Access Points

Reply
Occasional Contributor II
Posts: 51
Registered: ‎05-03-2011

AP61 reboot loop - cert problem

Hello !

I've encountered a problem with a AP61. I've been using this AP for about 2 years now without problem, until recently when I had to purge it becuase i need to change it to a new location.

And I've also done this to another 31 AP61 without any problems, purged them and provisioned them again.

I have CPS enabled to be able to bridge the AP's.

This is the errors i get from the command "show log system":

Aug 4 10:56:17 :303022: |AP 00:1a:1e:c5:33:17@10.16.40.22 nanny| Reboot Reason: AP rebooted Wed Aug 3 10:14:25 PST 2011; SAPD: Unable to install cert. Need to re-approve AP
Aug 4 10:56:32 :305048: |stm| Dropping unsecure AP message code 16121 from AP at 10.16.40.22 (MAC address 00:1a:1e:c5:33:17)
Aug 4 10:56:32 :399803: |AP 00:1a:1e:c5:33:17@10.16.40.22 sapd| An internal system error has occurred at file sapd_msg.c function sapd_proc_install_cert_req line 3163 error AP is unable to fix certificate chain. Controller certificate hierarchy may have changed. Re-approval needed..
Aug 4 10:56:34 :311002: |AP 00:1a:1e:c5:33:17@10.16.40.22 sapd| Rebooting: SAPD: Unable to install cert. Need to re-approve AP
Aug 4 10:56:34 :303086: |AP 00:1a:1e:c5:33:17@10.16.40.22 nanny| Process Manager (nanny) shutting down - AP will reboot!


I've tried to set some environment variables when i connect manually to it, like serverip, without success. And i dont wanna try to disable CPS.

Thanks in advance!
Johan
Guru Elite
Posts: 20,994
Registered: ‎03-29-2007

Re: AP61 reboot loop - cert problem

Do you see that access point in the control plane security whitelist?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 51
Registered: ‎05-03-2011

Re: AP61 reboot loop - cert problem




Yes, I do. But it differs from the other AP's.:


#show whitelist-db cpsec mac-address 00:1a:1e:c5:33:17


Control-Plane Security Whitelist-entry Details
----------------------------------------------
MAC-Address Enable State Cert-Type Description Revoke Text Secondary Key Last Updated
----------- ------ ----- --------- ----------- ----------- ------------- ------------
00:1a:1e:c5:33:17 Enabled certified-hold-switch-cert switch-cert Thu Jul 21 07:34:32 2011



This is the state of the others:

#show whitelist-db cpsec mac-address d8:c7:c8:c2:e2:79


Control-Plane Security Whitelist-entry Details
----------------------------------------------
MAC-Address Enable State Cert-Type Description Revoke Text Secondary Key Last Updated
----------- ------ ----- --------- ----------- ----------- ------------- ------------
d8:c7:c8:c2:e2:79 Enabled certified-factory-cert factory-cert Wed Jul 20 14:48:11 2011

Occasional Contributor II
Posts: 51
Registered: ‎05-03-2011

Re: AP61 reboot loop - cert problem

Should i try to delete the entry from the whitelist-db?
Guru Elite
Posts: 20,994
Registered: ‎03-29-2007

Re: AP61 reboot loop - cert problem

Can you delete the entry and allow the AP to auto-add and get another cert after purging? You can alternatively manually change the status of the AP.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 51
Registered: ‎05-03-2011

Re: AP61 reboot loop - cert problem




I did as you told me, and i guess its working now.. :)

I could provision the AP, and also the state is certified-switch-cert now instead of certified-hold-switch-cert.

Even tried to connect with a client with success.

Thanks alot!

Search Airheads
Showing results for 
Search instead for 
Did you mean: