CAPWAP connection lost in HMOL

  • 1
  • Question
  • Updated 11 months ago
We did a minor configuration update last week and since then almost all access points has lost there CAPWAP connection. We using AP130's, AP245X's and AP230's, all of them have the same problem. The AP firmware version is HiveOS 6.8r1 Jakarta and Hivemanager version 6.8r4. We can ping all of the access points from the LAN and we checked the CAPWAP client config by a SSH session from a computer on the LAN, all these settings are correct. We do see that the error 'Default DTLS passphrase has been replaced.' and the event 'dtls handshake fail', could this be the reason and how we can troubleshoot/fix this?
Photo of Hans


  • 67 Posts
  • 8 Reply Likes

Posted 11 months ago

  • 1
Photo of Sam Lynn

Sam Lynn, Moderator

  • 86 Posts
  • 11 Reply Likes
Hello Hans,

Since this happened directly after a configuration push, you may want to review the changes you made to the configuration to make sure we aren't interrupting connection. Things we would typically check for here would be to make sure the VLANs are correct and active, and that we aren't changing the IP address. 

To get your devices to reconnect to your hive manager we have three options. The first option is to hold down the reset button on the device for 10 seconds. This will reset the device to factory default settings and will force the AP to query the redirector which should direct it to your Hive Manager. If this doesn’t work or isn’t an option for you, we need to get to the command line of the device and run CAPWAP commands. We can either do this using the current IP address that the device is broadcasting with, or by using a console cable. 

CAPWAP Commands:
no hivemanager
hivemanager <hive manager URL or IP> primary
capwap client vhm-name <VHM name, or "home" if you have an on premise hive manager>
save config
no capwap client enable
capwap client enable
show capwap client

If these commands do not work for you, please get a screen shot of the output from "show capwap client" and upload it to this post. 

Hope this helps!
Photo of Hans


  • 67 Posts
  • 8 Reply Likes
Hi Sam
We used the commands by a remote SSH session but no result. By this the result of the show CAPWAP client command of a 'broken' AP:
admin@'s password:
Aerohive Networks Inc.
Copyright (C) 2006-2016
xa3.03#show capwap client
CAPWAP client:   Enabled
CAPWAP transport mode:  UDP
DISCOVERY state: Sending Discovery packets to find the CAPWAP server
CAPWAP client IP:
CAPWAP server IP:
HiveManager Primary
HiveManager Backup Name:
CAPWAP Default Server Name:
Virtual HiveManager Name: DonBosco-Hive
Server destination Port: 12222
CAPWAP send event:       Enabled
CAPWAP DTLS state:       Enabled
CAPWAP DTLS negotiation: Disabled
     DTLS next connect status:   Enable
     DTLS always accept bootstrap passphrase: Enabled
     DTLS session status: Disconnect
     DTLS key type: passphrase
     DTLS session cut interval:     5 seconds
     DTLS handshake wait interval: 60 seconds
     DTLS Max retry count:          3
     DTLS authorize failed:         0
     DTLS reconnect count:          0
Discovery interval:      5 seconds
Heartbeat interval:     30 seconds
Max discovery interval: 10 seconds
Neighbor dead interval:105 seconds
Silent interval:        15 seconds
Wait join interval:     60 seconds
Discovery count:         3
Max discovery count:     3
Retransmit count:        0
Max retransmit count:    2
Primary server tries:    1
Backup server tries:     0
Keepalives lost/sent:    0/0
Event packet drop due to buffer shortage: 0
Event packet drop due to loss connection: 9
seems ok, wright?
Photo of Sam Lynn

Sam Lynn, Moderator

  • 86 Posts
  • 11 Reply Likes

Thank you for that output. The hive manager server and the VHM name look a bit odd to me, I just want to make sure we have the right settings there. Could you tell me what your VHM ID is? You can find that by going to the hive manager> Help> About Hive Manager.

Photo of Hans


  • 67 Posts
  • 8 Reply Likes
Hello Sam
We are using an HMOL on-premises appliance in our datacenter. Differten customers are using this appliance as this customer with the problems. When I check the 'About Hive Manager' button I only see the software version and the build time.
Photo of Hans


  • 67 Posts
  • 8 Reply Likes
when I check the Aerohive redirector I see the VHM-ID OPR-KULB3Z, but this is a reference to our general Hive, not the Hive of the customer.
Photo of Hans


  • 67 Posts
  • 8 Reply Likes
Helo Sam
We did the following as extra troubleshooting:
- the CAPWAP transport protocol was HTTP over port 80, we changed it back to port 12222 (UDP). After a few minutes the capwap client automatically changed to HTTP because there is no communication possible over port 12222. However, also over port 80 no result
- we downgraded the AP from 6.8R1 back to 6.6R2a, no result
- we set the IP-addresses of the servers instead of the FQDN's (to exclude DNS-issues), no result
- we factory reseted an AP and removed it from the Hive, the ap does not shown up in the hivemanager any more

We see that the CAPWAP connection disappear at random times, some AP's come up and other goes down. we will ask to place an AP directly behind the modem and see if this wil work.