Access Points

Reply
Occasional Contributor II

AP61 reboot loop - cert problem

Hello !

I've encountered a problem with a AP61. I've been using this AP for about 2 years now without problem, until recently when I had to purge it becuase i need to change it to a new location.

And I've also done this to another 31 AP61 without any problems, purged them and provisioned them again.

I have CPS enabled to be able to bridge the AP's.

This is the errors i get from the command "show log system":

Aug 4 10:56:17 :303022: |AP 00:1a:1e:c5:33:17@10.16.40.22 nanny| Reboot Reason: AP rebooted Wed Aug 3 10:14:25 PST 2011; SAPD: Unable to install cert. Need to re-approve AP
Aug 4 10:56:32 :305048: |stm| Dropping unsecure AP message code 16121 from AP at 10.16.40.22 (MAC address 00:1a:1e:c5:33:17)
Aug 4 10:56:32 :399803: |AP 00:1a:1e:c5:33:17@10.16.40.22 sapd| An internal system error has occurred at file sapd_msg.c function sapd_proc_install_cert_req line 3163 error AP is unable to fix certificate chain. Controller certificate hierarchy may have changed. Re-approval needed..
Aug 4 10:56:34 :311002: |AP 00:1a:1e:c5:33:17@10.16.40.22 sapd| Rebooting: SAPD: Unable to install cert. Need to re-approve AP
Aug 4 10:56:34 :303086: |AP 00:1a:1e:c5:33:17@10.16.40.22 nanny| Process Manager (nanny) shutting down - AP will reboot!


I've tried to set some environment variables when i connect manually to it, like serverip, without success. And i dont wanna try to disable CPS.

Thanks in advance!
Johan
Guru Elite

Re: AP61 reboot loop - cert problem

Do you see that access point in the control plane security whitelist?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: AP61 reboot loop - cert problem




Yes, I do. But it differs from the other AP's.:


#show whitelist-db cpsec mac-address 00:1a:1e:c5:33:17


Control-Plane Security Whitelist-entry Details
----------------------------------------------
MAC-Address Enable State Cert-Type Description Revoke Text Secondary Key Last Updated
----------- ------ ----- --------- ----------- ----------- ------------- ------------
00:1a:1e:c5:33:17 Enabled certified-hold-switch-cert switch-cert Thu Jul 21 07:34:32 2011



This is the state of the others:

#show whitelist-db cpsec mac-address d8:c7:c8:c2:e2:79


Control-Plane Security Whitelist-entry Details
----------------------------------------------
MAC-Address Enable State Cert-Type Description Revoke Text Secondary Key Last Updated
----------- ------ ----- --------- ----------- ----------- ------------- ------------
d8:c7:c8:c2:e2:79 Enabled certified-factory-cert factory-cert Wed Jul 20 14:48:11 2011

Occasional Contributor II

Re: AP61 reboot loop - cert problem

Should i try to delete the entry from the whitelist-db?
Guru Elite

Re: AP61 reboot loop - cert problem

Can you delete the entry and allow the AP to auto-add and get another cert after purging? You can alternatively manually change the status of the AP.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: AP61 reboot loop - cert problem




I did as you told me, and i guess its working now.. :)

I could provision the AP, and also the state is certified-switch-cert now instead of certified-hold-switch-cert.

Even tried to connect with a client with success.

Thanks alot!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: