Wireless Access

Hello everyone.  I'm trying to configure an AP205H as a RAP using certificate based authentication which is how we've configured every other RAP we own.  We've just recently migrated the master role off our 6000 controllers which is where all our other RAPs were provisioned to 7220s which have been serving as our local controllers.  I keep getting the following error when I attempt to provision the AP. 

"IKE_CUSTOM_useCert server Cert chain for  is invalid"

Both the root and intermediate CA have been installed on the controllers so I'm not sure what cert chain it's complaining about.  The RAP MAC address is in the Whitelist and I've configured and address pool under VPN Services.  I've already looked at several docs to see if I'm missing something incredibly obvious and didn't find anything.  Can anyone provide some guidance?  

Are you using a custom cert for RAP authentication (as opposed to the factory shipped cert)? You will also need to configure the RAP to use the cert

(host) (config) #crypto-local isakmp server-certificate
<server_certificate_name>

To add the CA certificate to verify the RAP certificate:

(host) (config) #crypto-local isakmp ca-certificate <trusted CA>

Further info can be found here :

http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/Management_Utilities/CustomCert_RAP.htm

I have a custom cert on the WebUI but I haven't configured anything custom for the RAP. 

I ended up opening a case with TAC and apparently the TPM cert was corrupt on our controller.