ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 25
Registered: ‎11-25-2009

APs not coming up since enabling Control Plane Securitiy

Hi All,

Since enabling CP-security we've been experiencing a problem where some APs show a status of certified-hold-factory-cert, and are unable to associate to their local controller. We're using 125's and running AOS 5.0.3.0. We see the following error on the master controller:

Jan 28 12:51:40 :303022: |AP xxx@xxx nanny| Reboot Reason: AP rebooted Fri Jan 28 12:51:00 EST 2011; SAPD: Rebooting after installing trust update. Factory Cert present
Jan 28 12:51:41 :399803: |AP xxx@xxx sapd| An internal system error has occurred at file sapd_main.c function main line 1935 error Unable to initialize TPM and/or Factory

Sometimes shutting down the AP, changing the status of cpsec and bringing it back up works, sometimes it doesn't.. Anyone run into this, or have any info??

Thanks,
Pete
Guru Elite
Posts: 21,492
Registered: ‎03-29-2007

Re: APs not coming up since enabling Control Plane Securitiy

It should NOT work that way. Please open a case so that it can get looked at. Autoprovision should allow ALL APs. Please see if an entry already exists for the AP in the cpsec whitelist.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 25
Registered: ‎11-25-2009

Re: APs not coming up since enabling Control Plane Securitiy

Hi cjoseph,

I've had a TAC case open for some time, but nothing has come of it yet. I do not have auto-provision enabled, however I manually approve the ap mac address prior to installation. Problematic APs often have a cpsec status of certified-hold-factory-cert. Sometimes taking the AP off line and updating its cpsec status to certified-factory-cert, then bringing it online fixes the problem, often it doesn't. Swapping the AP often fixes the issue..

Can anyone explain the meaning of the following error log:

An internal system error has occurred at file sapd_main.c function main line 1935 error Unable to initialize TPM and/or Factory Certificates..

Thanks for the assistance!
Guru Elite
Posts: 21,492
Registered: ‎03-29-2007

Re: APs not coming up since enabling Control Plane Securitiy

CCNPete,

That does not look like a good message. Please ask to have your TAC case escalated so that this can be resolved.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 2
Registered: ‎04-27-2009

TPM or Certificate Corruption

Hello CCNPete,

Unfortunately, it looks like some of your APs have managed to corrupt their factory certificates and/or TPM chip has gone bad. Most likely it is the certificate corruption issue.

That explains why swapping APs works for you because it is the problem related the particular AP. Also, when you turn OFF CPsec, the certificates are not used and that is why you are able to bring your AP up.

If possbile, please provide TAC with access to console of the APs so that they can confirm the issue.

Hope this helps.
Thanks,

Manish
Search Airheads
Showing results for 
Search instead for 
Did you mean: