Symptom

AAA servers are going after a switchover when using key 6 password encryption. Configure the current active chassis 2 with key password encryption: #password encryption aes #key config-key password encryption -Use write to save config. -Perform a switchover to chassis 1, we can see hat AAA server is still up and client can reconnect and authenticate with no issues. -Perform a switchover to chassis 2 ( not using write command since config should be already synced) after this we noticed that AAA server goes down and ISE reports key mismatch errors. To fix the issue, need to remove password encryption and add re-add ISE key. #no password encryption aes #no key config-key password encryption

Conditions

Configure HA SSO and switchover to chassis 2 configure password encryption: password encryption aes key config-key password-encrypt perform a switchover to chassis1 ( issue is not seen) perform a switchover back to chassis 2 ( issue is seen)

Workaround

Reload the unit in a broken state. or Log into wlc 1. Disable AES encryption 2. Reconfigure PSK/share secrets 3. Update the AES key 4. Enable AES encryption again CLI: - disable AES encryption 9800(config)#no password encryption aes GUI: - reset password for WLANs Configuration > WLANs Select SSID reset password confirm password CLI: - change password and enable encryption 9800(config)#key config-key password-encrypt new-key 9800(config)#key config-key password-encrypt 9800(config)#password encryption aes GUI: - enable AES on new password save config

Further Problem Description