Wireless Access

Reply
Contributor II
Posts: 58
Registered: ‎02-23-2015

After turning on Control Plane Security, around 6 APs out from ~1500 APs ended up rebooting/flapping

Here's a snippet of sytem log 

 

Jan 15 08:29:53 :311020:  <ERRS> |AP 062-h102-02a-ap1@10.111.21.245 sapd|  An internal system error has occurred at file sapd_main.c function main line 2948 error Unable to initialize Factory Certificates or Field Certificates.
Jan 15 08:30:13 :311002:  <WARN> |AP 062-h102-02a-ap1@10.111.21.245 sapd|  Rebooting: SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
Jan 15 08:30:15 :303086:  <ERRS> |AP 062-h102-02a-ap1@10.111.21.245 nanny| Process Manager (nanny) shutting down - AP will reboot!
Jan 15 08:31:01 :303022:  <WARN> |AP 062-h102-02a-ap1@10.111.21.245 nanny|  Reboot Reason: AP rebooted Fri Jan 15 08:30:15 PST 2016; SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC) 
Jan 15 08:31:17 :311020:  <ERRS> |AP 062-h102-02a-ap1@10.111.21.245 sapd|  An internal system error has occurred at file sapd_main.c function main line 2948 error Unable to initialize Factory Certificates or Field Certificates.
Jan 15 08:31:38 :311002:  <WARN> |AP 062-h102-02a-ap1@10.111.21.245 sapd|  Rebooting: SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
Jan 15 08:31:39 :303086:  <ERRS> |AP 062-h102-02a-ap1@10.111.21.245 nanny| Process Manager (nanny) shutting down - AP will reboot!
Jan 15 08:32:26 :303022:  <WARN> |AP 062-h102-02a-ap1@10.111.21.245 nanny|  Reboot Reason: AP rebooted Fri Jan 15 08:31:39 PST 2016; SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC) 
Jan 15 08:32:42 :311020:  <ERRS> |AP 062-h102-02a-ap1@10.111.21.245 sapd|  An internal system error has occurred at file sapd_main.c function main line 2948 error Unable to initialize Factory Certificates or Field Certificates.
Jan 15 08:33:03 :311002:  <WARN> |AP 062-h102-02a-ap1@10.111.21.245 sapd|  Rebooting: SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
Jan 15 08:33:04 :303086:  <ERRS> |AP 062-h102-02a-ap1@10.111.21.245 nanny| Process Manager (nanny) shutting down - AP will reboot!
Jan 15 08:33:45 :311020:  <ERRS> |AP 062-h304-01a-ap1@10.111.21.242 sapd|  An internal system error has occurred at file sapd_main.c function main line 2948 error Unable to initialize Factory Certificates or Field Certificates.
Jan 15 08:33:50 :303022:  <WARN> |AP 062-h102-02a-ap1@10.111.21.245 nanny|  Reboot Reason: AP rebooted Fri Jan 15 08:33:04 PST 2016; SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC) 
Jan 15 08:34:04 :311002:  <WARN> |AP 062-h304-01a-ap1@10.111.21.242 sapd|  Rebooting: SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
Jan 15 08:34:05 :303086:  <ERRS> |AP 062-h304-01a-ap1@10.111.21.242 nanny| Process Manager (nanny) shutting down - AP will reboot!
Jan 15 08:34:07 :311020:  <ERRS> |AP 062-h102-02a-ap1@10.111.21.245 sapd|  An internal system error has occurred at file sapd_main.c function main line 2948 error Unable to initialize Factory Certificates or Field Certificates.
Jan 15 08:34:27 :311002:  <WARN> |AP 062-h102-02a-ap1@10.111.21.245 sapd|  Rebooting: SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
Jan 15 08:34:28 :303086:  <ERRS> |AP 062-h102-02a-ap1@10.111.21.245 nanny| Process Manager (nanny) shutting down - AP will reboot!
Jan 15 08:34:51 :303022:  <WARN> |AP 062-h304-01a-ap1@10.111.21.242 nanny|  Reboot Reason: AP rebooted Fri Jan 15 08:34:05 PST 2016; SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC) 
Jan 15 08:35:02 :311002:  <WARN> |AP 061-h225-01a-w1@10.111.21.250 sapd|  Rebooting: SAPD: Unable to contact switch: HELLO-TIMEOUT. Last rebootstrap reason: HELLO-TIMEOUT, 228 sec before: Last Ctrl msg: HELLO len=1291 dest=134.71.2.50 tries=10 seq=0
Jan 15 08:35:03 :303086:  <ERRS> |AP 061-h225-01a-w1@10.111.21.250 nanny| Process Manager (nanny) shutting down - AP will reboot!
Jan 15 08:35:15 :303022:  <WARN> |AP 062-h102-02a-ap1@10.111.21.245 nanny|  Reboot Reason: AP rebooted Fri Jan 15 08:34:28 PST 2016; SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC) 
Jan 15 08:35:31 :311020:  <ERRS> |AP 062-h102-02a-ap1@10.111.21.245 sapd|  An internal system error has occurred at file sapd_main.c function main line 2948 error Unable to initialize Factory Certificates or Field Certificates.
Jan 15 08:35:42 :303022:  <WARN> |AP 061-h225-01a-w1@10.111.21.250 nanny|  Reboot Reason: AP rebooted Fri Dec 31 16:44:30 PST 1999; SAPD: Unable to contact switch: HELLO-TIMEOUT. Last rebootstrap reason: HELLO-TIMEOUT, 228 sec before: Last Ctrl msg: HELLO len=1291 dest=134.71.2.50 tries=10 seq=0 
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: After turning on Control Plane Security, around 6 APs out from ~1500 APs ended up rebooting/flap

You should open a TAC case.  Those access points could have a problem with their built-in certificates.  You should only need to turn on control plane security in limited circumstances, however...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 116
Registered: ‎09-29-2009

Re: After turning on Control Plane Security, around 6 APs out from ~1500 APs ended up rebooting/flap

I have some APs with the same problem (AP Console: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)

 

I did a lot of troubleshoot and doesn´t work.

 

Any news? how to update the certificate, reflash it, RMA or something???  Now that Aruba convert to HPE is complicated to me...

 

Best regards.

 

 

AP rebooted Thu Jan 5 13:31:57 MST 2017; SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
shutting down watchdog process (nanny will restart it)...

<<<<< Welcome to the Access Point >>>>>

~ #

Contributor II
Posts: 58
Registered: ‎02-23-2015

Re: After turning on Control Plane Security, around 6 APs out from ~1500 APs ended up rebooting/flap

It turned out, those few (1-2%) APs are broken and will not work if you turn on CPS. Aruba advised me to RMA them.

Search Airheads
Showing results for 
Search instead for 
Did you mean: