Well several users today had troubles with web auth, after entering the correct password, they aren't redirected to their requested page, but always return to web auth page, without error messages.
So I tryed with my own pc and see that our Wism "A" wasn't working properly.
Under "Management" - "logs" we see a lot of messages like this:
Oct 16 10:30:28.991 iapp_socket_task.c:580 IAPP-3-MSGTAG015: iappSocketTask: iappRecvPkt returned errorWell, i look the "monitor" page of Wism A:
Oct 16 10:30:17.563 pem_api.c:5669 PEM-1-MSGTAG051: Unable to allow user [username was here] into the system - perhaps the useris already logged onto the system?
System Name WiSM-WLC-ALol! 371 days it's enough... time to reboot it ;-) (old style! )
Up Time 371 days, 21 hours, 58 minutes
Internal Temperature +36 C
(note the +36°C internal temp... new cooling system for network and datacenter room pls!)
So i made a configuration backup and proceed to reboot the controller.
I noted that:
-all Access Points with secondary controller setting have registered correctly to the other WLC (our Wism B) in a minute
-the Access Points that haven't a secondary controller configured have to "wait" for Wism A
-when all controllers are up, the APs still registered on Wism B, so i note that our installation man (not me ;-)) haven't configured correctly both controllers for mobility.
Above we can see the Wism A, just rebooted with few APs registered
And Wism B well loaded ;-)
I read the Document ID: 69639 "WLAN Controller Failover for Lightweight Access Points Configuration Example Downloads" to control configuration of Mobility features...
...and see that in our Wism there is a mobility group configured, but during the installation no one has configured the members of mobility group, so each controller see itself only as mobility group member...
After proper configuration, with "AP Fallback" option enabled, the APs doesn't move from one controller to another until a wism falls, or manually reset APs.
It's a good idea read this document's note about primary, secondary and tertiary Ap controllers:
Note: Define only system names under the primary, secondary, and tertiary controller name fields. Do not enter the IP address or the MAC address of the controller in these fields.We have IP address configured, and registration after an AP reset takes about 30-45 sec... I tryed with the controller name... and it takes 10-15 sec!
Well, this means that someone have to read this document too:
Document ID: 82463 Wireless LAN Controller (WLC) Configuration Best Practices