Cisco released a Bug Search # CSCvk25644 about this today: WLC HA standby reboots reaching Maintenance mode due to missing NaServCaCert_p12.pem on Active
Symptom: WLC HA standby reboots reaching Maintenance mode due to missing NaServCaCert_p12.pem on Active. If you execute the following command on the Active controller, the file NaServCaCert_p12.pem is missing: test system dir /mnt/application/ Conditions: 8.5 and HA enabled. Last Modified: Jul 10,2018 Known Affected Releases: 8.5(131.0) -- Will Dawes Wireless Network Engineer - CWNA (Certified Wireless Network Administrator) - ECSE (Ekahau Certified Survey Engineer) ITS / Network and Engineering Architecture Louisiana State University 200 Frey Computing Services Center, Baton Rouge, LA 70803 office 225.578.5926 wda...@lsu.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mallon, Jason Sent: Monday, July 09, 2018 4:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco 8540 WLC random reboots Thanks for the input on that. We have another pair of 8540s I could try this with and see if it works. The current setup has been working for months with no issues then all of a sudden last week this all happened. Jason Mallon Network Engineer II, OIT The University of Alabama <https://www.ua.edu/>jemal...@ua.edu<mailto:jemal...@ua.edu> From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Will Dawes <wda...@lsu.edu<mailto:wda...@lsu.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Monday, July 9, 2018 at 4:30 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] Cisco 8540 WLC random reboots We had this issue very recently when upgrading our 8540s from 8.2.166.0 to 8.5.131.0 (MR3): A few days after the upgrade, the Standby 8540s started going through reboot loop, because it had an NaServCaCert_p12.pem certificate missing from the Active 8540. When the Standby can’t find the certificate on the Active 8540, it starts rebooting, until the Standby mercifully goes into Maintenance mode. During one of the reboots the certificate is restored on the Standby (I am told), but the Active 8540 still needs the NaServCaCert_p12.pem certificate manually uploaded, in order for the HA SSO pair to be restored. If one took the path of 8.2.x … upgrade to 8.3 (NaServCaCert_p12.pem created here?) … THEN upgraded to 8.5.X, you do not encounter the missing NaServCaCert_p12.pem certificate and rebooting standby WLC. HTH, -- Will Dawes Wireless Network Engineer - CWNA (Certified Wireless Network Administrator) - ECSE (Ekahau Certified Survey Engineer) ITS / Network and Engineering Architecture Louisiana State University 200 Frey Computing Services Center, Baton Rouge, LA 70803 office 225.578.5926 wda...@lsu.edu<mailto:wda...@lsu.edu> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mallon, Jason Sent: Monday, July 09, 2018 11:44 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Cisco 8540 WLC random reboots We are currently in the process of migrating to 8540s (8.5.120) from 8510s. Here recently we started noticing the HA unit on two of the pairs was in maintenance mode. We rebooted the controllers and they seem to have stayed in a continuous boot loop. We restarted one of the controllers to its emergency code (8.2.166) and it rebooted correctly without any issues, disabled SSO mode, rebooted back into 8.5.120 with no issues. We enabled SSO again and immediately went back to having boot loop issues. Is anybody else seeing this issue? Jason Mallon Network Engineer II, OIT The University of Alabama <https://www.ua.edu/>jemal...@ua.edu<mailto:jemal...@ua.edu> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
