68:bc:0c:63:3d:a0 from fast path
P.S. The time is set to the WLC with the NTP
P.P.S. Don't lookup at the time the logs were made - they were made not during the same day/time

I have solved this as soon as published my problem!!!
the answer is published here:
https://supportforums.cisco.com/thread/2004491
especially in the post of Matthew Fowler
Hi,
Please take a look at CSCte01087.
I see that your WLC is 10.0.13.5 and your AP is 10.0.13.28/24 so they are on the same subnet. I also see your AP MAC address does not begin with 00. This is why I believe it is relevant.
Please try the workaround or open a TAC case if you need a fix.
-Matt
Symptom:
An access point running 6.0.188.0 code may be unable to join a WLC5508.
Messages similar to the following will be seen on the AP.
   %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
   %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message
Conditions:
At least one of the following conditions pertains:
- The high order byte of the AP's MAC address is nonzero, and the AP is in
the same subnet as the WLC5508's management (or AP manager) interface
- The WLC's management (or AP manager) interface's default gateway's
MAC address' high order byte is nonzero.
Workaround:
If the MAC address of the WLC's default gateway does not begin with 00,
and if all of the APs' MAC addresses begin with 00, then: you can put
the APs into the same subnet as the WLC's management (or AP manager)
interface.
In the general case, for the situation where the WLC's default gateway's
MAC does not begin with 00, you can address this by changing it to begin
with 00. Some methods for doing this include:
-- use the "mac-address" command on the gateway, to set a MAC address
that begins with 00
-- then enable HSRP on the gateway (standby ip ww.xx.yy.zz) and use this
IP as the WLC's gateway.
For the case where the APs' MAC addresses do not begin with 00, then make
sure that they are *not* in the same subnet as the WLC's management
(AP manager) interface, but are behind a router.
Another workaround is to downgrade to 6.0.182.0. However, after
downgrading the WLC to 6.0.182.0, any APs that have 6.0.188.0 IOS
(i.e. 12.4(21a)JA2) still installed on them will be unable to join.
Therefore, after downgrading the WLC, the APs will need to have a
pre-12.4(21a)JA2 rcvk9w8 or k9w8 image installed on them.
different vlan!!!! yes! thank you Matthew Fowler sooooo much!!!!

ISE 1.2 / WLC 5508 EAP-TLS expired certificate error, but wireless still working

Hi I have a customer that we've deployed ISE 1.2 and WLC 5508s at. Customer is using EAP-TLS with and everything appears to setup properly. Users are able to login to the network and authenticate, however, frequently, I'm getting the following error in ISE authentication logs:
12516 EAP-TLS failed SSL/TLS handshake because of an expired certificate in the client certificates chain
OpenSSL messages are:
SSL alert: code=Ox22D=557 : source=local ; type=fatal : message="X509
certificate ex pi red"'
4 727850450.3616:error.140890B2: SS L
rOYbne s: SSL 3_ G ET _CL IE NT _CE RT IF ICAT E:no ce rtific ate
relurned: s3_ srvr.c: 272 0
I'm not sure if this is cosmetic or if this is something that I should be tracking down. System isn't in full production yet, but every client seems to be working and there is no expired cert in the chain. Any ideas what to check?

Hello Dino,
thanks very much for your reply.
The client uses a machine-certificate, the PKI is not a microsoft one, but a third party PKI. The certificate is fresh and valid, the root-cert is installed and checked to be validated against it for the login.
Clock is correct too. The same setup works flawlessly in Windows 7 and XP.
EKU is set on the certificate (1.3.6.1.5.5.7.3.2)
I suspect the cert-setup itself, but don't get a clue where this might stuck...
Björn

WLC 5508 with LAP-1142n - Several Errors

Hello all,
I had installed a WLC 5508 with 7 LAP 1142n and 2 converted AP 1131abg.
I am seeing some errors relating 2 issues.
1st- One particular AP 1142 is disassociating and reseting the radios.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Thu Oct 28 11:50:49 2010
AP's Interface:0(802.11b)   Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface   reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:0(802.11b)   Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface   reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:1(802.11a)   Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface   reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:1(802.11a)   Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface   reset. Status:NA
Thu Oct 28 11:50:46 2010
AP's Interface:1(802.11a) Operation   State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio reset due to Init.   Status:NA
Thu Oct 28 11:50:46 2010
AP's Interface:0(802.11b)   Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio reset due to   Init. Status:NA
Thu Oct 28 11:50:46 2010
AP 'AP3', MAC:   e8:04:62:23:ac:e0 disassociated previously due to AP Reset. Uptime: 1 days,   10 h 24 m 23 s . Last reset reason: operator changed 11g mode.
Thu Oct 28 11:50:35 2010
AP Disassociated. Base Radio   MAC:e8:04:62:23:ac:e0
Thu Oct 28 11:50:35 2010
AP's Interface:1(802.11a)   Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=New Discovery Status:NA
Thu Oct 28 11:50:35 2010
AP's Interface:0(802.11b) Operation   State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=New Discovery Status:NA
I had some search, and the new discovery cause, might be that the AP didnt know what WLC do associate, in a multi-controller environment. This is not the case. I only have one WLC in the same management vlan.
2st-The Radius server is beeing related in the logs as been deactivated. I raise the server time-out on Radius configuration option, but it still continues to do it.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Thu Oct 28 10:24:41 2010
RADIUS server 10.67.128.36:1812 deactivated in global list
Thu Oct 28 10:24:41 2010
RADIUS server 10.67.128.36:1812 failed to respond to request (ID 172)   for client e8:06:88:51:c0:2b / user 'unknown'
Is this meaning the WLC stop sending request to the Radius Server ? We dont have BackUp Radius.
As far as i know, its always the same mac-address client that is associated to that error, maybe a iphone.
I had so many clients in that SSID and they are all working good.
The Radius server is a NPS from windows Server 2008
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
, and the client says that the medium response time is 0,02 sec, so im wondering why the controller is not getting response from Radius for a particular client?! My client also says, that didnt found any log related to that mac-address client ... what is weird...
WLC with last software available 7.0.164
Hope some one help me here.
Best Regards,
Bruno Petrónio

Thanks Scott,
I understand what you are mentioning, and i really didnt do it yet.
I realize that the primary controller was not configured on the
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Wireless –> All APs –> High Availability tab, and did it only to the AP that is taking this beahviour.
Is this mandatory for a 1 controller only ?
No mather what the manual say, after that the AP is rebooting 2 mins in 2 mins... with the same kind of messages.
The interface on the switch is getting a few input errors and the same numbers of crc... but are so few...
Next step ... i will change it to another one's place/pathing cable.
Regarding the Radius messages... any ideas ?
I'm already on 30 sec's of server timeout.
Best Regards,
Bruno Petrónio

WLC 5508 - Error When Uploading Webauth Bundle

Currently have a WLC 5508 running 7.4.110.0. I'm trying to upload (download) a webauth bundle to the controller from the web interface and am getting an error. I've tried using FTP, SFTP and TFTP and get a different error with each. When I started out with this, I was using a modified login.tar. Thinking this was the problem, I switched to using the login.tar file included with the Web Authentication Bundle version 1.0.2 downloaded from the Cisco site. This file fails with the errors below. Does anyone have suggestions as to what I'm doing wrong? Is this is a known bug in this version of the software? Thanks!
For FTP:
The web interface shows:
% Error: Webauth Bundle file transfer failed - Unknown error - refer to log.
Log on the controller shows:
*TransferTask: May 28 13:51:12.942: #UPDATE-3-FTP_TRANSFER_FAIL: updcode.c:5631
Error FTP file Transfer [ftp_get], <30>, Read-only file system.
For SFTP:
The web interface shows:
% Error: Webauth Bundle file transfer failed - Unknown error - refer to log.
Log on the controller shows:
*TransferTask: May 28 14:52:58.779: #UPDATE-3-SFTP_TRANSFER_FAIL: updcode.c:5869
Error SFTP file Transfer [sftp_get], <11>, Resource temporarily unavailable.
For TFTP:
The web interface shows:
% Error: Webauth Bundle file transfer failed - Unknown error - refer to log.
Log on the controller shows:
*TransferTask: May 28 15:02:39.232: #UPDATE-3-FILE_OPEN_FAIL: updcode.c:4593 Fai
led to open file webauth.tar.
*sshpmReceiveTask: May 28 15:02:39.153: #OSAPI-3-MUTEX_FREE_INFO: osapi_sem.c:10
87 Sema 0x2b32def8 time=11504 ulk=18587678 lk=18576174 Locker(sshpmReceiveTask s
shpmrecv.c:1662 pc=0x10b07938) unLocker(sshpmReceiveTask sshpmReceiveTaskEntry:1
647 pc=0x10b079

Hi,
1. Did you used PIcozip to compress your webauth bundle?
2. Did you try only with one laptop , if yes then try to use other one.
3. Just try to upload default webauth bundl from cisco to wlc and show the result to us.
7.4.121.0 is very stable version.
Regards

SFP Error with WLC 5508

all,
I'm facing a problem to upgrade my WLC 5508 from 6.0.199.4 to 7.0.98.218
On my WLC, I have a bad src error message about the SFP.
With the version 6, I have the "warning" but the port is UP and Running
           STP   Admin   Physical   Physical   Link   Link
Pr Type   Stat   Mode     Mode      Status   Status Trap     POE    SFPType
1 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
2 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
3 Normal Forw Enable Auto       1000 Full Up     Enable N/A     SFP Error
on version 7.0.98.218, the port never comes UP:
           STP   Admin   Physical   Physical   Link   Link
Pr Type   Stat   Mode     Mode      Status   Status Trap     POE    SFPType
1 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
2 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
3 Normal Disa Enable Auto       Auto       Down   Enable N/A     SFP Error
I see a bug about CSCta32912, but normally, it is solved in version 7.
How to solve this issue?
Thanks.
           STP   Admin   Physical   Physical   Link   Link
Pr Type   Stat   Mode     Mode      Status   Status Trap     POE    SFPType
1 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
2 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
3 Normal Forw Enable Auto       1000 Full Up     Enable N/A     SFP Error

Are you using a Cisco SFP or a third party one?
Sent from Cisco Technical Support iPad App

Cisco WLC 5508 in HA mode error

Hai ,
I am Getting the below Error in Cisco WLC 5508, Version 7.4.100.0 in HAmode. The WLC contains Access Points having in local and Flex Connect Mode.
RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete,
I sam a same bug in Cisco WLC 7.4.100.0 release notes similar to the error like
RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbSpamSetRadSlotAntennaType.
Any Ideas?

HI Mohamed,
its a open Caveats in 7.4.100.0
CSCud26632
Symptom: The following SNMP trap appears on the controller when you change the channel width number to 40-MHz:
RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbSpamSetRadSlotAntennaType.
Conditions: Controller is in an HA pair. Join the 802.11n access point to the controller and change the channel width to 40-MHz and channel number to 157.
Workaround: None
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
Reagrds
Please rate helpful posts

WLC 5508 - Error extracting webauth files.

Hi all,
i am getting an error during the Upload of Login page for WLC 5508 customized.
After the upload is completed i receveid the error "Error extracting webauth files."
I tried to create the file *.tar with different program (winrar, 7zip, gnu tar, etc)
anyone know the solution for this problem?
Thanks
Marco

TQVVM Marco, it helps and issue resolved. I was downloading a folder consists of (login.html+folder CSS) compressed .TAR but failed. Instead of putting in a folder and directly downloaded the compressed .TAR and it was extracted successfully.
Thanks.

Error APF_HA-3-SYNC_RETRANSMIT_FAIL - Controller Cisco WLC 5508

hello,
I have two controllers on Cisco WLC 5508 HA version 7.5.
I'm having several sync error logs:
*haSSOServiceTask3: Jan 22 09:22:51.637: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (00:0b:6b:b3:d4:6b )data sync. Retry after 300 secs.
*haSSOServiceTask4: Jan 22 09:22:51.037: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (60:67:20:fa:19:04 )data sync. Retry after 300 secs.
*haSSOServiceTask2: Jan 22 09:22:50.838: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (04:fe:31:3b:7d:ca )data sync. Retry after 300 secs.
*haSSOServiceTask2: Jan 22 09:22:50.838: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (88:9b:39:c3:cf:42 )data sync. Retry after 270 secs.
*haSSOServiceTask3: Jan 22 09:22:50.838: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (18:e2:c2:c0:9b:5b )data sync. Retry after 300 secs.
*haSSOServiceTask0: Jan 22 09:22:50.837: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (08:70:45:77:36:60 )data sync. Retry after 240 secs.
*haSSOServiceTask0: Jan 22 09:22:50.837: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (20:64:32:cb:13:a8 )data sync. Retry after 180 secs.
*haSSOServiceTask0: Jan 22 09:22:50.837: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (8c:70:5a:2e:36:e0 )data sync. Retry after 300 secs.
*haSSOServiceTask4: Jan 22 09:22:50.837: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (58:94:6b:65:ad:0c )data sync. Retry after 300 secs.
*haSSOServiceTask1: Jan 22 09:22:50.836: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (40:2b:a1:53:8d:a9 )data sync. Retry after 300 secs.
*haSSOServiceTask4: Jan 22 09:22:50.836: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (a4:17:31:16:19:2c )data sync. Retry after 300 secs.
*haSSOServiceTask1: Jan 22 09:22:50.836: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (04:1e:64:7e:19:31 )data sync. Retry after 300 secs.
*haSSOServiceTask4: Jan 22 09:22:50.639: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (60:67:20:33:7c:74 )data sync. Retry after 300 secs.
*haSSOServiceTask4: Jan 22 09:22:50.639: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (00:26:c6:57:61:34 )data sync. Retry after 300 secs.
Has anyone had something similar?

Hi Valerio, did you ever find out what this error was. I am seeing the same error but on 7.6
#APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2966 Maximum retransmission exceeded for client (8c:00:6d:16:7b:3d )data sync

Wlc 5508 get error when use port-channel

We have two wlc in the system 5508 and 4402.
we config HA for 2 wlc, both wlc enable LAG
When I connect 2 interface of 5508 to 2 interface (in a port channel mode on, trunk, dot1q) of a
couple of VSS switch, I cant management 5508 through web any more, and I still can do with 4402.
If I shutdown 1 port int the port-channel, it work well.
Do you know what happen ?
Thanks
Duyen

hi Scott,
We have VSS ( 2 x 6509) trunk with (2 switch 4506). one port of wlc4402 connect to one port of one swith 4506.
2 ports of wlc 5508 conect to 6509, each port connect to one switch 6509.
the config in VSS switch like this:
interface gig1/1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 500 mode on
interface gig2/1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 500 mode on
etherchannel load-balancer src-dst-ip
( I dont see this command in running config)

Cisco WLC 5508 with Nexus 5048 CDP error

Hello,
We got cisco WLC 5508 running 74.121.0
The WLC is connected to Nexus 5548 with dual-homed.
We receive CDP duplex mismatch from the Nexus switches.
Any ideas?

Can you check the duplex info. of the neighbor using
router#show cdp neighbors detail

WLC 5508 running 7.4.110.0 unable to tftp upload config from controller

Hi,
Two WLC 5508 running identical code version. One is 50 license Primary, the second is HA. Identical config on both. HA WLC can upload its config to the TFTP or FTP server but Primary cannot. The operation fails for both CLI and GUI and for different protocols i.e. TFTP, FTP.
#### Primary Controller
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.110.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.95.16
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... PRODWC7309
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.1.30.210
Last Reset....................................... Power on reset
System Up Time................................... 18 days 18 hrs 51 mins 35 secs
System Timezone Location......................... (GMT+10:00) Sydney, Melbourne, Canberra
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... AU - Australia
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +34 C
External Temperature............................. +17 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 8
Number of Active Clients......................... 138
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ 3C:08:F6:CA:52:20
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 50
(Cisco Controller) >debug transfer trace enable
(Cisco Controller) >transfer upload start
Mode............................................. TFTP
TFTP Server IP................................... 10.1.22.2
TFTP Path........................................ /
TFTP Filename.................................... PRODWC7309-tmp.cfg
Data Type........................................ Config File
Encryption....................................... Disabled
*** WARNING: Config File Encryption Disabled ***
Are you sure you want to start? (y/N) Y
*TransferTask: Jun 02 10:41:15.183: Memory overcommit policy changed from 0 to 1
*TransferTask: Jun 02 10:41:15.183: RESULT_STRING: TFTP Config transfer starting.
TFTP Config transfer starting.
*TransferTask: Jun 02 10:41:15.183: RESULT_CODE:1
*TransferTask: Jun 02 10:41:24.309: Locking tftp semaphore, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
*TransferTask: Jun 02 10:41:24.393: Semaphore locked, now unlocking, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
*TransferTask: Jun 02 10:41:24.393: Semaphore successfully unlocked, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
*TransferTask: Jun 02 10:41:24.394: tftp rc=-1, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
pLocalFilename=/mnt/application/xml/clis/clifile
*TransferTask: Jun 02 10:41:24.394: RESULT_STRING: % Error: Config file transfer failed - Unknown error - refer to log
*TransferTask: Jun 02 10:41:24.394: RESULT_CODE:12
*TransferTask: Jun 02 10:41:24.394: Memory overcommit policy restored from 1 to 0
% Error: Config file transfer failed - Unknown error - refer to log
(Cisco Controller) >show logging
*TransferTask: Jun 02 10:41:24.393: #UPDATE-3-FILE_OPEN_FAIL: updcode.c:4579 Failed to open file /mnt/application/xml/clis/clifile.
*sshpmReceiveTask: Jun 02 10:41:24.315: #OSAPI-3-MUTEX_FREE_INFO: osapi_sem.c:1087 Sema 0x2b32def8 time=142 ulk=1621944 lk=1621802 Locker(sshpmReceiveTask sshpmrecv.c:1662 pc=0x10b07938) unLocker(sshpmReceiveTask sshpmReceiveTaskEntry:1647 pc=0x10b07938)
-Traceback: 0x10af9500 0x1072517c 0x10b07938 0x12020250 0x12080bfc
*TransferTask: Jun 02 10:39:01.789: #UPDATE-3-FILE_OPEN_FAIL: updcode.c:4579 Failed to open file /mnt/application/xml/clis/clifile.
*sshpmReceiveTask: Jun 02 10:39:01.713: #OSAPI-3-MUTEX_FREE_INFO: osapi_sem.c:1087 Sema 0x2b32def8 time=5598 ulk=1621801 lk=1616203 Locker(sshpmReceiveTask sshpmrecv.c:1662 pc=0x10b07938) unLocker(sshpmReceiveTask sshpmReceiveTaskEntry:1647 pc=0x10b07938)
-Traceback: 0x10af9500 0x1072517c 0x10b07938 0x12020250 0x12080bfc
#### HA Controller
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.110.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.95.16
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... PRODWC7310
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.1.31.210
Last Reset....................................... Software reset
System Up Time................................... 18 days 19 hrs 1 mins 27 secs
System Timezone Location......................... (GMT+10:00) Sydney, Melbourne, Canberra
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... AU - Australia
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +34 C
External Temperature............................. +17 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 4
Number of Active Clients......................... 0
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ 3C:08:F6:CA:53:C0
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 500
(Cisco Controller) >debug transfer trace enable
(Cisco Controller) >transfer upload start
Mode............................................. FTP
FTP Server IP.................................... 10.1.22.2
FTP Server Port.................................. 21
FTP Path......................................... /
FTP Filename..................................... 10_1_31_210_140602_1050.cfg
FTP Username..................................... ftpuser
FTP Password..................................... *********
Data Type........................................ Config File
Encryption....................................... Disabled
*** WARNING: Config File Encryption Disabled ***
Are you sure you want to start? (y/N) y
*TransferTask: Jun 02 10:51:31.278: Memory overcommit policy changed from 0 to 1
*TransferTask: Jun 02 10:51:31.278: RESULT_STRING: FTP Config transfer starting.
FTP Config transfer starting.
*TransferTask: Jun 02 10:51:31.278: RESULT_CODE:1
*TransferTask: Jun 02 10:52:05.468: ftp operation returns 0
*TransferTask: Jun 02 10:52:05.477: RESULT_STRING: File transfer operation completed successfully.
*TransferTask: Jun 02 10:52:05.477: RESULT_CODE:11
File transfer operation completed successfully.
Not upgrading to 7.4.121.0 because of bug CSCuo63103. Have not restarted the controller yet.
Any one else had this issue ? Is there a workaround ?
Thanks,
Rick.

Thanks Stephen, In my deployments of 7.4.110.0 version I have not seen this issue so may be controller reboot will fix it (we do have HA to minimize the impact). I will keep the thread updated with findings and may request TAC for the special release 7.4.121.0 if the still not happy with 7.4.110.0
Rick.

Webauth page on WLC 5508

Hi ,
I need to download a login banner page on our WLC 5508 version 7.4.100.60 but i am getting error and the logs is showing the following :
*TransferTask: Sep 11 11:05:04.248: #CLIWEB-3-BUFFER_TOO_LONG: cli_web_api.c:3240 Buffer for Login Banner too long (max = 1296 chars).
My FTP is working fine since i have upgraded the version using it and the .tar file which i am trying to upload is 50K can any body help on this please

Mohammad,
Typically, login banners are .txt files. Please ensure the file that you are uploading is a .txt and not a .tar.
If you are unsuccessful in uploading the file through the Web GUI, might I suggest that you try it through CLI? Sometimes transfers just seem to work better through CLI.
Just in case you have any questions on the CLI transfer, I have this link for your reference:
www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mfw.html#wp1132285
This is the Configuration Guide for the WLC.
Please let me know if this fixes your issue. If it does, please rate this answer and mark your question as Answered.
Charles Moreton

5508 loading cert for web auth

I have web auth enabled on the WLC so when clients connec they get a cert error because it is using the self signed cert. I was reading up on getting a third part cert and it explains about getting openssl and then generating the cert and sending it to a third party CA etc.
Any links you can share would be very helpful explaining best practices and method to load a third party cert on the WLC 5508 for web authentication.
Why can't I just get a cert from them for our domain and simply load it on the WLC?

Hi Mohammed,
Here are the two links which are like bible to generate certs..
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
Depends on whether you are using Chained or Un chained certs.. Following the above link will help you in getting the issue resolved!!
Lemme know if this answered ur question!!
Regards
Surendra

WLC 5508- GUI Cert Error

Similar Messages

Maybe you are looking for