Preview Tool

Cisco Bug: CSCur50946 - APs mfg in Aug./Sept./Oct. 2014 unable to join an IOS-XE controller

Last Modified

May 05, 2020

Products (1)

  • Cisco 5700 Series Wireless LAN Controllers

Known Affected Releases


Description (partial)

Symptom:An access point manufactured in August, September or October, 2014, may be unable to join an IOS-XE controller.
AP console logs at the time will look similar to the following:

*Oct 16 12:39:06.231: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Oct 16 13:14:56.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: peer_port: 5246Peer certificate verification failed FFFFFFFF

*Oct 16 13:14:56.127: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:496 Certificate verified failed!
*Oct 16 13:14:56.127: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to
*Oct 16 13:14:56.127: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to

Conditions:AP was manufactured in August, September or October of 2014.

IOS-XE controller/switch was manufactured in September of 2014, or later, and is running 3.6.0.

Related Community Discussions

<key>CSCur50946</key> - APs mfg in September/October 2014 unable to join an IOS-XE controller
We've run across this bug recently, and spent a great deal of time figuring out what was going on.   Initially we discovered that only certain access points refused to connect to certain WLCs (3650s in our case). Further investigation showed that this was tied to different OUI-parts of the MAC-addresses, which in turn led us to suspect that only batches of hardware were problem childs.   We successfully managed to connect problem AP's to one of our other WLCs. Since we were running the same code ...
Latest activity: Nov 17, 2014
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.