Controller-less WLANs

IAP fails to connect to Activate server
Problem:

There are few cases in which IAP needs to communicate with Aruba Activate. 

 

1.  IAP contacts Activate server in order download the firmware version when we choose Automatic Upgrade option on IAP.

2. When IAP's need to be managed by Central, they will initially connect to Activate server which in turns redirects them to Central



Diagnostics:

We can check the connectivity to activate server using the following command:

IAP# show activate status

In case, IAP fails to communicate with Activate server. we will get the following message:

 

ac:a3:1e:c5:9a:6e# show activate status

 

Activate Server          :device.arubanetworks.com

Activate Status          :connection-failed



Solution

1.  We need to ensure that IAP has a DNS server configured on it so that it can resolve activate.arubanetworks.com

ac:a3:1e:c5:9a:6e# show summary | include erver
Telnet Server        :disable
Airwave Server       :
Airwave Backup Server:
Aruba Central Server  :
Syslog Server        :0.0.0.0
NameServer           :4.2.2.2 ------------------->DNS Server

 

2. We need to check if we are able to ping activate server.

 

ac:a3:1e:c5:9a:6e# ping activate.arubanetworks.com

Press 'q' to abort.

PING activate.arubanetworks.com (104.36.249.200): 56 data bytes

64 bytes from 104.36.249.200: icmp_seq=0 ttl=50 time=228.2 ms

64 bytes from 104.36.249.200: icmp_seq=1 ttl=50 time=224.0 ms

64 bytes from 104.36.249.200: icmp_seq=0 ttl=50 time=228.2 ms

64 bytes from 104.36.249.200: icmp_seq=1 ttl=50 time=224.0 ms

 

3.  IAP sets up a SSL connection with Activate server over port 443. So, it needs to validate the certificate used for building the connection which requires the clock to be correct on the IAP.

 

We need to ensure that clock on IAP is reflecting the correct time.

In case, the clock in incorrect, we will see the following message:

IAP# show   clock

Current Time     :1999-12-31 20:09:32

 

IAP# show  log ap-debug | include awc

Dec 31 20:06:48  awc[1594]: isc_exit: 603: disconnected
Dec 31 20:07:47  awc[1594]: awc_init_connection: 2004: connecting to device.arubanetworks.com:443
Dec 31 20:07:47  awc[1594]: tcp_connect: 163: recv timeout set to 5
Dec 31 20:07:47  awc[1594]: tcp_connect: 170: send timeout set to 5
Dec 31 20:07:47  awc[1594]: awc_init_connection: 2043: connected to device.arubanetworks.com:443
Dec 31 20:07:47  awc[1594]: awc_init_connection: 2085: Loading local CA certificates
Dec 31 20:07:47  awc[1594]: awc_init_connection: 2092: Failed to load CA root certificate: ASN date error, current date before
Dec 31 20:07:47  awc[1594]: isc_init failed

 

We can point the IAp to a valid NTP server so that it can synchronize its clock.

 

IAP # show   clock 

Current Time     :2015-11-01 06:10:45

 

IAP# show  log ap-debug | include awc

Nov  1 06:11:20  awc[1594]: awc_init_connection: 2004: connecting to device.arubanetworks.com:443
Nov  1 06:11:20  awc[1594]: tcp_connect: 163: recv timeout set to 5
Nov  1 06:11:20  awc[1594]: tcp_connect: 170: send timeout set to 5
Nov  1 06:11:20  awc[1594]: awc_init_connection: 2043: connected to device.arubanetworks.com:443
Nov  1 06:11:24  awc[1594]: awc_init_connection: 2178: Connected
Nov  1 06:11:24  awc[1594]: Sent header 'POST /firmware HTTP/1.1^M Host: 104.36.249.201^M Content-Length: 76^M Connection: keep-alive^M X-Type: firmware-check^M X-Guid: d6ce7409014ae8ac02ecefcc711225da6f90973d02ea553c14^M X-OEM-Tag: Aruba^M X-Mode: IAP^M X-Factory-Default: No^M X-Current-Version: 6.4.2.6-4.1.1.8_50989^M X-Ap-Info: BT0667326, 24:de:c6:cc:b6:1f, AP-105^M X-Features: 0100110100100000000000000000000000000000000000010000000^M ^M '
Nov  1 06:11:24  awc[1594]: Sent ap info in body 'BT0667319, 24:de:c6:cc:b6:18, AP-105^M BT0667323, 24:de:c6:cc:b6:1c, AP-105^M '
Nov  1 06:11:25  awc[1594]: Message over SSL from device.arubanetworks.com, SSL_read() returned 506, errstr=Success, Message is "HTTP/1.1 200 OK^M Date: Mon, 02 Nov 2015 21:10:15 GMT^M Content-Length: 0^M Content-Type: text/plain; charset=UTF-8^M X-Challenge: 5705466473081706486157513643726041628732739593500020912874587472270640751436616938858696573768103554680048348012389240574718460368214135442390465812737882664022852327680317755499890504439105472364976891862218^M X-Session-Id: 1457cc71-ea4c-4353-a8b8-76
Nov  1 06:11:26  awc[1594]: Sent header 'POST /firmware HTTP/1.1^M Host: 104.36.249.201^M Content-Length: 2779^M Connection: close^M X-Type: firmware-check^M X-Guid: d6ce7409014ae8ac02ecefcc711225da6f90973d02ea553c14^M X-OEM-Tag: Aruba^M X-Mode: IAP^M X-Factory-Default: No^M X-Session-Id: 1457cc71-ea4c-4353-a8b8-769612f0f35e^M X-Current-Version: 6.4.2.6-4.1.1.8_50989^M X-Ap-Info: BT0667326, 24:de:c6:cc:b6:1f, AP-105^M X-Features: 0100110100100000000000000000000000000000000000010000000^M X-Challenge-Hash: S
Nov  1 06:11:26  awc[1594]: Sent ap info in body 'BT0667319, 24:de:c6:cc:b6:18, AP-105^M BT0667323, 24:de:c6:cc:b6:1c, AP-105^M 

 

 

Version history
Revision #:
2 of 2
Last update:
‎03-24-2017 05:28 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.